The simplest solution to the port problem that I can think of is to let the pool's stratum server listen on port 80 instead of port 443. This frees up port 443 for the web server to use for HTTPS traffic. This makes a bit more sense anyway, since port 80 is intended for unencrypted HTTP traffic, and the stratum protocol is itself unencrypted. Outgoing connections to port 80 are also usually allowed by default in most firewalls.
There's a reason 443 is the backup port for mining, and that's because many firewalled internet countries allow port 443 connections because they just assume they're basic https web traffic and nothing untoward. It allows mainland China miners to connect to the pool, and used to allow Iranian miners as well. As it turns out, coincidentally the new server location is blocked by Iran regardless which annoys me no end, so I'm not sure using port 443 for mining is helpful any more. Anyway I've managed to switch the https to port 444 which is very non-standard and unexpected, but it automatically redirects all unencrypted traffic to
http://solo.ckpool.org/* to the new port for now. It's a cludge and I'm still not sure if I should stick to it or simply abandon port 443 mining and offer some other random innocuous port instead. Unfortunately there are a LOT of miners that never frequent this forum or communicate with me in any way whatsoever so I can't really get a quorum of opinions on what works best. Given the SSL for the web interface is kinda sorting working in case people want to use SSL, and there is absolutely ZERO secure information on the web interface (which is why I never bothered with SSL before you suggested it), I'll just leave it as is for now.