On installing Roundcube, we have an Apache roundcube.conf file that applies to all vhosts. So any.domain.tld/webmail can access email. I like that for some applications. For other purposes, like internal-only email, I prefer to lock down access to mail using socket ports. With port 8081 already active for Apps, and in use with Rspamd, I figured it would be elegant to use 8081 for mail. Port 8081 is currently locked down Making a long story short, for a change, I created a 'mail' vhost subdomain on my master ISPConfig server. That has its own cert. Then I copied and tweaked the roundcube.conf settings into the 'mail' Apache directives. So now that one mail.domain.tld.conf file has VirtualHosts for :80, :443, and :8081. That's working. We can now go to mail.domain.tld:8081/webmail for secure access, and I've disabled roundcube.conf to eliminate any.domain.tld/webmail (which collides with some apps anyway). This seems to me to be really inelegant. I don't feel like I'm using ISPConfig for its features. I feel like I'm using a hack to get ISPConfig to do something that it is not yet prepared to do. Did I do that right? Is there a better way to add another VirtualHost with a different port to an existing subdomain? Might it be worthwhile to create an enhancement that allows creating a new VirtualHost under an existing subdomain, rather than pasting in free-form text directives? Should we avoid putting stuff into the Apps space like that? And it doesn't look like the _default_:8081 settings from apps.vhost are used in a separate VirtualHost *:8081. I had to duplicate relevant settings to get it to work. Is that expected? Thanks for the tooling that allows me to do this better, if not elegantly.