diff --git a/data/network.nix b/data/network.nix
index af85581..cc021a6 100644
--- a/data/network.nix
+++ b/data/network.nix
@@ -95,4 +95,13 @@ rec {
   dnsMappings = lib.filterAttrs _predOnlyLocalObjs _dnsMappingObjects;
 
   reverse_proxy = lib.filterAttrs (name: value: value ? reverse_proxy) services;
+
+  _portsUsedInService = (service: if service ? reverse_proxy 
+    then if service.reverse_proxy ? listen
+      then map (obj: obj.port) service.reverse_proxy.listen
+      else if service.reverse_proxy ? ssl && service.reverse_proxy.ssl
+        then [80 443]
+        else [80]
+    else [80]);
+  usedPorts = lib.unique (lib.concatLists (map _portsUsedInService (builtins.attrValues services)));
 }
diff --git a/data/services.nix b/data/services.nix
index 3aa1246..ce81b36 100644
--- a/data/services.nix
+++ b/data/services.nix
@@ -23,16 +23,7 @@ rec {
   autossh = {
     key_path = "/etc/auto-ssh_secrets/key";
     known_hosts = "/etc/auto-ssh_secrets/known_hosts";
-    forwards = [{
-      remote = 80;
-      localAddress = "localhost";
-      localPort = 80;
-    }
-    {
-      remote = 443;
-      localAddress = "localhost";
-      localPort = 443;
-    }];
+    forwards = [];
   };
 }
 
diff --git a/services/autossh.nix b/services/autossh.nix
index 9c2d93f..4a0dba7 100644
--- a/services/autossh.nix
+++ b/services/autossh.nix
@@ -1,10 +1,17 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 
 let
   net = import ../data/network.nix;
   serv = import ../data/services.nix;
 
-  forwardStrings = map (port: "-R ${toString port.remote}:${port.localAddress}:${toString port.localPort}") serv.autossh.forwards;
+  autoForwards = map (port: {
+      remote = port;
+      localAddress = "localhost";
+      localPort = port;
+  }) net.usedPorts;
+  fordwards = lib.unique (serv.autossh.forwards ++ autoForwards);
+
+  forwardStrings = map (port: "-R ${toString port.remote}:${port.localAddress}:${toString port.localPort}") fordwards;
   forwardString = builtins.concatStringsSep " " forwardStrings;
 
   sshHost = net.services.remoteProxy.ip;
diff --git a/services/nginx.nix b/services/nginx.nix
index ddbbf35..9fedddb 100644
--- a/services/nginx.nix
+++ b/services/nginx.nix
@@ -80,7 +80,7 @@ in {
     virtualHosts = rproxyServices // {fallback = fallback;};
   };
 
-  networking.firewall.allowedTCPPorts = [80 443];
+  networking.firewall.allowedTCPPorts = network.usedPorts;
 
   security.acme = {
     acceptTerms = true;