@LesD I see, you are portforwarding router port 33443 to the passbolt server ip address, port 443. This should work fine, although it only affects traffic coming into your public ip address. It does not affect any other internal traffic. For example, the passbolt server needs to know how to find itself. There may be DNS settings that are missing.
But you say it’s not working - what is actually happening to lead you to conclude this? What response are you getting at https://mydomain.com:33443? What are the passbolt logs showing?
You also say that you want the other web server behind the router to be able to provide https connections. You could take router port 443 and direct it to the other web server along with port 80.
But if you cannot resolve portforwarding from 33443, and only 443 portforwarding is working for whatever reason, you need a reverse proxy to listen to domain requests all coming in on router port 443. Don’t know which model router you are using, or whether it comes with a reverse proxy feature built-in. But if it doesn’t, then you would need to create a reverse proxy (on a new VM or existing VM) that sits behind the router, receiving all ports 443 and 80 traffic from the router. It will act like a “front desk switchboard” for incoming traffic, and redirect as needed to the different backend servers. It can also conveniently be configured to take all port 80 traffic and make it secure with https.
Each backend server would need to be configured to report responding traffic back to the reverse proxy. Depends on which web server you are using on each VM/server. i.e Apache, Nginx, or something else.
Hope this helps.