diff --git a/d1/nginx_config.py b/d1/nginx_config.py
index 0242798..2449e26 100644
--- a/d1/nginx_config.py
+++ b/d1/nginx_config.py
@@ -199,6 +199,39 @@ def ssl(input_json, output_conf):
 
     servers = []
 
+    if 'stream_server' in ssl_nginx:
+        ssl_port = 444
+        stream_server = r'''
+stream {
+    upstream web {
+        server 127.0.0.1:444;
+    }
+
+    upstream ssh {
+        server {ssh};
+    }
+
+    map $ssl_preread_protocol $upstream {
+        default ssh;
+        "TLSv1.2" web;
+        "TLSv1.3" web;
+    }
+
+    # SSH and SSL on the same port
+    server {
+        listen 443;
+
+        proxy_pass $upstream;
+        ssl_preread on;
+    }
+}
+        '''.replace(
+            '{ssh}', str(ssl_nginx['stream_server'])[:256]
+        )
+    else:
+        stream_server = ''
+        ssl_port = 443
+
     if 'default_server' in ssl_nginx:
         server = ssl_nginx['default_server']
 
@@ -211,7 +244,7 @@ server {
     set $t1 $http_x_forwarded_for;
   }
 
-  listen 443 ssl default_server;
+  listen {ssl_port} ssl default_server;
   server_name _;
 
   client_max_body_size {client_max_body_size};
@@ -227,6 +260,8 @@ server {
                   '{client_max_body_size}', server['client_max_body_size'],
               ).replace(
                   '{domain_key}', server['domain_key'],
+              ).replace(
+                  '{ssl_port}', '%d' % ssl_port,
               )
         )
 
@@ -264,7 +299,7 @@ server {
     set $t1 $http_x_forwarded_for;
   }
 
-  listen 443 ssl;
+  listen {ssl_port} ssl;
   server_name {server_names};
 
   client_max_body_size {client_max_body_size};
@@ -291,35 +326,11 @@ server {
                   '{client_max_body_size}', server['client_max_body_size'],
               ).replace(
                   '{domain_key}', server['domain_key'],
+              ).replace(
+                  '{ssl_port}', '%d' % ssl_port,
               )
         )
 
-    if 'stream_server' in ssl_nginx:
-        stream_server = r'''
-stream {
-    upstream web {
-        server {web};
-    }
-
-    map $ssl_preread_protocol $upstream {
-        default ssh;
-        "TLSv1.2" web;
-        "TLSv1.3" web;
-    }
-
-    # SSH and SSL on the same port
-    server {
-        listen 443;
-
-        proxy_pass $upstream;
-        ssl_preread on;
-    }
-}
-        '''.replace(
-            '{web}', str(ssl_nginx['stream_server'])[:256]
-        )
-    else:
-        stream_server = ''
 
     with io.open(
         output_conf,
diff --git a/dotfiles/.local/bin/commands b/dotfiles/.local/bin/commands
index 527c56b..b1a10f4 100755
--- a/dotfiles/.local/bin/commands
+++ b/dotfiles/.local/bin/commands
@@ -3365,6 +3365,8 @@ def media_keys(argv):
 def commands_cli():
     logging.getLogger().setLevel(logging.INFO)
     logger.setLevel(logging.INFO)
+    handler = logging.StreamHandler(sys.stderr)
+    logging.getLogger().addHandler(handler)
 
     msg = None