diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix
index ce1f928b2738066811425a3c7e3e3c85c03ac272..0db40f1983f8d32b934d075096e76b3294b2c327 100644
--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -111,6 +111,20 @@ in {
         PaymentServer.  It just controls the CORS headers served.
       '';
     };
+    services.private-storage-issuer.httpPort = lib.mkOption {
+      type = lib.types.int;
+      description = ''
+        The port number for the HTTP endpoint.
+      '';
+      default = 80;
+    };
+    services.private-storage-issuer.httpsPort = lib.mkOption {
+      type = lib.types.int;
+      description = ''
+        The port number for the HTTPs endpoint.
+      '';
+      default = 443;
+    };
   };
 
   config =
@@ -161,13 +175,12 @@ in {
           httpsArgs =
             if cfg.tls
             then
-              "--https-port 443 " +
+              "--https-port ${toString cfg.httpsPort}" +
               "--https-certificate-path ${certroot}/${domain}/cert.pem " +
               "--https-certificate-chain-path ${certroot}/${domain}/chain.pem " +
               "--https-key-path ${certroot}/${domain}/privkey.pem"
             else
-              # Only for automated testing.
-              "--http-port 80";
+              "--http-port ${toString cfg.httpPort}";
 
           prefixOption = s: "--cors-origin=" + s;
           originStrings = map prefixOption cfg.allowedChargeOrigins;