diff --git a/inventory/service/group_vars/eavesdrop.yaml b/inventory/service/group_vars/eavesdrop.yaml
index 91a2d1047b..c3b558a47c 100644
--- a/inventory/service/group_vars/eavesdrop.yaml
+++ b/inventory/service/group_vars/eavesdrop.yaml
@@ -1,5 +1,6 @@
 iptables_extra_public_tcp_ports:
   - 80
+  - 443
   - 9001  # When changing this number, also update the default in playbooks/roles/matrix-gerritbot/defaults/main.yaml
 zuul_user_authorized_key: |
       ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcXd/QJDEprSLh6N6bULnhchf9M+uzYBEJ2b51Au67FON+5M6VEj5Ut+DlkEPhabOP+tSv9Cn1HpmpBjdEOXdmBj6JS7G/gBb4w28oZDyNjrPT2ebpRw/XnVEkGfikR2J+j3o7CV+ybhLDalXm2TUDReVXnONUq3YzZbjRzoYs0xxrxyss47vZP0xFpsAt9jCMAJW2k6H589VUY38k9LFyhZUZ72FB6eJ68B9GN0TimBYm2DqvupBGQrRhkP8OZ0WoBV8PulKXaHVFdmfBNHB7E7FLlZKuiM6nkV4bOWMGOB/TF++wXBK86t9po3pWCM7+kr72xGRTE+6LuZ2z1K+h zuul-system-config-20180924
diff --git a/inventory/service/groups.yaml b/inventory/service/groups.yaml
index 088b367e37..2afc3087d1 100644
--- a/inventory/service/groups.yaml
+++ b/inventory/service/groups.yaml
@@ -192,7 +192,7 @@ groups:
   webservers:
     - cacti[0-9]*.open*.org
     - codesearch[0-9]*.opendev.org
-    - eavesdrop[0-9]*.open*.org
+    # eavesdrop has its own group with custom ports
     - ethercalc[0-9]*.open*.org
     - etherpad[0-9]*.open*.org
     - grafana[0-9]*.opendev.org
diff --git a/testinfra/test_eavesdrop.py b/testinfra/test_eavesdrop.py
index f6f691e1a2..a1ce9ebdae 100644
--- a/testinfra/test_eavesdrop.py
+++ b/testinfra/test_eavesdrop.py
@@ -23,6 +23,9 @@ def test_eavesdrop(host):
     web = ('-A openstack-INPUT -p tcp -m state --state NEW'
            ' -m tcp --dport 80 -j ACCEPT')
     assert web in rules
+    gerritbot_matrix_prom = ('-A openstack-INPUT -p tcp -m state --state NEW'
+                             ' -m tcp --dport 9001 -j ACCEPT')
+    assert gerritbot_matrix_prom in rules
 
 def test_gerritbot_logs(host):