Just one other thought on all of this. A lot of the environments that I get to interact with have different zones. By which I mean, the internet comes in on 443 (and your new ports). This routes to the web server. That then routes through an inner firewall to the application server on 7443.
If you're zoned like this, then remember that your inner firewall ports will need to be opened as well, and you'll be effectively routing from the internet to your application zone. There may be better ways of dealing with this, but it will come down to what's in your IT kit bag to allow it....
Reflecting on the client where we tried to make this work, it was the opening of the inner firewall that made their security advisor through his teddies out the pram, and it never got done...
Scott Tansley
https://www.linkedin.com/in/scotttansley/