Since 2017, browsers show a warning like "This connection is not secure" when entering credentials in a non-HTTPS page. This makes the attack ineffective.
I tried port forwarding my server to port 443, without luck. It did not connect at all.
Port 80 works just fine, but like I said, it leads to the security warnings in the browser that make the attack ineffective.