How to Change Apache HTTP Port in Linux

In this tutorial, we will show you how to change Apache HTTP Port in Linux. In today’s web hosting environment, knowing how to modify your Apache HTTP server port is a critical skill for Linux system administrators and web developers. While Apache’s default configuration uses port 80 for HTTP and port 443 for HTTPS, there are numerous scenarios where changing these ports becomes necessary. Whether you’re resolving port conflicts, enhancing security through obscurity, or running multiple web servers on a single machine, this guide will walk you through the process step by step across major Linux distributions.

Understanding Apache Port Configuration

Apache HTTP Server uses the “Listen” directive to specify which IP addresses and ports it should monitor for incoming connections. By default, Apache listens on port 80 for HTTP requests and port 443 for HTTPS connections. These port assignments are defined in configuration files that vary by Linux distribution.

The Listen directive instructs Apache to accept incoming requests on specified ports and IP addresses. You can configure Apache to listen on multiple ports simultaneously by including multiple Listen directives in your configuration files. When Apache starts, it binds to these specified ports and begins handling web traffic directed to them.

Port Configuration Files by Distribution

In Ubuntu and Debian systems, Apache port configurations are primarily stored in /etc/apache2/ports.conf, while virtual host configurations reside in /etc/apache2/sites-enabled/. For CentOS and RHEL systems, the main Apache configuration file is located at /etc/httpd/conf/httpd.conf, which contains both the Listen directive and virtual host settings.

Prerequisites and Preparation

Before modifying your Apache configuration, several preparatory steps will ensure a smooth transition:

• Ensure you have root or sudo access to your server
• Back up configuration files before making changes
• Verify that your desired port isn’t already in use by another service
• Understand your Linux distribution’s specific Apache implementation
• Have a plan for handling any service disruptions during the change

Creating Configuration Backups

It’s essential to back up your configuration files before making changes:

# For Ubuntu/Debian
sudo cp /etc/apache2/ports.conf /etc/apache2/ports.conf.bak
sudo cp /etc/apache2/sites-enabled/000-default.conf /etc/apache2/sites-enabled/000-default.conf.bak

# For CentOS/RHEL
sudo cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak

Checking Port Availability

Before selecting a new port, verify it’s not already in use:

sudo ss -tuln | grep LISTEN

This command displays all ports currently in use on your system. Choose a port that doesn’t appear in this list to avoid conflicts.

Changing Apache Port in Ubuntu/Debian Systems

Ubuntu and Debian distributions organize Apache configurations slightly differently than CentOS/RHEL systems. Follow these steps to change your Apache port:

Modifying the ports.conf File

1. Open the ports.conf file using a text editor:

sudo nano /etc/apache2/ports.conf

2. Locate the Listen directive, which looks like this:

Listen 80

3. Change the port number to your desired port (e.g., 8080):

Listen 8080

4. If you’re also changing the HTTPS port, modify the corresponding Listen directive in the same file.

Updating Virtual Host Configurations

After modifying ports.conf, you must also update your virtual host configurations:

1. Open your default virtual host configuration:

sudo nano /etc/apache2/sites-enabled/000-default.conf

2. Locate the VirtualHost tag, which typically looks like this:

<VirtualHost *:80>

3. Change the port number to match your new port:

<VirtualHost *:8080>

4. Repeat this process for any other virtual host configurations that specify port numbers.

Validating and Applying Configuration Changes

Before restarting Apache, check for configuration syntax errors:

sudo apache2ctl configtest

If the output shows “Syntax OK,” you can proceed to restart Apache:

sudo systemctl restart apache2

After restarting, verify that Apache is listening on the new port:

sudo ss -tuln | grep 8080

You should see output indicating that Apache is listening on the new port.

Changing Apache Port in CentOS/RHEL Systems

The process for changing Apache ports in CentOS and RHEL systems involves slightly different file locations and commands:

Modifying the httpd.conf File

1. Open the main Apache configuration file:

sudo nano /etc/httpd/conf/httpd.conf

2. Locate the Listen directive:

Listen 80

3. Change it to your desired port:

Listen 8080

4. Save and close the file.

Updating Virtual Host Configurations

If you have virtual hosts configured, you’ll need to update their port specifications:

1. Look for VirtualHost directives in your configuration files:

<VirtualHost *:80>

2. Change the port number to match your new port:

<VirtualHost *:8080>

3. These configurations might be in the main httpd.conf file or in separate files within the /etc/httpd/conf.d/ directory.

SELinux Considerations

On CentOS/RHEL systems, SELinux adds an additional layer of security control over ports. When changing Apache’s port, you must update SELinux policies:

1. Install the policycoreutils package if it’s not already installed:

sudo yum install policycoreutils

2. Add the new port to SELinux’s HTTP port context:

sudo semanage port -a -t http_port_t -p tcp 8080

If the port already exists in another context, modify it instead:

sudo semanage port -m -t http_port_t -p tcp 8080

These commands tell SELinux to allow Apache to bind to the new port.

Validating and Applying Configuration Changes

Check for syntax errors before restarting Apache:

sudo apachectl configtest

If the output shows “Syntax OK,” restart Apache:

sudo systemctl restart httpd

Verify that Apache is listening on the new port:

sudo ss -tuln | grep 8080

Firewall Configuration for New Ports

After changing Apache’s port, you must update your firewall rules to allow traffic on the new port:

For Ubuntu/Debian (UFW)

If you’re using UFW (Uncomplicated Firewall):

sudo ufw allow 8080/tcp

Verify the rule was added:

sudo ufw status

For CentOS/RHEL (FirewallD)

If you’re using FirewallD:

sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

Verify the rule was added:

sudo firewall-cmd --list-all

For CentOS/RHEL (iptables)

If you’re using iptables directly:

sudo iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
sudo service iptables save

Verify the rule was added:

sudo iptables -L -n

Properly configuring your firewall is essential for allowing external access to your web server on the new port.

Thorough Testing and Verification

After changing the port and restarting Apache, comprehensive testing is crucial to ensure everything is working correctly:

Verify Service Status

Check that Apache is running without errors:

# For Ubuntu/Debian
sudo systemctl status apache2

# For CentOS/RHEL
sudo systemctl status httpd

Confirm Port Listening

Verify that Apache is listening on the new port:

sudo ss -tuln | grep 8080

You should see output similar to this:

tcp6  0  0  :::8080  :::*  LISTEN  [PID]/apache2

Test Local Access

Test that the web server is responding on the new port:

curl http://localhost:8080

You should receive the default Apache page or your website content.

Test Remote Access

Try accessing your website from a remote browser:

http://your_server_ip:8080

If you can’t access the site remotely, check your firewall configuration and network settings.

Troubleshooting Common Issues

When changing Apache’s port, several issues might arise. Here are solutions to common problems:

Apache Won’t Start After Configuration Change

1. Check for syntax errors in your configuration:

# Ubuntu/Debian
sudo apache2ctl configtest

# CentOS/RHEL
sudo apachectl configtest

2. Review Apache error logs:

# Ubuntu/Debian
sudo tail -f /var/log/apache2/error.log

# CentOS/RHEL
sudo tail -f /var/log/httpd/error_log

Port Conflict Errors

If Apache reports that it can’t bind to the port:

1. Check if another service is using the port:

sudo ss -tuln | grep 8080

2. Choose a different port or stop the conflicting service.

IPv6 Only Binding

Sometimes Apache will bind only to IPv6 and not IPv4, as indicated by output like:

tcp6  0  0  :::8080  :::*  LISTEN

To force Apache to bind to both IPv4 and IPv6:

1. Edit your Listen directive to specify both:

Listen 0.0.0.0:8080
Listen [::]:8080

2. Restart Apache after making these changes.

SELinux Blocking New Port

If you’re using CentOS/RHEL and SELinux is enabled, you might see access denied errors in your logs:

1. Check SELinux audit logs:

sudo ausearch -m avc -ts recent

2. Ensure you’ve added the port to the correct SELinux context as described earlier.

Advanced Port Configuration Scenarios

Beyond basic port changes, Apache offers advanced configuration options for specific scenarios:

Binding to Specific IP Addresses

You can configure Apache to listen on specific IP addresses rather than all available interfaces:

# Listen on a specific IPv4 address and port
Listen 192.168.1.100:8080

# Listen on a specific IPv6 address and port
Listen [2001:db8::a00:20ff:fea7:ccea]:8080

This is useful for servers with multiple network interfaces or IP addresses.

Running Multiple Apache Instances

You can run multiple Apache instances on different ports to isolate websites or applications:

1. Create separate configuration files for each instance
2. Ensure each instance listens on a different port
3. Use different PID files and log directories for each instance

Configuring Name-Based Virtual Hosts on Non-Standard Ports

When using name-based virtual hosting with custom ports, ensure your VirtualHost directive matches your Listen directive:

Listen 8080

<VirtualHost *:8080>
    ServerName example.com
    DocumentRoot /var/www/example
</VirtualHost>

<VirtualHost *:8080>
    ServerName another-example.com
    DocumentRoot /var/www/another
</VirtualHost>

This configuration allows you to host multiple websites on the same non-standard port.

Security Best Practices for Non-Standard Ports

Changing default ports offers some security advantages, but should be part of a comprehensive security strategy:

Security Through Obscurity Considerations

Using non-standard ports can reduce automated attacks that target default ports, but shouldn’t be your only security measure. While changing ports might prevent some automated scanning, sophisticated attackers will still find your services.

Additional Security Measures

Complement port changes with other security practices:

• Implement strong firewall rules
• Use ModSecurity or similar web application firewalls
• Keep Apache and your operating system updated
• Implement fail2ban to mitigate brute force attempts
• Consider using HTTPS with strong SSL/TLS configurations

Documentation and Change Management

Maintain thorough documentation of your port configurations:

• Document all non-standard port assignments
• Update internal documentation for operations teams
• Create runbooks for future maintenance procedures
• Establish change control processes for production environments

Performance Implications

Changing Apache’s default port has minimal performance impact but might affect other aspects of your web environment:

Server Performance

The port number itself doesn’t affect Apache’s performance or resource utilization. Apache handles connections on non-standard ports with the same efficiency as default ports.

User Experience Considerations

Non-standard ports require users to specify the port in the URL:

http://example.com:8080/

This can lead to confusion for less technical users and might affect bookmarking and sharing links. Consider implementing URL rewriting or proxying if you want to maintain standard port access for users while running Apache on non-standard ports internally.