Home Apache How To Change Apache Default Port To A Custom Port In Linux

How To Change Apache Default Port To A Custom Port In Linux

By sk
Published: Updated: 22.4K views

Keeping the Linux server secure is the vital duty of a system administrator. While there are many ways to make sure your server is as secure as possible, there are a few basic steps you must do first. One of them is to change the default ports of frequently used services to custom ports. Here, we will be seeing how to change the defaults ports of Apache, FTP and SSH to something different which is hard to guess. Let us break down this topic in three small parts. In the first part, we are going to see how to change Apache default port to a custom port on Linux.

Why do we need to change the Apache2 default port?

Before get to the topic, you might ask changing port will increase the security? To be honest, No, it won’t secure your system completely. Changing the default port alone doesn’t provide any serious security defense. There are many port scanners which will find out which port you’re using eventually. But you can, at least, protect your servers from any amateur attacks, and also you can reduce the number of attacks. That’s why we need to change the default ports.

Change Apache default port to a custom port

1. Change Apache port on Debian/Ubuntu

Edit /etc/apache2/ports.conf file:

$ sudo vi /etc/apache2/ports.conf

Find the following line:

Listen 80

And change it to a random number of your choice, for example 8090.

Listen 8090

This entry make the server to accept connections on port 8090 on all interfaces. To make the server accept connections on port 8090 for a specific interface, just include the corresponding network interface’s IP address as shown below.

Listen 192.168.1.101:8090

This will be helpful if your server has multiple IP addresses or network interfaces.

Save and close the file.

Additionally, in Ubuntu and Debian, you also have to change the port number in /etc/apache2/sites-enabled/000-default.conf file too.

$ sudo vi /etc/apache2/sites-enabled/000-default.conf

Find the following line and change the port number.

<VirtualHost *:8090>

Save and close the file.

Then, restart Apache service to take effect the changes.

$ sudo systemctl restart apache2

Now let us verify the port settings:

$ sudo netstat -tulpn | grep :8090

Sample output:

tcp6       0      0 :::8090                 :::*                    LISTEN      4066/apache2

Then, open your web browser and navigate to URL: http://IP-address:8090.

You should see the following screen:

Apache2 test page in Ubuntu
Apache2 test page in Ubuntu

Next we will see how to change Apache port in RHEL based systems.

2. Change Apache port on RHEL, CentOS, AlmaLinux, Rocky Linux

Make sure you have installed Apache webserver first.

Then, edit /etc/httpd/conf/httpd.conf file,

$ sudo vi /etc/httpd/conf/httpd.conf

Find the following line:

Listen 80

And change it to a random number of your choice, for example 8090.

Listen 8090

This entry make the server to accept connections on port 8090 on all interfaces. To make the server accept connections on port 8090 for a specific interface, just include the corresponding network interface’s IP address as shown below.

Listen 192.168.1.150:8090

This will be useful if your server has multiple IP addresses or network interfaces.

Save and close the file.

In RHEL/CentOS systems, make sure the new port number 8090 is not blocked by SELinux and Firewall.

$ sudo semanage port -a -t http_port_t -p tcp 8090

If semanage command is not found, install the following package on CentOS 7 / RHEL 8:

$ sudo yum install policycoreutils-python

On CentOS 8 / RHEL 8:

$ sudo dnf install policycoreutils-python-utils

To allow port 8090 via firewall do the following steps.

In RHEL 7/8 and CentOS 7/8:

$ sudo firewall-cmd --permanent --add-port=8090/tcp
$ sudo firewall-cmd --reload

In RHEL 6 / CentOS 6:

$ sudo vi /etc/sysconfig/iptables

And add the new custom port line:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 8090 -j ACCEPT

Save and exit the file and restart iptables service.

$ sudo service iptables restart

Finally restart httpd service.

$ sudo systemctl restart httpd

On RHEL 6.x systems, restart httpd service using the following command:

$ sudo service httpd restart

Now verify the listening port using command:

Sample output:

● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/httpd.service.d
           └─php-fpm.conf
   Active: active (running) since Mon 2020-02-10 17:08:21 IST; 1min 20s ago
     Docs: man:httpd.service(8)
 Main PID: 2126 (httpd)
   Status: "Running, listening on: port 8090"
    Tasks: 213 (limit: 11501)
   Memory: 24.3M
   CGroup: /system.slice/httpd.service
           ├─2126 /usr/sbin/httpd -DFOREGROUND
           ├─2127 /usr/sbin/httpd -DFOREGROUND
           ├─2128 /usr/sbin/httpd -DFOREGROUND
           ├─2129 /usr/sbin/httpd -DFOREGROUND
           └─2130 /usr/sbin/httpd -DFOREGROUND

Feb 10 17:08:21 centos8.ostechnix.lan systemd[1]: Starting The Apache HTTP Server...
Feb 10 17:08:21 centos8.ostechnix.lan systemd[1]: Started The Apache HTTP Server.
Feb 10 17:08:21 centos8.ostechnix.lan httpd[2126]: Server configured, listening on: port 8090

Or using netstat command:

$ sudo netstat -tulpn | grep :8090

Sample output:

tcp6       0      0 :::8090                 :::*                    LISTEN      17636/httpd

If netstat command is not found, install the following package.

$ sudo yum install net-tools

Then, verify the Apache test page from the browser using URL: http://IP-address:8090.

You should see the following screen:

Change Apache default port to a custom port in Centos Linux
Change Apache default port to a custom port in Linux

Congratulations! Apache default port has been changed.

Check the following link to know how to change FTP default port.

You May Also Like

3 comments

Kobina Amoany Snr February 22, 2016 - 10:30 pm

Hi sk, the selinux command for Apache should be “semange port -a -r http_port_t -p tcp “.Please check and revise.

Thanks

Reply
sk February 23, 2016 - 11:39 am

Corrected. Thank you. Much appreciated.

Reply
Cassius April 20, 2019 - 4:44 am

Thanks for tutorial, this help me a lot!

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More