How to Install Apache HTTPD on Fedora 44

A Fedora system can serve a real site as soon as Apache HTTP Server is installed, allowed through firewalld, and pointed at a document root. To install Apache on Fedora, use the Red Hat-family package and service name, httpd, not the Debian or Ubuntu name apache2.

A complete Fedora Apache setup needs more than the package install: service startup, firewall rules, a working virtual host, SELinux policy checks, TLS with Certbot, updates, removal, and the common errors that make Fedora setups look broken when the wrong package or service name is used.

Update Fedora Packages

Refresh package metadata and apply pending updates before installing a network service. Review the transaction summary before confirming the upgrade:

sudo dnf upgrade --refresh

These commands use sudo for system-wide package, service, firewall, and SELinux changes. If your account cannot run sudo yet, add a user to sudoers on Fedora before continuing.

Install Apache HTTPD on Fedora

Fedora packages Apache as httpd. Commands such as dnf install apache2 and systemctl start apache2 belong to Debian-family systems and do not match Fedora’s package names. If you want a deeper look at DNF5 package installation behavior, see the DNF5 install command examples for Fedora.

sudo dnf install httpd

Fedora Workstation can already have the Apache package family installed because desktop file-sharing components depend on it. If DNF reports that httpd is already installed, continue with the service steps because Fedora still leaves the web server stopped and disabled until you start it.

Check the installed Apache build:

httpd -v

Example output from Fedora 44:

Server version: Apache/2.4.67 (Fedora Linux)
Server built:   May  6 2026 00:00:00

Fedora can move Apache to a newer 2.4.x build during normal updates. Treat the exact build date as informational; the package name, service name, and configuration layout remain the same.

Start and Enable Apache HTTPD

Start Apache immediately and enable it for future boots with one systemd command:

sudo systemctl enable --now httpd

Confirm that the service is both running and enabled:

systemctl is-active httpd
systemctl is-enabled httpd

active
enabled

For a stable status check without timestamped log lines, query the service properties directly:

systemctl show httpd --property=ActiveState --property=SubState --property=UnitFileState --no-pager

ActiveState=active
SubState=running
UnitFileState=enabled

Allow HTTP and HTTPS Through firewalld

Fedora normally uses firewalld for local firewall management. If firewall-cmd is missing on a minimal install, install and start firewalld first, or use the separate guide to install firewalld on Fedora.

sudo dnf install firewalld
sudo systemctl enable --now firewalld

Check the default zone and active interface zone before opening web traffic:

zone=$(sudo firewall-cmd --get-default-zone)
printf 'Default zone: %s\n' "$zone"
sudo firewall-cmd --get-active-zones

The exact interface name varies. A typical Fedora Workstation output looks like this:

Default zone: FedoraWorkstation
FedoraWorkstation (default)
  interfaces: ens160

The service commands use the default zone stored in zone. If your active network interface appears under a different zone, replace the first line in each firewalld block with that zone, such as zone=public.

zone=$(sudo firewall-cmd --get-default-zone)
sudo firewall-cmd --permanent --zone="$zone" --add-service=http
sudo firewall-cmd --permanent --zone="$zone" --add-service=https
sudo firewall-cmd --reload

Use direct service queries for a clean yes or no check:

zone=$(sudo firewall-cmd --get-default-zone)
sudo firewall-cmd --zone="$zone" --query-service=http
sudo firewall-cmd --zone="$zone" --query-service=https

yes
yes

firewalld controls the local Fedora host. Cloud security groups, hosting-provider firewalls, routers, and load balancers can still block ports 80 and 443 even when the local rules are correct.

Check the Default Apache Response

Check the local listener from the server with curl:

curl -sI http://localhost | head -n 1

HTTP/1.1 403 Forbidden

A clean Fedora package install can return the Apache welcome page with a 403 status until you add site content. That still proves Apache is listening; a name-based virtual host with test content should return a normal page response.

Create an Apache Virtual Host on Fedora

A virtual host lets Apache serve a domain from its own document root, logs, and configuration file. Replace example.com with your real domain in every command and configuration block.

Create the Document Root

Create a document root for the site:

sudo mkdir -p /var/www/example.com

Add a simple test page:

sudo tee /var/www/example.com/index.html > /dev/null <<'EOF'
<!doctype html>
<html>
  <head>
    <title>Example Domain</title>
  </head>
  <body>
    <h1>Welcome to Example Domain</h1>
    <p>This is a sample page for the domain example.com.</p>
  </body>
</html>
EOF

Keep the site files readable by Apache without making the whole tree writable by the service account:

sudo find /var/www/example.com -type d -exec chmod 755 "{}" \;
sudo find /var/www/example.com -type f -exec chmod 644 "{}" \;

For a deeper look at those permission commands, see the chmod command guide and the find -exec command guide.

Restore Fedora’s default SELinux labels for content under /var/www:

sudo restorecon -Rv /var/www/example.com

Confirm the path maps to the standard Apache content type:

matchpathcon /var/www/example.com

/var/www/example.com    system_u:object_r:httpd_sys_content_t:s0

Create the Virtual Host File

Fedora’s Apache package reads site configuration from /etc/httpd/conf.d/*.conf. Create a dedicated file there instead of importing Debian-style sites-available and sites-enabled directories:

sudo tee /etc/httpd/conf.d/example.com.conf > /dev/null <<'EOF'
<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com
    ErrorLog /var/log/httpd/example.com-error.log
    CustomLog /var/log/httpd/example.com-access.log combined

    <Directory /var/www/example.com>
        Options FollowSymLinks
        AllowOverride None
        Require all granted
    </Directory>
</VirtualHost>
EOF

Require all granted lets Apache serve this document root. Use narrower access rules only when you deliberately want to restrict the site by subnet, authentication, or another access-control layer.

Test and Reload Apache

Test the Apache configuration before reloading the service:

sudo apachectl configtest

Relevant output includes:

Syntax OK

If the output also shows an AH00558 warning about the fully qualified domain name, the configuration is still valid when the final line says Syntax OK. A later management step explains how to silence that warning.

sudo systemctl reload httpd

Before public DNS points at the server, test the name-based virtual host locally by resolving the domain to the loopback address for this request:

curl --resolve example.com:80:127.0.0.1 -s http://example.com/ | grep '<h1>'

<h1>Welcome to Example Domain</h1>

Configure SELinux for Apache on Fedora

Fedora normally runs SELinux in enforcing mode. Keep it enabled and adjust the exact Apache policy area you need: default content under /var/www, custom document roots, backend connections, or custom web ports.

Check SELinux Mode and Tools

Check the current SELinux mode:

getenforce

Enforcing

Install the SELinux management tools if semanage is missing:

sudo dnf install policycoreutils-python-utils

Use the Default Apache Content Label

Content under /var/www should use the httpd_sys_content_t label. Check the expected label before chasing file-permission problems:

matchpathcon /var/www/html

/var/www/html    system_u:object_r:httpd_sys_content_t:s0

If files under /var/www were copied from another location and kept the wrong context, restore the default labels:

sudo restorecon -Rv /var/www/example.com

Label a Custom Apache Document Root

If you serve a site from a path outside /var/www, create a persistent SELinux file-context rule and then relabel the directory:

sudo semanage fcontext -a -t httpd_sys_content_t "/srv/example.com(/.*)?"
sudo restorecon -Rv /srv/example.com

Remove the local rule later if you stop serving that custom path:

sudo semanage fcontext -d "/srv/example.com(/.*)?"
sudo restorecon -Rv /srv/example.com

Allow Apache Backend Connections

Reverse proxies and some web applications need Apache to connect to backend services. Check the SELinux boolean first:

getsebool httpd_can_network_connect

httpd_can_network_connect --> off

Enable it only when Apache must reach an upstream application, API, or proxy target:

sudo setsebool -P httpd_can_network_connect on
getsebool httpd_can_network_connect

httpd_can_network_connect --> on

Turn it off again if you no longer need outbound backend connections:

sudo setsebool -P httpd_can_network_connect off

Check Custom Apache Ports

Apache can bind only to ports that SELinux allows for HTTP traffic. Check the current http_port_t list before adding a custom listener:

sudo semanage port -l | grep '^http_port_t'

http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000

If Apache must listen on a port that is not listed, add a local SELinux port rule. This example uses TCP port 9448 because it is not part of Fedora’s default http_port_t list:

sudo semanage port -a -t http_port_t -p tcp 9448

Remove the rule if you stop using that port:

sudo semanage port -d -t http_port_t -p tcp 9448

Secure Apache with Let’s Encrypt on Fedora

Use Certbot when the domain already points to this Fedora server and ports 80 and 443 are reachable from the internet. Certbot can edit Apache virtual host files directly when the Apache plugin is installed.

Install Certbot and mod_ssl

Install Apache TLS support, Certbot, and the Apache plugin from Fedora’s repositories:

sudo dnf install mod_ssl certbot python3-certbot-apache

Check the Certbot version:

certbot --version

certbot 5.2.2

Request a Certificate with the Apache Plugin

Replace the example email and domains with your real contact address and hostnames. Include every name visitors use, such as both the apex domain and the www alias:

sudo certbot --apache --agree-tos --redirect --email admin@example.com -d example.com -d www.example.com

Certbot stores certificates under /etc/letsencrypt/ and writes Apache SSL configuration under /etc/httpd/conf.d/. Leave /etc/httpd/conf.d/ssl.conf alone unless you are deliberately managing TLS outside Certbot.

Verify Certbot Renewal Automation

Fedora’s Certbot package installs certbot-renew.timer and enables it by default, but the timer can be inactive until it is started once. Start it and confirm the state:

sudo systemctl start certbot-renew.timer
systemctl is-enabled certbot-renew.timer
systemctl is-active certbot-renew.timer

enabled
active

Run a dry renewal check after the first certificate exists:

sudo certbot renew --dry-run

Manage Apache HTTPD on Fedora

Silence the AH00558 ServerName Warning

Apache can print this warning during syntax checks when no global ServerName exists:

AH00558: httpd: Could not reliably determine the server's fully qualified domain name

The warning does not block Apache when Syntax OK appears, but a small local drop-in keeps future checks clean:

printf '%s\n' 'ServerName localhost' | sudo tee /etc/httpd/conf.d/z-servername.conf > /dev/null
sudo apachectl configtest
sudo systemctl reload httpd

Disable the Fedora Apache Test Page

Fedora’s welcome page lives in /etc/httpd/conf.d/welcome.conf. Keep it while testing a clean install, then disable it once your virtual host is working:

sudo mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.disabled
sudo apachectl configtest
sudo systemctl reload httpd

Restore it later by moving the file back and reloading Apache.

Inspect Apache Virtual Hosts

Use httpd -S on Fedora to dump virtual host and runtime settings. Fedora’s apachectl wrapper does not support the -S shortcut.

sudo httpd -S

Relevant output includes the server root, main document root, active virtual hosts, and the user Apache runs as.

Read Apache Logs

Fedora stores Apache logs in /var/log/httpd/. The packaged default filenames are access_log and error_log, while the example virtual host writes example.com-access.log and example.com-error.log. The tail command examples are useful when you need to watch new entries while testing a request.

sudo tail -n 50 /var/log/httpd/error_log
sudo tail -n 50 /var/log/httpd/access_log

For systemd-side service messages, query the journal:

sudo journalctl -u httpd --since "1 hour ago" --no-pager

Quick Apache Service Commands

Use reload after small configuration changes that pass apachectl configtest. Use restart after module changes, package updates, or failures where Apache needs a clean process start.

sudo systemctl stop httpd
sudo systemctl start httpd
sudo systemctl restart httpd
sudo systemctl reload httpd
sudo systemctl disable httpd
sudo systemctl enable httpd

Compare Apache and Nginx on Fedora

Apache is usually the better fit when you need .htaccess compatibility, broad module coverage, or older application assumptions around Apache configuration. Nginx is often simpler for reverse proxying and high-concurrency static serving; use the separate guide to install Nginx on Fedora when that server model fits your site better.

Update Apache HTTPD on Fedora

Apache updates arrive through normal Fedora package updates. A full system upgrade is safer than trying to maintain a hand-picked Apache subpackage list, especially when httpd, httpd-core, modules, and TLS packages move together:

sudo dnf upgrade --refresh

After updates, test the configuration and reload or restart Apache as needed:

sudo apachectl configtest
sudo systemctl reload httpd

Uninstall Apache HTTPD from Fedora

Package removal on Fedora deserves a quick review because httpd can be a dependency of desktop components such as GNOME user file sharing. If DNF lists packages you still need, cancel the transaction and leave Apache installed but disabled.

Back up custom configuration and web content before removing packages:

backup="$HOME/httpd-backup-$(date +%F).tar.gz"
sudo tar -czf "$backup" /etc/httpd /var/www
sudo chown "$USER:$USER" "$backup"

Stop Apache before removing packages:

sudo systemctl disable --now httpd
sudo dnf remove httpd

If you issued a certificate with Certbot, delete that certificate and remove the TLS helper packages you installed earlier:

sudo certbot delete --cert-name example.com
sudo dnf remove mod_ssl certbot python3-certbot-apache

If this Apache site was the only reason the host allowed HTTP and HTTPS, remove the firewalld services from the same zone used when adding them. If you opened a different active interface zone, replace the first line in each removal block with that same zone, such as zone=public. Skip this step on hosts that still serve another web application.

zone=$(sudo firewall-cmd --get-default-zone)
sudo firewall-cmd --permanent --zone="$zone" --remove-service=http
sudo firewall-cmd --permanent --zone="$zone" --remove-service=https
sudo firewall-cmd --reload

Confirm those local firewall openings are gone:

zone=$(sudo firewall-cmd --get-default-zone)
sudo firewall-cmd --zone="$zone" --query-service=http
sudo firewall-cmd --zone="$zone" --query-service=https

no
no

Verify the main package is gone:

rpm -q httpd

package httpd is not installed

The next command permanently deletes Apache configuration and the example document root. Keep it optional, and run it only after confirming your backup contains the files you need.

sudo rm -rf /etc/httpd /var/www/example.com

Troubleshoot Apache HTTPD on Fedora

apache2 Package or Service Not Found

Fedora does not package Apache as apache2. A failed install attempt looks like this:

Failed to resolve the transaction:
No match for argument: apache2

Switch to the Fedora package and service names:

sudo dnf install httpd
sudo systemctl enable --now httpd

Apache Cannot Bind to Port 80

If Apache fails to start because port 80 is already in use, identify the listener:

sudo ss -ltnp 'sport = :80'

Relevant output when Apache owns the port looks like this:

LISTEN 0 511 *:80 *:* users:(("httpd",pid=[varies],fd=4))

If another service appears there, stop the conflicting service, change its listener, or move Apache to a different port. For custom Apache ports, the listener, local firewall, and SELinux http_port_t policy all need to agree.

firewall-cmd Command Not Found

Minimal Fedora installs may not include firewalld tools. Install and start firewalld, then rerun the HTTP and HTTPS service rules:

sudo dnf install firewalld
sudo systemctl enable --now firewalld

The dedicated Fedora firewalld setup guide covers service state checks and firewall management in more detail. For public SSH-exposed servers, Fail2ban with firewalld on Fedora is a useful next hardening step.

SELinux Blocks Apache Content

When file permissions look correct but Apache still cannot read content, check recent SELinux AVC entries:

sudo ausearch -m AVC,USER_AVC -ts recent | grep httpd

Match the denial to the earlier SELinux section: relabel custom content paths, enable httpd_can_network_connect only for backend connections, or add a verified http_port_t rule for a custom Apache port. After the fix, reload Apache and retest the page:

sudo apachectl configtest
sudo systemctl reload httpd
curl --resolve example.com:80:127.0.0.1 -s http://example.com/ | grep '<h1>'

Best Practices for Apache on Fedora

• Test every configuration change with sudo apachectl configtest before reloading or restarting Apache.
• Keep custom virtual hosts in separate files under /etc/httpd/conf.d/ so package updates do not overwrite local changes.
• Keep site files readable by Apache, but avoid making document roots writable unless the application genuinely needs write access.
• Use firewalld service rules for standard HTTP and HTTPS traffic, then verify provider firewalls separately on cloud or VPS hosts.
• Keep SELinux enforcing and add narrow labels, booleans, or port rules for the specific Apache behavior you need.
• Add PHP only when the site needs dynamic application code; a static site does not need a PHP runtime or extra Apache modules.

Conclusion

Apache HTTPD is running on Fedora with firewalld allowing web traffic, SELinux policy aligned with the document root, and a virtual host ready for your domain. For dynamic sites, use the separate guide to install PHP on Fedora, keep Certbot renewals active if you enabled HTTPS, and use the log, firewall, and SELinux checks when a page does not load as expected.