How to change the DocumentRoot in Apache

Moving an Apache site to a different DocumentRoot keeps web content organized, enables cleaner deployments, and reduces the risk of serving files from the wrong directory. A deliberate DocumentRoot is especially useful when splitting multiple domains across separate directories or volumes.

In Apache, each VirtualHost can define its own DocumentRoot, so different hostnames (or ports) can serve different directories. On Ubuntu and Debian, site definitions typically live in /etc/apache2/sites-available and are enabled via symlinks in /etc/apache2/sites-enabled; the server process must also have filesystem permission to traverse parent directories and read files in the target path. Access rules come from Directory blocks, either globally (/etc/apache2/apache2.conf) or inside a specific VirtualHost.

Incorrect paths or missing Directory permissions commonly produce 403 Forbidden responses, while pointing DocumentRoot at a directory containing secrets can leak them. When HTTPS is configured, the :443 VirtualHost often has a separate DocumentRoot entry that also needs updating for consistent content. On systems that enforce mandatory access control (notably SELinux on RHEL-family distributions), a correct context label is required before Apache can read the new directory.

Steps to change DocumentRoot location for Apache VirtualHost:

List configured VirtualHost entries to find the file that serves the target hostname.

$ sudo apache2ctl -S
VirtualHost configuration:
*:80                   localhost (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
##### snipped #####

On RHEL-family systems, the equivalent command is apachectl -S and site files are commonly under /etc/httpd.

Open the virtual host configuration file in your text editor.
```
$ sudoedit /etc/apache2/sites-available/000-default.conf
```
Related: Location for Apache DocumentRoot configuration
Create the new DocumentRoot directory.
```
$ sudo install --directory --mode=0755 /home/user/website
```
A neutral location such as /srv/www is often easier to permission than a home directory.

Create a simple test page in the new directory.

$ echo "Hi, I'm located in /home/user/website" | sudo tee /home/user/website/index.html >/dev/null

Locate the DocumentRoot directive inside the relevant VirtualHost block.

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Update the DocumentRoot path to the new directory.

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /home/user/website
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Update each VirtualHost that should serve the same content, including a :443 block when HTTPS is enabled.

Add a Directory block for the new path to allow access.

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /home/user/website
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
 
    <Directory /home/user/website>
        AllowOverride None
        Require all granted
    </Directory>
</VirtualHost>

Set AllowOverride All only when .htaccess rules are required.

Ensure Apache has ownership of the new directory.
```
$ sudo chown --recursive www-data:www-data /home/user/website/
```
Write access for www-data should be limited to directories that must be writable (uploads, caches).

Related: Default user and group for Apache daemon
Apply permission bits that allow Apache to read the directory content.
```
$ sudo chmod --recursive u=rwX,g=rX,o=rX /home/user/website/
```
Make sure Apache can traverse parent directories of the DocumentRoot path, or requests fail with 403 Forbidden (common culprit: a /home/user directory with mode 0700).
Related: How to change file and folder permissions in Linux

Update the SELinux context if your distribution uses SELinux.

$ sudo semanage fcontext --add --type httpd_sys_content_t "/home/user/website(/.*)?"
$ sudo restorecon -Rv /home/user/website
restorecon reset /home/user/website context unconfined_u:object_r:user_home_t:s0->system_u:object_r:httpd_sys_content_t:s0
##### snipped #####

This applies to distributions that implement SELinux such as CentOS, RHEL, and Fedora. Use httpd_sys_rw_content_t only when the web application requires write access.

Check the Apache configuration for syntax errors.
```
$ sudo apache2ctl configtest
Syntax OK
```
Related: How to test your Apache configuration
Reload the Apache service to apply the changes.
```
$ sudo systemctl reload apache2
```
Related: How to manage the Apache web server service
On RHEL-family systems, the unit name is commonly httpd.

Verify the configuration by requesting the site content from the new path.

$ curl -sH 'Host: example.com' http://127.0.0.1/
Hi, I'm located in /home/user/website

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.