The Apache HTTP Server (httpd) does not care if it runs on port 80, 443, 8080, or 2222. The port is just a listening endpoint. The confusion stems from a combination of two distinct security realities:
If the Apache instance on port 2222 is configured as a reverse proxy ( mod_proxy ), a critical Server-Side Request Forgery (SSRF) flaw could allow attackers to craft a request that forces the Apache server to route malicious traffic into the internal private network. Anatomy of an Attack on Port 2222 apache httpd 2222 exploit
If you have a legitimate reason (e.g., a development staging server), harden it immediately: The Apache HTTP Server (httpd) does not care
Do not expose it directly to the internet without protection. Follow this checklist: a development staging server)