diff --git a/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf b/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf
index f57e8771f..2a5aedc30 100644
--- a/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf
+++ b/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf
@@ -4,42 +4,42 @@
DirectoryIndex index.php
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps
+
+
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
-
-
- Options FollowSymLinks
- AllowOverride None
- Require all granted
-
-
-
- Require all denied
-
- Order deny,allow
- Deny from all
-
-
-
-
- Require all denied
-
- Order deny,allow
- Deny from all
-
-
-
-
- Require all denied
-
- Order deny,allow
- Deny from all
-
-
-
-
- Require all denied
-
- Order deny,allow
- Deny from all
-
-
diff --git a/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf b/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf
index b66eb642d..74fd226b5 100644
--- a/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf
+++ b/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf
@@ -5,20 +5,65 @@ Listen 443
+ SSLEngine on
+
DocumentRoot /usr/share/zabbix/
ServerName zabbix
DirectoryIndex index.php
+
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps
# Enable/Disable SSL for this virtual host.
SSLEngine on
- SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
- SSLProtocol all -SSLv2
+ SSLProtocol all -SSLv2 -SSLv3
+ SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+ SSLHonorCipherOrder on
SSLCertificateFile /etc/ssl/apache2/ssl.crt
SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
# SSLCACertificatePath /etc/ssl/apache2/chain/
+
+ # HSTS (mod_headers is required) (15768000 seconds = 6 months)
+ Header always set Strict-Transport-Security "max-age=15768000"
+
+
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
diff --git a/web-apache-mysql/centos/conf/etc/zabbix/apache.conf b/web-apache-mysql/centos/conf/etc/zabbix/apache.conf
index f57e8771f..2a5aedc30 100644
--- a/web-apache-mysql/centos/conf/etc/zabbix/apache.conf
+++ b/web-apache-mysql/centos/conf/etc/zabbix/apache.conf
@@ -4,42 +4,42 @@
DirectoryIndex index.php
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps
+
+
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
-
-
- Options FollowSymLinks
- AllowOverride None
- Require all granted
-
-
-
- Require all denied
-
- Order deny,allow
- Deny from all
-
-
-
-
- Require all denied
-
- Order deny,allow
- Deny from all
-
-
-
-
- Require all denied
-
- Order deny,allow
- Deny from all
-
-
-
-
- Require all denied
-
- Order deny,allow
- Deny from all
-
-
diff --git a/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf b/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf
index 95ce0a375..2a5aedc30 100644
--- a/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf
+++ b/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf
@@ -4,47 +4,42 @@
DirectoryIndex index.php
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps
+
+
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
-
-
- Options FollowSymLinks
- AllowOverride None
- Order allow,deny
- Allow from all
-
-
-
- Order deny,allow
- Deny from all
-
- Order deny,allow
- Deny from all
-
-
-
-
- Order deny,allow
- Deny from all
-
- Order deny,allow
- Deny from all
-
-
-
-
- Order deny,allow
- Deny from all
-
- Order deny,allow
- Deny from all
-
-
-
-
- Order deny,allow
- Deny from all
-
- Order deny,allow
- Deny from all
-
-
diff --git a/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf b/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf
index f0ac57989..74fd226b5 100644
--- a/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf
+++ b/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf
@@ -1,19 +1,69 @@
+LoadModule ssl_module modules/mod_ssl.so
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+
+Listen 443
+
+ SSLEngine on
+
DocumentRoot /usr/share/zabbix/
ServerName zabbix
DirectoryIndex index.php
+
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps
# Enable/Disable SSL for this virtual host.
SSLEngine on
- SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
- SSLProtocol all -SSLv2
+ SSLProtocol all -SSLv2 -SSLv3
+ SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+ SSLHonorCipherOrder on
SSLCertificateFile /etc/ssl/apache2/ssl.crt
SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
# SSLCACertificatePath /etc/ssl/apache2/chain/
+
+ # HSTS (mod_headers is required) (15768000 seconds = 6 months)
+ Header always set Strict-Transport-Security "max-age=15768000"
+
+
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
diff --git a/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf b/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf
index f57e8771f..2a5aedc30 100644
--- a/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf
+++ b/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf
@@ -4,42 +4,42 @@
DirectoryIndex index.php
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps
+
+
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
-
-
- Options FollowSymLinks
- AllowOverride None
- Require all granted
-
-
-
- Require all denied
-
- Order deny,allow
- Deny from all
-
-
-
-
- Require all denied
-
- Order deny,allow
- Deny from all
-
-
-
-
- Require all denied
-
- Order deny,allow
- Deny from all
-
-
-
-
- Require all denied
-
- Order deny,allow
- Deny from all
-
-
diff --git a/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf b/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf
index b66eb642d..74fd226b5 100644
--- a/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf
+++ b/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf
@@ -5,20 +5,65 @@ Listen 443
+ SSLEngine on
+
DocumentRoot /usr/share/zabbix/
ServerName zabbix
DirectoryIndex index.php
+
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps
# Enable/Disable SSL for this virtual host.
SSLEngine on
- SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
- SSLProtocol all -SSLv2
+ SSLProtocol all -SSLv2 -SSLv3
+ SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+ SSLHonorCipherOrder on
SSLCertificateFile /etc/ssl/apache2/ssl.crt
SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
# SSLCACertificatePath /etc/ssl/apache2/chain/
+
+ # HSTS (mod_headers is required) (15768000 seconds = 6 months)
+ Header always set Strict-Transport-Security "max-age=15768000"
+
+
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
diff --git a/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf b/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf
index f57e8771f..2a5aedc30 100644
--- a/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf
+++ b/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf
@@ -4,42 +4,42 @@
DirectoryIndex index.php
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps
+
+
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
-
-
- Options FollowSymLinks
- AllowOverride None
- Require all granted
-
-
-
- Require all denied
-
- Order deny,allow
- Deny from all
-
-
-
-
- Require all denied
-
- Order deny,allow
- Deny from all
-
-
-
-
- Require all denied
-
- Order deny,allow
- Deny from all
-
-
-
-
- Require all denied
-
- Order deny,allow
- Deny from all
-
-
diff --git a/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf b/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf
index 95ce0a375..2a5aedc30 100644
--- a/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf
+++ b/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf
@@ -4,47 +4,42 @@
DirectoryIndex index.php
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps
+
+
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
-
-
- Options FollowSymLinks
- AllowOverride None
- Order allow,deny
- Allow from all
-
-
-
- Order deny,allow
- Deny from all
-
- Order deny,allow
- Deny from all
-
-
-
-
- Order deny,allow
- Deny from all
-
- Order deny,allow
- Deny from all
-
-
-
-
- Order deny,allow
- Deny from all
-
- Order deny,allow
- Deny from all
-
-
-
-
- Order deny,allow
- Deny from all
-
- Order deny,allow
- Deny from all
-
-
diff --git a/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf b/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf
index f0ac57989..74fd226b5 100644
--- a/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf
+++ b/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf
@@ -1,19 +1,69 @@
+LoadModule ssl_module modules/mod_ssl.so
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+
+Listen 443
+
+ SSLEngine on
+
DocumentRoot /usr/share/zabbix/
ServerName zabbix
DirectoryIndex index.php
+
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps
# Enable/Disable SSL for this virtual host.
SSLEngine on
- SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
- SSLProtocol all -SSLv2
+ SSLProtocol all -SSLv2 -SSLv3
+ SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+ SSLHonorCipherOrder on
SSLCertificateFile /etc/ssl/apache2/ssl.crt
SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
# SSLCACertificatePath /etc/ssl/apache2/chain/
+
+ # HSTS (mod_headers is required) (15768000 seconds = 6 months)
+ Header always set Strict-Transport-Security "max-age=15768000"
+
+
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+
+
+
+ Require all denied
+
+ Order deny,allow
+ Deny from all
+
+