LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so Listen 8443 SSLRandomSeed startup builtin SSLRandomSeed startup file:/dev/urandom 512 SSLRandomSeed connect builtin SSLRandomSeed connect file:/dev/urandom 512 AddType application/x-x509-ca-cert .crt SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 # Enable/Disable SSL for this virtual host. SSLEngine on # intermediate configuration SSLProtocol -all +TLSv1.2 +TLSv1.3 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 SSLHonorCipherOrder off SSLSessionTickets off SSLCertificateFile /etc/ssl/apache2/ssl.crt SSLCertificateKeyFile /etc/ssl/apache2/ssl.key # SSLCACertificatePath /etc/ssl/apache2/chain/ # enable HTTP/2, if available Protocols h2 http/1.1 # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) Header always set Strict-Transport-Security "max-age=63072000" Require all granted SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost" Options FollowSymLinks AllowOverride None Require all granted SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost" ExpiresActive On ExpiresDefault "access plus 1 year" Header append Cache-Control "public" ExpiresActive On ExpiresDefault "access plus 14 day" Header append Cache-Control "public" Require all denied Require all denied Require all denied Require all denied Require all denied Require all denied Require all denied Require all denied Require all denied Require all denied Require all denied Require all denied