LoadModule ssl_module modules/mod_ssl.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so Listen 443 <IfModule mod_ssl.c> <VirtualHost *:443> SSLEngine on DocumentRoot /usr/share/zabbix/ ServerName zabbix DirectoryIndex index.php AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php-source .phps # Enable/Disable SSL for this virtual host. SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS SSLHonorCipherOrder on SSLCertificateFile /etc/ssl/apache2/ssl.crt SSLCertificateKeyFile /etc/ssl/apache2/ssl.key # SSLCACertificatePath /etc/ssl/apache2/chain/ # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security "max-age=15768000" <Directory "/usr/share/zabbix"> Options FollowSymLinks AllowOverride None Require all granted </Directory> <Directory "/usr/share/zabbix/conf"> Require all denied <files *.php> Order deny,allow Deny from all </files> </Directory> <Directory "/usr/share/zabbix/app"> Require all denied <files *.php> Order deny,allow Deny from all </files> </Directory> <Directory "/usr/share/zabbix/include"> Require all denied <files *.php> Order deny,allow Deny from all </files> </Directory> <Directory "/usr/share/zabbix/local"> Require all denied <files *.php> Order deny,allow Deny from all </files> </Directory> </VirtualHost> </IfModule>