LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

Listen 443

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        SSLEngine on

        DocumentRoot /usr/share/zabbix/
        ServerName zabbix
        DirectoryIndex index.php

        AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
        AddType application/x-httpd-php-source .phps

        # Enable/Disable SSL for this virtual host.
        SSLEngine on

        SSLProtocol             all -SSLv2 -SSLv3
        SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
        SSLHonorCipherOrder     on

        SSLCertificateFile /etc/ssl/apache2/ssl.crt
        SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
        # SSLCACertificatePath /etc/ssl/apache2/chain/

        # HSTS (mod_headers is required) (15768000 seconds = 6 months)
        Header always set Strict-Transport-Security "max-age=15768000"

        <Directory "/usr/share/zabbix">
            Options FollowSymLinks
            AllowOverride None
            Require all granted
        </Directory>

        <Directory "/usr/share/zabbix/conf">
            Require all denied
            <files *.php>
                Order deny,allow
                Deny from all
            </files>
        </Directory>

        <Directory "/usr/share/zabbix/app">
            Require all denied
            <files *.php>
                Order deny,allow
                Deny from all
            </files>
        </Directory>

        <Directory "/usr/share/zabbix/include">
            Require all denied
            <files *.php>
                Order deny,allow
                Deny from all
            </files>
        </Directory>

        <Directory "/usr/share/zabbix/local">
            Require all denied
            <files *.php>
                Order deny,allow
                Deny from all
            </files>
        </Directory>
    </VirtualHost>
</IfModule>