Apache2 Site


Warning

These settings will lockout various old browsers/clients!

Preparations

Enable SSL, once

a2enmod ssl

The config

<VirtualHost *:443>

    ServerName sub.domain.tld
    ServerAdmin admin@sub.domain.tld

    DocumentRoot /path/to/root/
    <Directory /path/to/root/>
		Options FollowSymLinks MultiViews
		AllowOverride None
		Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/sub.domain.tld_error.log
    CustomLog ${APACHE_LOG_DIR}/sub.domain.tld_access.log combined

    ServerSignature Off


    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
    Header set X-Frame-Options SAMEORIGIN
    Header set X-XSS-Protection 1;mode=block
    Header set X-Content-Type-Options nosniff

    SSLEngine on
    SSLHonorCipherOrder     on
    SSLProtocol     ALL -SSLv2 -SSLv3
    SSLCompression off
    SSLCipherSuite TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!DHE-RSA-AES256-SHA:!ECDHE-RSA-AES256-SHA:!RSA:!3DES

    SSLCertificateFile /etc/apache2/ssl/sub.domain.tld.crt
    SSLCertificateKeyFile /etc/apache2/ssl/sub.domain.tld.key


</VirtualHost>



<VirtualHost *:80> 
        ServerName sub.domain.tld

        Redirect permanent / https://sub.domain.tld/

</VirtualHost>