Listen 443 https SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog SSLSessionCache shmcb:/run/httpd/sslcache(1024000) SSLSessionCacheTimeout 3600 SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin SSLStrictSNIVHostCheck off SSLProtocol -all +TLSv1.2 +TLSv1.3 SSLCipherSuite "\ ECDHE-ECDSA-AES128-GCM-SHA256 \ ECDHE-ECDSA-CHACHA20-POLY1305 \ ECDHE-ECDSA-AES256-GCM-SHA384 \ ECDHE-ECDSA-AES128-SHA \ ECDHE-ECDSA-AES256-SHA \ ECDHE-ECDSA-AES128-SHA256 \ ECDHE-ECDSA-AES256-SHA384 \ ECDHE-RSA-AES128-GCM-SHA256 \ ECDHE-RSA-CHACHA20-POLY1305 \ ECDHE-RSA-AES256-GCM-SHA384 \ ECDHE-RSA-AES128-SHA \ ECDHE-RSA-AES256-SHA \ ECDHE-RSA-AES128-SHA256 \ ECDHE-RSA-AES256-SHA384 \ DHE-RSA-AES128-GCM-SHA256 \ DHE-RSA-CHACHA20-POLY1305 \ DHE-RSA-AES256-GCM-SHA384 \ DHE-RSA-AES128-SHA \ DHE-RSA-AES256-SHA \ DHE-RSA-AES128-SHA256 \ DHE-RSA-AES256-SHA256" SSLHonorCipherOrder on SSLCompression off SSLUseStapling On SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/run/httpd/stapling_cache(128000) ServerName zabbix.example.com DocumentRoot "/var/www/html" Protocols h2 http/1.1 Options FollowSymLinks AllowOverride None Require all granted SSLEngine on Header always set Strict-Transport-Security "max-age=31536000" SSLCertificateFile /etc/pki/tls/certs/server.crt SSLCertificateKeyFile /etc/pki/tls/private/server.key # SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt Header set Content-Security-Policy: "default-src 'self' *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data: *.openstreetmap.org; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self';" SetEnvIf Request_URI "\.(gif|jpg|png|svg|css|js)$" nolog ErrorLog logs/error_log CustomLog logs/access_log combined env=!nolog