apache ssl

gistfile1.txt

<VirtualHost *:80>
    ServerName ${vhost}
    ServerAlias www.${vhost}
    DocumentRoot /var/www/${vhost}/public/html
    Redirect / https://${vhost}
</VirtualHost>
<VirtualHost *:443>
    Header set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
    Header set Content-Security-Policy "default-src https://${vhost}:443"
    Header set x-frame-options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Content-Type-Options "nosniff"
    Header set Referrer-Policy "no-referrer"
    ServerName ${vhost}
    DocumentRoot /var/www/${vhost}/public/html
    SSLEngine on
    SSLHonorCipherOrder on
    SSLCipherSuite 'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EECDH:EDH+AESGCM:EDH:+3DES:ECDH+AESGCM:ECDH+AES:ECDH:AES:HIGH:MEDIUM:!RC4:!CAMELLIA:!SEED:!aNULL:!MD5:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP:!SSLv3:!SSLv2:!TLSv1'
    SSLProtocol all -SSLv2 -SSLv3
    SSLCertificateFile /etc/letsencrypt/live/${vhost}/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/${vhost}/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/${vhost}/chain.pem
    Options Indexes FollowSymLinks
    ErrorLog /var/www/${vhost}/logs/error.log
    CustomLog /var/www/${vhost}/logs/requests.log combined
</VirtualHost>