HEX
Server: Apache/2.4.6 () OpenSSL/1.0.2k-fips PHP/8.3.8
System: Linux gateway.rmc-logistics.net 4.1.12-124.48.6.el7uek.x86_64 #2 SMP Tue Mar 16 14:57:50 PDT 2021 x86_64
User: apache (48)
PHP: 8.3.8
Disabled: NONE
$ pwd: /etc/httpd/conf.d/
Upload Files
File: //etc/httpd/conf.d/awara-logistics.com.conf.bak
#AWARA-LOGISTICS.COM

<VirtualHost *:80>
    ServerAdmin postmaster@rusmarine.ru
    DocumentRoot "/var/www/awara-logistics.com"
    ServerName www.awara-logistics.com
    ServerAlias awara-logistics.com
    <Directory "/var/www/awara-logistics.com">
     AllowOverride all
     Require all granted 
    </Directory>
#    ErrorLog "logs/awara-logistics.com.error.log"
#    CustomLog "logs/awara-logistics.com.access.log" common
php_admin_value mbstring.func_overload 2
php_admin_value mbstring.internal_encoding UTF-8

RewriteEngine on
RewriteCond %{SERVER_NAME} =awara-logistics.com [OR]
RewriteCond %{SERVER_NAME} =www.awara-logistics.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>


<VirtualHost *:443>

# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/awara-logistics.com"
ServerName www.awara-logistics.com
ServerAlias awara-logistics.com
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.


    <Directory "/var/www/awara-logistics.com">
    AllowOverride all
    Require all granted
   </Directory>
    ErrorLog "logs/awara-logistics.com.ssl.log"
    CustomLog "logs/awara-logistics.com_access.ssl.log" common

LogLevel warn

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
##   SSLEngine on

# Recommended settings from  https://cipherli.st  ############################
##SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS:!DES
#SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!RC4:!MD5:!DES
##SSLProtocol All +TLSv1.2 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
##SSLHonorCipherOrder On
###Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
###Header always set X-Frame-Options DENY
###Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off

php_admin_value mbstring.func_overload 2
php_admin_value mbstring.internal_encoding UTF-8

#   SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect.  Disable SSLv2 access by default:
#SSLProtocol all -SSLv2 -SSLv3

#   SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
#SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES

#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
#SSLCertificateFile /etc/pki/tls/certs/www_forwarding_ru_2018_08_26.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.

#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
#   Client Authentication (Type):
#   Client certificate verification type and depth.  Types are
#   none, optional, require and optional_no_ca.  Depth is a
#   number which specifies how deeply to verify the certificate
#   issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth  10

#   Access Control:
#   With SSLRequire you can do per-directory access control based
#   on arbitrary complex boolean expressions containing server
#   variable checks and other lookup directives.  The syntax is a
#   mixture between C and Perl.  See the mod_ssl documentation
#   for more details.
#<Location />
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>

#   SSL Engine Options:
#   Set various options for the SSL engine.
#   o FakeBasicAuth:
#     Translate the client X.509 into a Basic Authorisation.  This means that
#     the standard Auth/DBMAuth methods can be used for access control.  The
#     user name is the `one line' version of the client's X.509 certificate.
#     Note that no password is obtained from the user. Every entry in the user
#     file needs this password: `xxj31ZMTZzkVA'.
#   o ExportCertData:
#     This exports two additional environment variables: SSL_CLIENT_CERT and
#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
#     server (always existing) and the client (only existing when client
#     authentication is used). This can be used to import the certificates
#     into CGI scripts.
#   o StdEnvVars:
#     This exports the standard SSL/TLS related `SSL_*' environment variables.
#     Per default this exportation is switched off for performance reasons,
#     because the extraction step is an expensive operation and is usually
#     useless for serving static content. So one usually enables the
#     exportation for CGI and SSI requests only.
#   o StrictRequire:
#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
#     under a "Satisfy any" situation, i.e. when it applies access is denied
#     and no other module can change it.
#   o OptRenegotiate:
#     This enables optimized SSL connection renegotiation handling when SSL
#     directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
#    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
#    SSLOptions +StdEnvVars
#
#    </Files>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

                          #   Per-Server Logging:
                          #   The home of a custom SSL log file. Use this when you want a
                          #   compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

#Include /etc/letsencrypt/options-ssl-apache.conf
#        SSLCertificateFile /etc/letsencrypt/live/awara-logistics.com/cert.pem
#        SSLCertificateKeyFile /etc/letsencrypt/live/awara-logistics.com/privkey.pem
#	SSLCertificateChainFile /etc/letsencrypt/live/awara-logistics.com/chain.pem
</VirtualHost>
@ Telegram