Make Apache configuration more secure, add SSL cache

inventory/group_vars/all.yml

@@ -41,7 +41,7 @@ zerotier_network_id: !vault |
 
 # For geerlingguy.apache
 apache_remove_default_vhost: yes
-apache_ssl_cipher_suite: AES256+EECDH:AES256+EDH
+apache_ssl_cipher_suite: "ECDH:AECDH:!SHA1:!SHA256:!SHA384"
 apache_ssl_protocol: all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
 
 # For geerlingguy.php

playbooks/vars/apache.yml

@@ -9,6 +9,7 @@ apache_mods_enabled:
   - proxy_fcgi.load
   - proxy_http.load
   - rewrite.load
+  - socache_shmcb.load
   - ssl.load
 apache_mods_disabled:
   - mpm_event.load
@@ -17,6 +18,8 @@ apache_mods_disabled:
 apache_global_vhost_settings: |
   DirectoryIndex index.php index.html
   Protocols h2 http/1.1
+  SSLSessionCache shmcb:/run/apache2/socache
+  SSLSessionCacheTimeout 300
   <FilesMatch \.php$>
   SetHandler "proxy:fcgi://127.0.0.1:9000"
   </FilesMatch>