httpd.conf

#[ VARIABLES ]
WAN = "vio0"
domain = "cryptsus.com"

#[ GLOBAL CONFIGURATION ]
prefork 10

#[ SERVER ]
server $domain {
   listen on $WAN tls port 443
   log {
      access "domain-access.log"
      error "domain-error.log"
   }
   tls {
      certificate "/etc/ssl/cryptsus.com.pem"
      key "/etc/ssl/private/cryptsus.com.key"
      ocsp "/etc/ssl/cryptsus.com.der"
      ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA"
      dhe "none"
      ecdhe "P-384"
      ticket lifetime default
      protocols "TLSv1.2,TLSv1.3"
  }
   hsts {
      max-age 31536000
      preload
      subdomains
  }
   location "/.well-known/acme-challenge/*" {
      root "/acme"
      request strip 2
  }
}

#[ REDIRECT www. to https:// ]
server www.cryptsus.com {
   listen on $WAN port 80
   block return 301 "https://cryptsus.com$REQUEST_URI"
}

#[ TYPES ]
types {
    include "/usr/share/misc/mime.types"
}