diff --git a/configs/apache2.4/conf-available/oscp-stapling.conf b/configs/apache2.4/conf-available/oscp-stapling.conf
new file mode 100644
index 0000000..c6f2499
--- /dev/null
+++ b/configs/apache2.4/conf-available/oscp-stapling.conf
@@ -0,0 +1,4 @@
+SSLUseStapling on
+SSLStaplingResponderTimeout 5
+SSLStaplingReturnResponderErrors off
+SSLStaplingCache shmcb:/var/run/ocsp(128000)
\ No newline at end of file
diff --git a/configs/apache2.4/sites-available/https-hsts.conf b/configs/apache2.4/sites-available/https-hsts.conf
new file mode 100644
index 0000000..a990016
--- /dev/null
+++ b/configs/apache2.4/sites-available/https-hsts.conf
@@ -0,0 +1,55 @@
+#
+# This is an example of a medium security, highly compatible SSLv3 and TLSv1
+# enabled HTTPS server. The server prefers modes that provide perfect forward
+# secrecy but does not require it. Anonymous cipher modes are disabled. This
+# configuation also includes the HSTS header to ensure that users do not
+# accidentally connect to an insecure HTTP service after their first visit. The
+# HSTS header is set to expire after six earth months.
+#
+#  Supported Server Cipher(s):
+#    Accepted  TLSv1  256 bits  DHE-RSA-AES256-SHA
+#    Accepted  TLSv1  256 bits  AES256-SHA
+#    Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA
+#    Accepted  TLSv1  128 bits  AES128-SHA
+#    Accepted  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
+#    Accepted  TLSv1  168 bits  DES-CBC3-SHA
+#
+#  Prefered Server Cipher(s):
+#    TLSv1  256 bits  DHE-RSA-AES256-SHA
+#
+# This configuration requires mod_headers, mod_ssl, it binds to TCP port 443, it only
+# logs errors, and disables the server signature.
+#
+
+<VirtualHost 1.2.3.4:443>
+
+    ServerAdmin webmaster@example.com
+    ServerName www.example.com
+    ServerAlias wiki.example.com example.com
+
+    SSLEngine on
+    SSLCertificateFile /etc/apache2/ssl/www.example.com.crt
+    SSLCertificateKeyFile /etc/apache2/ssl/www.example.com.key
+	SSLCertificateChainFile /etc/apache2/ssl/cert-bundle.crt
+
+    SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2
+    SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:!RC4:HIGH:!MD5:!aNULL:!EDH
+    SSLHonorCipherOrder on
+    SSLCompression off
+
+    # Add six earth month HSTS header for all users...
+    Header add Strict-Transport-Security "max-age=15768000"
+    # If you want to protect all subdomains, use the following header
+    # Strict-Transport-Security: max-age=15768000 ; includeSubDomains
+
+    DocumentRoot /var/www/https-root/
+
+    ErrorLog /var/log/apache2/https-error.log
+
+    # Possible values include: debug, info, notice, warn, error, crit,
+    # alert, emerg.
+    LogLevel warn
+
+    ServerSignature Off
+
+</VirtualHost>
diff --git a/configs/apache2.4/sites-available/https-redirect-rewrite.conf b/configs/apache2.4/sites-available/https-redirect-rewrite.conf
new file mode 100644
index 0000000..b6731e8
--- /dev/null
+++ b/configs/apache2.4/sites-available/https-redirect-rewrite.conf
@@ -0,0 +1,37 @@
+#
+# This is an example of how to redirect any normal HTTP connections on port 
+# 80 of multiple hosts to the same host, keeping the subdomain, path and
+# parameters part of the uri but on HTTPS.
+#
+# It shouldn't be necessary on a new website but is required for a website
+# converting from http to https and wanting to keep all previous links
+# valid.
+#
+# Note that mod_rewrite require more computing power than mod_alias and isn't
+# always available. But contrary to mod_alias you don't have to create one
+# configuration per subdomain. You could use a wilcard ServerName and never
+# look at it again in the future knowing that whatever subdomain your user hit
+# it will be redirected to https or list all your https-available subdomains
+# in the ServerAlias.
+#
+# This configuration requires mod_rewrite, it only logs errors, and 
+# disables the server signature.
+#
+
+<VirtualHost 1.2.3.4:80>
+
+        ServerAdmin webmaster@example.com
+        ServerName example.com
+        ServerAlias wiki.example.com www.example.com *.users.example.com
+
+        RewriteEngine On
+        RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=permanent]
+
+        ErrorLog /var/log/apache2/https-redirect-error.log
+        # Possible values include: debug, info, notice, warn, error, crit,
+        # alert, emerg.
+        LogLevel warn
+
+        ServerSignature Off
+
+</VirtualHost>
diff --git a/configs/apache2.4/sites-available/https-redirect.conf b/configs/apache2.4/sites-available/https-redirect.conf
new file mode 100644
index 0000000..a8aafde
--- /dev/null
+++ b/configs/apache2.4/sites-available/https-redirect.conf
@@ -0,0 +1,23 @@
+#
+# This is an example of how to redirect any normal HTTP connections on port 80
+# to https://www.example.com/
+#
+# This configuration requires mod_redirect, it only logs errors, and disables
+# the server signature.
+#
+
+<VirtualHost 1.2.3.4:80>
+
+        ServerAdmin webmaster@example.com
+        ServerName example.com
+        ServerAlias wiki.example.com www.example.com
+        RedirectPermanent /      https://www.example.com/
+
+        ErrorLog /var/log/apache2/https-redirect-error.log
+        # Possible values include: debug, info, notice, warn, error, crit,
+        # alert, emerg.
+        LogLevel warn
+
+        ServerSignature Off
+
+</VirtualHost>