diff --git a/etc/apache2/sites-available/example.conf b/etc/apache2/sites-available/example.conf
new file mode 100644
index 0000000..bfe4620
--- /dev/null
+++ b/etc/apache2/sites-available/example.conf
@@ -0,0 +1,51 @@
+<VirtualHost *:80>
+
+RewriteEngine On
+RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
+
+</VirtualHost>
+
+<VirtualHost *:443>
+
+ServerAdmin admin@foo.bar
+ServerName foo.bar
+ServerAlias www.foo.bar
+
+#proxy settings
+ProxyPreserveHost On
+ProxyAddHeaders Off
+ProxyRequests Off
+
+#set proxy so that a web service can use a server running on port 54321
+ProxyPass /route https://foo.bar:54321
+ProxyPassReverse /route https://foo.bar:54321
+
+DocumentRoot /var/www/foo.bar/public_html
+
+<Directory /var/www/foo.bar/public_html>
+Options Indexes FollowSymLinks
+AllowOverride All
+Require all granted
+</Directory>
+
+ErrorLog ${APACHE_LOG_DIR}/foo.bar-error.log
+CustomLog ${APACHE_LOG_DIR}/foo.bar-access.log combined
+
+SSLProxyEngine On
+SSLEngine On
+SSLCertificateFile /etc/<path>/cert.pem
+SSLCertificateKeyFile /etc/<path>/private.key
+
+# enable HTTP/2, if available
+Protocols h2 http/1.1
+
+# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
+Header always set Strict-Transport-Security "max-age=63072000"
+
+</VirtualHost>
+
+# intermediate configuration
+SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1307:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+SSLHonorCipherOrder off
+SSLSessionTickets off