diff --git a/deploy/please.conf b/deploy/please.conf
index 86a0d4c3..1f8feca5 100644
--- a/deploy/please.conf
+++ b/deploy/please.conf
@@ -2,45 +2,51 @@ WSGIPythonHome /opt/regluit/ENV
 WSGIPythonPath /opt/regluit/ENV/bin/python
 WSGISocketPrefix /opt/regluit
 
+
 <VirtualHost *:80>
 
 ServerName please.unglueit.com
 ServerAdmin info@gluejar.com
 
-RewriteEngine On
-RewriteRule ^/$ https://please.unglue.it/ [R=301]
-RewriteRule /admin(.*) https://please.unglue.it/admin$1 [R=301]
-RewriteRule /accounts(.*) https://please.unglue.it/accounts$1 [R=301]
-
-<Directory /opt/regluit/static>
-  Options Indexes FollowSymLinks
-  AllowOverride None
-
- Require all granted
-</Directory>
-
-Alias /static /var/www/static
+Redirect permanent / https://please.unglue.it/
 
 </VirtualHost>
 
+
 <VirtualHost _default_:443>
 
+ServerName just.unglue.it:443
+ServerAdmin info@gluejar.com
+
 SSLEngine on
 SSLProtocol All -SSLv2 -SSLv3
+
 SSLCertificateFile    /etc/ssl/certs/server.crt
 SSLCertificateKeyFile /etc/ssl/private/server.key
+SSLCertificateChainFile /etc/ssl/certs/STAR_unglue_it.ca-bundle
+
 #SSLCertificateChainFile /etc/ssl/certs/gd_bundle.crt
 
 WSGIDaemonProcess regluit processes=4 threads=4 python-eggs=/tmp/regluit-python-eggs
 WSGIScriptAlias / /opt/regluit/deploy/please.wsgi
 
+# generated using https://mozilla.github.io/server-side-tls/ssl-config-generator/
+# intermediate mode
+# 2015.03.04   (with Apache v 2.2.22 and OpenSSL 1.0.1 and HSTS enabled)
+
+SSLProtocol             all -SSLv2 -SSLv3
+SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+SSLHonorCipherOrder     on
+
+# HSTS (mod_headers is required) (15768000 seconds = 6 months)
+Header always add Strict-Transport-Security "max-age=15768000"
+
 <Directory /opt/regluit/deploy>
   <Files please.wsgi>
     Require all granted
   </Files>
 </Directory>
 
-
 <Directory /opt/regluit/static>
   Options Indexes FollowSymLinks
   AllowOverride None
@@ -56,10 +62,8 @@ BrowserMatch "MSIE [2-6]" \
 # MSIE 7 and newer should be able to use keepalive
 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
 
-#ErrorLog ${APACHE_LOG_DIR}/please.unglue.it-ssl-error.log
 ErrorLog "|/usr/bin/cronolog /var/log/apache2/%Y%m%d_error.log"
 LogLevel warn
-#CustomLog ${APACHE_LOG_DIR}/please.unglue.it-ssl-access.log combined
 CustomLog "|/usr/bin/cronolog /var/log/apache2/%Y%m%d_access.log" combined
 
 </VirtualHost>