diff --git a/group_vars/all.yml b/group_vars/all.yml
index c447e51..c2594ec 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -60,6 +60,7 @@ server_hostname: server.example.com
 # Apache configuration behind Nginx reverse proxy.
 apache_listen_ip: "127.0.0.1"
 apache_listen_port: 82
+apache_listen_port_ssl: 2443
 apache_create_vhosts: true
 apache_vhosts_filename: "vhosts.conf"
 apache_remove_default_vhost: false
@@ -70,6 +71,7 @@ apache_mods_enabled:
   - rewrite.load
   - ssl.load
   - remoteip.load
+  - security.load
 apache_mods_disabled:
   - php
   - php7
diff --git a/roles/ansible-role-apache/templates/90-remoteip.conf.j2 b/roles/ansible-role-apache/templates/90-remoteip.conf.j2
index da328e7..981454d 100644
--- a/roles/ansible-role-apache/templates/90-remoteip.conf.j2
+++ b/roles/ansible-role-apache/templates/90-remoteip.conf.j2
@@ -1,7 +1,11 @@
-LoadModule remoteip_module modules/mod_remoteip.so
+<IfModule !mod_remoteip.c>
+  LoadModule remoteip_module modules/mod_remoteip.so
+</IfModule>
 
-LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+<IfModule mod_remoteip.c>
+  LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
 
-RemoteIPHeader X-Real-IP
-RemoteIPInternalProxy 127.0.0.1
-RemoteIPTrustedProxy 127.0.0.1
+  RemoteIPHeader X-Real-IP
+  RemoteIPInternalProxy 127.0.0.1
+  RemoteIPTrustedProxy 127.0.0.1
+</IfModule>