You can select 'nginx', then 'modern', and then 'apache' for a modern Apache configuration.
Are the 'modern' configs FIPS compliant?
What browsers/tools does requiring TLS 1.3 break?
Apache mod_nss and nginx support (DRAFT) TLS 1.3.
The changes to allowed ciphers in TLS 1.3 could be implemented by modifying webserver config (e.g. as produced by the aforementioned Mozilla config generator tool). IDK what versions of (unupgraded) browsers that would cut off.