From e3cd3cec3f9e6d305d8d610b49a2b42bd1606702 Mon Sep 17 00:00:00 2001 From: Jephte Clain Date: Fri, 30 Dec 2016 18:10:59 +0400 Subject: [PATCH] diverses modification de apacheconfig et apache.tools MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - rétablir deux répertoires de templates différents: celui pour debian wheezy- est distinct de celui pour jessie+ - support d'une configuration complète ou partielle - support de la mise à jour de la configuration réseau: configuration complète (interfaces standards et bridge) ou partielle (ajout d'adresse ip) - support de templates pour la création de nouveaux site - améliorer le support des certificats: utiliser ceux qui sont déjà installés le cas échéant. - support de fichiers *rewrite*.rules directement dans le répertoire principal. Les fichiers de RewriteRules/ sont obsolètes. - quickstart pour apacheconfig, afin de simplifier son utilisation dans des scripts - fonction legacy_mkRewriteRules() pour pouvoir traiter les fichiers *rewrite*.rules dans des scripts. --- apacheconfig | 163 ++++- lib/ulib/apache.tools | 659 ++++++++++++++---- .../apacheconfig.d8/README-apacheconfig.txt | 76 ++ .../certsconf/default-certs.conf | 15 + .../templates/apacheconfig.d8/cgi-bin/.udir | 24 + .../apacheconfig.d8/cgi-bin/test.cgi | 6 + .../confs.conf} | 0 .../apacheconfig.d8/confs/ssl-config.conf | 15 + .../templates/apacheconfig.d8/modules.conf | 4 + .../modules/ssl.conf} | 4 +- .../templates/apacheconfig.d8/network.conf | 24 + .../ports.conf} | 8 - .../templates/apacheconfig.d8/rewrite.rules | 2 + lib/ulib/templates/apacheconfig.d8/sites.conf | 4 + .../sites/default.conf} | 0 .../sites/default.ssl.conf} | 0 .../templates/apacheconfig.d8/syspkgs.conf | 9 + .../apacheconfig.d8/templates/SITE-certs.conf | 15 + .../apacheconfig.d8/templates/SITE.conf | 31 + .../templates/SITE.ssl.conf} | 90 +-- .../apacheconfig.d8/templates/SITE/.udir | 24 + .../templates/SITE/favicon.ico | Bin 0 -> 1150 bytes .../apacheconfig.d8/templates/SITE/icon.png | Bin 0 -> 29641 bytes .../apacheconfig.d8/workers.properties | 17 + lib/ulib/templates/apacheconfig.d8/www/.udir | 24 + .../templates/apacheconfig.d8/www/favicon.ico | Bin 0 -> 1150 bytes .../templates/apacheconfig.d8/www/icon.png | Bin 0 -> 29641 bytes .../apacheconfig/RewriteRules/update.sh | 6 +- lib/ulib/templates/apacheconfig/confs.conf | 0 .../templates/apacheconfig/modules/ssl.conf | 103 +++ .../apacheconfig/modules/ssl.conf..d | 103 --- lib/ulib/templates/apacheconfig/ports.conf | 29 + lib/ulib/templates/apacheconfig/ports.conf..d | 29 - .../templates/apacheconfig/sites/default.conf | 51 ++ .../apacheconfig/sites/default.conf..d | 51 -- .../apacheconfig/sites/default.ssl.conf | 190 +++++ .../templates/apacheconfig/www/favicon.ico | Bin 0 -> 1150 bytes lib/ulib/templates/apacheconfig/www/icon.png | Bin 0 -> 29641 bytes mkRewriteRules | 207 +----- 39 files changed, 1395 insertions(+), 588 deletions(-) create mode 100644 lib/ulib/templates/apacheconfig.d8/README-apacheconfig.txt create mode 100644 lib/ulib/templates/apacheconfig.d8/certsconf/default-certs.conf create mode 100644 lib/ulib/templates/apacheconfig.d8/cgi-bin/.udir create mode 100755 lib/ulib/templates/apacheconfig.d8/cgi-bin/test.cgi rename lib/ulib/templates/{apacheconfig/confs.conf..d8 => apacheconfig.d8/confs.conf} (100%) create mode 100644 lib/ulib/templates/apacheconfig.d8/confs/ssl-config.conf create mode 100644 lib/ulib/templates/apacheconfig.d8/modules.conf rename lib/ulib/templates/{apacheconfig/modules/ssl.conf..d8 => apacheconfig.d8/modules/ssl.conf} (99%) create mode 100644 lib/ulib/templates/apacheconfig.d8/network.conf rename lib/ulib/templates/{apacheconfig/ports.conf..d8 => apacheconfig.d8/ports.conf} (65%) create mode 100644 lib/ulib/templates/apacheconfig.d8/rewrite.rules create mode 100644 lib/ulib/templates/apacheconfig.d8/sites.conf rename lib/ulib/templates/{apacheconfig/sites/default.conf..d8 => apacheconfig.d8/sites/default.conf} (100%) rename lib/ulib/templates/{apacheconfig/sites/default.ssl.conf..d8 => apacheconfig.d8/sites/default.ssl.conf} (100%) create mode 100644 lib/ulib/templates/apacheconfig.d8/syspkgs.conf create mode 100644 lib/ulib/templates/apacheconfig.d8/templates/SITE-certs.conf create mode 100644 lib/ulib/templates/apacheconfig.d8/templates/SITE.conf rename lib/ulib/templates/{apacheconfig/sites/default.ssl.conf..d => apacheconfig.d8/templates/SITE.ssl.conf} (69%) create mode 100644 lib/ulib/templates/apacheconfig.d8/templates/SITE/.udir create mode 100644 lib/ulib/templates/apacheconfig.d8/templates/SITE/favicon.ico create mode 100644 lib/ulib/templates/apacheconfig.d8/templates/SITE/icon.png create mode 100644 lib/ulib/templates/apacheconfig.d8/workers.properties create mode 100644 lib/ulib/templates/apacheconfig.d8/www/.udir create mode 100644 lib/ulib/templates/apacheconfig.d8/www/favicon.ico create mode 100644 lib/ulib/templates/apacheconfig.d8/www/icon.png delete mode 100644 lib/ulib/templates/apacheconfig/confs.conf delete mode 100644 lib/ulib/templates/apacheconfig/modules/ssl.conf..d delete mode 100644 lib/ulib/templates/apacheconfig/ports.conf..d delete mode 100644 lib/ulib/templates/apacheconfig/sites/default.conf..d create mode 100644 lib/ulib/templates/apacheconfig/www/favicon.ico create mode 100644 lib/ulib/templates/apacheconfig/www/icon.png diff --git a/apacheconfig b/apacheconfig index ec52ddf..6f824b6 100755 --- a/apacheconfig +++ b/apacheconfig @@ -16,6 +16,19 @@ OPTIONS Créer un nouveau répertoire de configuration pour un hôte -d, --destdir DESTDIR[=$TEMPLATECTL_NAME] Nom du répertoire local de configuration. + -f,--full + --partial + Indiquer respectivement que la configuration est complète ou partielle. + Avec la configuration complète, le serveur peut être complètement + configuré avec tous les fichiers présents. Avec la configuration + partielle, uniquement les informations spécifiques à un service en + particulier sont disponibles. + Cette option est utilisée avec --create. Par défaut, la configuration + est partielle. + Pour le moment, la seule différence est que --full crée un fichier de + configuration nommé .apacheconfig alors que --partial crée un fichier + nommé apacheconfig.conf qui est visible et donc découvrable et éditable + plus facilement -t, --template [OPT] Gérer les fichiers du répertoire local avec templatectl. La valeur de @@ -46,9 +59,12 @@ OPTIONS Lors du déploiement de la configuration, les valeurs des variables dynamiques sont remplacées dans les fichiers destination. Les arguments qui restent sont passés tels quels à apache_autoconf + -N, --network-config + Mettre aussi à jour la configuration réseau. -r, --certsdir CERTSDIR Spécifier le cas échéant le répertoire contenant les certificats à - déployer. Cet argument est requis si le répertoire certsconf/ existe. + déployer. Cet argument est requis si le répertoire certsconf/ existe, + sauf si les certificats sont déjà déployés. --localhosts Créer dans le fichier /etc/hosts tous les noms d'hôte ayant un suffixe @@ -63,24 +79,45 @@ OPTIONS -S, --one-site SITE Ne déployer que le fichier de site spécifié. Cette option est utilisée avec --deploy ou --localhosts et est utile pour le développement et les - tests." + tests. + + -k, --new-site HOST.TLD + Créer une définition pour un nouveau site à partir des fichiers du + répertoires templates/ + -K, --new-site-templatedir TEMPLATEDIR + Spécifier le répertoire source pour les templates de site utilisés par + l'option --new-site. Par défaut, utiliser le répertoire templates/ situé + dans le répertoire de configuration. + Si TEMPLATEDIR est un nom simple sans séparateur de chemin '/' et qu'un + répertoire templates/TEMPLATEDIR existe, alors prendre ce répertoire-là + comme source. + --new-site-force + Avec --new-site, utiliser le nom d'hôte fourni même s'il n'est pas + pleinement qualifié" } action= destdir= -nohideconfig= +nohideconfig=auto templateopt= +FULLCONF= +netconf= aac_certsdir= bits= oneconf= onemodule= onesite= +site_host= +site_templdir= +site_force= args=( --help '$exit_with display_help' -c,--create action=create -d:,--destdir: destdir= --no-hideconfig nohideconfig=1 --hideconfig nohideconfig= + -f,--full FULLCONF=1 + --partial FULLCONF= -t::,--template:: '$set@ templateopt; action=template' --help-template '$templateopt=-help; action=template' -l,--list '$templateopt=l; action=template' @@ -96,15 +133,23 @@ args=( -8,--jessie '$array_add TEMPLATECTL_VARS sysver=jessie' --bits: bits= -u,--update,--deploy action=deploy + -N,--network-config netconf=1 -r:,--certsdir: aac_certsdir= --localhosts action=localhosts -C:,--one-conf: oneconf= -M:,--one-module: onemodule= -S:,--one-site: onesite= + -k:,--new-site: '$action=new-site; set@ site_host' + -K:,--new-site-templatedir: site_templdir= + --new-site-force site_force= ) parse_args "$@"; set -- "${args[@]}" -apacheconfig_loadconf "$destdir" || die +if [ "$nohideconfig" == auto ]; then + [ -n "$FULLCONF" ] && nohideconfig= || nohideconfig=1 +fi + +apacheconfig_loadconf "$destdir" "$nohideconfig" || die apacheconfig_sysinfos "$sysname" "$sysdist" "$sysver" "$bits" ################################################################################ @@ -128,7 +173,7 @@ if [ "$action" == create ]; then ask_yesno "Le fichier $(ppath "$config") sera écrasé. Voulez-vous continuer?" O || die rm -f "$config" || die fi - templatectl -d "$destdir" --config "$config" --no-load-vars -m --write-vars + templatectl -d "$destdir" --config "$config" ${nohideconfig:+--no-hide-config} --no-load-vars -m --write-vars ################################################################################ elif [ "$action" == template ]; then @@ -142,7 +187,9 @@ elif [ "$action" == deploy -o "$action" == localhosts ]; then [ -d "$destdir" ] || die "$destdir: répertoire introuvable" args=( - -d "$destdir" --$action ${aac_certsdir:+-r "$aac_certsdir"} + -d "$destdir" --$action + ${netconf:+--network-config} + ${aac_certsdir:+-r "$aac_certsdir"} ${oneconf:+--one-conf "$oneconf"} ${onemodule:+--one-module "$onemodule"} ${onesite:+--one-site "$onesite"} @@ -160,11 +207,113 @@ elif [ "$action" == deploy -o "$action" == localhosts ]; then apacheconfig_deploy \ "$destdir" "$aac_certsdir" \ "$config" "$oneconf" "$onemodule" "$onesite" \ - "$custom_sysinfos" "$sysname" "$sysdist" "$sysver" "$bits" || die + "$custom_sysinfos" "$sysname" "$sysdist" "$sysver" "$bits" \ + "$netconf" || die eend elif [ "$action" == localhosts ]; then etitle "Mise à jour de /etc/hosts" apacheconfig_deploy_localhosts "$destdir" "$aac_certsdir" "$onesite" || die eend fi + +################################################################################ +elif [ "$action" == new-site ]; then + host="$site_host" + templdir="$site_templdir" + if [[ "$templdir" != */* ]] && [ -d "$destdir/templates/$templdir" ]; then + templdir="$destdir/templates/$templdir" + elif [ -z "$templdir" ]; then + templdir="$destdir/templates" + fi + [ -d "$templdir" ] || die "$templdir: répertoire introuvable" + force="$site_force" + + clrtempl= + ssltempl= + certstempl= + wwwtempl= + array_from_lines templs "$(list_files "$templdir" "*SITE.conf")" + [ ${#templs[*]} -gt 0 ] && clrtempl="${templs[0]}" + array_from_lines templs "$(list_files "$templdir" "*SITE.ssl.conf")" + [ ${#templs[*]} -gt 0 ] && ssltempl="${templs[0]}" + array_from_lines templs "$(list_files "$templdir" "*SITE-certs.conf")" + [ ${#templs[*]} -gt 0 ] && certstempl="${templs[0]}" + array_from_lines templs "$(list_dirs "$templdir" "*SITE")" + [ ${#templs[*]} -gt 0 ] && wwwtempl="${templs[0]}" + + found= + for i in "$clrtempl" "$ssltempl" "$certstempl" "$wwwtempl"; do + [ -n "$i" ] && { found=1; break; } + done + [ -n "$found" ] || die "Aucun template disponible" + + if [ -z "$force" ] && [[ "$host" != *.* ]]; then + die "$host n'est pas un nom d'hôte pleinement qualifié" + fi + + etitle "$host" + hostname="${host%%.*}" + clrconf="${clrtempl/SITE/$hostname}" + sslconf="${ssltempl/SITE/$hostname}" + certsconf="${certstempl/SITE/$hostname}" + wwwdir="${wwwtempl/SITE/$hostname}" + + mkdir -p "$destdir/certsconf" + mkdir -p "$destdir/sites" + + sedscript="\ +s/SITE.TLD/$host/g +s/SITE/$hostname/g" + + if [ -z "$clrtempl" ]; then + : + elif [ ! -f "$templdir/$clrtempl" ]; then + ewarn "Le fichier $(ppath "$templdir/$clrtempl") n'existe pas. La copie ne sera pas complète" + elif [ -f "$destdir/sites/$clrconf" ]; then + ewarn "Le fichier sites/$clrconf existe déjà. Il ne sera pas écrasé." + else + estep "sites/$clrconf" + sed "$sedscript" "$templdir/$clrtempl" >"$destdir/sites/$clrconf" || die + fi + + if [ -z "$ssltempl" ]; then + : + elif [ ! -f "$templdir/$ssltempl" ]; then + ewarn "Le fichier $(ppath "$templdir/$ssltempl") n'existe pas. La copie ne sera pas complète" + elif [ -f "$destdir/sites/$sslconf" ]; then + ewarn "Le fichier sites/$sslconf existe déjà. Il ne sera pas écrasé." + else + estep "sites/$sslconf" + sed "$sedscript" "$templdir/$ssltempl" >"$destdir/sites/$sslconf" || die + fi + + if [ -z "$certstempl" ]; then + : + elif [ ! -f "$templdir/$certstempl" ]; then + ewarn "Le fichier $(ppath "$templdir/$certstempl") n'existe pas. La copie ne sera pas complète" + elif [ -f "$destdir/certsconf/$certsconf" ]; then + ewarn "Le fichier certsconf/$certsconf exite déjà. Il ne sera pas écrasé." + else + estep "certsconf/$certsconf" + sed "$sedscript" "$templdir/$certstempl" >"$destdir/certsconf/$certsconf" || die + fi + + if [ -z "$wwwtempl" ]; then + : + elif [ ! -d "$templdir/$wwwtempl" ]; then + ewarn "Le répertoire $(ppath "$templdir/$wwwtempl") n'existe pas. La copie ne sera pas complète" + elif [ -d "$destdir/$wwwdir" ]; then + ewarn "Le répertoire $wwwdir existe déjà. Il ne sera pas écrasé." + else + estep "$wwwdir" + cpdirnovcs "$templdir/$wwwtempl" "$destdir/$wwwdir" || die + sed -i "$sedscript" "$destdir/$wwwdir/.udir" || die + fi + + eend + + if [ -n "$wwwtempl" ]; then + eimportant "Ne pas oublier le cas échéant de mettre à jour HTDMAPPINGS dans $(ppath "$config") e.g. + HTDMAPPINGS=($wwwdir)" + fi fi diff --git a/lib/ulib/apache.tools b/lib/ulib/apache.tools index 722b6e5..eaa8d8e 100644 --- a/lib/ulib/apache.tools +++ b/lib/ulib/apache.tools @@ -5,28 +5,101 @@ ##@require sysinfos ##@require apache uprovide apache.tools -urequire base sysinfos apache +urequire base sysinfos template apache -function __apache_resolvcert() { +function __apache_rc_destdir() { + [ -z "$3" ] && set_var "${1:-certsdir}" "$(get_APACHESSLCERTSDIR_prefix)" + [ -z "$4" ] && set_var "${2:-keysdir}" "$(get_APACHESSLKEYSDIR_prefix)" +} + +function __apache_rc_loadconf() { [ -n "$__rc_dir" ] || __rc_dir="$(dirname "$__rc_conf")" eval "$( source "$__rc_conf" - set_var_cmd __rc_cert "$cert" - set_var_cmd __rc_key "$key" - set_var_cmd __rc_ca "$ca" + echo_setv __rc_cert "$cert" + echo_setv __rc_key "$key" + echo_setv __rc_ca "$ca" )" [ -n "$__rc_cert" ] && __rc_cert="$(abspath "$__rc_cert" "$__rc_dir")" [ -n "$__rc_key" ] && __rc_key="$(abspath "$__rc_key" "$__rc_dir")" [ -n "$__rc_ca" ] && __rc_ca="$(abspath "$__rc_ca" "$__rc_dir")" } -function __apache_checkvars() { +function __apache_rc_resolveprefix() { + local __prefix __cert __key + local __certsdir="$1" __keysdir="$2" + __apache_rc_destdir __certsdir __keysdir "$__certsdir" "$__keysdir" + + if [ -z "$__rc_cert" ]; then + # si pas de certificat, alors générer un préfixe pour chercher les + # fichiers + setx __prefix=basename "$__rc_conf" + __prefix="${__prefix%certs.conf}" + elif [ ! -f "$__rc_cert" ]; then + # si le fichier source n'existe pas, vérifier s'il existe dans la + # destination + setx __cert=basename "$__rc_cert" + setx __key=basename "$__rc_key" + if [ -f "$__certsdir/$__cert" -a -f "$__keysdir/$__key" ]; then + # parfait, les fichiers existent déjà à l'endroit prévu + : + else + # construire un préfixe avec le nom du fichier + __prefix="$__cert" + if [ "${__prefix%.pem}" != "$__prefix" ]; then + __prefix="${__prefix%.pem}" + elif [ "${__prefix%.crt}" != "$__prefix" ]; then + __prefix="${__prefix%.crt}" + fi + if [ -n "${__prefix//[0-9]/}" ]; then + # enlever le suffixe numérique, uniquement si le nom ne contient + # pas que des chiffres + while [ -n "$__prefix" -a "${__prefix%[0-9]}" != "$__prefix" ]; do + __prefix="${__prefix%[0-9]}" + done + fi + fi + fi + + if [ -n "$__prefix" ]; then + local -a __certs + array_from_lines __certs "$(list_files "$__certsdir" "$__prefix*" | LANG=C sort -r)" + if [ ${#__certs[*]} -gt 0 ]; then + __cert="${__certs[0]}" + __key="${__cert%.*}.key" + __rc_cert="$__rc_dir/$__cert" + __rc_key="$__rc_dir/$__key" + fi + fi +} + +function __apache_rc_checkfiles() { + local destdir="$1"; shift + local file + for file in "$@"; do + [ -n "$file" ] || continue + [ -f "$file" ] && continue + if [ -n "$destdir" -a -f "$destdir/$(basename "$file")" ]; then + [ -z "$__apache_rc_quiet" ] && ewarn "$file: fichier introuvable +Le fichier existant $destdir/$(basename "$file") sera utilisé" + continue + fi + eerror "$file: fichier introuvable" + return 1 + done + return 0 +} + +function __apache_rc_checkvars() { + local __certsdir="$1" __keysdir="$2" + __apache_rc_destdir __certsdir __keysdir "$__certsdir" "$__keysdir" + if [ -n "$__rc_cert" -a -z "$__rc_key" ]; then local __rc_name __rc_ext splitname "$__rc_cert" __rc_name __rc_ext if [ "$__rc_ext" == "crt" -o "$__rc_ext" == "pem" ]; then __rc_key="$__rc_name.key" - enote "La clé privée n'a pas été spécifiée. La valeur $(ppath "$__rc_key") sera utilisée" + [ -z "$__apache_rc_quiet" ] && enote "La clé privée n'a pas été spécifiée. La valeur $(ppath "$__rc_key") sera utilisée" else eerror "Impossible de trouver la clé privée correspondant au certificat $(ppath "$__rc_cert")" return 1 @@ -36,30 +109,31 @@ function __apache_checkvars() { eerror "Vous devez spécifier le certificat à installer" return 1 elif [ -z "$__rc_cert" ]; then - eattention "Seul le certificat autorité a été spécifié." + [ -z "$__apache_rc_quiet" ] && eattention "Seul le certificat autorité a été spécifié." elif [ -z "$__rc_ca" ]; then - ewarn "Aucun certificat autorité n'a pas été spécifié. Cela ne peut marcher que si le certificat est autosigné" + [ -z "$__apache_rc_quiet" ] && ewarn "Aucun certificat autorité n'a pas été spécifié. Cela ne peut marcher que si le certificat est autosigné" fi - local i - for i in "$__rc_cert" "$__rc_key" "$__rc_ca"; do - [ -n "$i" ] || continue - [ -f "$i" ] || { - eerror "$i: Fichier introuvable" - return 1 - } - done + __apache_rc_checkfiles "$__certsdir" "$__rc_ca" "$__rc_cert" || return 1 + __apache_rc_checkfiles "$__keysdir" "$__rc_key" || return 1 + return 0 } function apache_resolvecert() { # Calculer l'emplacement des certificats correspondant aux arguments $1 et # $2 (qui correspondent aux options --conf et --dir de apache_addcert()), # puis initialiser les variables $3(=cert), $4(=key) et $5(=ca) + # Si ces valeurs sont déjà calculées, on peut fournir $6=certsdir et + # $7=keysdir local __rc_conf="$1" __rc_dir="$2" local __rc_cert __rc_key __rc_ca - __apache_resolvcert - __apache_checkvars || return 1 + local __certsdir="$6" __keysdir="$7" + __apache_rc_destdir __certsdir __keysdir "$__certsdir" "$__keysdir" + + __apache_rc_loadconf + __apache_rc_resolveprefix "$__certsdir" "$__keysdir" + __apache_rc_checkvars "$__certsdir" "$__keysdir" || return 1 set_var "${3:-cert}" "$__rc_cert" set_var "${4:-key}" "$__rc_key" set_var "${5:-ca}" "$__rc_ca" @@ -93,29 +167,33 @@ OPTIONS eval "$(utools_local)" local action=install - local certsconf certsdir cert key ca + local certsconf certssrcdir cert key ca local __out_cert __out_key __out_ca parse_opts "${PRETTYOPTS[@]}" \ --help '$exit_with __apache_addcert_display_help' \ -C:,--conf: certsconf= \ - -d:,--dir: certsdir= \ + -d:,--dir: certssrcdir= \ --out-cert: '$set@ __out_cert; action=dump' \ --out-key: '$set@ __out_key; action=dump' \ --out-ca: '$set@ __out_ca; action=dump' \ @ args -- "$@" && set -- "${args[@]}" || die "$args" + local certsdir keysdir + __apache_rc_destdir certsdir keysdir + local __rc_conf __rc_dir local __rc_cert __rc_key __rc_ca if [ -n "$certsconf" ]; then __rc_conf="$certsconf" - __rc_dir="$certsdir" - __apache_resolvconf - __apache_checkvars || return 1 + __rc_dir="$certssrcdir" + __apache_rc_loadconf + __apache_rc_resolveprefix "$certsdir" "$keysdir" + __apache_rc_checkvars "$certsdir" "$keysdir" || return 1 else __rc_cert="$1" __rc_key="$2" __rc_ca="$3" - __apache_checkvars || return 1 + __apache_rc_checkvars "$certsdir" "$keysdir" || return 1 fi cert="$__rc_cert" key="$__rc_key" @@ -129,9 +207,7 @@ OPTIONS ask_yesno "Voulez-vous continuer?" O || return 1 urequire install - etitle "Installation des certificats" - certsdir="$(get_APACHESSLCERTSDIR_prefix)" - keysdir="$(get_APACHESSLKEYSDIR_prefix)" + etitled "Copie des fichiers" if [ ! -d "$certsdir" ]; then mkdir -p "$certsdir" || return 1 chmod 755 "$certsdir" || return 1 @@ -140,38 +216,36 @@ OPTIONS mkdir -p "$keysdir" || return 1 chmod 710 "$keysdir" || return 1 fi - if [ -n "$cert" ]; then - copy_replace "$cert" "$certsdir" || return 1 - chmod 644 "$certsdir/$(basename "$cert")" || return 1 - copy_replace "$key" "$keysdir" || return 1 - chmod 640 "$keysdir/$(basename "$key")" || return 1 + if [ -n "$cert" -a -f "$cert" ]; then + if copy_update "$cert" "$certsdir"; then + chmod 644 "$certsdir/$(basename "$cert")" || return 1 + fi + if copy_update "$key" "$keysdir"; then + chmod 640 "$keysdir/$(basename "$key")" || return 1 + fi fi - if [ -n "$ca" ]; then - copy_replace "$ca" "$certsdir" || return 1 - chmod 644 "$certsdir/$(basename "$ca")" || return 1 + if [ -n "$ca" -a -f "$ca" ]; then + if copy_update "$ca" "$certsdir"; then + chmod 644 "$certsdir/$(basename "$ca")" || return 1 + fi fi eend return 0 } -__APACHE_AUTOCONF_SUFFIXES=(d8 d) -__APACHE_AUTOCONF_SUFFIX_d8=(-d debian -v jessie+) -__APACHE_AUTOCONF_SUFFIX_d=(-d debian) -function __apache_autoconf_check_suffix() { - array_contains __APACHE_AUTOCONF_SUFFIXES "$1" || return 1 - local sysinfos="__APACHE_AUTOCONF_SUFFIX_${1}[@]" - check_sysinfos --vars sysname sysdist sysver bits "${!sysinfos}" -} -function __apache_autoconf_filter_suffix_files() { - grep -vF .. -} function __apache_autoconf_setup() { if ! check_sysinfos --vars sysname sysdist sysver bits -s linux64 linux32 linux -d debian; then - eerror "apache_autoconf n'est supporté que sur Debian linux" + eerror "$(get_sysinfos_desc): système non supporté. debian linux est requis" return 1 fi - urequire install + urequire debian install + if [ -z "$__apache_autoconf_no_require_apache" ]; then + pkg_check apache2 || { + eerror "apache2 non installé. impossible de continuer" + return 1 + } + fi compute_apache_prefixes return 0 } @@ -193,24 +267,8 @@ function __apache_autoconf_fillcopy() { # script sed $FILLSCRIPT. Le fichier temporaire $FILLTEMP est utilisé pour # le remplacement des valeurs. $3 contient le cas échéant des commandes sed # supplémentaires - # Si des fichiers suffixes existent, ne faire la copie que si un fichier - # approprié correspondant au système courant est trouvé local src="$1" dest="$2" sedscript="$3" perms="${4:-go+rX}" - # vérifier les fichiers suffixe - local suffix have_suffix found_suffix - for suffix in "${__APACHE_AUTOCONF_SUFFIXES[@]}"; do - if [ -f "$src..$suffix" ]; then - have_suffix=1 - if __apache_autoconf_check_suffix "$suffix"; then - found_suffix=1 - src="$src..$suffix" - break - fi - fi - done - [ -n "$have_suffix" -a -z "$found_suffix" ] && return 1 - # valeurs à remplacer dans le fichier local var found_var for var in "${FILLVARS[@]}"; do @@ -225,14 +283,16 @@ $sedscript" <"$src" >"$FILLTEMP" src="$FILLTEMP" fi - copy_update "$src" "$dest" "$perms" + copy_update "$src" "$dest" "$perms" && return + estepn "$(basename -- "$dest")" + return 1 } __APACHE_AUTOCONF_HELP="\ --confdir CONFDIR Spécifier l'emplacement des fichiers de configuration apache ainsi que des - fichiers 'confs.conf', 'modules.conf' et 'sites.conf'. Par défaut, prendre - le répertoire local DESTDIR. + fichiers 'syspkgs.conf', 'confs.conf', 'modules.conf' et 'sites.conf'. Par + défaut, prendre le répertoire local DESTDIR. --confsdir CONFSDIR Spécifier l'emplacement des fichiers des configuration. Par défaut, utiliser DESTDIR/confs si ce répertoire existe. @@ -264,7 +324,7 @@ function apache_autoconf() { local autoconfdir certsdir confdir confsdir oneconf modulesdir onemodule local sitesdir onesite cgibindir wwwdir certsconfdir rrdir onecms local sysname sysdist sysver bits - local destconfsdir a2xconf + local netconf destconfsdir a2xconf local restart=1 parse_opts "${PRETTYOPTS[@]}" \ --help '$exit_with __display_apache_autoconf_help' \ @@ -288,6 +348,7 @@ function apache_autoconf() { -7,--wheezy sysver=wheezy \ -8,--jessie sysver=jessie \ --bits: bits= \ + --network-config netconf=1 \ @ args -- "$@" && set -- "${args[@]}" || die "$args" if [ -n "$sysname" -o -n "$sysdist" -o -n "$sysver" ]; then @@ -298,13 +359,13 @@ function apache_autoconf() { sysver=("${MYSYSVER[@]}") bits="$MYBITS" fi - __apache_autoconf_setup || return 1 - if __apache_autoconf_check_suffix d8; then + __apache_autoconf_no_require_apache= __apache_autoconf_setup || return 1 + if check_sysinfos --vars sysname sysdist sysver bits -d debian -v jessie+; then confdefault=000-default.conf confdefaultssl=default-ssl.conf destconfsdir="$APACHECONFDIR/conf-available" a2xconf=1 - elif __apache_autoconf_check_suffix d; then + elif check_sysinfos --vars sysname sysdist sysver bits -d debian; then confdefault=default confdefaultssl=default-ssl destconfsdir="$APACHECONFDIR/conf.d" @@ -340,6 +401,19 @@ function apache_autoconf() { local -a FILLVARS; local FILLSCRIPT FILLTEMP __apache_autoconf_fillxxx "$@" + # Installation des packages système + if [ -f "$confdir/syspkgs.conf" ]; then + local -a syspkgs + local syspkg + array_from_lines syspkgs "$(<"$confdir/syspkgs.conf" filter_conf)" + if ! pkg_check "${syspkgs[@]}"; then + etitle "Installation de paquets système" + estep "${syspkgs[@]}" + pkg_install "${syspkgs[@]}" || return 1 + eend + fi + fi + # Copie des certificats local modified rehash conf if [ -d "$certsconfdir" ]; then @@ -350,17 +424,10 @@ function apache_autoconf() { array_addu FILLVARS ca etitle "Installation des certificats" + [ -n "$certsdir" -a ! -d "$certsdir" ] && ewarn "$certsdir: répertoire invalide" array_lsfiles certsconfs "$certsconfdir" "*.conf" for certsconf in "${certsconfs[@]}"; do - if [ -z "$certsdir" ]; then - eerror "CERTSDIR est requis si --certsconfdir est spécifié" - return 1 - elif [ ! -d "$certsdir" ]; then - eerror "$certsdir: répertoire invalide" - return 1 - fi - apache_resolvecert "$certsconf" "$certsdir" cert key ca || return 1 - apache_addcert -y "$cert" "$key" "$ca" + apache_addcert -y -C "$certsconf" -d "$certsdir" "$cert" "$key" "$ca" || return 1 modified=1 done array_lsfiles certspems "$certsconfdir" "*.crt" "*.pem" @@ -378,11 +445,9 @@ function apache_autoconf() { local -a confs local conf etitle "Installation des configurations" - array_from_lines confs "$(list_files "$confsdir" "*.conf" | __apache_autoconf_filter_suffix_files)" + array_from_lines confs "$(list_files "$confsdir" "*.conf")" for conf in "${confs[@]}"; do [ -z "$oneconf" -o "$conf" == "$oneconf" ] || continue - - estep "$conf" __apache_autoconf_fillcopy \ "$confsdir/$conf" \ "$destconfsdir/$conf" && modified=1 @@ -395,11 +460,9 @@ function apache_autoconf() { local -a confs local conf etitle "Installation des configurations des modules" - array_from_lines confs "$(list_files "$modulesdir" "*.conf" | __apache_autoconf_filter_suffix_files)" + array_from_lines confs "$(list_files "$modulesdir" "*.conf")" for conf in "${confs[@]}"; do [ -z "$onemodule" -o "$conf" == "$onemodule" ] || continue - - estep "$conf" __apache_autoconf_fillcopy \ "$modulesdir/$conf" \ "$APACHECONFDIR/mods-available/$conf" && modified=1 @@ -409,12 +472,12 @@ function apache_autoconf() { # Règles de réécriture if [ -d "$rrdir" -a -z "$onecms" ]; then + # legacy... remplacé par des fichiers de règles directement dans le répertoire de configuration local -a confs local conf etitle "Installation des règles de réécriture" array_from_lines confs "$(list_files "$rrdir" "RewriteRules*.conf")" for conf in "${confs[@]}"; do - estep "$conf" __apache_autoconf_fillcopy \ "$rrdir/$conf" \ "$APACHECONFDIR/$conf" && modified=1 @@ -426,9 +489,9 @@ function apache_autoconf() { local -a enablesites disablesites if [ -d "$sitesdir" -a \( -z "$onecms" -o -n "$onesite" \) ]; then local -a confs - local conf confname destconf certsconf + local conf confname destconf certsconf sedscript copied etitle "Installation des sites" - array_from_lines confs "$(list_files "$sitesdir" "*.conf" | __apache_autoconf_filter_suffix_files)" + array_from_lines confs "$(list_files "$sitesdir" "*.conf")" for confname in "${confs[@]}"; do conf="$sitesdir/$confname" [ -z "$onesite" -o "$confname" == "$onesite" ] || continue @@ -449,27 +512,44 @@ function apache_autoconf() { *) destconf="$confname";; esac + copied= if [ -n "$certsconf" ]; then certsconf="$certsconfdir/$certsconf" if [ -f "$certsconf" ]; then - apache_resolvecert "$certsconf" "$certsdir" cert key ca || return 1 - __apache_autoconf_fillcopy \ - "$conf" \ - "$APACHEAVSITESDIR/$destconf" "\ + __apache_rc_quiet=1 apache_resolvecert "$certsconf" "$certsdir" cert key ca || return 1 + if [ -n "$cert" -a -n "$key" ]; then + sedscript="\ s#@@cert@@#$APACHESSLCERTSDIR/$(basename "$cert")#g -s#@@key@@#$APACHESSLKEYSDIR/$(basename "$key")#g -s#@@ca@@#$APACHESSLCERTSDIR/$(basename "$ca")#g -" +s#@@key@@#$APACHESSLKEYSDIR/$(basename "$key")#g" + if [ -n "$ca" ]; then + sedscript="$sedscript +s#@@ca@@#$APACHESSLCERTSDIR/$(basename "$ca")#g" + else + sedscript="$sedscript +/@@ca@@/s/^/#/g" + fi + __apache_autoconf_fillcopy \ + "$conf" \ + "$APACHEAVSITESDIR/$destconf" "$sedscript" + copied=1 + else + eerror "$(ppath "$certsconf"): définition des certificats introuvable +Le fichier de configuration $confname a été ignoré" + fi else - eerror "$(ppath "$certsconf"): fichier introuvable. Il a été ignoré" + eerror "$(ppath "$certsconf"): fichier introuvable +Le fichier de configuration $confname a été ignoré" fi else __apache_autoconf_fillcopy \ "$conf" \ "$APACHEAVSITESDIR/$destconf" + copied=1 + fi + if [ -n "$copied" ]; then + enablesites=("${enablesites[@]}" "$destconf") + modified=1 fi - enablesites=("${enablesites[@]}" "$destconf") - modified=1 done eend fi @@ -478,16 +558,28 @@ s#@@ca@@#$APACHESSLCERTSDIR/$(basename "$ca")#g if [ -d "$confdir" -a -z "$onecms" ]; then local -a confs local conf + etitle "Configuration de base" - array_add ignores confs.conf modules.conf sites.conf - array_from_lines confs "$(list_files "$confdir" | __apache_autoconf_filter_suffix_files)" + array_add ignores syspkgs.conf confs.conf modules.conf sites.conf network.conf + array_from_lines confs "$(list_files "$confdir")" for conf in "${confs[@]}"; do array_contains ignores "$conf" && continue - estep "$conf" __apache_autoconf_fillcopy \ "$confdir/$conf" \ "$APACHECONFDIR/$conf" && modified=1 done + + array_from_lines confs "$(list_files "$confdir" "*rewrite*.rules")" + if [ ${#confs[*]} -gt 0 ]; then + etitle "Règles de réécriture" + for conf in "${confs[@]}"; do + [ -f "$APACHECONFDIR/$conf" ] || continue + estep "$conf" + legacy_mkRewriteRules "$APACHECONFDIR/$conf" && modified=1 + done + eend + fi + if [ -f "$confdir/confs.conf" -a -n "$a2xconf" ]; then local -a confs local conf @@ -564,9 +656,30 @@ s#@@ca@@#$APACHESSLCERTSDIR/$(basename "$ca")#g fi # Contenu web - if [ -d "$wwwdir" -a -z "$onecms" ]; then - etitle "Installation des fichiers du serveur web" - cpdirnovcs "$wwwdir" "$HTDOCSDIR" + if [ -z "$onecms" ]; then + etitled "Installation des fichiers du serveur web" + if is_defined HTDMAPPINGS; then + local htdmapping src dest + for htdmapping in "${HTDMAPPINGS[@]}"; do + splitpair "$htdmapping" dest src + [ -n "$dest" ] || dest=html + case "$dest" in + html) [ -n "$src" ] || src=www;; + *) [ -n "$src" ] || src="$dest";; + esac + withpath "$src" || src="$confdir/$src" + withpath "$dest" || dest="$HTDOCSBASE/$dest" + estep "$src --> $dest" + cpdirnovcs "$src" "$dest" + # par défaut, le propriétaire est root. est-ce nécessaire? + #chown -R www-data: "$dest" + done + elif [ -d "$wwwdir" ]; then + estep "$wwwdir --> $HTDOCSDIR" + cpdirnovcs "$wwwdir" "$HTDOCSDIR" + # par défaut, le propriétaire est root. est-ce nécessaire? + #chown -R www-data: "$HTDOCSDIR" + fi eend fi @@ -587,6 +700,30 @@ s#@@ca@@#$APACHESSLCERTSDIR/$(basename "$ca")#g eend fi + # Mettre à jour la configuration réseau + if [ -z "$onecms" -a -n "$netconf" -a -f "$confdir/network.conf" ]; then + local -a ips brs; local host etc_networks + eval "$( + source "$confdir/network.conf" + set_array_cmd ips + set_array_cmd brs + echo_setv host "$host" + echo_setv etc_networks "$etc_networks" + )" + etitled "Vérification de la configuration du réseau" + if [ -n "$FULLCONF" ]; then + if [ ${#ips[*]} -gt 0 -o ${#brs[*]} -gt 0 -o -n "$hosts" ]; then + network_config "$host" ips brs && modified=1 + fi + [ -n "$etc_networks" ] && network_update_etc_networks "$etc_networks" + else + if [ ${#ips[*]} -gt 0 ]; then + network_config_partial ips && modified=1 + fi + fi + eend + fi + if [ -n "$modified" ]; then [ -n "$rehash" ] && elinedots "Hashage des certificats" c_rehash if [ -n "$restart" ]; then @@ -604,7 +741,7 @@ function apache_autoconf_localhosts() { --one-site: onesite= \ @ args -- "$@" && set -- "${args[@]}" || die "$args" - __apache_autoconf_setup || return 1 + __apache_autoconf_no_require_apache=1 __apache_autoconf_setup || return 1 # Configuration autoconfdir="$1"; shift @@ -711,27 +848,48 @@ function __template_updatef_dhost() { [ -n "$ips" ] || __template_set_var ips "" } -# toujours placer une variable dépendante AVANT la variable maitre +# syntaxe: var[:depvars,...][=desc] APACHECONFIG_TEMPLATE_STATIC_VARS=( - hostname aliases host - certsdir caname + host:hostname,aliases="hôte pour lequel ce template a été créé. +# les variables hostname et aliases sont automatiquement générées. +# utiliser @@dhost@@ pour déployer dynamiquement avec le nom d'hôte courant." + certsdir="répertoire par défaut contenant les certificats à déployer" + caname="nom de l'autorité par défaut" ) APACHECONFIG_TEMPLATE_DYNAMIC_VARS=( - ips_namevirtualhosts ips_listens ips - dhostname daliases dhost - admin configdir + ips:ips_namevirtualhosts,ips_listens="liste d'adresses de la forme ip[:port], séparées par un espace. +# ces adresses sont celles sur lesquelles apache doit écouter. ce paramètre n'a +# de sens que sur squeeze. en effet, la configuration par défaut sur jessie rend +# ce paramétrage inutile." + dhost:dhostname,daliases="hôte pour lequel les fichiers doivent être déployés. +# les variables dhostname et daliases sont automatiquement générées. +# cette variable n'a besoin d'être modifiée que si host=@@dhost@@ ci-dessous" + admin="mail de l'administrateur du serveur" + configdir="répertoire dans lequel le template a été généré" +) +APACHECONFIG_TEMPLATE_NOWRITE_VARS=(configdir) +APACHECONFIG_TEMPLATE_USER_VARS=( + FULLCONF="Est-on en mode configuration complète?" + HTDMAPPINGS="Mapping des répertoires destination dans /var/www vers le répertoire local, e.g. html:www" ) -APACHECONFIG_TEMPLATE_NOWRITE_VARS=(hostname aliases dhostname daliases configdir) +function __apacheconfig_initsrcdirs() { + if check_sysinfos "$@" -d debian -v jessie+; then + TEMPLATECTL_SRCDIRS=(apacheconfig.d8) + else + TEMPLATECTL_SRCDIRS=(apacheconfig) + fi +} function apacheconfig_initvars() { DEFAULT_ADMIN=supervision-gdrsi@listes.univ-reunion.fr DEFAULT_CERTSDIR=1507-renater DEFAULT_CANAME=1507-DigiCertCA.crt set_defaults apacheconfig - TEMPLATE_STATIC_VARS=("${APACHECONFIG_TEMPLATE_STATIC_VARS[@]}") - TEMPLATE_DYNAMIC_VARS=("${APACHECONFIG_TEMPLATE_DYNAMIC_VARS[@]}") TEMPLATE_NOWRITE_VARS=("${APACHECONFIG_TEMPLATE_NOWRITE_VARS[@]}") + template_build_vars TEMPLATE_STATIC_VARS TEMPLATE_NOWRITE_VARS "${APACHECONFIG_TEMPLATE_STATIC_VARS[@]}" + template_build_vars TEMPLATE_DYNAMIC_VARS TEMPLATE_NOWRITE_VARS "${APACHECONFIG_TEMPLATE_DYNAMIC_VARS[@]}" + template_build_vars TEMPLATE_USER_VARS "" "${APACHECONFIG_TEMPLATE_USER_VARS[@]}" __TEMPLATE_DEFAULTF_host=__template_defaultf_host __TEMPLATE_UPDATEF_host=__template_updatef_host __TEMPLATE_DEFAULTF_ips=__template_defaultf_ips @@ -740,7 +898,7 @@ function apacheconfig_initvars() { __TEMPLATE_UPDATEF_dhost=__template_updatef_dhost TEMPLATECTL_NAME=apacheconfig - TEMPLATECTL_SRCDIRS=(apacheconfig) + __apacheconfig_initsrcdirs TEMPLATECTL_CONFIG="$TEMPLATECTL_NAME" TEMPLATECTL_DEFAULTS=( admin="$DEFAULT_ADMIN" @@ -751,11 +909,14 @@ function apacheconfig_initvars() { } function apacheconfig_loadconf() { - local config modified - local destdir="$1" autocreate + local config modified autocreate + local destdir="$1" nohideconfig="$2" + + # valeurs par défaut + is_defined HTDMAPPINGS || HTDMAPPINGS=(html:www) __template_set_destdir destdir autocreate "$TEMPLATECTL_NAME" || return 1 - setx config=templatectl_config "$destdir" + setx config=templatectl_config "$destdir" ${nohideconfig:+nohideconfig} modified= templatectl_loadvars "$config" && modified=1 @@ -779,7 +940,8 @@ function apacheconfig_sysinfos() { __template_set_var sysname "$sysname" __template_set_var sysdist "$sysdist" __template_set_var sysver "$sysver" - #check_sysinfos --vars sysname sysdist sysver bits "${templatectl_suffix[@]} + # mettre à jour la source en fonction du système cible + __apacheconfig_initsrcdirs --vars sysname sysdist sysver bits upvars sysname "$sysname" sysdist "$sysdist" sysver "$sysver" bits "$bits" \ custom_sysinfos "$custom_sysinfos" @@ -789,6 +951,7 @@ function apacheconfig_deploy() { local destdir="$1" certsdir="$2"; shift; shift local config="$1" oneconf="$2" onemodule="$3"; onesite="$4"; shift; shift; shift; shift local custom_sysinfos="$1" sysname="$2" sysdist="$3" sysver="$4" bits="$5"; shift; shift; shift; shift; shift + local netconf="$1"; shift local -a args args=(--ignore "$(basename -- "$config")") @@ -796,6 +959,7 @@ function apacheconfig_deploy() { [ -n "$onemodule" ] && array_add args --one-module "$(basename -- "$onemodule")" [ -n "$onesite" ] && array_add args --one-site "$(basename -- "$onesite")" [ -n "$custom_sysinfos" ] && array_add args --sysname "$sysname" --sysdist "$sysdist" --sysver "$sysver" --bits "$bits" + [ -n "$netconf" ] && array_add args --network-config array_add args "$destdir" "$certsdir" for __name in "${TEMPLATE_DYNAMIC_VARS[@]}"; do array_add args "$__name=${!__name}" @@ -803,6 +967,21 @@ function apacheconfig_deploy() { apache_autoconf "${args[@]}" "$@" } +function apacheconfig_qs() { + # fonction pour simplifier l'utilisation de apacheconfig_deploy pour un + # répertoire spécifique + # $1=destdir $2=certsdir $3=netconf + local destdir="$1" certsdir="$2" netconf="$3" + local config modified destdir autocreate + apacheconfig_initvars + apacheconfig_loadconf "$1" + apacheconfig_deploy \ + "$destdir" "$2" \ + "$config" "" "" "" \ + "" "" "" "" "" \ + "$3" +} + function apacheconfig_localhosts() { local destdir="$1" certsdir="$2"; shift; shift local onesite="$1"; shift @@ -815,3 +994,241 @@ function apacheconfig_localhosts() { done apache_autoconf_localhosts "${args[@]}" "$@" } + +function __mrr_joinurl() { + # joindre chaque élément de $1..@ par /, en évitant les slashes en double + local i url + for i in "$@"; do + [ -n "$i" ] || continue + if [ -n "$url" ]; then + url="${url%/}/${i#/}" + else + url="$i" + fi + done + [ -n "$url" ] && echo "$url" +} +function __mrr_has_proxy() { + # vérifier que les options $1 contiennent 'P' + local -a options + array_split options "$1" "," + array_contains options P +} +function legacy_mkRewriteRules() { + # $1=infile, $2=thishost, $3=outfile, $4=htmlfile, $5=proxy_enabled? + local infile="$1" thishost="$2" outfile="$3" htmlfile="$4" proxy_enabled="$5" + local -a rules; local rule prefix index done current + local tmpinfile tmpoutfile + local src dest host suffix options prot proxy_acls usrc trail noslash proxy_url proxy_use + + if [ -z "$infile" -o "$infile" == - ]; then + infile=/dev/stdin + elif [ -z "$outfile" ]; then + local outdir="$(dirname -- "$infile")" + outfile="$(basename -- "$infile")" + if [[ "$outfile" == *rewrite*.rules ]]; then + outfile="${outfile/rewrite/RewriteRules}" + outfile="${outfile/.rules/.conf}" + else + outfile="$outfile-RewriteRules.conf" + fi + outfile="$outdir/$outfile" + fi + [ -n "$outfile" -a "$outfile" != - ] || outfile=/dev/stdout + + if [ -z "$thishost" -o -z "$proxy_enabled" ]; then + # le cas échéant, lire les paramètres manquant depuis le fichier + if [ "$infile" == /dev/stdin ]; then + ac_set_tmpfile tmpinfile + cat >"$tmpinfile" + infile="$tmpinfile" + fi + eval "$(awkrun -f <"$infile" ' +/^[^#]/ { exit 0 } +/^#+ *host *=/ { sub(/^#+ *host *= */, ""); sub(/ *$/, ""); print "thishost=" qval($0); next } +/^#+ *enable_proxy *=/ { sub(/^#+ *enable_proxy *= */, ""); sub(/ *$/, ""); print "proxy_enabled=" qval($0); next } +')" + fi + [ -n "$thishost" ] || thishost="$(myhost)" + normyesval proxy_enabled + + if [ -n "$htmlfile" ]; then + echo ' + + + + +'"$thishost + + +

$thishost

+ + +' >>"$htmlfile" + fi + + [ -n "$tmpinfile" ] && ac_clean "$tmpinfile" + ac_clean "$tmpoutfile" + [ -n "$modified" ] +} diff --git a/lib/ulib/templates/apacheconfig.d8/README-apacheconfig.txt b/lib/ulib/templates/apacheconfig.d8/README-apacheconfig.txt new file mode 100644 index 0000000..bd574ef --- /dev/null +++ b/lib/ulib/templates/apacheconfig.d8/README-apacheconfig.txt @@ -0,0 +1,76 @@ +# -*- coding: utf-8 mode: text -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 + +Ce répertoire peut contenir les fichiers et répertoires suivants, qui sont tous +optionnels: + +confs.conf + Liste des configurations qu'il faut activer. Si un fichier de configuration + existe mais n'est pas mentionnée dans ce fichier, ou si ce fichier n'existe + pas, aucune modification n'est effectuée. Ce fichier contient une liste de + ligne de configuration. + Si une configuration est de la forme -conf, elle est désactivée. Si une + configuration est de la forme +conf, elle est activée. Cette syntaxe permet + de supporter les configurations dont le nom commencerait par '-' + IMPORTANT: Ce fichier n'est supporté qu'à partir de debian jessie. + +modules.conf + Liste des modules qu'il faut activer. Si un module existe mais n'est pas + mentionné dans ce fichier, ou si ce fichier n'existe pas, aucune + modification n'est effectuée. + Si un module est de la forme -module, il est désactivé. Si un module est de + la forme +module, il est activé. Cette syntaxe permet de supporter les + modules dont le nom commencerait par '-' + +sites.conf + Liste des sites qu'il faut activer. Si ce fichier n'existe pas, tous les + sites existant sont activés. Si un site existe mais ne figure pas dans ce + fichier, il est désactivé. + +confs/ + Répertoire des configurations à installer. Les fichiers de ce répertoire + sont de la forme CONF.conf et sont installés dans le répertoire + /etc/apache2/conf-available. Il faut mentionner la configuration dans le + fichier confs.conf pour l'activer. + IMPORTANT: Ce répertoire n'est supporté qu'à partir de debian jessie. + +modules/ + Répertoire des configurations de modules à installer. Les fichiers de ce + répertoire sont de la forme MODULE.conf et sont installés dans le répertoire + /etc/apache2/mods-available. Il faut mentioner le module dans le fichier + modules.conf pour l'activer. + +sites/ + Répertoire des sites à installer. Les fichiers de ce répertoire sont de la + forme SITE.conf pour les sites écoutant en clair, et SITE.ssl.conf pour les + sites écoutant en https. + Pour chaque site SITE.ssl.conf, un fichier SITE-certs.conf doit exister dans + certsconf/. Pour chaque fichier SITE.ssl.conf, les balises @@ca@@, @@cert@@ + et @@key@@ sont remplacés par les valeurs des variables ca, cert et key + définies dans le fichier correspondant SITE-certs.conf + +cgi-bin/ + Répertoire des scripts cgi + +www/ + Répertoire des fichiers du serveur web + +certsconf/ + Répertoire qui contient la configuration pour les certificats à installer. + Les fichiers de ce répertoire sont de la forme SITE-certs.conf et chacun + d'eux correspond à un fichier SITE.ssl.conf dans sites/ + +RewriteRules/ + Répertoire qui contient la configuration de réécriture. Tous les fichiers + RewriteRules*.conf de ce répertoire sont copiés dans /etc/apache2 + +Tous les autres fichiers sont copiés tels quels dans /etc/apache2. Notamment, +apache2.conf est le fichier de configuration principal d'apache et ports.conf le +fichier de configuration des ports d'écoute. + +## Configuration TLS + +Le site https://mozilla.github.io/server-side-tls/ssl-config-generator/ contient +des informations sur la façon de configurer ssl côté serveur pour la sécurité et +les navigateurs modernes + +Voir les détails sur https://wiki.mozilla.org/Security/Server_Side_TLS diff --git a/lib/ulib/templates/apacheconfig.d8/certsconf/default-certs.conf b/lib/ulib/templates/apacheconfig.d8/certsconf/default-certs.conf new file mode 100644 index 0000000..2ca6ace --- /dev/null +++ b/lib/ulib/templates/apacheconfig.d8/certsconf/default-certs.conf @@ -0,0 +1,15 @@ +# -*- coding: utf-8 mode: sh -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 + +# Cette variable est utilisée par la fonction refcerts() du script runs. C'est +# le nom d'un répertoire à chercher dans RUNSMODULESPATH qui contient les +# certificats à installer sur le serveur. +certsdir=@@certsdir@@ + +# Fichier contenant les certificats racines qui valident le certificat à +# installer, ainsi que les certificats qui sont rencontrés dans le dialogue avec +# d'autres serveurs web +ca=@@caname@@ + +# Certificat et clé privée à installer +cert= +key= diff --git a/lib/ulib/templates/apacheconfig.d8/cgi-bin/.udir b/lib/ulib/templates/apacheconfig.d8/cgi-bin/.udir new file mode 100644 index 0000000..eb74a9a --- /dev/null +++ b/lib/ulib/templates/apacheconfig.d8/cgi-bin/.udir @@ -0,0 +1,24 @@ +# -*- coding: utf-8 mode: sh -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 +# Utiliser 'udir --help-vars' pour une description de la signification des +# variables suivantes: +udir_desc="Fichiers à déployer sur @@host@@ dans le répertoire des cgi-bins" +udir_note="Il est possible de déployer les modifications dans ce répertoire avec 'uinst -y'" +udir_types=(uinst:rsync) +uinc=release +uinc_options=() +uinc_args=() +configure_variables=(dest) +configure_dest_for=() +config_scripts=() +install_profiles=false +workdir_rsync_options=() +workdir_excludes=() +workdir_includes=() +copy_files=true +rsync_options=() +destdir=root@@@host@@:CGIBINDIR +srcdir=. +files=() +owner=root: +modes=(u=rwX,g=rX,o=rX) +root_scripts=() diff --git a/lib/ulib/templates/apacheconfig.d8/cgi-bin/test.cgi b/lib/ulib/templates/apacheconfig.d8/cgi-bin/test.cgi new file mode 100755 index 0000000..dd4bf37 --- /dev/null +++ b/lib/ulib/templates/apacheconfig.d8/cgi-bin/test.cgi @@ -0,0 +1,6 @@ +#!/bin/bash +# -*- coding: utf-8 mode: sh -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 + +echo "Content-Type: text/plain" +echo "" +echo "OK" diff --git a/lib/ulib/templates/apacheconfig/confs.conf..d8 b/lib/ulib/templates/apacheconfig.d8/confs.conf similarity index 100% rename from lib/ulib/templates/apacheconfig/confs.conf..d8 rename to lib/ulib/templates/apacheconfig.d8/confs.conf diff --git a/lib/ulib/templates/apacheconfig.d8/confs/ssl-config.conf b/lib/ulib/templates/apacheconfig.d8/confs/ssl-config.conf new file mode 100644 index 0000000..d00b377 --- /dev/null +++ b/lib/ulib/templates/apacheconfig.d8/confs/ssl-config.conf @@ -0,0 +1,15 @@ +# -*- coding: utf-8 mode: conf -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 + + # cf https://wiki.mozilla.org/Security/Server_Side_TLS + + # Choisir un des profils. Clients les plus anciens pouvant se connecter: + # modern: Firefox 27, Chrome 30, Windows 7 IE 11, Edge, Opera 17, Safari 9, Android 5.0, Java 8 + # intermediate: Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7 + # old: Windows XP IE6, Java 6 + #Define SSL_CONFIG_MODERN + #Define SSL_CONFIG_INTERMEDIATE + #Define SSL_CONFIG_OLD + + # Faut-il activer HSTS? + #Define SSL_CONFIG_HSTS + diff --git a/lib/ulib/templates/apacheconfig.d8/modules.conf b/lib/ulib/templates/apacheconfig.d8/modules.conf new file mode 100644 index 0000000..84e06fb --- /dev/null +++ b/lib/ulib/templates/apacheconfig.d8/modules.conf @@ -0,0 +1,4 @@ +# -*- coding: utf-8 mode: conf -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 +# Liste des modules à activer. Syntaxe: +# module ou +module pour activer un module +# -module pour le désactiver diff --git a/lib/ulib/templates/apacheconfig/modules/ssl.conf..d8 b/lib/ulib/templates/apacheconfig.d8/modules/ssl.conf similarity index 99% rename from lib/ulib/templates/apacheconfig/modules/ssl.conf..d8 rename to lib/ulib/templates/apacheconfig.d8/modules/ssl.conf index d733884..c7eb837 100644 --- a/lib/ulib/templates/apacheconfig/modules/ssl.conf..d8 +++ b/lib/ulib/templates/apacheconfig.d8/modules/ssl.conf @@ -107,7 +107,7 @@ SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase # Inter-Process Session Cache: - # Configure the SSL Session Cache: First the mechanism + # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). # (The mechanism dbm has known memory leaks and should not be used). #SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache @@ -116,7 +116,7 @@ # Semaphore: # Configure the path to the mutual exclusion semaphore the - # SSL engine uses internally for inter-process synchronization. + # SSL engine uses internally for inter-process synchronization. # (Disabled by default, the global Mutex directive consolidates by default # this) #Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache diff --git a/lib/ulib/templates/apacheconfig.d8/network.conf b/lib/ulib/templates/apacheconfig.d8/network.conf new file mode 100644 index 0000000..31e2bae --- /dev/null +++ b/lib/ulib/templates/apacheconfig.d8/network.conf @@ -0,0 +1,24 @@ +# -*- coding: utf-8 mode: sh -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 +# Configuration du réseau sur le serveur. Ce fichier est traité différemment +# selon le mode de configuration. +# - En mode complet, ce fichier définit le nom d'hôte ainsi que toutes les +# interfaces, ponts et adresses. La variable host et les tableaux ips et brs +# sont pris en compte. +# - En mode partiel, seuls le tableau ips est pris en compte: il est utilisé +# pour définir des adresses ips supplémentaires à configurer sur le serveur. + +# Liste des adresses IPs à configurer. Chaque élément est de la forme +# [IFACE:]dhcp ou [[IFACE][//GATEWAY]:]IP[/SUFFIX] +ips=() + +# Liste des ponts à configurer. Chaque élément est de la forme BR:IFACES +# BR est le nom du pont, e.g. br0. IFACES est une liste d'interfaces séparées +# par une virgule. e.g. br0:eth0,eth1 +brs=() + +# Nom d'hôte pleinement qualifié. Si ce paramètre est spécifié, les fichiers +# /etc/hosts, /etc/hostname et /etc/mailname sont mis à jour. +host= + +# Contenu du fichier /etc/networks +etc_networks= diff --git a/lib/ulib/templates/apacheconfig/ports.conf..d8 b/lib/ulib/templates/apacheconfig.d8/ports.conf similarity index 65% rename from lib/ulib/templates/apacheconfig/ports.conf..d8 rename to lib/ulib/templates/apacheconfig.d8/ports.conf index d858a80..92c0c92 100644 --- a/lib/ulib/templates/apacheconfig/ports.conf..d8 +++ b/lib/ulib/templates/apacheconfig.d8/ports.conf @@ -7,16 +7,8 @@ Listen 80 Listen 443 - #NameVirtualHost IP:443 - #Listen IP:443 - #@@ips_namevirtualhosts@@ - #@@ips_listens@@ Listen 443 - #NameVirtualHost IP:443 - #Listen IP:443 - #@@ips_namevirtualhosts@@ - #@@ips_listens@@ diff --git a/lib/ulib/templates/apacheconfig.d8/rewrite.rules b/lib/ulib/templates/apacheconfig.d8/rewrite.rules new file mode 100644 index 0000000..b445618 --- /dev/null +++ b/lib/ulib/templates/apacheconfig.d8/rewrite.rules @@ -0,0 +1,2 @@ +# -*- coding: utf-8 mode: conf -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 + diff --git a/lib/ulib/templates/apacheconfig.d8/sites.conf b/lib/ulib/templates/apacheconfig.d8/sites.conf new file mode 100644 index 0000000..0a2108b --- /dev/null +++ b/lib/ulib/templates/apacheconfig.d8/sites.conf @@ -0,0 +1,4 @@ +# -*- coding: utf-8 mode: conf -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 +# Liste des sites à activer. Syntaxe: +# site ou +site pour activer un site +# -site pour le désactiver diff --git a/lib/ulib/templates/apacheconfig/sites/default.conf..d8 b/lib/ulib/templates/apacheconfig.d8/sites/default.conf similarity index 100% rename from lib/ulib/templates/apacheconfig/sites/default.conf..d8 rename to lib/ulib/templates/apacheconfig.d8/sites/default.conf diff --git a/lib/ulib/templates/apacheconfig/sites/default.ssl.conf..d8 b/lib/ulib/templates/apacheconfig.d8/sites/default.ssl.conf similarity index 100% rename from lib/ulib/templates/apacheconfig/sites/default.ssl.conf..d8 rename to lib/ulib/templates/apacheconfig.d8/sites/default.ssl.conf diff --git a/lib/ulib/templates/apacheconfig.d8/syspkgs.conf b/lib/ulib/templates/apacheconfig.d8/syspkgs.conf new file mode 100644 index 0000000..5efb6ae --- /dev/null +++ b/lib/ulib/templates/apacheconfig.d8/syspkgs.conf @@ -0,0 +1,9 @@ +# -*- coding: utf-8 mode: conf -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 +# Liste de paquets système à installer, e.g. php5 ou libapache2-mod-jk +# Chaque package doit être indiqué sur une ligne à part +#libapache2-mod-jk +#libapache2-mod-auth-cas +#php5-mysql +#php5-ldap +#php5-gmp +#php5-gd diff --git a/lib/ulib/templates/apacheconfig.d8/templates/SITE-certs.conf b/lib/ulib/templates/apacheconfig.d8/templates/SITE-certs.conf new file mode 100644 index 0000000..2ca6ace --- /dev/null +++ b/lib/ulib/templates/apacheconfig.d8/templates/SITE-certs.conf @@ -0,0 +1,15 @@ +# -*- coding: utf-8 mode: sh -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 + +# Cette variable est utilisée par la fonction refcerts() du script runs. C'est +# le nom d'un répertoire à chercher dans RUNSMODULESPATH qui contient les +# certificats à installer sur le serveur. +certsdir=@@certsdir@@ + +# Fichier contenant les certificats racines qui valident le certificat à +# installer, ainsi que les certificats qui sont rencontrés dans le dialogue avec +# d'autres serveurs web +ca=@@caname@@ + +# Certificat et clé privée à installer +cert= +key= diff --git a/lib/ulib/templates/apacheconfig.d8/templates/SITE.conf b/lib/ulib/templates/apacheconfig.d8/templates/SITE.conf new file mode 100644 index 0000000..91c14d5 --- /dev/null +++ b/lib/ulib/templates/apacheconfig.d8/templates/SITE.conf @@ -0,0 +1,31 @@ +# -*- coding: utf-8 mode: conf -*- vim:syntax=apache:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 + + # The ServerName directive sets the request scheme, hostname and port that + # the server uses to identify itself. This is used when creating + # redirection URLs. In the context of virtual hosts, the ServerName + # specifies what hostname must appear in the request's Host: header to + # match this virtual host. For the default virtual host (this file) this + # value is not decisive as it is used as a last resort host regardless. + # However, you must set it for any further virtual host explicitly. + ServerName SITE.TLD + ServerAlias SITE SITE.local + ServerAdmin @@admin@@ + + DocumentRoot /var/www/SITE + + # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, + # error, crit, alert, emerg. + # It is also possible to configure the loglevel for particular + # modules, e.g. + #LogLevel info ssl:warn + + ErrorLog ${APACHE_LOG_DIR}/SITE_error.log + CustomLog ${APACHE_LOG_DIR}/SITE_access.log combined + + # For most configuration files from conf-available/, which are + # enabled or disabled at a global level, it is possible to + # include a line for only one particular virtual host. For example the + # following line enables the CGI configuration for this host only + # after it has been globally disabled with "a2disconf". + #Include conf-available/serve-cgi-bin.conf + diff --git a/lib/ulib/templates/apacheconfig/sites/default.ssl.conf..d b/lib/ulib/templates/apacheconfig.d8/templates/SITE.ssl.conf similarity index 69% rename from lib/ulib/templates/apacheconfig/sites/default.ssl.conf..d rename to lib/ulib/templates/apacheconfig.d8/templates/SITE.ssl.conf index 52f4a83..1af0b69 100644 --- a/lib/ulib/templates/apacheconfig/sites/default.ssl.conf..d +++ b/lib/ulib/templates/apacheconfig.d8/templates/SITE.ssl.conf @@ -1,54 +1,27 @@ -# -*- coding: utf-8 mode: conf -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 - +# -*- coding: utf-8 mode: conf -*- vim:syntax=apache:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 - ServerName @@host@@ - ServerAlias @@aliases@@ + ServerName SITE.TLD + ServerAlias SITE SITE.local ServerAdmin @@admin@@ - DocumentRoot /var/www - - Options FollowSymLinks - AllowOverride None - - - Options Indexes FollowSymLinks MultiViews - AllowOverride None - Order allow,deny - allow from all - + DocumentRoot /var/www/SITE - # Pour les serveurs qui ont le module mod_WebObjects: - # mod_WebObjects et ScriptAlias ne peuvent pas gérer le même préfixe. Pour - # utiliser des cgi-bin avec WebObjects, il faut soit changer le préfixe de - # ScriptAlias, soit changer le préfixe de WebObjectsAlias dans le fichier - # mod-webobjects.conf - # Sinon, il suffit de commenter les lignes suivantes: - ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ - - AllowOverride None - Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch - Order allow,deny - Allow from all - + # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, + # error, crit, alert, emerg. + # It is also possible to configure the loglevel for particular + # modules, e.g. + #LogLevel info ssl:warn - ErrorLog ${APACHE_LOG_DIR}/ssl_error.log + ErrorLog ${APACHE_LOG_DIR}/SITE_error.log + CustomLog ${APACHE_LOG_DIR}/SITE_access.log combined - # Possible values include: debug, info, notice, warn, error, crit, - # alert, emerg. - LogLevel warn - - CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined - - - Order allow,deny - Allow from all - - - - Order allow,deny - Allow from all - + # For most configuration files from conf-available/, which are + # enabled or disabled at a global level, it is possible to + # include a line for only one particular virtual host. For example the + # following line enables the CGI configuration for this host only + # after it has been globally disabled with "a2disconf". + #Include conf-available/serve-cgi-bin.conf # SSL Engine Switch: # Enable/Disable SSL for this virtual host. @@ -56,7 +29,7 @@ # A self-signed (snakeoil) certificate can be created by installing # the ssl-cert package. See - # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. + # /usr/share/doc/apache2/README.Debian.gz for more info. # If both key and certificate are stored in the same file, only the # SSLCertificateFile directive is needed. SSLCertificateFile @@cert@@ @@ -99,21 +72,6 @@ #SSLVerifyClient require #SSLVerifyDepth 10 - # Access Control: - # With SSLRequire you can do per-directory access control based - # on arbitrary complex boolean expressions containing server - # variable checks and other lookup directives. The syntax is a - # mixture between C and Perl. See the mod_ssl documentation - # for more details. - # - #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ - # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ - # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ - # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ - # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ - # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ - # - # SSL Engine Options: # Set various options for the SSL engine. # o FakeBasicAuth: @@ -134,19 +92,15 @@ # because the extraction step is an expensive operation and is usually # useless for serving static content. So one usually enables the # exportation for CGI and SSI requests only. - # o StrictRequire: - # This denies access when "SSLRequireSSL" or "SSLRequire" applied even - # under a "Satisfy any" situation, i.e. when it applies access is denied - # and no other module can change it. # o OptRenegotiate: # This enables optimized SSL connection renegotiation handling when SSL # directives are used in per-directory context. #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire - SSLOptions +StdEnvVars + SSLOptions +StdEnvVars - SSLOptions +StdEnvVars + SSLOptions +StdEnvVars # SSL Protocol Adjustments: @@ -174,8 +128,8 @@ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and # "force-response-1.0" for this. BrowserMatch "MSIE [2-6]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown diff --git a/lib/ulib/templates/apacheconfig.d8/templates/SITE/.udir b/lib/ulib/templates/apacheconfig.d8/templates/SITE/.udir new file mode 100644 index 0000000..a212c72 --- /dev/null +++ b/lib/ulib/templates/apacheconfig.d8/templates/SITE/.udir @@ -0,0 +1,24 @@ +# -*- coding: utf-8 mode: sh -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 +# Utiliser 'udir --help-vars' pour une description de la signification des +# variables suivantes: +udir_desc="Fichiers à déployer dans le répertoire des documents web" +udir_note="Il est possible de déployer les modifications dans ce répertoire avec 'uinst -y'" +udir_types=(uinst:rsync) +uinc=release +uinc_options=() +uinc_args=() +configure_variables=(dest) +configure_dest_for=() +config_scripts=() +install_profiles=false +workdir_rsync_options=() +workdir_excludes=() +workdir_includes=() +copy_files=true +rsync_options=(--delete-after) +destdir=root@@@host@@:HTDOCSBASE/SITE +srcdir=. +files=() +owner=www-data: +modes=(u=rwX,g=rX,o=rX) +root_scripts=() diff --git a/lib/ulib/templates/apacheconfig.d8/templates/SITE/favicon.ico b/lib/ulib/templates/apacheconfig.d8/templates/SITE/favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000..a1a0be8884a24d60bda51751dcbfffcb3a99b76d GIT binary patch literal 1150 zcmb7^eN5DK9LIldEw{2p|G3dwYtE*%Y32H(Qfi3DjnIu$lJeOUSZlMC4zQ4mL(Gem z2v;a+Jm`2jl62w2qKtc}<8I;I!65=7ryx>rcif?F-M#w$zV7(LR$IT{KEKbyckj>l z{dw3=QD%uZE>02Orx!V zn(SxE(n*q11FRIW7Zdzw(*mTdzUOOJ1xV0LU~A4t#b;+-Mqd)fa3D{YFs0?w6c|Em$@0(OHOW29Upy(Lc=HzOa*}8+euon}EsgrO zX)>k{K2z2hT8R#OIPJfg2zWV4!iHrUo6C|pDki@u=y(3ic(;kc zb2`E2*?;6w@e@7=IZ2PBPg}&{ci*7BwS)GHcNza9g1xPtTdoGYjTu~S*(UR-y^V2F z@wbCxwgmUHWAd`tF3#ZL#u zsLI`drTI9vmKug!zj1T04|CHoYV}!!#s?U&f6dU3g>ru0hIRDRuf<)h#daW`;Fy=z zioKNW&~jSbZ#7k8GUj32_!=K-o?!SFqvUJWKPdL;W%^F-5P6dEHe}#AxteRv8hY(N zQMBfHSwrQ{bsXHff}G{?9L>#;yBMoCrqvmG#2$H@){FV=V)D9!wyIC5F5FJ8=1F!g zjpINh=RPvB}cV;&up6|F59A&tt6K89wsPRp)GY|czsQZ2Y|KR`n Fe**|-!I}U7 literal 0 HcmV?d00001 diff --git a/lib/ulib/templates/apacheconfig.d8/templates/SITE/icon.png b/lib/ulib/templates/apacheconfig.d8/templates/SITE/icon.png new file mode 100644 index 0000000000000000000000000000000000000000..581bad1b4f515184b0d5af4f1c66474d0d283961 GIT binary patch literal 29641 zcmV*&KsUdMP)Px#32;bRa{vG*UjP6nUjZG4x@rIb00(qQO+^RZ0uv1}4)w9c2mk;e07*naRCwC# zU1yjSRn~sby;a>knHh4fZDHxK$lydWIPoFma!L>Z$4Js;;g&;XRp{8GnJr3?dv^M^=et{Y8E! z5w_)F&Nj^3hS^)OGariKYG}q0zW8e{#rSwI=&z{(!V38g^23<91z)YexK$t^AdfJ^ zUyA|0x$rN;0Q+5wc3{>POkRsA>!2Ayc?2^3*%?4%(h&woxIS5ecNbzsHuA!dbc7R* zFu-4CMUWCR7#Oo0cTGW&dxQs$Fu-4!8J6zCt8?(dA|%-mM>yfnvRsXc7aU=L3Uk8d zT)Z#~pDsh811XN&l|S~07Jq5{qM9bTXO&V-+>7~uz7Rt&Yk&Py3~u1`^b^=cJ9nS<&+j3I@CD; zHYjv((?oo^0)ZpWqCeou3uETxXjL8f6EJ||sAkQcYSX6Xgb9~hmWa^t!w*mS8r2q(Wg(du3ew$-@n7)!RPN!e*N`U zqB{T!P=GWv981pt18!Pc>MghQ9y+u`r%rV%t`=UIgXd==&pCpK{utn=V{J@0Kl;ue z-kR&(yUC(O8^8a4Z7i|=``_OI$wtgCUc9qiyXU4(y&gbJ>WA=uI{^Y9Ah2&=_+S5; z+`03!M7O^G{@eI?`|M(ifb@k_;FCI5;`S9U` zi;CQ|w4izarI&ub>85cJqrZ0T^sm0UC@IN)<&~MedNmp|X31xtEr{0!9HS5bsI;`? zi!bi-^2>uOcqQMi!v$jykVh!(ce*6umn%>!#ryNUh3H)SH(~&TE=G-7@ci>X-gVbW zXPwpV;9Wofh;9Oc{(mgMjt5KaKL7jzqFVra%9QIr`e@->Z_Na>&ju*P3=HT{C~)`P zeg65+6H-zF<$xjsDA(oSig8%J`v@HR-K~5F?+wD4ExjkTJrAAU#N>;9BM6j}Q&g?m zgSX!L)tE6C9~kwA!zw4I$eilQC#Sb={XEefL|H(J{|fpz$3r_!np6XD+;JU%q#;8- zdg6)GjytZ|n{S>|t5%wif+DZTpR%Y(4I4HoHT9mCUYenlF6(*>Uo_6Zw-@20#?VKw z(C^IfefR{N*)sZ0|4|?U4l@LbNYGnu`SOAbI(P5hKvq7a#LSyF?`zobskF4DlTK-v zGb_dCoHKgt*u^pMz4RFXL|BEKJe6R?&Pewo<_FSO1-umVG>&Nu(-zF<7dCZu_ zd-e>g$Whz3=Y8|d>QKlYGNkRUT?LIAJyTq);)%Y3^u_UXk3{?BY)kCqzW3f$mt1mm z`Cqv$4}C`>yXc5X@Y^h<(XAf7JU2@H>-XZs5m4;?_b@R)Zf;S(es9m1u_h}kb@%RJ zrHxmVoz5_D;K=dgSB64XcJ^IeyS}k(*{(9EpDM-!D1!$gJ359>BKw?3C+OO>(^js$ zGc`2;pd3}!`AzI9IHCs*zoP}Ms^i;>qSU{)2yI@2C8F#x>B7Te1ZQO2*P};6pkT_B zYa;v>A@|6ipMJXdTJH}^L0+I)~jws4^aPkM(yzdAW zI!r#FPPOsB3*t<&E5~8Ns;KxstPrTE$o=%wMHgMv1;G0Cdzvd{>V$OUVU$~W?AK!#Xa6W!UKl`_jjs| zuj8rzpHnbm0fJV^PaY-+6be~}`tQAWVv{CMGsCBT0Lk&F!)%M^&;R>z$Gr{&d<3z2BLZM$G`r1Svdmb zmn)DNIzpm{7WW_9z@z?%)AQYh_~_S?)PGnZkg;pKb$e;foQ-}qP8^sC1mut*?fUd- z+O}=Ydi7G9H_z(W@r^}`c9sI`F)tzr00aVv{PR&sHNd{))&LmVFLq>(m)~)+yaE_0 zp&kIBKltE+zx}OiX%DXvMH_Q*^jk-gs1M01c5!ZdymWe82ar)qaP!2(`6*$ADSta$ zZqUY!pWLuv4JpY+}Z;V9`8}V z*^XL*>n0#2kQgal)B#VOa_AXg)vDbsTRsG&mutlmz{eloq*=49_ugAniu47DAS2Z8 z)4iam?2jsecw->)>kQEwC1B`2mItDopcAoyF2f|?viRZNdr$fIzfUiV2SzT!9aE0f zRaP17A;RN*a8ZZ2cP6gEC0`^KG@8-2hVLUfbPQk~fBpK8Z`qRP$Dt^Z6&vw6#?rmN z6+Y?5F#v%O-HC-jC>;o9pDcYPpnWW)8Oo=AP#O|YJ6! zxbP7Q1&WH?Qan&1J|#c`7D4*dZ(c%p;K#J8iZcdcsK3OIHoq>4{^8ZF=m-|lPz((y z4dwHLtGykM?sbep&=tl)S_mULa=9%L}KcKM+g(&6`*M{`)H$Gjv@WhJb+SmLL`mC+xh03 zYfe42Wx^XZbv-T`dxQZh4f+{)ZN16oA6j0q)FC?AD+{o!P7BrP($=F%pe4$FZ(?^= zjIMPsXWNnJSS40U0AHVvW|<{r|7Bld(wZ`L(s&HHTV^X_@Q*M4Wt<%>1Q8Jg$WXr^&juzUj?r(% z|F6O3cWTxe%nZ%U90fm~`1dt{fk3X=(cVsCJ&@2c*75sPuU`7*&G(h%6l(J-@|`1u zT>($O!vD3#v!|ByY!bC?WV2K#&_lyA|5|T)e5Cj21Bm|jWC?rVu`o}Yp zz{Elu+0S5R?K6PZ%$ixU)(k}+?w1UgAT)>|G=v5T2!J$5AOVdgG>c7^2gmMj*^<+} z`wO#X-JDRN-_r|sPB{`8*pIy%l6dlDTzFJ`NjqUvE>0MMuqu=KnQ=xlJk}@9P<~f4Eos`cE7H@Sh|L-R-0QDD_LWx_fP9L#D25Hlqkf+a zNP>hAl1P#ul9GfFf=CERL7o!u0a2_M$aDQ027qAzR+_bj(poDP46U?Q3;`&BGz1_S z4nYv0{b+**5ghU%55@2R$9rC>)D{5Ep1o=9+UzDxGD|CgOFQDzWthM12%VQn!EI|` z+<6FDKs@aEaTCt@)O$o_aZab&c>Bz#|IGx*Uiig(W>w4pTJxYm@B6kd0O#}1FE1=~ zV@dz1r_Pu*ZOc3FEb*w{_IbcCfKAb@BuF772}vY{lw?VgLI^=p7}*aYhzP>x0Z#!i z;3vU);vdkOnOSQnX02H%p)|WnD?viAmZTL!0xm&m5W_V-Dh*GyXh6UPw5cx>@f2Tz zF-n)JakFNREA>=quPA_LPQ?i$;&K&_EJNikRN604rAPTE9Lg;^pk!yG5TqP516Ca$OfdixxE=c;NU;FP#7g zkc2H@Nl*5BO2C)>HbDxqgpec!2}@X#q!hOB-jMms zf?KtEcIC?5kqpY`pYMP3&BvI3O_;EH%9QobJTn`RzU-GC#T)S-Q3aA<3n58bLP)YK zVM}3Tza>csk_HGFB_Kc`A&fheV$))j-xO9cVY1Q|FyhVS0_K+zK5rtldIg2<5#k3kQUe$<2tDd2 zh~{q0MXz_k`?DE3*232p#2ubnjE-->)!sW*To1s^qeuUG{`nurr?2tCh1YlJP}>;C zL=ONNfQ*uR?2fl3vV@RASi-i*lEU`Izhz{<*%Ao}K|~QfK%V(aF&w~A3mBSNGg!0o zUs|)PJT`D$?JDiM>?o~VtzBl12Yd!_d>$}6VHHpPs_gXAIM+~z4s{nSxV5w;z>K@U z#fU|Jbs&@%#(lkULpLN@apY_EAN(HgEZEP?Pe)-uOT0NC>RdLT@A4*g#?+=d3R5qx zA_&CHQ>U&u|NK#GgDPVw5 z6mAol&rqxlz+N28(*T;4273&kT?K7qzh>8ES82!9j$+r(x*q3!zJE`# z()jz)(WK}Itq=Sd^S8&@S0M{4uB!?o*kGHKlwqZFJc%%K<`vAGon6$S!@I5vkVGI7 z-V!n9Zw&R@B47#I61FWYNdb#28KVKDkiH8@N+Muzp9bxlRXe#`Z2;fS-uCo}rBaHx zasbv^6Tn(SYppbECZ$;^lB5-rBoazX!Q_Gj30Dh0sO&I6@fI!_XeGc5CO|+%5P!s3 zq+_&3oHNwytXj2e!-kxO4Kqpup{u&!$r(tt{}Mc4WUnnT>TL9CP*Um}A}&_w{}Gn$ z-VgPgsOEqB;==YNRmbTcV(G3p>MwTjSf46Ng&?9)qZVn+e#)d3b4}E|c@|(il>&f) z_%T*5MR32cgs_EeiGVF^OWMW&uqYsfC52@f1`tsjKvF0mKm6BmX~|yuwdo6XPMNhm zDP$qe24H6CyMS10shC-_t5^$mB`Kv{A|c=^CXgV5dNh$V2DR&WMFdd^ZZWim7Jfd3 zh^a4y>h=u0pI{rA7qo_~H&>HAqd30HQ;M~nab)bDB}+jzDw`Zb3w69|6euz%=# z>TbY>RA51T0}$WJ|IvVM!qcEGY~FSW>+B z&!Y|X=j;ogfA5b;AuC{0Fd#|@hDZp^_&^Q%mx7gMso51Igm#4>ViKBM;YC%9#}iRa zq7f_m{U|Rpw1z7Z)lZgX1`xonz4miL24KeRJuzwt{>05i3thCx#O0lEZP$|VkO<*! z*@t_+!?=}5-rrzC%}5Vo>cwcD8FwBc4Ee;f8Dej5SmBwzRhkUvIC(%S;C%l11w;!Y zV(-28&H}J<<(}TX-+@St%W#hPe{6y!q?DEs|CX?&2v}s>!j{6eg)PbQd_kTYR7zn9 zG_IS{q+Y7IfaH+XxL#^Okt4j6paeF6v3)%ssAeVD)mkVB(t;p}iC8EQG(m9GyDv=B zf0vnAux3~qETXB@Qov$pf{qA&v!hE703aML`tr*qg9f!LZ3@>;MfGIt%>T2Y zAd`hyErh2|!3FJ6mM_@V_;4})F$u{wlK0nKRWll;W5#7A-w(Su_C0LNOW;y_wLe8wTEp1EM7TLB4 zcvy&R4-t_;M*&*|EDG3Sdv@_{&(1YpAF#zMcXhk(^7hReq}q~#0THx?zonop{Fe;c z(mO-Id<6w;5%Ax%jqPDkz&1O^2$8lWEK5i${`zBn0<02Uw@@lDOr@e@*2Ia+6M7&B z7u}un9Z~}O=YLmYaBKW{S==X$&hPd% zw&#^p9h%W13um{9qzF_+AZ+&R&E2~{SGR7hS+lOq$thaAc;|WNeblR0i|NxZ``5o_ zJn+ExKmbA_Xu@6+0fH?N5C}-vLfBH;6fmS25CKaDYyxm<_d0!#sq^&vOKnS776mL} z86YG``o@3|s8=(&TidK5eHum*Emv>Kdtvl))-i5S-v_EVnhWGAv(>JO`hQ%d9hV)& zj-wox9ak5-+HrKTqr;94J4!i9dHx@Tu)pIl!U|yp6>$W)rOF0$sepj)(4p?ah5sl^ z5dJw*M3qK?gY(+s?_JTQPW0E6UR(2U`(#XBQ_+?g1rA<51LwCddBU6`oH`QQ@)DdR z#m2&GqQ-QQiw%1Z8UnR$U88^hj^oE)eAH1d_w3o=t+&qV)$6VrHIgp5bW9iF249A=?8j^&qolzwv@+qtnupI-TU1#RZ0rj!jfcL#uSDng)M}%JUcjNUwGNN zT*P?)S8v`IkRtN4q8ShzNrPjhSqN523lf5upvhn-5BeL$s2PI&5*lWhFtXNQ4M>J% zW@|8%^7Me>m>M^ZFU%>OAxDcAtwEv|+2*gF^)Y$v9~A`|s9iq|r!~X9y^s-#iu@AN znh5z}ygC<8{D_cMX7`>FOqChJSLdR0osuT+irqNvL#RYNR^;Nfey~MU_MiFzUhRL- z5GXAzIDY)a%)EH<7TdOz(lu))pLW_u@4vs;ONkSaT9%kf7eC8QT4YOMTOv6mk7{1+ z(Z6?03W*=*?*uUZ*%SL5T`L$6p`Z)}q-{~ak^xKD0THkwkVb6WUVxY$qt!El!JrHV zWH2Dj2Mp{9+S1cAmIy?)QNNRKb4z1(3uA~|marvRlFYuegtSaqrilI=%dgatrTe%b zVG}#cl0*aqo_lV3S$#!^wnee}J&&@wpPgufggZP*o+vO_{P5z^GA+ z$BkRLX;ZG>!p*O3m+)kNq^Q@=@wBDTjGNDG_0NmihJq5nCH(?|c_sjyf% zt_E=TOY;khlr&DEn6!vsK)x|%)ir}#7#=vfP1c;H+1qv(`M1Uk0JCPLp)@H8rC5@1 z6cYi^CWnroqwt+Iv(OBd-i~G{$w~{YSXiuCLlY!H0fJx&Xogf!v378o*s@>0*7w|V z(s9Q<7A#xh4Q%O&t3S#LD+s~^$75(4Zw^=a2@9Vr!M}gR_WVi|LO2>PoQ`wbCPExQrbP>WmaorUwl3GUsAgtx%Z@^05?Df5maqg&Tx{#E!uKbv zy|{lx`bfUI<}am|C-D7^kPwtTZX1UBM*SFD>>+pP`wB@#!-&GixSGlai!0 zDNAT(rATX`6+;S0f2+tZ)MV(A{f^?TVF2{iSBo#bw97Z&+&*g5f^u%`kT&>Y#UCJl zA=Sp2tuVL^`ZSIL3?%ALVBQ(G5--fc{A~zY6-|6{HR`5f_&{{2lYsi~oPu{3B3K6X zrw8$AY#Ru|RpVh-VLCJs?cQB5d-ggYShDkvL|k_h|0M(o>E(E)r`YBsh6lFnEG!Bu zB63{)%4aLrZ^=(dwruISfGp2B11~Nn$r2ij2C0v6xNP(=Heh)AOcL6W5R62}}>J;F#Ie7)|iv8ycO@w9|(QF4+M zhy(;oa6po=n5}4n5DB79I|_uLj8rSWGa`98aDo-Ht5_&4DUv=Nk^NEeuUXrgn1$BR zT3JG932iB*g_3MZb`@zUv}6wjiI|dQNl>P0EIu9)=L`jaCQa&_b}8k|7HC@?t}e6E z@3$g-N27BcJa!T~*N!X2Du+>tFmp35`4R;Vm@8NOX-j;40oqhA`4vRiuor#aN3kk1 zQda0-#9->lj9q?$!J3> z;bpT4leku|Mv^(~wrA)5FmFd%ifu`<1o`$Td3g|)XP8DzRm(R9Oo5n@=Ej-h`B_X3 zoL~lN$x5*l>=LcPC21|R)=HbNU@1&iHY=rtB<%_iN7-BW z&FWNaLIjoa2$?&%b>+%kEnC(ohiDpQK#Kh!>BF!zqtHRM5dL-)2DU_->YiO&!3%qH z9^PGmmD!$uvx2|H3{|+KBOW~w>A?iB=Z$%I^oR1U!BKdeBLW_~6zU zvmA$?{*{KKk!+(&Z5&+}XSPJ=Itf^`oVBw6W0&K+!^b{l8liBr(0aRS&A zR=95}-d|K+#6W4>+5=~|jT*lD!Wi&zf`Yrs1;U7K0Mc)`;nqMYbRR3Q7co*-}8tfUpBrC?G=t8MH+pAVRhbc;PS+uw~FDFFG3u344)R8L&J! zWZNPV4)aUHC{h<6o$_V;_h6-=m5BprN3r8-*VT^8VONJ8?YKJZYRA!GR~Ls>*x|6N z!j29*91g2uSBD){9OfcN6+61PSQUj;IINVTIIIy?DAowODE0$nVG|2eG37D|Q=OrhLm70;Z(h%WW3qCHhMU>8E@O&r~qxvdItiLc*T;3n_$@ z-l<|r<0EckWE~UNIdH(oShhQ{sbE$3PB9UU8uhpI^kK!t>a)-0O`X~^C#Nvccp@K$ zi};4-!nANBA~N8ouvjIBEJ=QayYOlqC6N@QnGLB~!pj4-gs>&q7TFeA!fO)Yl?eMN z$ZL@jTMnl9wtC&01^NQm}^7N(vwLC^Gwo4_!e-94*H8IXRZM<6f#n z|I-q|V3QbU-G2M{@)^LENVSn0u1ahZ)^HW-r=v$b^r(lnHPE3Jswb6nR-(d9OSk6X z?fLj(1=i+xEonvNNxym$o;n5nTa^52b3H{at{RU?YY?)^yDH5X(grV{9@hfsj>(w6 zz06CpDo*`fyFNd6?k)b;i(h};v1dGBemj$1ooc-J&u%AP zJ2@#RiM;Z5DTo23xIwMtfydYTc;b4?h+dNgZ5bO>NI^nIB(bmrgcO1hu!Yuf_fDH6 zPEDklpjC_nmP|sEP!K{0p$#KR%|dw`7zI}ZQ-g0>&9sPayA%?L_d)B%t8@dCZ21^+KwaNcKd^nT9oYMj)#B=x^E3m^PiUbMlg zn0BN0-kY<0`OZCi3d3OqATu+)MT_dWxkd4P&m-Gn=6lSs?|i&$KVS<0W2SB*hKGd&S$;K)@ZS-FED7UKYEn0) zQ>)Br^LOMIC?UWa8Vn|-S(6F+3Xo=o1eg&BSv}fkxQdy1;i|nGx8*A>1aYL-c0 zzx#+8r#6i?LGh@6HXfb6AFpdgdG_tMXB8CW7Zy5Nb8>QU%9Ja*c6}ZQl+pkIC=f_F zW8m1!FK>6=*{v==zm56dyj3~NH|H6m35WIIlNtb+J>v8&y9!5sy)G0Gr}eDYp+!b= z$TB)-UxBMN2P`3cOTcslB7ul`UN}tfVR&JiNetW*5HLX#q#&7heiYgpZft@gMgebEpslD5V!H*m~4ajq24)2YBYp z>rOlE-I&N%sh<~C6DMt$IC1^??zofBZ5?LrcSh#9AUR|uhpaivvbXIn6atRR{#U?jJwyb*`HCPi)-MRU(4G4EnI|6Y zwY@m~ltz?nagheG9}c6KoCpTOKmcIC1^9*=dhYk;pVSyLHX$>Fv;eY_P$LO7Q&1}z z_0v%&1vQc@O1=jmq|H&=^D$*DzF2{YYY>vKB?t%Tm|{kOgX0_F)?>W9iG-I|=;EPi zcy|Fp*8ac9)wt~#+;MCi7k#k;H%}}xJX~o8(3UFCp9#(pEo2(xf?A*A$;Lc0h-S^4@5Ru<+%QNgEt%m>-#7y(X4C>q}T3=*a;*IC~ zTz&22gy-+uxB2klXZ7s)Mkpk%yY84?y&7d^CheDEdN;&`^AphJpw7|i-SsSF|jRELbtIUEJ0Mj?(+|M9Ig)9nY3_AhWc8xCKWxs*2!8hMhM+BjK`-;!WG`D%*f!ZxSboQpNZSb0 zJWCLS5X@XHEs&aIt=hEDakb;JtJrll5eD?CFC`_k^#Lf&mK6UTxpel@?BcL04s+O1 z#f~a=xG1cO!>TB(io?7;yKv5kGrF|SjQt^A|1bMFD1en83h<%vQqi9OOB0)PXCI5}wv3)$rl}p>YNTmC3_JE>8altFtTgjm8uiGZZH@j-&pM7ULh^ zR49?Q5^(@2MccNu0E9wz$Bs_}Ok~G1j(+jQfddD&1P~0$U{FS=Vg8cc+vff)7?1#@ zpdo!4#ujjuShJSwp7`^&u%kBZC}>hQwSKMSoqLMC*%#!yIEf=7+4DyFT~aLHHXtHq zHxBTpG|AY{ho^184PRqtK}FO4 z!U{d=;j8mX{-~E{G6w{9c$?!6^B*lXsYE}zA z{r=MAkQEG2!0Q!9w&g(}!vKMpecLbTQraupu|(d?F2vu)V&RU8GM+i`oVIa&P0YG=5=JelTwB!xNri~4 z-o4vSpS}@5T3T9z1{vlNwrP{~>#tXYLKcAfbyIe4yeca*RO0EHKbNh~{qM-73s>&V zFLaYaG8B*|2oM=(x@TXwXq`$=4qSLffzrfpzHP>{D5JVs#Ter^Iv!_^Vos|{J$_$mJm8o-gJp19Y zDYJJ}PY)yoWhf{qQBa2%T4VOI-2k6|TH~&5vYOUQ{c8H=a9C-rSqKJslYhN|cdVJT zW)1B!X+bf)fZ)2iLyL@*B&#wij%sFxPCB~w*FSFIm^kjXU4=Wci)v+sDlTYlxS_|( zFaP8-t$X_EEn|Q2jW>Q$RSXbI@vHV=))vg&ih0|yXa|%=Kzg40s-^oPg&N7Y_$Zv) z4lT11#O6w0-ZL}t;w%)qkfNgc$JJ<=h4%)bX|<@y3n1UYd7qb;=}`3y;JUhX>t{D_ z&IN>R%m4i6v{a-p9B2VcNN+j~y|7&7}|joS7C#OSU|b&oOf>d;#uH zb7TT7UbFX=Pgh<)v}I;`;BTil`QYod%A0m)K1m*x6SUF_0&IqQF$1jGb=kJ4XV=;X z;J0Sxo6c=DYw_;QI}6!c0AX*QQ(*>RfFFCT&&x0W9Jzm&U*6>)A3;J`yr&4+g_yYo z<5yzJIsgbtkJbaycUe~*-77|ljh0!su^R@ojHCOqFppwPEY}Dw*O`8gVKytjSji4aY zok4S?VVmEy$H?zU3xAKFykwqTImQ3^VChZgwh9I1r30IdpT2olPO%`?niR1R(3&-o zA~teC_!5GdTQ^RxnHfCL*e3xP@$j)j?wq!Bk1`k2qCr~AMrjp9?QPrEU%GVb_U-w* zcHMQx86V7^z2TT+TGXzc8gn=&CkNho>z6C9?0x`d!0auUuo_>l#+H3v>7XHzWa|*d z3N$0d#)HS>{PuAsMEMnAlh@*^aZrBSh>9;;VA2I>SEFQ>-pXwB9T}Z=aX1*@r=K?T z?)@rr6oQ|4V&llOY~K8(O`CGf2@TY~5jG_&LKE1#~sbYQdU8G!-4>#y0A_sf#qO0y79+6+eZI?@UDG872t-YzRC zXdR@9$;==9yVqH_|4>+5l${%X<*x1(Kj8@{G+4THD-l(%o-}LL)um0|)YKp|)~v}c z=Y;0LZ_LH~ZJ56uzwX4&0_-Zlu0km7l^azyfAau{zQ94_4BXlSCpPw+j}=^Fm*d%) zShgE>C0(n9E{3+j6DOlus3hor{uewsTd1rPkyt6EsmKG$U#fx{GcG}1- zTlPiHHh%mnqNfl_Lb8RR{NL0~2nqxw1*8>_vE8OLa}+@N9UQc2XX_7i(HdH_tNDYk z*IqK9Syp+-79~f zi&m@ze>8F38OPRb-XJX{$r^e}!_U9l=qkU3Et6ok8b|-OF64Am;#hWi~pzfpb5H(v?n_Gv>knF7T*7_Irsieigb8$KK*9 zhIv-SpJ>~*wEzW3fNIuE*|_n}e*H$QTbCWQuKJG<+zQt5M`4BZ!k4qfZlbuZMOu5_nWALU4PE@SmSCW;wD8J%4MZ z*-zu{<8W(_=&`Zi`;STZ;Me_>gB@}RRKI?@=?4phw{82^0}o98-~X1E$_eGDLsN4U z|LCZTlR4U?R%_OZwPdYW3uwVgu<1nN!yfGlAzUp8B!m#!RUnA4qZh5*vtaq2quXY+ zZj@e7$3+v)qs^z_p| z#3Lw0b0t zR?t#wCA8MACaG8otrRK2%BTgQl@PAdruJ446KUZU!+1QPS!)T4X~x1`0h@#=mSIg^ zn^DxSaJcG_uF<21oPG9(W5+Ig`svdQR}3CJa_rdofCUtf9{sodo?+qk1Pox}qoy#@ z(WsY-hUsWp4b3vqG7D{MMA1ABx`rmw*>l`Ve7qQw)?BF<7wU@O4D3^skvacT0T7 zKT4zowD(`lP>AOQ4FwjY6e|f=YpF;IErbwK3k4-ex!Un6Ax#@+5D6mf$IOI@C78yY zQhCMlLU@DXiMVOql)&$xyT0MT3;g1wsJ#>({nTn;N@!7nIKc zH+RP)CzfnGB+BSKUR5qplX3gzJUsmqiWQXh;M)~@ngoPM3V7DObNh{>aS z)A81jzVLdzX<=!hy+&>%bfh*C40LN#y=GH^vjt0=YdDf;)51x7E zd*`3usZO1={BlR(9cpTbsE(W>%-M>u%kjxlX!aT#9ZrYpMe#zhK$I)>LBnm|MWTRd>(QLz&YehMl7D6cY8V3n-l{%|OgEFZ<@-$Yhz?e_)({!v~hrE5L-vI49 z;I#fYb8yuI>KJ3-yz@SuFkxAT4z(99yd{?C4>PZtZ+mkdM*fOzdB`n>peo3&F=GTS z?}XcXqHbz5Yd_&b*p!Q*pJ8L}Z$|wG2!Vv@zg*JxY;gg`)m=wM?^rq@;58n~W`A5fOgHlNzh$sPhaShog$zZ`e}1D}n@ zNvBq!Ht;&8T;2VeYkG_vIj^9=NlObJqK6uL)!Xv0DjT0H!|26ce_5&ud2b?a86kA2 zg?o;}(RKHKJ-NkrZ7!bv2_Xw90sKyubpTH>5&jWn`+_t;aLu$lKpG8T0`vkVe_4>@ zD3AUlqz}QYy%R}dCe!F#YaxY_T6hx%q&F7e%0bO*R0}1z@zcJ;X(!|LH>0FqR)<(- zG--yfr=qX`y}F`dLwq^8Y7vpSfq(m3mqSYWL|C&2ug}BiB~aQ+Ns$6pl~|b!4WtI} zY+v+m5!aNe9MJXJTs$((>mdER8v9o{1{ghhK`CDlC(;1$N#9opMq&^_Xb^!I!eav_ zt%ywPW`Aa*5B*sHY-zQY_kmP5Y2jQd1 z_nk%r(ja0YCTiyAhnqEfbmGM84xRxv=3?nCEZC0k*W;(n z01))^#;S_iOv-fon&{O47arwBoy)0zk8p)%e7pot&cOCO*z$Ku{W!Rm1Z7cwd|tFi z>>6xr02mh#1i@9lBUKwNas37nY(`kH(ps=3wAMDW)4!FB0xa{E_rcw(%vK$KZKyo=pv3(NkJReC!jTH7E&ln3orCbBm_wf$92y?y-@;J z`k=m8ycU6ju(r$zA9xfO490U$;nq7368(Sj$-;>fmzYq=9e0fH*ROR&tk|u2n7A5W zuE2_HgcXWhDE21rSXJ#q)Qn<<25GpxCkD1es_l_)#qFR+r{lc^D0Ct4dmQn7unge3 zD&F~1dirMx{6jIufb?9Vw~q##QPFLJCXztHX5 zqm&Qgy329#6{uaO%tx1SBtu!m`0`t5Tmv`V1|bjlsVb$fzy6Cz_1xmc8^@1d+P{CB zgh2ozJo*EsZot|-*jw!7MUqcaRqH)8ASW|~vs&ZiCg@fdbyLeUj>=j&MR@8bj9P;H zFl_m|@NXUx2I$_s;k)n7F2w^0-Jl7rVFHX95HSEEUepLuFy+F+E19>THCdMN{j;S= zNK%3$^8tz-?YO#RzuV77V@JMubcr3KTQ+0H5195H_U52vYYZ5KuHDPj16kGa)N^?J z5#0aC0o>xPTXVx4Chu3dX$%0~lt-Z^2wfVO2x;^Fg+ET~Fs6S)DVNob8^G|51> zy13w|xb*2td0H3m#GCUlVj+_3KLFrK@OUdZC-^2HVVPBlREXG}$SaZ`ApnyNL0+#9 zTf*}9Edh%lg|r1pvOH3bKmY(B07*naRHTrm<*h#pOo+%3RWD=ogs!z-yE~>`&+9KC zcQ5X^FM_;x?aHrFBPDvVcin>LU%+j*f;J{V=gi4P^4R5!mBqGvPJ6PU!eqVUacst_DHFmjatrA&`d0 zIXOi&HQ}gCfb@wdn!BjiP|$!QDiG!%0rgL`k^nlwX?`JCqeSGv{AlWu2>3B_RC8lY z>_zFkJ9PtM#bCc!Se7gC}@A)MEPP#W~X5fKa=*>Qd`yL>c zRT(aeRHS0}r!tP-b*{s0zv%@`kVj>C|A6e(n5(2>zxUi99zjqvGgC@K_uto5n?Kc( zVnvNoJGP**G9`Kw@cYI7Bxm7!UZzj?k7b)XG!3WtEnL1(3`>L&)1Lsbxtf-_q)_tO z5SkWr;v`UXB~Y8z!xjPm!TEn+4HP(Aog&a+evt4U8?L$Ja!tGekGEf|IbZ;sZi6HRlOv_d94^7uSFS*9j>6xeisIg;3x@C-o=+^4Ez)z8>uaa^8zi zoBtZF6<5FDU*W3QMZ&nM$OD}Hl2OYPM@8n|;YJ=fMk|DCAbuz!XcH{lVS-(vOqN-_e8qoNZ4kMPx<<@9cN*@(Tdrmo6pA;wV?fWcX|Y)33ey`mG8sa z*T8pZ3Fv>lfs=K@E7$F(PC1^|ppb@PW+n%t(&N$L_*uA!Jdx+eso^eliZME-bvoj(bV^PZxZytlR3?yl&XkdPo=(!!_5LAXa#|%oN@9ClqU$Ai&5-hwpnpu_-YnJ^}9f*->se-2^ zRgoBzHSVZ248{A=S;OW_qMsYgwb4*MR~_?KT%1d75#S^mnCP~r-=pnzp)Qcfqc!4_ z)Uyka?diTHOn|VwS4=RM3?kM9ov02slcEK@4(=qov06=p$>E8D0s7fid@u^TeLtdl z>dQHMX;2O#9x_tI3V-QGW7tKX;iB~j@OiV_uQkc4Zd2mbKZ*pqEGmc$MR{5w_8tU- z3^%v!Uo3g}qc}w+mXMd-BBjmGy`zdzc@0IU6hX+vST z#AI)|`z}-HN)XEqthf*o19x2;AuT}Ve;SR#jW3Adsr2gHHL98eY6x*wqZcax&aX%H z#O}qK8dJdOJVNxRX>VNZL7g5L5-;pe(i4%jl)T0>iYqIJ!bJDInL`++f(l%R6X9^QeTGkhZr3r?d#oUg6F0tm&JlbQ~Qsl$LU=1KQ(?kCZE^GUo>%NwM=%BY=JV5 zm>IgJyQAK-!IKLUu0DW3!_5eFXMxW3oNT!d@*Fo%VO|*2O9DTSN#7R)a1S8fvCm}E z62PozwH-}x{>o09qfMHrgsd$y-PO&C1l)Y8WBZfAyM zKA+ZbfJhzJLJu~Sop`#>ljfU?Em%FIz5SEvP z)t--yi))3B#+w~&(^#qlCVAL)5Wa2>#T;q73loG0d3Z#pyw9&xN^nSgc-X z5R4|`^HW*vI5__902jYE+`mW06rE$c3g?dnrb$?ngP7vRUf<4POIx+E7P_!(&MTLs z1FNm(Nq->bj{(EUYGXH-^EL0-Z=}Oiho%5ADW9I~;_`@AO8+xUILMFz*uzL0Mn~fp z7GEW4&(GHb9yim+vj=?5Zp;43#F<|ze~B0arOs9G>BFtTg_VzKC3_Swzb+@IzWC4Y zEO@DRgz%3#1M0F$MTFlBE6%}H|c0!u! z3cC&WsA#)hL@{#Umf7C%7d|L5sL&W9Ot{zErp8{dBGn*tlW9u_72_ z@}GGhLpaxmmTOQ9@jP50oKatEnOK3g5J0e4yxzj1OE~0146EwY{Dd5m43uc9Y+(&) zc*N@rA8DKHVi5(Hqm4oWMu?c&A#!pwU&q8{mNBcTmZHr6ys8^6^5ap0U^MocgZgaI zOp@$6UL$|(f|Yo@lP6Fn1OVW1cju<0oQOLHaiYI@W^}T^1*Rx}*DFLmk#OdSe?b~q zZeH~jYY?P+Td@_WRrgU)2sl5VBBH0N7+YvyJRsc<3CX8YV^RlC=M#`|#@w!&fc+e? z_3EG@_o7IKuDmht$q)qyf*Q}}UD|JTvu9w`70A#eJw!xs(xeBZ=acYMudgEcylh=9 zje2YJA0CZqd1O3MrEpWa8@lI{!+t1%h`{jw=dk4(sldAj-84q~#kBn&gkV6kr}Iv* zEEv??@`vtn@)J))OwF+#<-+zs7nbd+mR%b&)lq+7ZS~ASbJSYy__M5=X@XN0+S_4T zMf+hMG7@?4j)4dGT(7V1OIiaomP;al1`t=NGWMfkBBGo-xE+uG4yD@Q%;7*t*U}UST<%(6}RbK=o=orPZuYQgQ0tAC0 zVYs-+etGoWw!~(2BWms&0m;aYekmbQW#01!LoW1^8O#{YPs4sdW6g;`PfWBIaUftj z5|)|^hcerf>&$O@dtL97OktLdnb|?A&{>72FtfQvrAH?|ruy@47jN5_a9=0fSos=Y zx8GCGJ7;oaW5D=4I~tydBdL{?GnrGyns{8{VboW_TteY%4Y#_~n6LCaL!#y>RM4pt zZjMf5+h^Tfwej?%fGF){M@h`jF90`7q;$!Yr>}EmeRD_PPM5+5M5Hc-n~ybX4o@5} zDRtNzjj0^(Hi6JDyqeBipL+l#x|#tSBm_#dc2;jX#BiR>(8?C=nO-)l|QOtsKhZV$QJ?-?JX#@ zZTh~@GPoPZlPmtnu@UjSszk!Q_8gfiurkLWDCC{r{1I^EuZRP*J5hIBHTr6G@&lY0 z{H@YKcORoTsD;SM*>6^vd@zNVe?R9_o4sQG{`(*0fLbWOZ&rC}&s^Jo&J7TvzAH>w z{y=ZtE8XGlJr909{-P=Sif%}d92izR>^`%}A9>e@W^yEK#SM7*xG6SURdGeF;_zUfB6e3h0C{|Aw^jRe&Nnk#Fecukhuoj5J^mAfin=djr zJ50kP9{yehZUBM-gJJK&4SS^SQ^mvP9^Ajd9TE$Bx5jB~JYH6!X{u6$0FZ>>l)q&$0B@j;LAEYdT~S&kQe>e&6E+yD1b{?uc|kLFpPsZWduR=>g#Sy z3oYb_#qzR9KjXBA7BDov$Ez&we2BiWu$CrY80!R8>V{{=K9K-!19>TbeK}sO0aAkL zbac`}PZ@R;gmwCzpP(Te0uc>Uu6oh{JCSgj{WR5E2ptPe#)g1*L3O#4JJO!XnbRVl z-RYp2ud*Ma+!g8Iv8VvMjDM7~1#jo$v7=E7(6wU8Zr6T7|B5 zHr`!z2p?gpCyTJ0T5I(iEJ1B5>R_GqA8Fb^Z3429`MZ2Aj^=dCMa5wS0#yn6Dah4!20em< zbPaj$daXTW6IaHfn3cDbr|t9{y$F-~sEZ=#>Hw~rdDZV;JG9dsT#JH8Rv5&SMm{|? zY&$bssC@5Uxu6nW^*q8+?8PZ#=Q+YGfyXjAya~J-f$^6QCXN0WC#b#~p$;$*?Io-bJnBGXO z^Pf-lieL4y(Cdj|#F)=U6z+4;;N?2nn65NKkO_dDZ^X32?P2yZJQ*tM= znUFNS-OTQCjm+{i{*pY5o^q1L1ZJ0Ia{p7Lwz5ICthQ0bwWyAVeJN_7aV;;4X3Kdq z9`1x1anUrEAv~~s7?`rzi%Yu?Z@$;%Yb#got9N}GxfGJJxtvRY*u+of@ZH8_Kkk;3k9SB$5-|F$D+{EeKsrS+ROp7zr zom#y{B2(JjX?q{@c`>^u|K zZdqYf=bKtn_yGc$&@3#^me@9_iXEo=TfhIq-;;umFiMNU;}WsoU+;-zOxBn~+ z4&Dh>c03g}AhAIfq@<@O+rn1rnKL3ENFrr3ibP0}be0maOVaTso~q?btcQCUWkI?_ zPq9&rU~OiL_0_tZB(6Vf+q*hhKSUwUK@FsYctIvo?PA6K|1#&KliM z$pBAhoyTf5M<(d?<)&&W9G8hz6>hMZKHCD%7TFrYG%*`&qt2e}_I3H$*>y*ZuSHIl8i99jE=D)OV)C)VVb|ndqbl zcw_i@R%ba0g07SCh07`UfHL7ZMsY6ACoA#z(WnKWd)KVq14GRs4*==;WZ=7ocP1NW zHDAQYa~jg6qqq5497WOE;_P466J$?QOMD^Lc+gOxD0wg-Xix_Sixq~dgFex}uAUqu zWi_?dSr)47hOn{s-Nr&(u~&y832E%T#HTrZ48w#OiZJ!+#rn~y@$FGqU+;wF$g@wZs}>SQP+A}BxC@-i>QS8%lu@*xpn*rm zaSr1y##U$g?e(m|3x5r=z_UBM5;F&6=hr|wReW)E^`9%On9RVXOOgdoZ1O->(E{rY+@BmxP6z8|t;yOjGPv1my#@qpTbWp9 z=Ef8i*jBENQvA4ot!!xpDvj-#KEdE78QG!hpZFll*_zb&} zP{DOG-c=Xr2oW}ISpKd%-#1A=d6 z*52|8O#xT&%%?2eK&8gl-rF2KJ!X1!J{q@)d)0i_uoXx7XH%A*SoL-ya;T=P?vnZwQ}gST zHN4UpL>;)!^yPG!j!4Mv*1t#lsrO`F_5gMm>Y=s|YLu){!)L!d0%f^A%Q+}5-G*05 zGO-b@w+{#4gQAT}N&$ha23JP(bRlk^KK=yDh_v5M@GJB&UWq4fJfdPd zF*ua7we{x?)>VCQor2MGAd6xs&*H&-+Mk${y6w(^g;q$sC;`1uD+4e3#)pZl0_JT9 zc|fAMzTRXyS^{eGZlE9UoI<>bIm*U7jloy4Li6Kql67_eJ^k#dU$vX$1;MF@@vYR8 zl^mR;0=Upm>V8xoO=oN1R2>~S47KV`LCCz_3DfSC`UnWL+hwDpD<; zK)oI?m&1)OH8CD4Pg6iV{H@jPxhVz(g!*QwsZWu=u@RTQ0Zz&fOvT$xFW&46Q0@Y5 z&+YMg$v*6W!AipY!}xCEwZvC~ApSh6Q0Hnb)36|eX^()b*TYZVT}!2AS{I(=eouWA z9`zS73jOE|{XwtajqFpa4BZp;#uCD`eSX8ud!)%H;Qf9m-J^5wU!i?ShHTBdj56_# zHXQa>@;#EzrVsCs&t^uoyO7ChQ-edCMC(O*hk7fZQ`-t95YdFSb5Lh5=FO+jh*BwJ zw-ffLHQWOV;fV<;n6CkW$R+3vw~})rcU|3aD=F)0R!4~W&;Q9Eb@__wfIznF8pb7E zhZyQ`^9dMx;9Q@Jb$K14KiFUs*psyka{aE3{53|^M5I{W^I0%8FkhU)9l@BWhE6CV z9cZmDxSFi?mZWp6C~_`zeYj8~XJp6xgAG7Sq#AY|6kGT2KjEZJFh|AK+$eknp4UKY z{(9glXG(LeX@CS4R~{m zj&w)cMd@DIms_e3mV1Vyb)mrw<`NOkr>s2{21R}RQdYhe4IsT`RPP}nBA-;>6U?DH zRBD>r#$6WV>uIN-z!1)ruNtN#2b~1_5kjL?70qUf9vO$Ng>+2#-lZH5rjoV&W5$n; zBtW`5oLA%-P+JRt!-Lk3C~)yB!>g2rs)k-l+lSYP*x~)z?1j6h1cpX$eYeGr{|Zx$a<%xwU!br>n=jo0UfLXfmgEl^`Aw|&8yzy9U0m&@uSE5{ zfVT^q&m4IZ1O;^YdR_=;#0~&kgE^Ac<-52RKYDhOo2knp($XOh&U2%3Vt$=5 z*<=D>ryz(udY|DWtAv1mmo-t#m3-c;*LGS;=kA|5b7Ia@TpwAC?QW4WIe(4wVMHt^ z?MuNYfDpX+O>+}#Wa_PEdvBGeIe4rJl>e3Hd=6AS4Y1nquxi;*C&}bW9H@1WzL!2@ zp_^hgj1Ua0MJ8{%(f(z2*9s%5#R!u%VuZSM=fUJja1)ev$Ge$t67OW=o{x6DO$Yx8 zGmqIPsu8>WxzR-iO8&8Y;r=-F-yN(+!|L(w^7W;ELgLjg5)PPkQpOW;b2)h0nvO7g zS*U!EFmeSjc)S9)psmU;xPZIJr4!{kLC8GL1M`6klG7DdOTX|1AR5M)IZ=BXl9GkR z%;i$ZiUc8bM53~j7!Ce8=Bft+c zd^DMp^yO*qDG^o=|9p%O4m7*-qGzuU#R%1!<@IteF3+d6IEy|&emq48`-wnr%7W)~ zGl1Z~GA&$X<|EiLJEYFQr#;RvU%yeK!^_jZ$&3}*#*iOiwB$J)LK=L45 z!CBQ$m#*s67i|Q=4P>n9$!fJbyBt?$u|R#aoVxpDp}!ifgSUmU4dIdwQhrx{cOxVm`zq-_h2)#+;tbj(diGIxBmc9NHHH9)+& zsO*POfy5$Kv?B+cUiS)_?4cCZ(h5}hA=)~Qa_f%JgzT*Lw`U6FzS2~Un5(RAnvwdn z$nY8Dd(gu(<2Ph^I23y2&2^ZIw5r-bG_187!80|sK%<3b%9NYbI>%MJa$4mEAg8Qx z>4l99Kg*H{zSu}-24}GBF$&*4GC!N%-L*`>ZnsgnSM-^M$l-b>8}k;pOG|7-Tt`=q zNgMgyq`=%Mr!M>G}ioT7# z@N(pstuc|if=GRMEyYWjLkmg9W@s#yhFbG&7A+BoqMUSPhUls3jgxc9BKYX4bB5^U+Skk7X z#0-zNj9TwrKk<(rXMe!4q*Oh*OBE)epVZQ=q<|N3w~SP=<C zM$i7lU)asS3H#W1#)l>QI$OQq`}jss)lpE0e;B}ci}XK^HNx-4ILZFI*KeDA`CXU} zlelaPt|T-axkTXY^kr^xpRSQYSVkkqVp*={{~hfWev4{Twk(hb3e~FaWs0R{$U*RS zwr5S6xJ6oz=hGM4lbX571_|huU1^-9Dm@`V2`*n^v^Ro=1mSRhz;OxBof?R0HSl2l zQ=gtL)HSZ<-i;5)LB$p|VO!{;x=^kv&Pe0R@J_fuOHA76ysJkDo4{c5{f-vv{>8fq$$@CHBUufe0BHqn?uWeyXY;c=b1oQIYi$f54XM z84np9L#vUdbaXttE7L(Gs_Ps(KPZf_L+7G^deBHo++S!;J@v>UE7ajG7R)r8QZ4Cy z5+=A`bA<)E#a0np^x-89Q~5?bWM*#ftff}C68D@5B7a5%;%&4fBa|;&8+5Co>TFK+ zu78`k`KoJ5*O(jEN+vjTvO1_n5aUEXoy{lI5VMz8ZgkL?SL4(|7ETFO>Xl1mL^^6H zA@^3p>lUIQfI>5(rP5!6JLy0xNm{-Ui5>^|t2KraS;H*nQMZ;*pIK;mmj)x#gEFS< zQX9=?n)4J(!6tG!C=x2Ed~q+Nh1j$YDu)(={Wc8vDck-wL=FIfR7Ii3#Vep>?j@Yh zPy{Q0u5w72--{A*GtvwsMVA#P#IY8h9g71c){&vH{LmQVg8J~sru}4bTMOino z-cepG`fFu1V3PTddlMy1LyiuUVVOs;$|S%?tc8!d@zsc`8|{RKdYk0|O`AE4A?a{#8`8 zNrh@S@$l!V^Q+VvwSPId9`_D7`@8ByrxRV9kAA?)MACB-8@V|4Ca znudFgsu|4qyDLyVPolL}KEF5HLdNro z>hkt)Z(VK-J!FSiF2e3$#} zB7rM%JsF(ubtP-I#~T|Y0ugc06uiDq7@p2oYPd!I@q45uEjs4io__`x3GZK;YLL=W zR8!po1y-jGjMVA9gfE7~Tu(1MTM6|oPdkyov zes5}w5}70_d?^7p+M=u051%Hw{;LdsM`33Ft2j(#lAwX~d=?E?heu_i=-OgevhW{1 zLp@HVKmT0;z8aFxdm`?t2(bIX91E`-B=IjnuL_qPduDE_&i#vNzHbc=YOv3l z)|Rctw~8k-Mk)pN+p^93R z*CZ=KTUC8op^Obs<6dDL+*$E3T7*3+jXfJDP+lrrB(=dQvuH^3aOmaK*qdUaJa4Y& z`k&Ckb`b=%>__YL&I=k?4QJ$tO7wQ8$|H;~h~iWJA^u0T~d8vpc3-Puc6W<(Zj zcLju()J&Zm&VQETN)oXzOW1dnHe-zGd#O<&<@*m-3~&PjWR^rk>Ng_P>j^>6 zI~9(oDvLi@x6@GK4m4E|aR&-C&Fmg=I=8MxY#N6Uhuk2#uh3X zC!DV$q*K~E9Yw`xs%4~@{Jlh9R?H8U(w}BiOx09TWWNN-t~W$h*i*V<4K?&j$(bgE z!{e$nvtvK5=d8C2!K!d6ct1n%M=|sN9pog{m`{M9Z8oc@iY|y>y6rT~m1I^`o58KS zD}LFj$B*4;yeZ_uMmrL3f)g6vlWy5*=-_Y=k)?w(G_Mp4oHK+6+qOAA9*=v)nEM{7 z*s7Q54)5Gn`t>nMT;^Lisnse<)Q0f>s4~>9=)u*o#ieBDbW|*BeLL_yBO@As50!v%?7^L$^gh?jJ?iWU zIf^Nr>nf~MKk1(LE+CJ4@|TG1H%g*t*G+r&M^6?t3;gd24}DLrg>4eD%#=gvFk+hQ zQ8~{uHN-MTZz7aLuSTb(U%$j${$y`mk05S&SMl0te8@VSOZ8w;fJ42o*kK<}z@x@? zV@&;L!E7CKjOp#RP@MklKE(aR==8^2YQ+i?tqIa0V;}tSnSQvqV zu(vz4(--zvn#)M%$lrtMN&Ndm1>=em)U6wbyI}s!Zr6fq_Q00?$Fj0UlOEgoiI5&K zS*o#!F56`;2w4%*z-P$)0n3?Ao}zqnfDaayl0jueTo-+JdhzaQjadprLI7Y5eKG_`M)nl&>Qb_L9p_TPkIbhfRDfNA| zrq8yFJ|$i=Q~hV=1oVE1nKJSE_JyC|ZZGhycJ(7Gi$0?Y%4CN}%Em*mZuQ18(wv!- zmJC;twVw`GPhM>Flyhh&MKpcBM24S~t@dSq!24|rYvA|R)teS7$=Wt&Bo>%5RX23? zsaxUzS*)h>a_63R3X%~KbD-CS!G+td!oqq_-F7sQbST%`bvm^Tj03U@Wz=`KM8w4r zQOYVUuN3va7HYvVWPiX#%Hi>kTYFVKYTaq^h2DGf?C;ecb9xq$3+L&cG>CX`f-Fp3 z4k5Odh5(33%`WW=7JATzAxVZ9gXT~R{Y8P~_=^*x;Pw+DwXBPeD5Bwvgc<3u#i1}H zJi_e~3?m}WOkpY)XNh|KUR8u3H0%x&Li|-EO0=L9+|_dPf#cG40zP3@R(At59d&7W ze)WX8;x=<}t;`sl`ZMbbdfh?8=Ht$m$@GU!I9X3bsqWrt2GDCN00H~dW}CvgnU6((3@IV+v4*JyW5TNQ}-|qLh@~$ z+v@T%@DCLXz=AE;s|6L|jmECj+ipnLZ|iSzsI@FZ-uM>H_W{M5Gx)#$fY1@L$`BGO zJLhx5Sl_^FGNz9XQtRMgTCy}p9AZG+lvP+`mS3%Q{GW2&0& z^BDPOce30>i?M9K&^i5&)Rq#|!9ywurt$LzUDiC{myDX8-8%EkbbJ6VCk_)Nr zH`U%IRE5d&POZb&pAEAI?n3q$T^`+!moqy|1ug~w3X(0)QN3S_c~@(c4p{eJv;%tD zZ?;QUn`QHp(q_q=`Q|Q`RnfUmrPK={n+@_kNj}1D6vGk)?x&ww+&_?G*+lLI=g-&2 zVxBnd{Q;6o*eDbC>;aN0b4hXd`(>r8RjI!|i|V#h@QV5rG9M>P@2ypgjd-hF;-H=_ zQ0B3(zL!*o^zV~GaL{pvxXbVP3vkK@cmgQ)I{Kq1Ue&-Dk9>mnd7zdUpx zDPHfkMt(cSI5lB;QN5MZ5NXlyy5%eQXb`=Q8F*g(n$B6Sy`y^mYEv`s!V5PrlwtVz z`%HKF!n`7?{dkUxA{F>w#Py8c(|n_Stv6X&w*Vi;w>yq@3PZf0Z_tnKL zHVqSPb@{Y)4ePlw} zlAMCxm1wIT)G^QYeW(H*W%@#Nrcif?F-M#w$zV7(LR$IT{KEKbyckj>l z{dw3=QD%uZE>02Orx!V zn(SxE(n*q11FRIW7Zdzw(*mTdzUOOJ1xV0LU~A4t#b;+-Mqd)fa3D{YFs0?w6c|Em$@0(OHOW29Upy(Lc=HzOa*}8+euon}EsgrO zX)>k{K2z2hT8R#OIPJfg2zWV4!iHrUo6C|pDki@u=y(3ic(;kc zb2`E2*?;6w@e@7=IZ2PBPg}&{ci*7BwS)GHcNza9g1xPtTdoGYjTu~S*(UR-y^V2F z@wbCxwgmUHWAd`tF3#ZL#u zsLI`drTI9vmKug!zj1T04|CHoYV}!!#s?U&f6dU3g>ru0hIRDRuf<)h#daW`;Fy=z zioKNW&~jSbZ#7k8GUj32_!=K-o?!SFqvUJWKPdL;W%^F-5P6dEHe}#AxteRv8hY(N zQMBfHSwrQ{bsXHff}G{?9L>#;yBMoCrqvmG#2$H@){FV=V)D9!wyIC5F5FJ8=1F!g zjpINh=RPvB}cV;&up6|F59A&tt6K89wsPRp)GY|czsQZ2Y|KR`n Fe**|-!I}U7 literal 0 HcmV?d00001 diff --git a/lib/ulib/templates/apacheconfig.d8/www/icon.png b/lib/ulib/templates/apacheconfig.d8/www/icon.png new file mode 100644 index 0000000000000000000000000000000000000000..581bad1b4f515184b0d5af4f1c66474d0d283961 GIT binary patch literal 29641 zcmV*&KsUdMP)Px#32;bRa{vG*UjP6nUjZG4x@rIb00(qQO+^RZ0uv1}4)w9c2mk;e07*naRCwC# zU1yjSRn~sby;a>knHh4fZDHxK$lydWIPoFma!L>Z$4Js;;g&;XRp{8GnJr3?dv^M^=et{Y8E! z5w_)F&Nj^3hS^)OGariKYG}q0zW8e{#rSwI=&z{(!V38g^23<91z)YexK$t^AdfJ^ zUyA|0x$rN;0Q+5wc3{>POkRsA>!2Ayc?2^3*%?4%(h&woxIS5ecNbzsHuA!dbc7R* zFu-4CMUWCR7#Oo0cTGW&dxQs$Fu-4!8J6zCt8?(dA|%-mM>yfnvRsXc7aU=L3Uk8d zT)Z#~pDsh811XN&l|S~07Jq5{qM9bTXO&V-+>7~uz7Rt&Yk&Py3~u1`^b^=cJ9nS<&+j3I@CD; zHYjv((?oo^0)ZpWqCeou3uETxXjL8f6EJ||sAkQcYSX6Xgb9~hmWa^t!w*mS8r2q(Wg(du3ew$-@n7)!RPN!e*N`U zqB{T!P=GWv981pt18!Pc>MghQ9y+u`r%rV%t`=UIgXd==&pCpK{utn=V{J@0Kl;ue z-kR&(yUC(O8^8a4Z7i|=``_OI$wtgCUc9qiyXU4(y&gbJ>WA=uI{^Y9Ah2&=_+S5; z+`03!M7O^G{@eI?`|M(ifb@k_;FCI5;`S9U` zi;CQ|w4izarI&ub>85cJqrZ0T^sm0UC@IN)<&~MedNmp|X31xtEr{0!9HS5bsI;`? zi!bi-^2>uOcqQMi!v$jykVh!(ce*6umn%>!#ryNUh3H)SH(~&TE=G-7@ci>X-gVbW zXPwpV;9Wofh;9Oc{(mgMjt5KaKL7jzqFVra%9QIr`e@->Z_Na>&ju*P3=HT{C~)`P zeg65+6H-zF<$xjsDA(oSig8%J`v@HR-K~5F?+wD4ExjkTJrAAU#N>;9BM6j}Q&g?m zgSX!L)tE6C9~kwA!zw4I$eilQC#Sb={XEefL|H(J{|fpz$3r_!np6XD+;JU%q#;8- zdg6)GjytZ|n{S>|t5%wif+DZTpR%Y(4I4HoHT9mCUYenlF6(*>Uo_6Zw-@20#?VKw z(C^IfefR{N*)sZ0|4|?U4l@LbNYGnu`SOAbI(P5hKvq7a#LSyF?`zobskF4DlTK-v zGb_dCoHKgt*u^pMz4RFXL|BEKJe6R?&Pewo<_FSO1-umVG>&Nu(-zF<7dCZu_ zd-e>g$Whz3=Y8|d>QKlYGNkRUT?LIAJyTq);)%Y3^u_UXk3{?BY)kCqzW3f$mt1mm z`Cqv$4}C`>yXc5X@Y^h<(XAf7JU2@H>-XZs5m4;?_b@R)Zf;S(es9m1u_h}kb@%RJ zrHxmVoz5_D;K=dgSB64XcJ^IeyS}k(*{(9EpDM-!D1!$gJ359>BKw?3C+OO>(^js$ zGc`2;pd3}!`AzI9IHCs*zoP}Ms^i;>qSU{)2yI@2C8F#x>B7Te1ZQO2*P};6pkT_B zYa;v>A@|6ipMJXdTJH}^L0+I)~jws4^aPkM(yzdAW zI!r#FPPOsB3*t<&E5~8Ns;KxstPrTE$o=%wMHgMv1;G0Cdzvd{>V$OUVU$~W?AK!#Xa6W!UKl`_jjs| zuj8rzpHnbm0fJV^PaY-+6be~}`tQAWVv{CMGsCBT0Lk&F!)%M^&;R>z$Gr{&d<3z2BLZM$G`r1Svdmb zmn)DNIzpm{7WW_9z@z?%)AQYh_~_S?)PGnZkg;pKb$e;foQ-}qP8^sC1mut*?fUd- z+O}=Ydi7G9H_z(W@r^}`c9sI`F)tzr00aVv{PR&sHNd{))&LmVFLq>(m)~)+yaE_0 zp&kIBKltE+zx}OiX%DXvMH_Q*^jk-gs1M01c5!ZdymWe82ar)qaP!2(`6*$ADSta$ zZqUY!pWLuv4JpY+}Z;V9`8}V z*^XL*>n0#2kQgal)B#VOa_AXg)vDbsTRsG&mutlmz{eloq*=49_ugAniu47DAS2Z8 z)4iam?2jsecw->)>kQEwC1B`2mItDopcAoyF2f|?viRZNdr$fIzfUiV2SzT!9aE0f zRaP17A;RN*a8ZZ2cP6gEC0`^KG@8-2hVLUfbPQk~fBpK8Z`qRP$Dt^Z6&vw6#?rmN z6+Y?5F#v%O-HC-jC>;o9pDcYPpnWW)8Oo=AP#O|YJ6! zxbP7Q1&WH?Qan&1J|#c`7D4*dZ(c%p;K#J8iZcdcsK3OIHoq>4{^8ZF=m-|lPz((y z4dwHLtGykM?sbep&=tl)S_mULa=9%L}KcKM+g(&6`*M{`)H$Gjv@WhJb+SmLL`mC+xh03 zYfe42Wx^XZbv-T`dxQZh4f+{)ZN16oA6j0q)FC?AD+{o!P7BrP($=F%pe4$FZ(?^= zjIMPsXWNnJSS40U0AHVvW|<{r|7Bld(wZ`L(s&HHTV^X_@Q*M4Wt<%>1Q8Jg$WXr^&juzUj?r(% z|F6O3cWTxe%nZ%U90fm~`1dt{fk3X=(cVsCJ&@2c*75sPuU`7*&G(h%6l(J-@|`1u zT>($O!vD3#v!|ByY!bC?WV2K#&_lyA|5|T)e5Cj21Bm|jWC?rVu`o}Yp zz{Elu+0S5R?K6PZ%$ixU)(k}+?w1UgAT)>|G=v5T2!J$5AOVdgG>c7^2gmMj*^<+} z`wO#X-JDRN-_r|sPB{`8*pIy%l6dlDTzFJ`NjqUvE>0MMuqu=KnQ=xlJk}@9P<~f4Eos`cE7H@Sh|L-R-0QDD_LWx_fP9L#D25Hlqkf+a zNP>hAl1P#ul9GfFf=CERL7o!u0a2_M$aDQ027qAzR+_bj(poDP46U?Q3;`&BGz1_S z4nYv0{b+**5ghU%55@2R$9rC>)D{5Ep1o=9+UzDxGD|CgOFQDzWthM12%VQn!EI|` z+<6FDKs@aEaTCt@)O$o_aZab&c>Bz#|IGx*Uiig(W>w4pTJxYm@B6kd0O#}1FE1=~ zV@dz1r_Pu*ZOc3FEb*w{_IbcCfKAb@BuF772}vY{lw?VgLI^=p7}*aYhzP>x0Z#!i z;3vU);vdkOnOSQnX02H%p)|WnD?viAmZTL!0xm&m5W_V-Dh*GyXh6UPw5cx>@f2Tz zF-n)JakFNREA>=quPA_LPQ?i$;&K&_EJNikRN604rAPTE9Lg;^pk!yG5TqP516Ca$OfdixxE=c;NU;FP#7g zkc2H@Nl*5BO2C)>HbDxqgpec!2}@X#q!hOB-jMms zf?KtEcIC?5kqpY`pYMP3&BvI3O_;EH%9QobJTn`RzU-GC#T)S-Q3aA<3n58bLP)YK zVM}3Tza>csk_HGFB_Kc`A&fheV$))j-xO9cVY1Q|FyhVS0_K+zK5rtldIg2<5#k3kQUe$<2tDd2 zh~{q0MXz_k`?DE3*232p#2ubnjE-->)!sW*To1s^qeuUG{`nurr?2tCh1YlJP}>;C zL=ONNfQ*uR?2fl3vV@RASi-i*lEU`Izhz{<*%Ao}K|~QfK%V(aF&w~A3mBSNGg!0o zUs|)PJT`D$?JDiM>?o~VtzBl12Yd!_d>$}6VHHpPs_gXAIM+~z4s{nSxV5w;z>K@U z#fU|Jbs&@%#(lkULpLN@apY_EAN(HgEZEP?Pe)-uOT0NC>RdLT@A4*g#?+=d3R5qx zA_&CHQ>U&u|NK#GgDPVw5 z6mAol&rqxlz+N28(*T;4273&kT?K7qzh>8ES82!9j$+r(x*q3!zJE`# z()jz)(WK}Itq=Sd^S8&@S0M{4uB!?o*kGHKlwqZFJc%%K<`vAGon6$S!@I5vkVGI7 z-V!n9Zw&R@B47#I61FWYNdb#28KVKDkiH8@N+Muzp9bxlRXe#`Z2;fS-uCo}rBaHx zasbv^6Tn(SYppbECZ$;^lB5-rBoazX!Q_Gj30Dh0sO&I6@fI!_XeGc5CO|+%5P!s3 zq+_&3oHNwytXj2e!-kxO4Kqpup{u&!$r(tt{}Mc4WUnnT>TL9CP*Um}A}&_w{}Gn$ z-VgPgsOEqB;==YNRmbTcV(G3p>MwTjSf46Ng&?9)qZVn+e#)d3b4}E|c@|(il>&f) z_%T*5MR32cgs_EeiGVF^OWMW&uqYsfC52@f1`tsjKvF0mKm6BmX~|yuwdo6XPMNhm zDP$qe24H6CyMS10shC-_t5^$mB`Kv{A|c=^CXgV5dNh$V2DR&WMFdd^ZZWim7Jfd3 zh^a4y>h=u0pI{rA7qo_~H&>HAqd30HQ;M~nab)bDB}+jzDw`Zb3w69|6euz%=# z>TbY>RA51T0}$WJ|IvVM!qcEGY~FSW>+B z&!Y|X=j;ogfA5b;AuC{0Fd#|@hDZp^_&^Q%mx7gMso51Igm#4>ViKBM;YC%9#}iRa zq7f_m{U|Rpw1z7Z)lZgX1`xonz4miL24KeRJuzwt{>05i3thCx#O0lEZP$|VkO<*! z*@t_+!?=}5-rrzC%}5Vo>cwcD8FwBc4Ee;f8Dej5SmBwzRhkUvIC(%S;C%l11w;!Y zV(-28&H}J<<(}TX-+@St%W#hPe{6y!q?DEs|CX?&2v}s>!j{6eg)PbQd_kTYR7zn9 zG_IS{q+Y7IfaH+XxL#^Okt4j6paeF6v3)%ssAeVD)mkVB(t;p}iC8EQG(m9GyDv=B zf0vnAux3~qETXB@Qov$pf{qA&v!hE703aML`tr*qg9f!LZ3@>;MfGIt%>T2Y zAd`hyErh2|!3FJ6mM_@V_;4})F$u{wlK0nKRWll;W5#7A-w(Su_C0LNOW;y_wLe8wTEp1EM7TLB4 zcvy&R4-t_;M*&*|EDG3Sdv@_{&(1YpAF#zMcXhk(^7hReq}q~#0THx?zonop{Fe;c z(mO-Id<6w;5%Ax%jqPDkz&1O^2$8lWEK5i${`zBn0<02Uw@@lDOr@e@*2Ia+6M7&B z7u}un9Z~}O=YLmYaBKW{S==X$&hPd% zw&#^p9h%W13um{9qzF_+AZ+&R&E2~{SGR7hS+lOq$thaAc;|WNeblR0i|NxZ``5o_ zJn+ExKmbA_Xu@6+0fH?N5C}-vLfBH;6fmS25CKaDYyxm<_d0!#sq^&vOKnS776mL} z86YG``o@3|s8=(&TidK5eHum*Emv>Kdtvl))-i5S-v_EVnhWGAv(>JO`hQ%d9hV)& zj-wox9ak5-+HrKTqr;94J4!i9dHx@Tu)pIl!U|yp6>$W)rOF0$sepj)(4p?ah5sl^ z5dJw*M3qK?gY(+s?_JTQPW0E6UR(2U`(#XBQ_+?g1rA<51LwCddBU6`oH`QQ@)DdR z#m2&GqQ-QQiw%1Z8UnR$U88^hj^oE)eAH1d_w3o=t+&qV)$6VrHIgp5bW9iF249A=?8j^&qolzwv@+qtnupI-TU1#RZ0rj!jfcL#uSDng)M}%JUcjNUwGNN zT*P?)S8v`IkRtN4q8ShzNrPjhSqN523lf5upvhn-5BeL$s2PI&5*lWhFtXNQ4M>J% zW@|8%^7Me>m>M^ZFU%>OAxDcAtwEv|+2*gF^)Y$v9~A`|s9iq|r!~X9y^s-#iu@AN znh5z}ygC<8{D_cMX7`>FOqChJSLdR0osuT+irqNvL#RYNR^;Nfey~MU_MiFzUhRL- z5GXAzIDY)a%)EH<7TdOz(lu))pLW_u@4vs;ONkSaT9%kf7eC8QT4YOMTOv6mk7{1+ z(Z6?03W*=*?*uUZ*%SL5T`L$6p`Z)}q-{~ak^xKD0THkwkVb6WUVxY$qt!El!JrHV zWH2Dj2Mp{9+S1cAmIy?)QNNRKb4z1(3uA~|marvRlFYuegtSaqrilI=%dgatrTe%b zVG}#cl0*aqo_lV3S$#!^wnee}J&&@wpPgufggZP*o+vO_{P5z^GA+ z$BkRLX;ZG>!p*O3m+)kNq^Q@=@wBDTjGNDG_0NmihJq5nCH(?|c_sjyf% zt_E=TOY;khlr&DEn6!vsK)x|%)ir}#7#=vfP1c;H+1qv(`M1Uk0JCPLp)@H8rC5@1 z6cYi^CWnroqwt+Iv(OBd-i~G{$w~{YSXiuCLlY!H0fJx&Xogf!v378o*s@>0*7w|V z(s9Q<7A#xh4Q%O&t3S#LD+s~^$75(4Zw^=a2@9Vr!M}gR_WVi|LO2>PoQ`wbCPExQrbP>WmaorUwl3GUsAgtx%Z@^05?Df5maqg&Tx{#E!uKbv zy|{lx`bfUI<}am|C-D7^kPwtTZX1UBM*SFD>>+pP`wB@#!-&GixSGlai!0 zDNAT(rATX`6+;S0f2+tZ)MV(A{f^?TVF2{iSBo#bw97Z&+&*g5f^u%`kT&>Y#UCJl zA=Sp2tuVL^`ZSIL3?%ALVBQ(G5--fc{A~zY6-|6{HR`5f_&{{2lYsi~oPu{3B3K6X zrw8$AY#Ru|RpVh-VLCJs?cQB5d-ggYShDkvL|k_h|0M(o>E(E)r`YBsh6lFnEG!Bu zB63{)%4aLrZ^=(dwruISfGp2B11~Nn$r2ij2C0v6xNP(=Heh)AOcL6W5R62}}>J;F#Ie7)|iv8ycO@w9|(QF4+M zhy(;oa6po=n5}4n5DB79I|_uLj8rSWGa`98aDo-Ht5_&4DUv=Nk^NEeuUXrgn1$BR zT3JG932iB*g_3MZb`@zUv}6wjiI|dQNl>P0EIu9)=L`jaCQa&_b}8k|7HC@?t}e6E z@3$g-N27BcJa!T~*N!X2Du+>tFmp35`4R;Vm@8NOX-j;40oqhA`4vRiuor#aN3kk1 zQda0-#9->lj9q?$!J3> z;bpT4leku|Mv^(~wrA)5FmFd%ifu`<1o`$Td3g|)XP8DzRm(R9Oo5n@=Ej-h`B_X3 zoL~lN$x5*l>=LcPC21|R)=HbNU@1&iHY=rtB<%_iN7-BW z&FWNaLIjoa2$?&%b>+%kEnC(ohiDpQK#Kh!>BF!zqtHRM5dL-)2DU_->YiO&!3%qH z9^PGmmD!$uvx2|H3{|+KBOW~w>A?iB=Z$%I^oR1U!BKdeBLW_~6zU zvmA$?{*{KKk!+(&Z5&+}XSPJ=Itf^`oVBw6W0&K+!^b{l8liBr(0aRS&A zR=95}-d|K+#6W4>+5=~|jT*lD!Wi&zf`Yrs1;U7K0Mc)`;nqMYbRR3Q7co*-}8tfUpBrC?G=t8MH+pAVRhbc;PS+uw~FDFFG3u344)R8L&J! zWZNPV4)aUHC{h<6o$_V;_h6-=m5BprN3r8-*VT^8VONJ8?YKJZYRA!GR~Ls>*x|6N z!j29*91g2uSBD){9OfcN6+61PSQUj;IINVTIIIy?DAowODE0$nVG|2eG37D|Q=OrhLm70;Z(h%WW3qCHhMU>8E@O&r~qxvdItiLc*T;3n_$@ z-l<|r<0EckWE~UNIdH(oShhQ{sbE$3PB9UU8uhpI^kK!t>a)-0O`X~^C#Nvccp@K$ zi};4-!nANBA~N8ouvjIBEJ=QayYOlqC6N@QnGLB~!pj4-gs>&q7TFeA!fO)Yl?eMN z$ZL@jTMnl9wtC&01^NQm}^7N(vwLC^Gwo4_!e-94*H8IXRZM<6f#n z|I-q|V3QbU-G2M{@)^LENVSn0u1ahZ)^HW-r=v$b^r(lnHPE3Jswb6nR-(d9OSk6X z?fLj(1=i+xEonvNNxym$o;n5nTa^52b3H{at{RU?YY?)^yDH5X(grV{9@hfsj>(w6 zz06CpDo*`fyFNd6?k)b;i(h};v1dGBemj$1ooc-J&u%AP zJ2@#RiM;Z5DTo23xIwMtfydYTc;b4?h+dNgZ5bO>NI^nIB(bmrgcO1hu!Yuf_fDH6 zPEDklpjC_nmP|sEP!K{0p$#KR%|dw`7zI}ZQ-g0>&9sPayA%?L_d)B%t8@dCZ21^+KwaNcKd^nT9oYMj)#B=x^E3m^PiUbMlg zn0BN0-kY<0`OZCi3d3OqATu+)MT_dWxkd4P&m-Gn=6lSs?|i&$KVS<0W2SB*hKGd&S$;K)@ZS-FED7UKYEn0) zQ>)Br^LOMIC?UWa8Vn|-S(6F+3Xo=o1eg&BSv}fkxQdy1;i|nGx8*A>1aYL-c0 zzx#+8r#6i?LGh@6HXfb6AFpdgdG_tMXB8CW7Zy5Nb8>QU%9Ja*c6}ZQl+pkIC=f_F zW8m1!FK>6=*{v==zm56dyj3~NH|H6m35WIIlNtb+J>v8&y9!5sy)G0Gr}eDYp+!b= z$TB)-UxBMN2P`3cOTcslB7ul`UN}tfVR&JiNetW*5HLX#q#&7heiYgpZft@gMgebEpslD5V!H*m~4ajq24)2YBYp z>rOlE-I&N%sh<~C6DMt$IC1^??zofBZ5?LrcSh#9AUR|uhpaivvbXIn6atRR{#U?jJwyb*`HCPi)-MRU(4G4EnI|6Y zwY@m~ltz?nagheG9}c6KoCpTOKmcIC1^9*=dhYk;pVSyLHX$>Fv;eY_P$LO7Q&1}z z_0v%&1vQc@O1=jmq|H&=^D$*DzF2{YYY>vKB?t%Tm|{kOgX0_F)?>W9iG-I|=;EPi zcy|Fp*8ac9)wt~#+;MCi7k#k;H%}}xJX~o8(3UFCp9#(pEo2(xf?A*A$;Lc0h-S^4@5Ru<+%QNgEt%m>-#7y(X4C>q}T3=*a;*IC~ zTz&22gy-+uxB2klXZ7s)Mkpk%yY84?y&7d^CheDEdN;&`^AphJpw7|i-SsSF|jRELbtIUEJ0Mj?(+|M9Ig)9nY3_AhWc8xCKWxs*2!8hMhM+BjK`-;!WG`D%*f!ZxSboQpNZSb0 zJWCLS5X@XHEs&aIt=hEDakb;JtJrll5eD?CFC`_k^#Lf&mK6UTxpel@?BcL04s+O1 z#f~a=xG1cO!>TB(io?7;yKv5kGrF|SjQt^A|1bMFD1en83h<%vQqi9OOB0)PXCI5}wv3)$rl}p>YNTmC3_JE>8altFtTgjm8uiGZZH@j-&pM7ULh^ zR49?Q5^(@2MccNu0E9wz$Bs_}Ok~G1j(+jQfddD&1P~0$U{FS=Vg8cc+vff)7?1#@ zpdo!4#ujjuShJSwp7`^&u%kBZC}>hQwSKMSoqLMC*%#!yIEf=7+4DyFT~aLHHXtHq zHxBTpG|AY{ho^184PRqtK}FO4 z!U{d=;j8mX{-~E{G6w{9c$?!6^B*lXsYE}zA z{r=MAkQEG2!0Q!9w&g(}!vKMpecLbTQraupu|(d?F2vu)V&RU8GM+i`oVIa&P0YG=5=JelTwB!xNri~4 z-o4vSpS}@5T3T9z1{vlNwrP{~>#tXYLKcAfbyIe4yeca*RO0EHKbNh~{qM-73s>&V zFLaYaG8B*|2oM=(x@TXwXq`$=4qSLffzrfpzHP>{D5JVs#Ter^Iv!_^Vos|{J$_$mJm8o-gJp19Y zDYJJ}PY)yoWhf{qQBa2%T4VOI-2k6|TH~&5vYOUQ{c8H=a9C-rSqKJslYhN|cdVJT zW)1B!X+bf)fZ)2iLyL@*B&#wij%sFxPCB~w*FSFIm^kjXU4=Wci)v+sDlTYlxS_|( zFaP8-t$X_EEn|Q2jW>Q$RSXbI@vHV=))vg&ih0|yXa|%=Kzg40s-^oPg&N7Y_$Zv) z4lT11#O6w0-ZL}t;w%)qkfNgc$JJ<=h4%)bX|<@y3n1UYd7qb;=}`3y;JUhX>t{D_ z&IN>R%m4i6v{a-p9B2VcNN+j~y|7&7}|joS7C#OSU|b&oOf>d;#uH zb7TT7UbFX=Pgh<)v}I;`;BTil`QYod%A0m)K1m*x6SUF_0&IqQF$1jGb=kJ4XV=;X z;J0Sxo6c=DYw_;QI}6!c0AX*QQ(*>RfFFCT&&x0W9Jzm&U*6>)A3;J`yr&4+g_yYo z<5yzJIsgbtkJbaycUe~*-77|ljh0!su^R@ojHCOqFppwPEY}Dw*O`8gVKytjSji4aY zok4S?VVmEy$H?zU3xAKFykwqTImQ3^VChZgwh9I1r30IdpT2olPO%`?niR1R(3&-o zA~teC_!5GdTQ^RxnHfCL*e3xP@$j)j?wq!Bk1`k2qCr~AMrjp9?QPrEU%GVb_U-w* zcHMQx86V7^z2TT+TGXzc8gn=&CkNho>z6C9?0x`d!0auUuo_>l#+H3v>7XHzWa|*d z3N$0d#)HS>{PuAsMEMnAlh@*^aZrBSh>9;;VA2I>SEFQ>-pXwB9T}Z=aX1*@r=K?T z?)@rr6oQ|4V&llOY~K8(O`CGf2@TY~5jG_&LKE1#~sbYQdU8G!-4>#y0A_sf#qO0y79+6+eZI?@UDG872t-YzRC zXdR@9$;==9yVqH_|4>+5l${%X<*x1(Kj8@{G+4THD-l(%o-}LL)um0|)YKp|)~v}c z=Y;0LZ_LH~ZJ56uzwX4&0_-Zlu0km7l^azyfAau{zQ94_4BXlSCpPw+j}=^Fm*d%) zShgE>C0(n9E{3+j6DOlus3hor{uewsTd1rPkyt6EsmKG$U#fx{GcG}1- zTlPiHHh%mnqNfl_Lb8RR{NL0~2nqxw1*8>_vE8OLa}+@N9UQc2XX_7i(HdH_tNDYk z*IqK9Syp+-79~f zi&m@ze>8F38OPRb-XJX{$r^e}!_U9l=qkU3Et6ok8b|-OF64Am;#hWi~pzfpb5H(v?n_Gv>knF7T*7_Irsieigb8$KK*9 zhIv-SpJ>~*wEzW3fNIuE*|_n}e*H$QTbCWQuKJG<+zQt5M`4BZ!k4qfZlbuZMOu5_nWALU4PE@SmSCW;wD8J%4MZ z*-zu{<8W(_=&`Zi`;STZ;Me_>gB@}RRKI?@=?4phw{82^0}o98-~X1E$_eGDLsN4U z|LCZTlR4U?R%_OZwPdYW3uwVgu<1nN!yfGlAzUp8B!m#!RUnA4qZh5*vtaq2quXY+ zZj@e7$3+v)qs^z_p| z#3Lw0b0t zR?t#wCA8MACaG8otrRK2%BTgQl@PAdruJ446KUZU!+1QPS!)T4X~x1`0h@#=mSIg^ zn^DxSaJcG_uF<21oPG9(W5+Ig`svdQR}3CJa_rdofCUtf9{sodo?+qk1Pox}qoy#@ z(WsY-hUsWp4b3vqG7D{MMA1ABx`rmw*>l`Ve7qQw)?BF<7wU@O4D3^skvacT0T7 zKT4zowD(`lP>AOQ4FwjY6e|f=YpF;IErbwK3k4-ex!Un6Ax#@+5D6mf$IOI@C78yY zQhCMlLU@DXiMVOql)&$xyT0MT3;g1wsJ#>({nTn;N@!7nIKc zH+RP)CzfnGB+BSKUR5qplX3gzJUsmqiWQXh;M)~@ngoPM3V7DObNh{>aS z)A81jzVLdzX<=!hy+&>%bfh*C40LN#y=GH^vjt0=YdDf;)51x7E zd*`3usZO1={BlR(9cpTbsE(W>%-M>u%kjxlX!aT#9ZrYpMe#zhK$I)>LBnm|MWTRd>(QLz&YehMl7D6cY8V3n-l{%|OgEFZ<@-$Yhz?e_)({!v~hrE5L-vI49 z;I#fYb8yuI>KJ3-yz@SuFkxAT4z(99yd{?C4>PZtZ+mkdM*fOzdB`n>peo3&F=GTS z?}XcXqHbz5Yd_&b*p!Q*pJ8L}Z$|wG2!Vv@zg*JxY;gg`)m=wM?^rq@;58n~W`A5fOgHlNzh$sPhaShog$zZ`e}1D}n@ zNvBq!Ht;&8T;2VeYkG_vIj^9=NlObJqK6uL)!Xv0DjT0H!|26ce_5&ud2b?a86kA2 zg?o;}(RKHKJ-NkrZ7!bv2_Xw90sKyubpTH>5&jWn`+_t;aLu$lKpG8T0`vkVe_4>@ zD3AUlqz}QYy%R}dCe!F#YaxY_T6hx%q&F7e%0bO*R0}1z@zcJ;X(!|LH>0FqR)<(- zG--yfr=qX`y}F`dLwq^8Y7vpSfq(m3mqSYWL|C&2ug}BiB~aQ+Ns$6pl~|b!4WtI} zY+v+m5!aNe9MJXJTs$((>mdER8v9o{1{ghhK`CDlC(;1$N#9opMq&^_Xb^!I!eav_ zt%ywPW`Aa*5B*sHY-zQY_kmP5Y2jQd1 z_nk%r(ja0YCTiyAhnqEfbmGM84xRxv=3?nCEZC0k*W;(n z01))^#;S_iOv-fon&{O47arwBoy)0zk8p)%e7pot&cOCO*z$Ku{W!Rm1Z7cwd|tFi z>>6xr02mh#1i@9lBUKwNas37nY(`kH(ps=3wAMDW)4!FB0xa{E_rcw(%vK$KZKyo=pv3(NkJReC!jTH7E&ln3orCbBm_wf$92y?y-@;J z`k=m8ycU6ju(r$zA9xfO490U$;nq7368(Sj$-;>fmzYq=9e0fH*ROR&tk|u2n7A5W zuE2_HgcXWhDE21rSXJ#q)Qn<<25GpxCkD1es_l_)#qFR+r{lc^D0Ct4dmQn7unge3 zD&F~1dirMx{6jIufb?9Vw~q##QPFLJCXztHX5 zqm&Qgy329#6{uaO%tx1SBtu!m`0`t5Tmv`V1|bjlsVb$fzy6Cz_1xmc8^@1d+P{CB zgh2ozJo*EsZot|-*jw!7MUqcaRqH)8ASW|~vs&ZiCg@fdbyLeUj>=j&MR@8bj9P;H zFl_m|@NXUx2I$_s;k)n7F2w^0-Jl7rVFHX95HSEEUepLuFy+F+E19>THCdMN{j;S= zNK%3$^8tz-?YO#RzuV77V@JMubcr3KTQ+0H5195H_U52vYYZ5KuHDPj16kGa)N^?J z5#0aC0o>xPTXVx4Chu3dX$%0~lt-Z^2wfVO2x;^Fg+ET~Fs6S)DVNob8^G|51> zy13w|xb*2td0H3m#GCUlVj+_3KLFrK@OUdZC-^2HVVPBlREXG}$SaZ`ApnyNL0+#9 zTf*}9Edh%lg|r1pvOH3bKmY(B07*naRHTrm<*h#pOo+%3RWD=ogs!z-yE~>`&+9KC zcQ5X^FM_;x?aHrFBPDvVcin>LU%+j*f;J{V=gi4P^4R5!mBqGvPJ6PU!eqVUacst_DHFmjatrA&`d0 zIXOi&HQ}gCfb@wdn!BjiP|$!QDiG!%0rgL`k^nlwX?`JCqeSGv{AlWu2>3B_RC8lY z>_zFkJ9PtM#bCc!Se7gC}@A)MEPP#W~X5fKa=*>Qd`yL>c zRT(aeRHS0}r!tP-b*{s0zv%@`kVj>C|A6e(n5(2>zxUi99zjqvGgC@K_uto5n?Kc( zVnvNoJGP**G9`Kw@cYI7Bxm7!UZzj?k7b)XG!3WtEnL1(3`>L&)1Lsbxtf-_q)_tO z5SkWr;v`UXB~Y8z!xjPm!TEn+4HP(Aog&a+evt4U8?L$Ja!tGekGEf|IbZ;sZi6HRlOv_d94^7uSFS*9j>6xeisIg;3x@C-o=+^4Ez)z8>uaa^8zi zoBtZF6<5FDU*W3QMZ&nM$OD}Hl2OYPM@8n|;YJ=fMk|DCAbuz!XcH{lVS-(vOqN-_e8qoNZ4kMPx<<@9cN*@(Tdrmo6pA;wV?fWcX|Y)33ey`mG8sa z*T8pZ3Fv>lfs=K@E7$F(PC1^|ppb@PW+n%t(&N$L_*uA!Jdx+eso^eliZME-bvoj(bV^PZxZytlR3?yl&XkdPo=(!!_5LAXa#|%oN@9ClqU$Ai&5-hwpnpu_-YnJ^}9f*->se-2^ zRgoBzHSVZ248{A=S;OW_qMsYgwb4*MR~_?KT%1d75#S^mnCP~r-=pnzp)Qcfqc!4_ z)Uyka?diTHOn|VwS4=RM3?kM9ov02slcEK@4(=qov06=p$>E8D0s7fid@u^TeLtdl z>dQHMX;2O#9x_tI3V-QGW7tKX;iB~j@OiV_uQkc4Zd2mbKZ*pqEGmc$MR{5w_8tU- z3^%v!Uo3g}qc}w+mXMd-BBjmGy`zdzc@0IU6hX+vST z#AI)|`z}-HN)XEqthf*o19x2;AuT}Ve;SR#jW3Adsr2gHHL98eY6x*wqZcax&aX%H z#O}qK8dJdOJVNxRX>VNZL7g5L5-;pe(i4%jl)T0>iYqIJ!bJDInL`++f(l%R6X9^QeTGkhZr3r?d#oUg6F0tm&JlbQ~Qsl$LU=1KQ(?kCZE^GUo>%NwM=%BY=JV5 zm>IgJyQAK-!IKLUu0DW3!_5eFXMxW3oNT!d@*Fo%VO|*2O9DTSN#7R)a1S8fvCm}E z62PozwH-}x{>o09qfMHrgsd$y-PO&C1l)Y8WBZfAyM zKA+ZbfJhzJLJu~Sop`#>ljfU?Em%FIz5SEvP z)t--yi))3B#+w~&(^#qlCVAL)5Wa2>#T;q73loG0d3Z#pyw9&xN^nSgc-X z5R4|`^HW*vI5__902jYE+`mW06rE$c3g?dnrb$?ngP7vRUf<4POIx+E7P_!(&MTLs z1FNm(Nq->bj{(EUYGXH-^EL0-Z=}Oiho%5ADW9I~;_`@AO8+xUILMFz*uzL0Mn~fp z7GEW4&(GHb9yim+vj=?5Zp;43#F<|ze~B0arOs9G>BFtTg_VzKC3_Swzb+@IzWC4Y zEO@DRgz%3#1M0F$MTFlBE6%}H|c0!u! z3cC&WsA#)hL@{#Umf7C%7d|L5sL&W9Ot{zErp8{dBGn*tlW9u_72_ z@}GGhLpaxmmTOQ9@jP50oKatEnOK3g5J0e4yxzj1OE~0146EwY{Dd5m43uc9Y+(&) zc*N@rA8DKHVi5(Hqm4oWMu?c&A#!pwU&q8{mNBcTmZHr6ys8^6^5ap0U^MocgZgaI zOp@$6UL$|(f|Yo@lP6Fn1OVW1cju<0oQOLHaiYI@W^}T^1*Rx}*DFLmk#OdSe?b~q zZeH~jYY?P+Td@_WRrgU)2sl5VBBH0N7+YvyJRsc<3CX8YV^RlC=M#`|#@w!&fc+e? z_3EG@_o7IKuDmht$q)qyf*Q}}UD|JTvu9w`70A#eJw!xs(xeBZ=acYMudgEcylh=9 zje2YJA0CZqd1O3MrEpWa8@lI{!+t1%h`{jw=dk4(sldAj-84q~#kBn&gkV6kr}Iv* zEEv??@`vtn@)J))OwF+#<-+zs7nbd+mR%b&)lq+7ZS~ASbJSYy__M5=X@XN0+S_4T zMf+hMG7@?4j)4dGT(7V1OIiaomP;al1`t=NGWMfkBBGo-xE+uG4yD@Q%;7*t*U}UST<%(6}RbK=o=orPZuYQgQ0tAC0 zVYs-+etGoWw!~(2BWms&0m;aYekmbQW#01!LoW1^8O#{YPs4sdW6g;`PfWBIaUftj z5|)|^hcerf>&$O@dtL97OktLdnb|?A&{>72FtfQvrAH?|ruy@47jN5_a9=0fSos=Y zx8GCGJ7;oaW5D=4I~tydBdL{?GnrGyns{8{VboW_TteY%4Y#_~n6LCaL!#y>RM4pt zZjMf5+h^Tfwej?%fGF){M@h`jF90`7q;$!Yr>}EmeRD_PPM5+5M5Hc-n~ybX4o@5} zDRtNzjj0^(Hi6JDyqeBipL+l#x|#tSBm_#dc2;jX#BiR>(8?C=nO-)l|QOtsKhZV$QJ?-?JX#@ zZTh~@GPoPZlPmtnu@UjSszk!Q_8gfiurkLWDCC{r{1I^EuZRP*J5hIBHTr6G@&lY0 z{H@YKcORoTsD;SM*>6^vd@zNVe?R9_o4sQG{`(*0fLbWOZ&rC}&s^Jo&J7TvzAH>w z{y=ZtE8XGlJr909{-P=Sif%}d92izR>^`%}A9>e@W^yEK#SM7*xG6SURdGeF;_zUfB6e3h0C{|Aw^jRe&Nnk#Fecukhuoj5J^mAfin=djr zJ50kP9{yehZUBM-gJJK&4SS^SQ^mvP9^Ajd9TE$Bx5jB~JYH6!X{u6$0FZ>>l)q&$0B@j;LAEYdT~S&kQe>e&6E+yD1b{?uc|kLFpPsZWduR=>g#Sy z3oYb_#qzR9KjXBA7BDov$Ez&we2BiWu$CrY80!R8>V{{=K9K-!19>TbeK}sO0aAkL zbac`}PZ@R;gmwCzpP(Te0uc>Uu6oh{JCSgj{WR5E2ptPe#)g1*L3O#4JJO!XnbRVl z-RYp2ud*Ma+!g8Iv8VvMjDM7~1#jo$v7=E7(6wU8Zr6T7|B5 zHr`!z2p?gpCyTJ0T5I(iEJ1B5>R_GqA8Fb^Z3429`MZ2Aj^=dCMa5wS0#yn6Dah4!20em< zbPaj$daXTW6IaHfn3cDbr|t9{y$F-~sEZ=#>Hw~rdDZV;JG9dsT#JH8Rv5&SMm{|? zY&$bssC@5Uxu6nW^*q8+?8PZ#=Q+YGfyXjAya~J-f$^6QCXN0WC#b#~p$;$*?Io-bJnBGXO z^Pf-lieL4y(Cdj|#F)=U6z+4;;N?2nn65NKkO_dDZ^X32?P2yZJQ*tM= znUFNS-OTQCjm+{i{*pY5o^q1L1ZJ0Ia{p7Lwz5ICthQ0bwWyAVeJN_7aV;;4X3Kdq z9`1x1anUrEAv~~s7?`rzi%Yu?Z@$;%Yb#got9N}GxfGJJxtvRY*u+of@ZH8_Kkk;3k9SB$5-|F$D+{EeKsrS+ROp7zr zom#y{B2(JjX?q{@c`>^u|K zZdqYf=bKtn_yGc$&@3#^me@9_iXEo=TfhIq-;;umFiMNU;}WsoU+;-zOxBn~+ z4&Dh>c03g}AhAIfq@<@O+rn1rnKL3ENFrr3ibP0}be0maOVaTso~q?btcQCUWkI?_ zPq9&rU~OiL_0_tZB(6Vf+q*hhKSUwUK@FsYctIvo?PA6K|1#&KliM z$pBAhoyTf5M<(d?<)&&W9G8hz6>hMZKHCD%7TFrYG%*`&qt2e}_I3H$*>y*ZuSHIl8i99jE=D)OV)C)VVb|ndqbl zcw_i@R%ba0g07SCh07`UfHL7ZMsY6ACoA#z(WnKWd)KVq14GRs4*==;WZ=7ocP1NW zHDAQYa~jg6qqq5497WOE;_P466J$?QOMD^Lc+gOxD0wg-Xix_Sixq~dgFex}uAUqu zWi_?dSr)47hOn{s-Nr&(u~&y832E%T#HTrZ48w#OiZJ!+#rn~y@$FGqU+;wF$g@wZs}>SQP+A}BxC@-i>QS8%lu@*xpn*rm zaSr1y##U$g?e(m|3x5r=z_UBM5;F&6=hr|wReW)E^`9%On9RVXOOgdoZ1O->(E{rY+@BmxP6z8|t;yOjGPv1my#@qpTbWp9 z=Ef8i*jBENQvA4ot!!xpDvj-#KEdE78QG!hpZFll*_zb&} zP{DOG-c=Xr2oW}ISpKd%-#1A=d6 z*52|8O#xT&%%?2eK&8gl-rF2KJ!X1!J{q@)d)0i_uoXx7XH%A*SoL-ya;T=P?vnZwQ}gST zHN4UpL>;)!^yPG!j!4Mv*1t#lsrO`F_5gMm>Y=s|YLu){!)L!d0%f^A%Q+}5-G*05 zGO-b@w+{#4gQAT}N&$ha23JP(bRlk^KK=yDh_v5M@GJB&UWq4fJfdPd zF*ua7we{x?)>VCQor2MGAd6xs&*H&-+Mk${y6w(^g;q$sC;`1uD+4e3#)pZl0_JT9 zc|fAMzTRXyS^{eGZlE9UoI<>bIm*U7jloy4Li6Kql67_eJ^k#dU$vX$1;MF@@vYR8 zl^mR;0=Upm>V8xoO=oN1R2>~S47KV`LCCz_3DfSC`UnWL+hwDpD<; zK)oI?m&1)OH8CD4Pg6iV{H@jPxhVz(g!*QwsZWu=u@RTQ0Zz&fOvT$xFW&46Q0@Y5 z&+YMg$v*6W!AipY!}xCEwZvC~ApSh6Q0Hnb)36|eX^()b*TYZVT}!2AS{I(=eouWA z9`zS73jOE|{XwtajqFpa4BZp;#uCD`eSX8ud!)%H;Qf9m-J^5wU!i?ShHTBdj56_# zHXQa>@;#EzrVsCs&t^uoyO7ChQ-edCMC(O*hk7fZQ`-t95YdFSb5Lh5=FO+jh*BwJ zw-ffLHQWOV;fV<;n6CkW$R+3vw~})rcU|3aD=F)0R!4~W&;Q9Eb@__wfIznF8pb7E zhZyQ`^9dMx;9Q@Jb$K14KiFUs*psyka{aE3{53|^M5I{W^I0%8FkhU)9l@BWhE6CV z9cZmDxSFi?mZWp6C~_`zeYj8~XJp6xgAG7Sq#AY|6kGT2KjEZJFh|AK+$eknp4UKY z{(9glXG(LeX@CS4R~{m zj&w)cMd@DIms_e3mV1Vyb)mrw<`NOkr>s2{21R}RQdYhe4IsT`RPP}nBA-;>6U?DH zRBD>r#$6WV>uIN-z!1)ruNtN#2b~1_5kjL?70qUf9vO$Ng>+2#-lZH5rjoV&W5$n; zBtW`5oLA%-P+JRt!-Lk3C~)yB!>g2rs)k-l+lSYP*x~)z?1j6h1cpX$eYeGr{|Zx$a<%xwU!br>n=jo0UfLXfmgEl^`Aw|&8yzy9U0m&@uSE5{ zfVT^q&m4IZ1O;^YdR_=;#0~&kgE^Ac<-52RKYDhOo2knp($XOh&U2%3Vt$=5 z*<=D>ryz(udY|DWtAv1mmo-t#m3-c;*LGS;=kA|5b7Ia@TpwAC?QW4WIe(4wVMHt^ z?MuNYfDpX+O>+}#Wa_PEdvBGeIe4rJl>e3Hd=6AS4Y1nquxi;*C&}bW9H@1WzL!2@ zp_^hgj1Ua0MJ8{%(f(z2*9s%5#R!u%VuZSM=fUJja1)ev$Ge$t67OW=o{x6DO$Yx8 zGmqIPsu8>WxzR-iO8&8Y;r=-F-yN(+!|L(w^7W;ELgLjg5)PPkQpOW;b2)h0nvO7g zS*U!EFmeSjc)S9)psmU;xPZIJr4!{kLC8GL1M`6klG7DdOTX|1AR5M)IZ=BXl9GkR z%;i$ZiUc8bM53~j7!Ce8=Bft+c zd^DMp^yO*qDG^o=|9p%O4m7*-qGzuU#R%1!<@IteF3+d6IEy|&emq48`-wnr%7W)~ zGl1Z~GA&$X<|EiLJEYFQr#;RvU%yeK!^_jZ$&3}*#*iOiwB$J)LK=L45 z!CBQ$m#*s67i|Q=4P>n9$!fJbyBt?$u|R#aoVxpDp}!ifgSUmU4dIdwQhrx{cOxVm`zq-_h2)#+;tbj(diGIxBmc9NHHH9)+& zsO*POfy5$Kv?B+cUiS)_?4cCZ(h5}hA=)~Qa_f%JgzT*Lw`U6FzS2~Un5(RAnvwdn z$nY8Dd(gu(<2Ph^I23y2&2^ZIw5r-bG_187!80|sK%<3b%9NYbI>%MJa$4mEAg8Qx z>4l99Kg*H{zSu}-24}GBF$&*4GC!N%-L*`>ZnsgnSM-^M$l-b>8}k;pOG|7-Tt`=q zNgMgyq`=%Mr!M>G}ioT7# z@N(pstuc|if=GRMEyYWjLkmg9W@s#yhFbG&7A+BoqMUSPhUls3jgxc9BKYX4bB5^U+Skk7X z#0-zNj9TwrKk<(rXMe!4q*Oh*OBE)epVZQ=q<|N3w~SP=<C zM$i7lU)asS3H#W1#)l>QI$OQq`}jss)lpE0e;B}ci}XK^HNx-4ILZFI*KeDA`CXU} zlelaPt|T-axkTXY^kr^xpRSQYSVkkqVp*={{~hfWev4{Twk(hb3e~FaWs0R{$U*RS zwr5S6xJ6oz=hGM4lbX571_|huU1^-9Dm@`V2`*n^v^Ro=1mSRhz;OxBof?R0HSl2l zQ=gtL)HSZ<-i;5)LB$p|VO!{;x=^kv&Pe0R@J_fuOHA76ysJkDo4{c5{f-vv{>8fq$$@CHBUufe0BHqn?uWeyXY;c=b1oQIYi$f54XM z84np9L#vUdbaXttE7L(Gs_Ps(KPZf_L+7G^deBHo++S!;J@v>UE7ajG7R)r8QZ4Cy z5+=A`bA<)E#a0np^x-89Q~5?bWM*#ftff}C68D@5B7a5%;%&4fBa|;&8+5Co>TFK+ zu78`k`KoJ5*O(jEN+vjTvO1_n5aUEXoy{lI5VMz8ZgkL?SL4(|7ETFO>Xl1mL^^6H zA@^3p>lUIQfI>5(rP5!6JLy0xNm{-Ui5>^|t2KraS;H*nQMZ;*pIK;mmj)x#gEFS< zQX9=?n)4J(!6tG!C=x2Ed~q+Nh1j$YDu)(={Wc8vDck-wL=FIfR7Ii3#Vep>?j@Yh zPy{Q0u5w72--{A*GtvwsMVA#P#IY8h9g71c){&vH{LmQVg8J~sru}4bTMOino z-cepG`fFu1V3PTddlMy1LyiuUVVOs;$|S%?tc8!d@zsc`8|{RKdYk0|O`AE4A?a{#8`8 zNrh@S@$l!V^Q+VvwSPId9`_D7`@8ByrxRV9kAA?)MACB-8@V|4Ca znudFgsu|4qyDLyVPolL}KEF5HLdNro z>hkt)Z(VK-J!FSiF2e3$#} zB7rM%JsF(ubtP-I#~T|Y0ugc06uiDq7@p2oYPd!I@q45uEjs4io__`x3GZK;YLL=W zR8!po1y-jGjMVA9gfE7~Tu(1MTM6|oPdkyov zes5}w5}70_d?^7p+M=u051%Hw{;LdsM`33Ft2j(#lAwX~d=?E?heu_i=-OgevhW{1 zLp@HVKmT0;z8aFxdm`?t2(bIX91E`-B=IjnuL_qPduDE_&i#vNzHbc=YOv3l z)|Rctw~8k-Mk)pN+p^93R z*CZ=KTUC8op^Obs<6dDL+*$E3T7*3+jXfJDP+lrrB(=dQvuH^3aOmaK*qdUaJa4Y& z`k&Ckb`b=%>__YL&I=k?4QJ$tO7wQ8$|H;~h~iWJA^u0T~d8vpc3-Puc6W<(Zj zcLju()J&Zm&VQETN)oXzOW1dnHe-zGd#O<&<@*m-3~&PjWR^rk>Ng_P>j^>6 zI~9(oDvLi@x6@GK4m4E|aR&-C&Fmg=I=8MxY#N6Uhuk2#uh3X zC!DV$q*K~E9Yw`xs%4~@{Jlh9R?H8U(w}BiOx09TWWNN-t~W$h*i*V<4K?&j$(bgE z!{e$nvtvK5=d8C2!K!d6ct1n%M=|sN9pog{m`{M9Z8oc@iY|y>y6rT~m1I^`o58KS zD}LFj$B*4;yeZ_uMmrL3f)g6vlWy5*=-_Y=k)?w(G_Mp4oHK+6+qOAA9*=v)nEM{7 z*s7Q54)5Gn`t>nMT;^Lisnse<)Q0f>s4~>9=)u*o#ieBDbW|*BeLL_yBO@As50!v%?7^L$^gh?jJ?iWU zIf^Nr>nf~MKk1(LE+CJ4@|TG1H%g*t*G+r&M^6?t3;gd24}DLrg>4eD%#=gvFk+hQ zQ8~{uHN-MTZz7aLuSTb(U%$j${$y`mk05S&SMl0te8@VSOZ8w;fJ42o*kK<}z@x@? zV@&;L!E7CKjOp#RP@MklKE(aR==8^2YQ+i?tqIa0V;}tSnSQvqV zu(vz4(--zvn#)M%$lrtMN&Ndm1>=em)U6wbyI}s!Zr6fq_Q00?$Fj0UlOEgoiI5&K zS*o#!F56`;2w4%*z-P$)0n3?Ao}zqnfDaayl0jueTo-+JdhzaQjadprLI7Y5eKG_`M)nl&>Qb_L9p_TPkIbhfRDfNA| zrq8yFJ|$i=Q~hV=1oVE1nKJSE_JyC|ZZGhycJ(7Gi$0?Y%4CN}%Em*mZuQ18(wv!- zmJC;twVw`GPhM>Flyhh&MKpcBM24S~t@dSq!24|rYvA|R)teS7$=Wt&Bo>%5RX23? zsaxUzS*)h>a_63R3X%~KbD-CS!G+td!oqq_-F7sQbST%`bvm^Tj03U@Wz=`KM8w4r zQOYVUuN3va7HYvVWPiX#%Hi>kTYFVKYTaq^h2DGf?C;ecb9xq$3+L&cG>CX`f-Fp3 z4k5Odh5(33%`WW=7JATzAxVZ9gXT~R{Y8P~_=^*x;Pw+DwXBPeD5Bwvgc<3u#i1}H zJi_e~3?m}WOkpY)XNh|KUR8u3H0%x&Li|-EO0=L9+|_dPf#cG40zP3@R(At59d&7W ze)WX8;x=<}t;`sl`ZMbbdfh?8=Ht$m$@GU!I9X3bsqWrt2GDCN00H~dW}CvgnU6((3@IV+v4*JyW5TNQ}-|qLh@~$ z+v@T%@DCLXz=AE;s|6L|jmECj+ipnLZ|iSzsI@FZ-uM>H_W{M5Gx)#$fY1@L$`BGO zJLhx5Sl_^FGNz9XQtRMgTCy}p9AZG+lvP+`mS3%Q{GW2&0& z^BDPOce30>i?M9K&^i5&)Rq#|!9ywurt$LzUDiC{myDX8-8%EkbbJ6VCk_)Nr zH`U%IRE5d&POZb&pAEAI?n3q$T^`+!moqy|1ug~w3X(0)QN3S_c~@(c4p{eJv;%tD zZ?;QUn`QHp(q_q=`Q|Q`RnfUmrPK={n+@_kNj}1D6vGk)?x&ww+&_?G*+lLI=g-&2 zVxBnd{Q;6o*eDbC>;aN0b4hXd`(>r8RjI!|i|V#h@QV5rG9M>P@2ypgjd-hF;-H=_ zQ0B3(zL!*o^zV~GaL{pvxXbVP3vkK@cmgQ)I{Kq1Ue&-Dk9>mnd7zdUpx zDPHfkMt(cSI5lB;QN5MZ5NXlyy5%eQXb`=Q8F*g(n$B6Sy`y^mYEv`s!V5PrlwtVz z`%HKF!n`7?{dkUxA{F>w#Py8c(|n_Stv6X&w*Vi;w>yq@3PZf0Z_tnKL zHVqSPb@{Y)4ePlw} zlAMCxm1wIT)G^QYeW(H*W%@#N + # cf https://wiki.mozilla.org/Security/Server_Side_TLS + + # modern configuration not supported. same as SSL_CONFIG_INTERMEDIATE below + SSLProtocol all -SSLv2 -SSLv3 + SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS + SSLHonorCipherOrder on + + + + # intermediate configuration, tweak to your needs + SSLProtocol all -SSLv2 -SSLv3 + SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS + SSLHonorCipherOrder on + SSLCompression off + SSLSessionTickets off + + + + # old configuration, tweak to your needs + SSLProtocol all -SSLv2 + SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP + SSLHonorCipherOrder on + SSLCompression off + SSLSessionTickets off + + + # default debian configuration + + # SSL Cipher Suite: + # List the ciphers that the client is permitted to negotiate. + # See the mod_ssl documentation for a complete list. + # enable only secure ciphers: + SSLCipherSuite HIGH:MEDIUM:!ADH + # Use this instead if you want to allow cipher upgrades via SGC facility. + # In this case you also have to use something like + # SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 + # see http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html.en#upgradeenc + #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + + # enable only secure protocols: SSLv3 and TLSv1, but not SSLv2 + SSLProtocol all -SSLv2 + + + + +# +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the SSL library. +# The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +# +SSLRandomSeed startup builtin +SSLRandomSeed startup file:/dev/urandom 512 +SSLRandomSeed connect builtin +SSLRandomSeed connect file:/dev/urandom 512 + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# +# Some MIME-types for downloading Certificates and CRLs +# +AddType application/x-x509-ca-cert .crt +AddType application/x-pkcs7-crl .crl + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog builtin + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +# (The mechanism dbm has known memory leaks and should not be used). +#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache +SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) +SSLSessionCacheTimeout 300 + +# Semaphore: +# Configure the path to the mutual exclusion semaphore the +# SSL engine uses internally for inter-process synchronization. +SSLMutex file:${APACHE_RUN_DIR}/ssl_mutex + +# Allow insecure renegotiation with clients which do not yet support the +# secure renegotiation protocol. Default: Off +#SSLInsecureRenegotiation on + +# Whether to forbid non-SNI clients to access name based virtual hosts. +# Default: Off +#SSLStrictSNIVHostCheck On + diff --git a/lib/ulib/templates/apacheconfig/modules/ssl.conf..d b/lib/ulib/templates/apacheconfig/modules/ssl.conf..d deleted file mode 100644 index 9994776..0000000 --- a/lib/ulib/templates/apacheconfig/modules/ssl.conf..d +++ /dev/null @@ -1,103 +0,0 @@ - - # cf https://wiki.mozilla.org/Security/Server_Side_TLS - - # modern configuration not supported. same as SSL_CONFIG_INTERMEDIATE below - SSLProtocol all -SSLv2 -SSLv3 - SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - SSLHonorCipherOrder on - - - - # intermediate configuration, tweak to your needs - SSLProtocol all -SSLv2 -SSLv3 - SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - SSLHonorCipherOrder on - SSLCompression off - SSLSessionTickets off - - - - # old configuration, tweak to your needs - SSLProtocol all -SSLv2 - SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP - SSLHonorCipherOrder on - SSLCompression off - SSLSessionTickets off - - - # default debian configuration - - # SSL Cipher Suite: - # List the ciphers that the client is permitted to negotiate. - # See the mod_ssl documentation for a complete list. - # enable only secure ciphers: - SSLCipherSuite HIGH:MEDIUM:!ADH - # Use this instead if you want to allow cipher upgrades via SGC facility. - # In this case you also have to use something like - # SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 - # see http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html.en#upgradeenc - #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - - # enable only secure protocols: SSLv3 and TLSv1, but not SSLv2 - SSLProtocol all -SSLv2 - - - - -# -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the SSL library. -# The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -# -SSLRandomSeed startup builtin -SSLRandomSeed startup file:/dev/urandom 512 -SSLRandomSeed connect builtin -SSLRandomSeed connect file:/dev/urandom 512 - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# -# Some MIME-types for downloading Certificates and CRLs -# -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -SSLPassPhraseDialog builtin - -# Inter-Process Session Cache: -# Configure the SSL Session Cache: First the mechanism -# to use and second the expiring timeout (in seconds). -# (The mechanism dbm has known memory leaks and should not be used). -#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache -SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) -SSLSessionCacheTimeout 300 - -# Semaphore: -# Configure the path to the mutual exclusion semaphore the -# SSL engine uses internally for inter-process synchronization. -SSLMutex file:${APACHE_RUN_DIR}/ssl_mutex - -# Allow insecure renegotiation with clients which do not yet support the -# secure renegotiation protocol. Default: Off -#SSLInsecureRenegotiation on - -# Whether to forbid non-SNI clients to access name based virtual hosts. -# Default: Off -#SSLStrictSNIVHostCheck On - diff --git a/lib/ulib/templates/apacheconfig/ports.conf b/lib/ulib/templates/apacheconfig/ports.conf index e69de29..a6bceab 100644 --- a/lib/ulib/templates/apacheconfig/ports.conf +++ b/lib/ulib/templates/apacheconfig/ports.conf @@ -0,0 +1,29 @@ +# -*- coding: utf-8 mode: conf -*- vim:syntax=apache:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 +# If you just change the port or add more ports here, you will likely also +# have to change the VirtualHost statement in +# /etc/apache2/sites-enabled/000-default +# This is also true if you have upgraded from before 2.2.9-3 (i.e. from +# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and +# README.Debian.gz + +NameVirtualHost *:80 +Listen *:80 + + + # If you add NameVirtualHost *:443 here, you will also have to change + # the VirtualHost statement in /etc/apache2/sites-available/default-ssl + # to + # Server Name Indication for SSL named virtual hosts is currently not + # supported by MSIE on Windows XP. + #NameVirtualHost IP:443 + #Listen IP:443 + #@@ips_namevirtualhosts@@ + #@@ips_listens@@ + + + + #NameVirtualHost IP:443 + #Listen IP:443 + #@@ips_namevirtualhosts@@ + #@@ips_listens@@ + diff --git a/lib/ulib/templates/apacheconfig/ports.conf..d b/lib/ulib/templates/apacheconfig/ports.conf..d deleted file mode 100644 index a6bceab..0000000 --- a/lib/ulib/templates/apacheconfig/ports.conf..d +++ /dev/null @@ -1,29 +0,0 @@ -# -*- coding: utf-8 mode: conf -*- vim:syntax=apache:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 -# If you just change the port or add more ports here, you will likely also -# have to change the VirtualHost statement in -# /etc/apache2/sites-enabled/000-default -# This is also true if you have upgraded from before 2.2.9-3 (i.e. from -# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and -# README.Debian.gz - -NameVirtualHost *:80 -Listen *:80 - - - # If you add NameVirtualHost *:443 here, you will also have to change - # the VirtualHost statement in /etc/apache2/sites-available/default-ssl - # to - # Server Name Indication for SSL named virtual hosts is currently not - # supported by MSIE on Windows XP. - #NameVirtualHost IP:443 - #Listen IP:443 - #@@ips_namevirtualhosts@@ - #@@ips_listens@@ - - - - #NameVirtualHost IP:443 - #Listen IP:443 - #@@ips_namevirtualhosts@@ - #@@ips_listens@@ - diff --git a/lib/ulib/templates/apacheconfig/sites/default.conf b/lib/ulib/templates/apacheconfig/sites/default.conf index e69de29..0fc5304 100644 --- a/lib/ulib/templates/apacheconfig/sites/default.conf +++ b/lib/ulib/templates/apacheconfig/sites/default.conf @@ -0,0 +1,51 @@ +# -*- coding: utf-8 mode: conf -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 + + + ServerName @@host@@ + ServerAlias @@aliases@@ + ServerAdmin @@admin@@ + + DocumentRoot /var/www + + Options FollowSymLinks + AllowOverride None + + + Options Indexes FollowSymLinks MultiViews + AllowOverride None + Order allow,deny + allow from all + + + # Pour les serveurs qui ont le module mod_WebObjects: + # mod_WebObjects et ScriptAlias ne peuvent pas gérer le même préfixe. Pour + # utiliser des cgi-bin avec WebObjects, il faut soit changer le préfixe de + # ScriptAlias, soit changer le préfixe de WebObjectsAlias dans le fichier + # mod-webobjects.conf + # Sinon, il suffit de commenter les lignes suivantes: + ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ + + AllowOverride None + Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch + Order allow,deny + Allow from all + + + ErrorLog ${APACHE_LOG_DIR}/error.log + + # Possible values include: debug, info, notice, warn, error, crit, + # alert, emerg. + LogLevel warn + + CustomLog ${APACHE_LOG_DIR}/access.log combined + + # Pour les serveurs qui ont le module mod_WebObjects: + + Order allow,deny + Allow from all + + + Order allow,deny + Allow from all + + diff --git a/lib/ulib/templates/apacheconfig/sites/default.conf..d b/lib/ulib/templates/apacheconfig/sites/default.conf..d deleted file mode 100644 index 0fc5304..0000000 --- a/lib/ulib/templates/apacheconfig/sites/default.conf..d +++ /dev/null @@ -1,51 +0,0 @@ -# -*- coding: utf-8 mode: conf -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 - - - ServerName @@host@@ - ServerAlias @@aliases@@ - ServerAdmin @@admin@@ - - DocumentRoot /var/www - - Options FollowSymLinks - AllowOverride None - - - Options Indexes FollowSymLinks MultiViews - AllowOverride None - Order allow,deny - allow from all - - - # Pour les serveurs qui ont le module mod_WebObjects: - # mod_WebObjects et ScriptAlias ne peuvent pas gérer le même préfixe. Pour - # utiliser des cgi-bin avec WebObjects, il faut soit changer le préfixe de - # ScriptAlias, soit changer le préfixe de WebObjectsAlias dans le fichier - # mod-webobjects.conf - # Sinon, il suffit de commenter les lignes suivantes: - ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ - - AllowOverride None - Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch - Order allow,deny - Allow from all - - - ErrorLog ${APACHE_LOG_DIR}/error.log - - # Possible values include: debug, info, notice, warn, error, crit, - # alert, emerg. - LogLevel warn - - CustomLog ${APACHE_LOG_DIR}/access.log combined - - # Pour les serveurs qui ont le module mod_WebObjects: - - Order allow,deny - Allow from all - - - Order allow,deny - Allow from all - - diff --git a/lib/ulib/templates/apacheconfig/sites/default.ssl.conf b/lib/ulib/templates/apacheconfig/sites/default.ssl.conf index e69de29..52f4a83 100644 --- a/lib/ulib/templates/apacheconfig/sites/default.ssl.conf +++ b/lib/ulib/templates/apacheconfig/sites/default.ssl.conf @@ -0,0 +1,190 @@ +# -*- coding: utf-8 mode: conf -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8 + + + + ServerName @@host@@ + ServerAlias @@aliases@@ + ServerAdmin @@admin@@ + + DocumentRoot /var/www + + Options FollowSymLinks + AllowOverride None + + + Options Indexes FollowSymLinks MultiViews + AllowOverride None + Order allow,deny + allow from all + + + # Pour les serveurs qui ont le module mod_WebObjects: + # mod_WebObjects et ScriptAlias ne peuvent pas gérer le même préfixe. Pour + # utiliser des cgi-bin avec WebObjects, il faut soit changer le préfixe de + # ScriptAlias, soit changer le préfixe de WebObjectsAlias dans le fichier + # mod-webobjects.conf + # Sinon, il suffit de commenter les lignes suivantes: + ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ + + AllowOverride None + Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch + Order allow,deny + Allow from all + + + ErrorLog ${APACHE_LOG_DIR}/ssl_error.log + + # Possible values include: debug, info, notice, warn, error, crit, + # alert, emerg. + LogLevel warn + + CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined + + + Order allow,deny + Allow from all + + + + Order allow,deny + Allow from all + + + # SSL Engine Switch: + # Enable/Disable SSL for this virtual host. + SSLEngine on + + # A self-signed (snakeoil) certificate can be created by installing + # the ssl-cert package. See + # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. + # If both key and certificate are stored in the same file, only the + # SSLCertificateFile directive is needed. + SSLCertificateFile @@cert@@ + SSLCertificateKeyFile @@key@@ + + # Server Certificate Chain: + # Point SSLCertificateChainFile at a file containing the + # concatenation of PEM encoded CA certificates which form the + # certificate chain for the server certificate. Alternatively + # the referenced file can be the same as SSLCertificateFile + # when the CA certificates are directly appended to the server + # certificate for convinience. + SSLCertificateChainFile @@ca@@ + + # Certificate Authority (CA): + # Set the CA certificate verification path where to find CA + # certificates for client authentication or alternatively one + # huge file containing all of them (file must be PEM encoded) + # Note: Inside SSLCACertificatePath you need hash symlinks + # to point to the certificate files. Use the provided + # Makefile to update the hash symlinks after changes. + #SSLCACertificatePath /etc/ssl/certs/ + #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt + + # Certificate Revocation Lists (CRL): + # Set the CA revocation path where to find CA CRLs for client + # authentication or alternatively one huge file containing all + # of them (file must be PEM encoded) + # Note: Inside SSLCARevocationPath you need hash symlinks + # to point to the certificate files. Use the provided + # Makefile to update the hash symlinks after changes. + #SSLCARevocationPath /etc/apache2/ssl.crl/ + #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl + + # Client Authentication (Type): + # Client certificate verification type and depth. Types are + # none, optional, require and optional_no_ca. Depth is a + # number which specifies how deeply to verify the certificate + # issuer chain before deciding the certificate is not valid. + #SSLVerifyClient require + #SSLVerifyDepth 10 + + # Access Control: + # With SSLRequire you can do per-directory access control based + # on arbitrary complex boolean expressions containing server + # variable checks and other lookup directives. The syntax is a + # mixture between C and Perl. See the mod_ssl documentation + # for more details. + # + #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ + # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ + # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ + # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ + # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ + # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ + # + + # SSL Engine Options: + # Set various options for the SSL engine. + # o FakeBasicAuth: + # Translate the client X.509 into a Basic Authorisation. This means that + # the standard Auth/DBMAuth methods can be used for access control. The + # user name is the `one line' version of the client's X.509 certificate. + # Note that no password is obtained from the user. Every entry in the user + # file needs this password: `xxj31ZMTZzkVA'. + # o ExportCertData: + # This exports two additional environment variables: SSL_CLIENT_CERT and + # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the + # server (always existing) and the client (only existing when client + # authentication is used). This can be used to import the certificates + # into CGI scripts. + # o StdEnvVars: + # This exports the standard SSL/TLS related `SSL_*' environment variables. + # Per default this exportation is switched off for performance reasons, + # because the extraction step is an expensive operation and is usually + # useless for serving static content. So one usually enables the + # exportation for CGI and SSI requests only. + # o StrictRequire: + # This denies access when "SSLRequireSSL" or "SSLRequire" applied even + # under a "Satisfy any" situation, i.e. when it applies access is denied + # and no other module can change it. + # o OptRenegotiate: + # This enables optimized SSL connection renegotiation handling when SSL + # directives are used in per-directory context. + #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + + # SSL Protocol Adjustments: + # The safe and default but still SSL/TLS standard compliant shutdown + # approach is that mod_ssl sends the close notify alert but doesn't wait for + # the close notify alert from client. When you need a different shutdown + # approach you can use one of the following variables: + # o ssl-unclean-shutdown: + # This forces an unclean shutdown when the connection is closed, i.e. no + # SSL close notify alert is send or allowed to received. This violates + # the SSL/TLS standard but is needed for some brain-dead browsers. Use + # this when you receive I/O errors because of the standard approach where + # mod_ssl sends the close notify alert. + # o ssl-accurate-shutdown: + # This forces an accurate shutdown when the connection is closed, i.e. a + # SSL close notify alert is send and mod_ssl waits for the close notify + # alert of the client. This is 100% SSL/TLS standard compliant, but in + # practice often causes hanging connections with brain-dead browsers. Use + # this only for browsers where you know that their SSL implementation + # works correctly. + # Notice: Most problems of broken clients are also related to the HTTP + # keep-alive facility, so you usually additionally want to disable + # keep-alive for those clients, too. Use variable "nokeepalive" for this. + # Similarly, one has to force some clients to use HTTP/1.0 to workaround + # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and + # "force-response-1.0" for this. + BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + # MSIE 7 and newer should be able to use keepalive + BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown + + # cf https://wiki.mozilla.org/Security/Server_Side_TLS + + + # HSTS (15768000 seconds = 6 months) + Header always set Strict-Transport-Security "max-age=15768000" + + + + diff --git a/lib/ulib/templates/apacheconfig/www/favicon.ico b/lib/ulib/templates/apacheconfig/www/favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000..a1a0be8884a24d60bda51751dcbfffcb3a99b76d GIT binary patch literal 1150 zcmb7^eN5DK9LIldEw{2p|G3dwYtE*%Y32H(Qfi3DjnIu$lJeOUSZlMC4zQ4mL(Gem z2v;a+Jm`2jl62w2qKtc}<8I;I!65=7ryx>rcif?F-M#w$zV7(LR$IT{KEKbyckj>l z{dw3=QD%uZE>02Orx!V zn(SxE(n*q11FRIW7Zdzw(*mTdzUOOJ1xV0LU~A4t#b;+-Mqd)fa3D{YFs0?w6c|Em$@0(OHOW29Upy(Lc=HzOa*}8+euon}EsgrO zX)>k{K2z2hT8R#OIPJfg2zWV4!iHrUo6C|pDki@u=y(3ic(;kc zb2`E2*?;6w@e@7=IZ2PBPg}&{ci*7BwS)GHcNza9g1xPtTdoGYjTu~S*(UR-y^V2F z@wbCxwgmUHWAd`tF3#ZL#u zsLI`drTI9vmKug!zj1T04|CHoYV}!!#s?U&f6dU3g>ru0hIRDRuf<)h#daW`;Fy=z zioKNW&~jSbZ#7k8GUj32_!=K-o?!SFqvUJWKPdL;W%^F-5P6dEHe}#AxteRv8hY(N zQMBfHSwrQ{bsXHff}G{?9L>#;yBMoCrqvmG#2$H@){FV=V)D9!wyIC5F5FJ8=1F!g zjpINh=RPvB}cV;&up6|F59A&tt6K89wsPRp)GY|czsQZ2Y|KR`n Fe**|-!I}U7 literal 0 HcmV?d00001 diff --git a/lib/ulib/templates/apacheconfig/www/icon.png b/lib/ulib/templates/apacheconfig/www/icon.png new file mode 100644 index 0000000000000000000000000000000000000000..581bad1b4f515184b0d5af4f1c66474d0d283961 GIT binary patch literal 29641 zcmV*&KsUdMP)Px#32;bRa{vG*UjP6nUjZG4x@rIb00(qQO+^RZ0uv1}4)w9c2mk;e07*naRCwC# zU1yjSRn~sby;a>knHh4fZDHxK$lydWIPoFma!L>Z$4Js;;g&;XRp{8GnJr3?dv^M^=et{Y8E! z5w_)F&Nj^3hS^)OGariKYG}q0zW8e{#rSwI=&z{(!V38g^23<91z)YexK$t^AdfJ^ zUyA|0x$rN;0Q+5wc3{>POkRsA>!2Ayc?2^3*%?4%(h&woxIS5ecNbzsHuA!dbc7R* zFu-4CMUWCR7#Oo0cTGW&dxQs$Fu-4!8J6zCt8?(dA|%-mM>yfnvRsXc7aU=L3Uk8d zT)Z#~pDsh811XN&l|S~07Jq5{qM9bTXO&V-+>7~uz7Rt&Yk&Py3~u1`^b^=cJ9nS<&+j3I@CD; zHYjv((?oo^0)ZpWqCeou3uETxXjL8f6EJ||sAkQcYSX6Xgb9~hmWa^t!w*mS8r2q(Wg(du3ew$-@n7)!RPN!e*N`U zqB{T!P=GWv981pt18!Pc>MghQ9y+u`r%rV%t`=UIgXd==&pCpK{utn=V{J@0Kl;ue z-kR&(yUC(O8^8a4Z7i|=``_OI$wtgCUc9qiyXU4(y&gbJ>WA=uI{^Y9Ah2&=_+S5; z+`03!M7O^G{@eI?`|M(ifb@k_;FCI5;`S9U` zi;CQ|w4izarI&ub>85cJqrZ0T^sm0UC@IN)<&~MedNmp|X31xtEr{0!9HS5bsI;`? zi!bi-^2>uOcqQMi!v$jykVh!(ce*6umn%>!#ryNUh3H)SH(~&TE=G-7@ci>X-gVbW zXPwpV;9Wofh;9Oc{(mgMjt5KaKL7jzqFVra%9QIr`e@->Z_Na>&ju*P3=HT{C~)`P zeg65+6H-zF<$xjsDA(oSig8%J`v@HR-K~5F?+wD4ExjkTJrAAU#N>;9BM6j}Q&g?m zgSX!L)tE6C9~kwA!zw4I$eilQC#Sb={XEefL|H(J{|fpz$3r_!np6XD+;JU%q#;8- zdg6)GjytZ|n{S>|t5%wif+DZTpR%Y(4I4HoHT9mCUYenlF6(*>Uo_6Zw-@20#?VKw z(C^IfefR{N*)sZ0|4|?U4l@LbNYGnu`SOAbI(P5hKvq7a#LSyF?`zobskF4DlTK-v zGb_dCoHKgt*u^pMz4RFXL|BEKJe6R?&Pewo<_FSO1-umVG>&Nu(-zF<7dCZu_ zd-e>g$Whz3=Y8|d>QKlYGNkRUT?LIAJyTq);)%Y3^u_UXk3{?BY)kCqzW3f$mt1mm z`Cqv$4}C`>yXc5X@Y^h<(XAf7JU2@H>-XZs5m4;?_b@R)Zf;S(es9m1u_h}kb@%RJ zrHxmVoz5_D;K=dgSB64XcJ^IeyS}k(*{(9EpDM-!D1!$gJ359>BKw?3C+OO>(^js$ zGc`2;pd3}!`AzI9IHCs*zoP}Ms^i;>qSU{)2yI@2C8F#x>B7Te1ZQO2*P};6pkT_B zYa;v>A@|6ipMJXdTJH}^L0+I)~jws4^aPkM(yzdAW zI!r#FPPOsB3*t<&E5~8Ns;KxstPrTE$o=%wMHgMv1;G0Cdzvd{>V$OUVU$~W?AK!#Xa6W!UKl`_jjs| zuj8rzpHnbm0fJV^PaY-+6be~}`tQAWVv{CMGsCBT0Lk&F!)%M^&;R>z$Gr{&d<3z2BLZM$G`r1Svdmb zmn)DNIzpm{7WW_9z@z?%)AQYh_~_S?)PGnZkg;pKb$e;foQ-}qP8^sC1mut*?fUd- z+O}=Ydi7G9H_z(W@r^}`c9sI`F)tzr00aVv{PR&sHNd{))&LmVFLq>(m)~)+yaE_0 zp&kIBKltE+zx}OiX%DXvMH_Q*^jk-gs1M01c5!ZdymWe82ar)qaP!2(`6*$ADSta$ zZqUY!pWLuv4JpY+}Z;V9`8}V z*^XL*>n0#2kQgal)B#VOa_AXg)vDbsTRsG&mutlmz{eloq*=49_ugAniu47DAS2Z8 z)4iam?2jsecw->)>kQEwC1B`2mItDopcAoyF2f|?viRZNdr$fIzfUiV2SzT!9aE0f zRaP17A;RN*a8ZZ2cP6gEC0`^KG@8-2hVLUfbPQk~fBpK8Z`qRP$Dt^Z6&vw6#?rmN z6+Y?5F#v%O-HC-jC>;o9pDcYPpnWW)8Oo=AP#O|YJ6! zxbP7Q1&WH?Qan&1J|#c`7D4*dZ(c%p;K#J8iZcdcsK3OIHoq>4{^8ZF=m-|lPz((y z4dwHLtGykM?sbep&=tl)S_mULa=9%L}KcKM+g(&6`*M{`)H$Gjv@WhJb+SmLL`mC+xh03 zYfe42Wx^XZbv-T`dxQZh4f+{)ZN16oA6j0q)FC?AD+{o!P7BrP($=F%pe4$FZ(?^= zjIMPsXWNnJSS40U0AHVvW|<{r|7Bld(wZ`L(s&HHTV^X_@Q*M4Wt<%>1Q8Jg$WXr^&juzUj?r(% z|F6O3cWTxe%nZ%U90fm~`1dt{fk3X=(cVsCJ&@2c*75sPuU`7*&G(h%6l(J-@|`1u zT>($O!vD3#v!|ByY!bC?WV2K#&_lyA|5|T)e5Cj21Bm|jWC?rVu`o}Yp zz{Elu+0S5R?K6PZ%$ixU)(k}+?w1UgAT)>|G=v5T2!J$5AOVdgG>c7^2gmMj*^<+} z`wO#X-JDRN-_r|sPB{`8*pIy%l6dlDTzFJ`NjqUvE>0MMuqu=KnQ=xlJk}@9P<~f4Eos`cE7H@Sh|L-R-0QDD_LWx_fP9L#D25Hlqkf+a zNP>hAl1P#ul9GfFf=CERL7o!u0a2_M$aDQ027qAzR+_bj(poDP46U?Q3;`&BGz1_S z4nYv0{b+**5ghU%55@2R$9rC>)D{5Ep1o=9+UzDxGD|CgOFQDzWthM12%VQn!EI|` z+<6FDKs@aEaTCt@)O$o_aZab&c>Bz#|IGx*Uiig(W>w4pTJxYm@B6kd0O#}1FE1=~ zV@dz1r_Pu*ZOc3FEb*w{_IbcCfKAb@BuF772}vY{lw?VgLI^=p7}*aYhzP>x0Z#!i z;3vU);vdkOnOSQnX02H%p)|WnD?viAmZTL!0xm&m5W_V-Dh*GyXh6UPw5cx>@f2Tz zF-n)JakFNREA>=quPA_LPQ?i$;&K&_EJNikRN604rAPTE9Lg;^pk!yG5TqP516Ca$OfdixxE=c;NU;FP#7g zkc2H@Nl*5BO2C)>HbDxqgpec!2}@X#q!hOB-jMms zf?KtEcIC?5kqpY`pYMP3&BvI3O_;EH%9QobJTn`RzU-GC#T)S-Q3aA<3n58bLP)YK zVM}3Tza>csk_HGFB_Kc`A&fheV$))j-xO9cVY1Q|FyhVS0_K+zK5rtldIg2<5#k3kQUe$<2tDd2 zh~{q0MXz_k`?DE3*232p#2ubnjE-->)!sW*To1s^qeuUG{`nurr?2tCh1YlJP}>;C zL=ONNfQ*uR?2fl3vV@RASi-i*lEU`Izhz{<*%Ao}K|~QfK%V(aF&w~A3mBSNGg!0o zUs|)PJT`D$?JDiM>?o~VtzBl12Yd!_d>$}6VHHpPs_gXAIM+~z4s{nSxV5w;z>K@U z#fU|Jbs&@%#(lkULpLN@apY_EAN(HgEZEP?Pe)-uOT0NC>RdLT@A4*g#?+=d3R5qx zA_&CHQ>U&u|NK#GgDPVw5 z6mAol&rqxlz+N28(*T;4273&kT?K7qzh>8ES82!9j$+r(x*q3!zJE`# z()jz)(WK}Itq=Sd^S8&@S0M{4uB!?o*kGHKlwqZFJc%%K<`vAGon6$S!@I5vkVGI7 z-V!n9Zw&R@B47#I61FWYNdb#28KVKDkiH8@N+Muzp9bxlRXe#`Z2;fS-uCo}rBaHx zasbv^6Tn(SYppbECZ$;^lB5-rBoazX!Q_Gj30Dh0sO&I6@fI!_XeGc5CO|+%5P!s3 zq+_&3oHNwytXj2e!-kxO4Kqpup{u&!$r(tt{}Mc4WUnnT>TL9CP*Um}A}&_w{}Gn$ z-VgPgsOEqB;==YNRmbTcV(G3p>MwTjSf46Ng&?9)qZVn+e#)d3b4}E|c@|(il>&f) z_%T*5MR32cgs_EeiGVF^OWMW&uqYsfC52@f1`tsjKvF0mKm6BmX~|yuwdo6XPMNhm zDP$qe24H6CyMS10shC-_t5^$mB`Kv{A|c=^CXgV5dNh$V2DR&WMFdd^ZZWim7Jfd3 zh^a4y>h=u0pI{rA7qo_~H&>HAqd30HQ;M~nab)bDB}+jzDw`Zb3w69|6euz%=# z>TbY>RA51T0}$WJ|IvVM!qcEGY~FSW>+B z&!Y|X=j;ogfA5b;AuC{0Fd#|@hDZp^_&^Q%mx7gMso51Igm#4>ViKBM;YC%9#}iRa zq7f_m{U|Rpw1z7Z)lZgX1`xonz4miL24KeRJuzwt{>05i3thCx#O0lEZP$|VkO<*! z*@t_+!?=}5-rrzC%}5Vo>cwcD8FwBc4Ee;f8Dej5SmBwzRhkUvIC(%S;C%l11w;!Y zV(-28&H}J<<(}TX-+@St%W#hPe{6y!q?DEs|CX?&2v}s>!j{6eg)PbQd_kTYR7zn9 zG_IS{q+Y7IfaH+XxL#^Okt4j6paeF6v3)%ssAeVD)mkVB(t;p}iC8EQG(m9GyDv=B zf0vnAux3~qETXB@Qov$pf{qA&v!hE703aML`tr*qg9f!LZ3@>;MfGIt%>T2Y zAd`hyErh2|!3FJ6mM_@V_;4})F$u{wlK0nKRWll;W5#7A-w(Su_C0LNOW;y_wLe8wTEp1EM7TLB4 zcvy&R4-t_;M*&*|EDG3Sdv@_{&(1YpAF#zMcXhk(^7hReq}q~#0THx?zonop{Fe;c z(mO-Id<6w;5%Ax%jqPDkz&1O^2$8lWEK5i${`zBn0<02Uw@@lDOr@e@*2Ia+6M7&B z7u}un9Z~}O=YLmYaBKW{S==X$&hPd% zw&#^p9h%W13um{9qzF_+AZ+&R&E2~{SGR7hS+lOq$thaAc;|WNeblR0i|NxZ``5o_ zJn+ExKmbA_Xu@6+0fH?N5C}-vLfBH;6fmS25CKaDYyxm<_d0!#sq^&vOKnS776mL} z86YG``o@3|s8=(&TidK5eHum*Emv>Kdtvl))-i5S-v_EVnhWGAv(>JO`hQ%d9hV)& zj-wox9ak5-+HrKTqr;94J4!i9dHx@Tu)pIl!U|yp6>$W)rOF0$sepj)(4p?ah5sl^ z5dJw*M3qK?gY(+s?_JTQPW0E6UR(2U`(#XBQ_+?g1rA<51LwCddBU6`oH`QQ@)DdR z#m2&GqQ-QQiw%1Z8UnR$U88^hj^oE)eAH1d_w3o=t+&qV)$6VrHIgp5bW9iF249A=?8j^&qolzwv@+qtnupI-TU1#RZ0rj!jfcL#uSDng)M}%JUcjNUwGNN zT*P?)S8v`IkRtN4q8ShzNrPjhSqN523lf5upvhn-5BeL$s2PI&5*lWhFtXNQ4M>J% zW@|8%^7Me>m>M^ZFU%>OAxDcAtwEv|+2*gF^)Y$v9~A`|s9iq|r!~X9y^s-#iu@AN znh5z}ygC<8{D_cMX7`>FOqChJSLdR0osuT+irqNvL#RYNR^;Nfey~MU_MiFzUhRL- z5GXAzIDY)a%)EH<7TdOz(lu))pLW_u@4vs;ONkSaT9%kf7eC8QT4YOMTOv6mk7{1+ z(Z6?03W*=*?*uUZ*%SL5T`L$6p`Z)}q-{~ak^xKD0THkwkVb6WUVxY$qt!El!JrHV zWH2Dj2Mp{9+S1cAmIy?)QNNRKb4z1(3uA~|marvRlFYuegtSaqrilI=%dgatrTe%b zVG}#cl0*aqo_lV3S$#!^wnee}J&&@wpPgufggZP*o+vO_{P5z^GA+ z$BkRLX;ZG>!p*O3m+)kNq^Q@=@wBDTjGNDG_0NmihJq5nCH(?|c_sjyf% zt_E=TOY;khlr&DEn6!vsK)x|%)ir}#7#=vfP1c;H+1qv(`M1Uk0JCPLp)@H8rC5@1 z6cYi^CWnroqwt+Iv(OBd-i~G{$w~{YSXiuCLlY!H0fJx&Xogf!v378o*s@>0*7w|V z(s9Q<7A#xh4Q%O&t3S#LD+s~^$75(4Zw^=a2@9Vr!M}gR_WVi|LO2>PoQ`wbCPExQrbP>WmaorUwl3GUsAgtx%Z@^05?Df5maqg&Tx{#E!uKbv zy|{lx`bfUI<}am|C-D7^kPwtTZX1UBM*SFD>>+pP`wB@#!-&GixSGlai!0 zDNAT(rATX`6+;S0f2+tZ)MV(A{f^?TVF2{iSBo#bw97Z&+&*g5f^u%`kT&>Y#UCJl zA=Sp2tuVL^`ZSIL3?%ALVBQ(G5--fc{A~zY6-|6{HR`5f_&{{2lYsi~oPu{3B3K6X zrw8$AY#Ru|RpVh-VLCJs?cQB5d-ggYShDkvL|k_h|0M(o>E(E)r`YBsh6lFnEG!Bu zB63{)%4aLrZ^=(dwruISfGp2B11~Nn$r2ij2C0v6xNP(=Heh)AOcL6W5R62}}>J;F#Ie7)|iv8ycO@w9|(QF4+M zhy(;oa6po=n5}4n5DB79I|_uLj8rSWGa`98aDo-Ht5_&4DUv=Nk^NEeuUXrgn1$BR zT3JG932iB*g_3MZb`@zUv}6wjiI|dQNl>P0EIu9)=L`jaCQa&_b}8k|7HC@?t}e6E z@3$g-N27BcJa!T~*N!X2Du+>tFmp35`4R;Vm@8NOX-j;40oqhA`4vRiuor#aN3kk1 zQda0-#9->lj9q?$!J3> z;bpT4leku|Mv^(~wrA)5FmFd%ifu`<1o`$Td3g|)XP8DzRm(R9Oo5n@=Ej-h`B_X3 zoL~lN$x5*l>=LcPC21|R)=HbNU@1&iHY=rtB<%_iN7-BW z&FWNaLIjoa2$?&%b>+%kEnC(ohiDpQK#Kh!>BF!zqtHRM5dL-)2DU_->YiO&!3%qH z9^PGmmD!$uvx2|H3{|+KBOW~w>A?iB=Z$%I^oR1U!BKdeBLW_~6zU zvmA$?{*{KKk!+(&Z5&+}XSPJ=Itf^`oVBw6W0&K+!^b{l8liBr(0aRS&A zR=95}-d|K+#6W4>+5=~|jT*lD!Wi&zf`Yrs1;U7K0Mc)`;nqMYbRR3Q7co*-}8tfUpBrC?G=t8MH+pAVRhbc;PS+uw~FDFFG3u344)R8L&J! zWZNPV4)aUHC{h<6o$_V;_h6-=m5BprN3r8-*VT^8VONJ8?YKJZYRA!GR~Ls>*x|6N z!j29*91g2uSBD){9OfcN6+61PSQUj;IINVTIIIy?DAowODE0$nVG|2eG37D|Q=OrhLm70;Z(h%WW3qCHhMU>8E@O&r~qxvdItiLc*T;3n_$@ z-l<|r<0EckWE~UNIdH(oShhQ{sbE$3PB9UU8uhpI^kK!t>a)-0O`X~^C#Nvccp@K$ zi};4-!nANBA~N8ouvjIBEJ=QayYOlqC6N@QnGLB~!pj4-gs>&q7TFeA!fO)Yl?eMN z$ZL@jTMnl9wtC&01^NQm}^7N(vwLC^Gwo4_!e-94*H8IXRZM<6f#n z|I-q|V3QbU-G2M{@)^LENVSn0u1ahZ)^HW-r=v$b^r(lnHPE3Jswb6nR-(d9OSk6X z?fLj(1=i+xEonvNNxym$o;n5nTa^52b3H{at{RU?YY?)^yDH5X(grV{9@hfsj>(w6 zz06CpDo*`fyFNd6?k)b;i(h};v1dGBemj$1ooc-J&u%AP zJ2@#RiM;Z5DTo23xIwMtfydYTc;b4?h+dNgZ5bO>NI^nIB(bmrgcO1hu!Yuf_fDH6 zPEDklpjC_nmP|sEP!K{0p$#KR%|dw`7zI}ZQ-g0>&9sPayA%?L_d)B%t8@dCZ21^+KwaNcKd^nT9oYMj)#B=x^E3m^PiUbMlg zn0BN0-kY<0`OZCi3d3OqATu+)MT_dWxkd4P&m-Gn=6lSs?|i&$KVS<0W2SB*hKGd&S$;K)@ZS-FED7UKYEn0) zQ>)Br^LOMIC?UWa8Vn|-S(6F+3Xo=o1eg&BSv}fkxQdy1;i|nGx8*A>1aYL-c0 zzx#+8r#6i?LGh@6HXfb6AFpdgdG_tMXB8CW7Zy5Nb8>QU%9Ja*c6}ZQl+pkIC=f_F zW8m1!FK>6=*{v==zm56dyj3~NH|H6m35WIIlNtb+J>v8&y9!5sy)G0Gr}eDYp+!b= z$TB)-UxBMN2P`3cOTcslB7ul`UN}tfVR&JiNetW*5HLX#q#&7heiYgpZft@gMgebEpslD5V!H*m~4ajq24)2YBYp z>rOlE-I&N%sh<~C6DMt$IC1^??zofBZ5?LrcSh#9AUR|uhpaivvbXIn6atRR{#U?jJwyb*`HCPi)-MRU(4G4EnI|6Y zwY@m~ltz?nagheG9}c6KoCpTOKmcIC1^9*=dhYk;pVSyLHX$>Fv;eY_P$LO7Q&1}z z_0v%&1vQc@O1=jmq|H&=^D$*DzF2{YYY>vKB?t%Tm|{kOgX0_F)?>W9iG-I|=;EPi zcy|Fp*8ac9)wt~#+;MCi7k#k;H%}}xJX~o8(3UFCp9#(pEo2(xf?A*A$;Lc0h-S^4@5Ru<+%QNgEt%m>-#7y(X4C>q}T3=*a;*IC~ zTz&22gy-+uxB2klXZ7s)Mkpk%yY84?y&7d^CheDEdN;&`^AphJpw7|i-SsSF|jRELbtIUEJ0Mj?(+|M9Ig)9nY3_AhWc8xCKWxs*2!8hMhM+BjK`-;!WG`D%*f!ZxSboQpNZSb0 zJWCLS5X@XHEs&aIt=hEDakb;JtJrll5eD?CFC`_k^#Lf&mK6UTxpel@?BcL04s+O1 z#f~a=xG1cO!>TB(io?7;yKv5kGrF|SjQt^A|1bMFD1en83h<%vQqi9OOB0)PXCI5}wv3)$rl}p>YNTmC3_JE>8altFtTgjm8uiGZZH@j-&pM7ULh^ zR49?Q5^(@2MccNu0E9wz$Bs_}Ok~G1j(+jQfddD&1P~0$U{FS=Vg8cc+vff)7?1#@ zpdo!4#ujjuShJSwp7`^&u%kBZC}>hQwSKMSoqLMC*%#!yIEf=7+4DyFT~aLHHXtHq zHxBTpG|AY{ho^184PRqtK}FO4 z!U{d=;j8mX{-~E{G6w{9c$?!6^B*lXsYE}zA z{r=MAkQEG2!0Q!9w&g(}!vKMpecLbTQraupu|(d?F2vu)V&RU8GM+i`oVIa&P0YG=5=JelTwB!xNri~4 z-o4vSpS}@5T3T9z1{vlNwrP{~>#tXYLKcAfbyIe4yeca*RO0EHKbNh~{qM-73s>&V zFLaYaG8B*|2oM=(x@TXwXq`$=4qSLffzrfpzHP>{D5JVs#Ter^Iv!_^Vos|{J$_$mJm8o-gJp19Y zDYJJ}PY)yoWhf{qQBa2%T4VOI-2k6|TH~&5vYOUQ{c8H=a9C-rSqKJslYhN|cdVJT zW)1B!X+bf)fZ)2iLyL@*B&#wij%sFxPCB~w*FSFIm^kjXU4=Wci)v+sDlTYlxS_|( zFaP8-t$X_EEn|Q2jW>Q$RSXbI@vHV=))vg&ih0|yXa|%=Kzg40s-^oPg&N7Y_$Zv) z4lT11#O6w0-ZL}t;w%)qkfNgc$JJ<=h4%)bX|<@y3n1UYd7qb;=}`3y;JUhX>t{D_ z&IN>R%m4i6v{a-p9B2VcNN+j~y|7&7}|joS7C#OSU|b&oOf>d;#uH zb7TT7UbFX=Pgh<)v}I;`;BTil`QYod%A0m)K1m*x6SUF_0&IqQF$1jGb=kJ4XV=;X z;J0Sxo6c=DYw_;QI}6!c0AX*QQ(*>RfFFCT&&x0W9Jzm&U*6>)A3;J`yr&4+g_yYo z<5yzJIsgbtkJbaycUe~*-77|ljh0!su^R@ojHCOqFppwPEY}Dw*O`8gVKytjSji4aY zok4S?VVmEy$H?zU3xAKFykwqTImQ3^VChZgwh9I1r30IdpT2olPO%`?niR1R(3&-o zA~teC_!5GdTQ^RxnHfCL*e3xP@$j)j?wq!Bk1`k2qCr~AMrjp9?QPrEU%GVb_U-w* zcHMQx86V7^z2TT+TGXzc8gn=&CkNho>z6C9?0x`d!0auUuo_>l#+H3v>7XHzWa|*d z3N$0d#)HS>{PuAsMEMnAlh@*^aZrBSh>9;;VA2I>SEFQ>-pXwB9T}Z=aX1*@r=K?T z?)@rr6oQ|4V&llOY~K8(O`CGf2@TY~5jG_&LKE1#~sbYQdU8G!-4>#y0A_sf#qO0y79+6+eZI?@UDG872t-YzRC zXdR@9$;==9yVqH_|4>+5l${%X<*x1(Kj8@{G+4THD-l(%o-}LL)um0|)YKp|)~v}c z=Y;0LZ_LH~ZJ56uzwX4&0_-Zlu0km7l^azyfAau{zQ94_4BXlSCpPw+j}=^Fm*d%) zShgE>C0(n9E{3+j6DOlus3hor{uewsTd1rPkyt6EsmKG$U#fx{GcG}1- zTlPiHHh%mnqNfl_Lb8RR{NL0~2nqxw1*8>_vE8OLa}+@N9UQc2XX_7i(HdH_tNDYk z*IqK9Syp+-79~f zi&m@ze>8F38OPRb-XJX{$r^e}!_U9l=qkU3Et6ok8b|-OF64Am;#hWi~pzfpb5H(v?n_Gv>knF7T*7_Irsieigb8$KK*9 zhIv-SpJ>~*wEzW3fNIuE*|_n}e*H$QTbCWQuKJG<+zQt5M`4BZ!k4qfZlbuZMOu5_nWALU4PE@SmSCW;wD8J%4MZ z*-zu{<8W(_=&`Zi`;STZ;Me_>gB@}RRKI?@=?4phw{82^0}o98-~X1E$_eGDLsN4U z|LCZTlR4U?R%_OZwPdYW3uwVgu<1nN!yfGlAzUp8B!m#!RUnA4qZh5*vtaq2quXY+ zZj@e7$3+v)qs^z_p| z#3Lw0b0t zR?t#wCA8MACaG8otrRK2%BTgQl@PAdruJ446KUZU!+1QPS!)T4X~x1`0h@#=mSIg^ zn^DxSaJcG_uF<21oPG9(W5+Ig`svdQR}3CJa_rdofCUtf9{sodo?+qk1Pox}qoy#@ z(WsY-hUsWp4b3vqG7D{MMA1ABx`rmw*>l`Ve7qQw)?BF<7wU@O4D3^skvacT0T7 zKT4zowD(`lP>AOQ4FwjY6e|f=YpF;IErbwK3k4-ex!Un6Ax#@+5D6mf$IOI@C78yY zQhCMlLU@DXiMVOql)&$xyT0MT3;g1wsJ#>({nTn;N@!7nIKc zH+RP)CzfnGB+BSKUR5qplX3gzJUsmqiWQXh;M)~@ngoPM3V7DObNh{>aS z)A81jzVLdzX<=!hy+&>%bfh*C40LN#y=GH^vjt0=YdDf;)51x7E zd*`3usZO1={BlR(9cpTbsE(W>%-M>u%kjxlX!aT#9ZrYpMe#zhK$I)>LBnm|MWTRd>(QLz&YehMl7D6cY8V3n-l{%|OgEFZ<@-$Yhz?e_)({!v~hrE5L-vI49 z;I#fYb8yuI>KJ3-yz@SuFkxAT4z(99yd{?C4>PZtZ+mkdM*fOzdB`n>peo3&F=GTS z?}XcXqHbz5Yd_&b*p!Q*pJ8L}Z$|wG2!Vv@zg*JxY;gg`)m=wM?^rq@;58n~W`A5fOgHlNzh$sPhaShog$zZ`e}1D}n@ zNvBq!Ht;&8T;2VeYkG_vIj^9=NlObJqK6uL)!Xv0DjT0H!|26ce_5&ud2b?a86kA2 zg?o;}(RKHKJ-NkrZ7!bv2_Xw90sKyubpTH>5&jWn`+_t;aLu$lKpG8T0`vkVe_4>@ zD3AUlqz}QYy%R}dCe!F#YaxY_T6hx%q&F7e%0bO*R0}1z@zcJ;X(!|LH>0FqR)<(- zG--yfr=qX`y}F`dLwq^8Y7vpSfq(m3mqSYWL|C&2ug}BiB~aQ+Ns$6pl~|b!4WtI} zY+v+m5!aNe9MJXJTs$((>mdER8v9o{1{ghhK`CDlC(;1$N#9opMq&^_Xb^!I!eav_ zt%ywPW`Aa*5B*sHY-zQY_kmP5Y2jQd1 z_nk%r(ja0YCTiyAhnqEfbmGM84xRxv=3?nCEZC0k*W;(n z01))^#;S_iOv-fon&{O47arwBoy)0zk8p)%e7pot&cOCO*z$Ku{W!Rm1Z7cwd|tFi z>>6xr02mh#1i@9lBUKwNas37nY(`kH(ps=3wAMDW)4!FB0xa{E_rcw(%vK$KZKyo=pv3(NkJReC!jTH7E&ln3orCbBm_wf$92y?y-@;J z`k=m8ycU6ju(r$zA9xfO490U$;nq7368(Sj$-;>fmzYq=9e0fH*ROR&tk|u2n7A5W zuE2_HgcXWhDE21rSXJ#q)Qn<<25GpxCkD1es_l_)#qFR+r{lc^D0Ct4dmQn7unge3 zD&F~1dirMx{6jIufb?9Vw~q##QPFLJCXztHX5 zqm&Qgy329#6{uaO%tx1SBtu!m`0`t5Tmv`V1|bjlsVb$fzy6Cz_1xmc8^@1d+P{CB zgh2ozJo*EsZot|-*jw!7MUqcaRqH)8ASW|~vs&ZiCg@fdbyLeUj>=j&MR@8bj9P;H zFl_m|@NXUx2I$_s;k)n7F2w^0-Jl7rVFHX95HSEEUepLuFy+F+E19>THCdMN{j;S= zNK%3$^8tz-?YO#RzuV77V@JMubcr3KTQ+0H5195H_U52vYYZ5KuHDPj16kGa)N^?J z5#0aC0o>xPTXVx4Chu3dX$%0~lt-Z^2wfVO2x;^Fg+ET~Fs6S)DVNob8^G|51> zy13w|xb*2td0H3m#GCUlVj+_3KLFrK@OUdZC-^2HVVPBlREXG}$SaZ`ApnyNL0+#9 zTf*}9Edh%lg|r1pvOH3bKmY(B07*naRHTrm<*h#pOo+%3RWD=ogs!z-yE~>`&+9KC zcQ5X^FM_;x?aHrFBPDvVcin>LU%+j*f;J{V=gi4P^4R5!mBqGvPJ6PU!eqVUacst_DHFmjatrA&`d0 zIXOi&HQ}gCfb@wdn!BjiP|$!QDiG!%0rgL`k^nlwX?`JCqeSGv{AlWu2>3B_RC8lY z>_zFkJ9PtM#bCc!Se7gC}@A)MEPP#W~X5fKa=*>Qd`yL>c zRT(aeRHS0}r!tP-b*{s0zv%@`kVj>C|A6e(n5(2>zxUi99zjqvGgC@K_uto5n?Kc( zVnvNoJGP**G9`Kw@cYI7Bxm7!UZzj?k7b)XG!3WtEnL1(3`>L&)1Lsbxtf-_q)_tO z5SkWr;v`UXB~Y8z!xjPm!TEn+4HP(Aog&a+evt4U8?L$Ja!tGekGEf|IbZ;sZi6HRlOv_d94^7uSFS*9j>6xeisIg;3x@C-o=+^4Ez)z8>uaa^8zi zoBtZF6<5FDU*W3QMZ&nM$OD}Hl2OYPM@8n|;YJ=fMk|DCAbuz!XcH{lVS-(vOqN-_e8qoNZ4kMPx<<@9cN*@(Tdrmo6pA;wV?fWcX|Y)33ey`mG8sa z*T8pZ3Fv>lfs=K@E7$F(PC1^|ppb@PW+n%t(&N$L_*uA!Jdx+eso^eliZME-bvoj(bV^PZxZytlR3?yl&XkdPo=(!!_5LAXa#|%oN@9ClqU$Ai&5-hwpnpu_-YnJ^}9f*->se-2^ zRgoBzHSVZ248{A=S;OW_qMsYgwb4*MR~_?KT%1d75#S^mnCP~r-=pnzp)Qcfqc!4_ z)Uyka?diTHOn|VwS4=RM3?kM9ov02slcEK@4(=qov06=p$>E8D0s7fid@u^TeLtdl z>dQHMX;2O#9x_tI3V-QGW7tKX;iB~j@OiV_uQkc4Zd2mbKZ*pqEGmc$MR{5w_8tU- z3^%v!Uo3g}qc}w+mXMd-BBjmGy`zdzc@0IU6hX+vST z#AI)|`z}-HN)XEqthf*o19x2;AuT}Ve;SR#jW3Adsr2gHHL98eY6x*wqZcax&aX%H z#O}qK8dJdOJVNxRX>VNZL7g5L5-;pe(i4%jl)T0>iYqIJ!bJDInL`++f(l%R6X9^QeTGkhZr3r?d#oUg6F0tm&JlbQ~Qsl$LU=1KQ(?kCZE^GUo>%NwM=%BY=JV5 zm>IgJyQAK-!IKLUu0DW3!_5eFXMxW3oNT!d@*Fo%VO|*2O9DTSN#7R)a1S8fvCm}E z62PozwH-}x{>o09qfMHrgsd$y-PO&C1l)Y8WBZfAyM zKA+ZbfJhzJLJu~Sop`#>ljfU?Em%FIz5SEvP z)t--yi))3B#+w~&(^#qlCVAL)5Wa2>#T;q73loG0d3Z#pyw9&xN^nSgc-X z5R4|`^HW*vI5__902jYE+`mW06rE$c3g?dnrb$?ngP7vRUf<4POIx+E7P_!(&MTLs z1FNm(Nq->bj{(EUYGXH-^EL0-Z=}Oiho%5ADW9I~;_`@AO8+xUILMFz*uzL0Mn~fp z7GEW4&(GHb9yim+vj=?5Zp;43#F<|ze~B0arOs9G>BFtTg_VzKC3_Swzb+@IzWC4Y zEO@DRgz%3#1M0F$MTFlBE6%}H|c0!u! z3cC&WsA#)hL@{#Umf7C%7d|L5sL&W9Ot{zErp8{dBGn*tlW9u_72_ z@}GGhLpaxmmTOQ9@jP50oKatEnOK3g5J0e4yxzj1OE~0146EwY{Dd5m43uc9Y+(&) zc*N@rA8DKHVi5(Hqm4oWMu?c&A#!pwU&q8{mNBcTmZHr6ys8^6^5ap0U^MocgZgaI zOp@$6UL$|(f|Yo@lP6Fn1OVW1cju<0oQOLHaiYI@W^}T^1*Rx}*DFLmk#OdSe?b~q zZeH~jYY?P+Td@_WRrgU)2sl5VBBH0N7+YvyJRsc<3CX8YV^RlC=M#`|#@w!&fc+e? z_3EG@_o7IKuDmht$q)qyf*Q}}UD|JTvu9w`70A#eJw!xs(xeBZ=acYMudgEcylh=9 zje2YJA0CZqd1O3MrEpWa8@lI{!+t1%h`{jw=dk4(sldAj-84q~#kBn&gkV6kr}Iv* zEEv??@`vtn@)J))OwF+#<-+zs7nbd+mR%b&)lq+7ZS~ASbJSYy__M5=X@XN0+S_4T zMf+hMG7@?4j)4dGT(7V1OIiaomP;al1`t=NGWMfkBBGo-xE+uG4yD@Q%;7*t*U}UST<%(6}RbK=o=orPZuYQgQ0tAC0 zVYs-+etGoWw!~(2BWms&0m;aYekmbQW#01!LoW1^8O#{YPs4sdW6g;`PfWBIaUftj z5|)|^hcerf>&$O@dtL97OktLdnb|?A&{>72FtfQvrAH?|ruy@47jN5_a9=0fSos=Y zx8GCGJ7;oaW5D=4I~tydBdL{?GnrGyns{8{VboW_TteY%4Y#_~n6LCaL!#y>RM4pt zZjMf5+h^Tfwej?%fGF){M@h`jF90`7q;$!Yr>}EmeRD_PPM5+5M5Hc-n~ybX4o@5} zDRtNzjj0^(Hi6JDyqeBipL+l#x|#tSBm_#dc2;jX#BiR>(8?C=nO-)l|QOtsKhZV$QJ?-?JX#@ zZTh~@GPoPZlPmtnu@UjSszk!Q_8gfiurkLWDCC{r{1I^EuZRP*J5hIBHTr6G@&lY0 z{H@YKcORoTsD;SM*>6^vd@zNVe?R9_o4sQG{`(*0fLbWOZ&rC}&s^Jo&J7TvzAH>w z{y=ZtE8XGlJr909{-P=Sif%}d92izR>^`%}A9>e@W^yEK#SM7*xG6SURdGeF;_zUfB6e3h0C{|Aw^jRe&Nnk#Fecukhuoj5J^mAfin=djr zJ50kP9{yehZUBM-gJJK&4SS^SQ^mvP9^Ajd9TE$Bx5jB~JYH6!X{u6$0FZ>>l)q&$0B@j;LAEYdT~S&kQe>e&6E+yD1b{?uc|kLFpPsZWduR=>g#Sy z3oYb_#qzR9KjXBA7BDov$Ez&we2BiWu$CrY80!R8>V{{=K9K-!19>TbeK}sO0aAkL zbac`}PZ@R;gmwCzpP(Te0uc>Uu6oh{JCSgj{WR5E2ptPe#)g1*L3O#4JJO!XnbRVl z-RYp2ud*Ma+!g8Iv8VvMjDM7~1#jo$v7=E7(6wU8Zr6T7|B5 zHr`!z2p?gpCyTJ0T5I(iEJ1B5>R_GqA8Fb^Z3429`MZ2Aj^=dCMa5wS0#yn6Dah4!20em< zbPaj$daXTW6IaHfn3cDbr|t9{y$F-~sEZ=#>Hw~rdDZV;JG9dsT#JH8Rv5&SMm{|? zY&$bssC@5Uxu6nW^*q8+?8PZ#=Q+YGfyXjAya~J-f$^6QCXN0WC#b#~p$;$*?Io-bJnBGXO z^Pf-lieL4y(Cdj|#F)=U6z+4;;N?2nn65NKkO_dDZ^X32?P2yZJQ*tM= znUFNS-OTQCjm+{i{*pY5o^q1L1ZJ0Ia{p7Lwz5ICthQ0bwWyAVeJN_7aV;;4X3Kdq z9`1x1anUrEAv~~s7?`rzi%Yu?Z@$;%Yb#got9N}GxfGJJxtvRY*u+of@ZH8_Kkk;3k9SB$5-|F$D+{EeKsrS+ROp7zr zom#y{B2(JjX?q{@c`>^u|K zZdqYf=bKtn_yGc$&@3#^me@9_iXEo=TfhIq-;;umFiMNU;}WsoU+;-zOxBn~+ z4&Dh>c03g}AhAIfq@<@O+rn1rnKL3ENFrr3ibP0}be0maOVaTso~q?btcQCUWkI?_ zPq9&rU~OiL_0_tZB(6Vf+q*hhKSUwUK@FsYctIvo?PA6K|1#&KliM z$pBAhoyTf5M<(d?<)&&W9G8hz6>hMZKHCD%7TFrYG%*`&qt2e}_I3H$*>y*ZuSHIl8i99jE=D)OV)C)VVb|ndqbl zcw_i@R%ba0g07SCh07`UfHL7ZMsY6ACoA#z(WnKWd)KVq14GRs4*==;WZ=7ocP1NW zHDAQYa~jg6qqq5497WOE;_P466J$?QOMD^Lc+gOxD0wg-Xix_Sixq~dgFex}uAUqu zWi_?dSr)47hOn{s-Nr&(u~&y832E%T#HTrZ48w#OiZJ!+#rn~y@$FGqU+;wF$g@wZs}>SQP+A}BxC@-i>QS8%lu@*xpn*rm zaSr1y##U$g?e(m|3x5r=z_UBM5;F&6=hr|wReW)E^`9%On9RVXOOgdoZ1O->(E{rY+@BmxP6z8|t;yOjGPv1my#@qpTbWp9 z=Ef8i*jBENQvA4ot!!xpDvj-#KEdE78QG!hpZFll*_zb&} zP{DOG-c=Xr2oW}ISpKd%-#1A=d6 z*52|8O#xT&%%?2eK&8gl-rF2KJ!X1!J{q@)d)0i_uoXx7XH%A*SoL-ya;T=P?vnZwQ}gST zHN4UpL>;)!^yPG!j!4Mv*1t#lsrO`F_5gMm>Y=s|YLu){!)L!d0%f^A%Q+}5-G*05 zGO-b@w+{#4gQAT}N&$ha23JP(bRlk^KK=yDh_v5M@GJB&UWq4fJfdPd zF*ua7we{x?)>VCQor2MGAd6xs&*H&-+Mk${y6w(^g;q$sC;`1uD+4e3#)pZl0_JT9 zc|fAMzTRXyS^{eGZlE9UoI<>bIm*U7jloy4Li6Kql67_eJ^k#dU$vX$1;MF@@vYR8 zl^mR;0=Upm>V8xoO=oN1R2>~S47KV`LCCz_3DfSC`UnWL+hwDpD<; zK)oI?m&1)OH8CD4Pg6iV{H@jPxhVz(g!*QwsZWu=u@RTQ0Zz&fOvT$xFW&46Q0@Y5 z&+YMg$v*6W!AipY!}xCEwZvC~ApSh6Q0Hnb)36|eX^()b*TYZVT}!2AS{I(=eouWA z9`zS73jOE|{XwtajqFpa4BZp;#uCD`eSX8ud!)%H;Qf9m-J^5wU!i?ShHTBdj56_# zHXQa>@;#EzrVsCs&t^uoyO7ChQ-edCMC(O*hk7fZQ`-t95YdFSb5Lh5=FO+jh*BwJ zw-ffLHQWOV;fV<;n6CkW$R+3vw~})rcU|3aD=F)0R!4~W&;Q9Eb@__wfIznF8pb7E zhZyQ`^9dMx;9Q@Jb$K14KiFUs*psyka{aE3{53|^M5I{W^I0%8FkhU)9l@BWhE6CV z9cZmDxSFi?mZWp6C~_`zeYj8~XJp6xgAG7Sq#AY|6kGT2KjEZJFh|AK+$eknp4UKY z{(9glXG(LeX@CS4R~{m zj&w)cMd@DIms_e3mV1Vyb)mrw<`NOkr>s2{21R}RQdYhe4IsT`RPP}nBA-;>6U?DH zRBD>r#$6WV>uIN-z!1)ruNtN#2b~1_5kjL?70qUf9vO$Ng>+2#-lZH5rjoV&W5$n; zBtW`5oLA%-P+JRt!-Lk3C~)yB!>g2rs)k-l+lSYP*x~)z?1j6h1cpX$eYeGr{|Zx$a<%xwU!br>n=jo0UfLXfmgEl^`Aw|&8yzy9U0m&@uSE5{ zfVT^q&m4IZ1O;^YdR_=;#0~&kgE^Ac<-52RKYDhOo2knp($XOh&U2%3Vt$=5 z*<=D>ryz(udY|DWtAv1mmo-t#m3-c;*LGS;=kA|5b7Ia@TpwAC?QW4WIe(4wVMHt^ z?MuNYfDpX+O>+}#Wa_PEdvBGeIe4rJl>e3Hd=6AS4Y1nquxi;*C&}bW9H@1WzL!2@ zp_^hgj1Ua0MJ8{%(f(z2*9s%5#R!u%VuZSM=fUJja1)ev$Ge$t67OW=o{x6DO$Yx8 zGmqIPsu8>WxzR-iO8&8Y;r=-F-yN(+!|L(w^7W;ELgLjg5)PPkQpOW;b2)h0nvO7g zS*U!EFmeSjc)S9)psmU;xPZIJr4!{kLC8GL1M`6klG7DdOTX|1AR5M)IZ=BXl9GkR z%;i$ZiUc8bM53~j7!Ce8=Bft+c zd^DMp^yO*qDG^o=|9p%O4m7*-qGzuU#R%1!<@IteF3+d6IEy|&emq48`-wnr%7W)~ zGl1Z~GA&$X<|EiLJEYFQr#;RvU%yeK!^_jZ$&3}*#*iOiwB$J)LK=L45 z!CBQ$m#*s67i|Q=4P>n9$!fJbyBt?$u|R#aoVxpDp}!ifgSUmU4dIdwQhrx{cOxVm`zq-_h2)#+;tbj(diGIxBmc9NHHH9)+& zsO*POfy5$Kv?B+cUiS)_?4cCZ(h5}hA=)~Qa_f%JgzT*Lw`U6FzS2~Un5(RAnvwdn z$nY8Dd(gu(<2Ph^I23y2&2^ZIw5r-bG_187!80|sK%<3b%9NYbI>%MJa$4mEAg8Qx z>4l99Kg*H{zSu}-24}GBF$&*4GC!N%-L*`>ZnsgnSM-^M$l-b>8}k;pOG|7-Tt`=q zNgMgyq`=%Mr!M>G}ioT7# z@N(pstuc|if=GRMEyYWjLkmg9W@s#yhFbG&7A+BoqMUSPhUls3jgxc9BKYX4bB5^U+Skk7X z#0-zNj9TwrKk<(rXMe!4q*Oh*OBE)epVZQ=q<|N3w~SP=<C zM$i7lU)asS3H#W1#)l>QI$OQq`}jss)lpE0e;B}ci}XK^HNx-4ILZFI*KeDA`CXU} zlelaPt|T-axkTXY^kr^xpRSQYSVkkqVp*={{~hfWev4{Twk(hb3e~FaWs0R{$U*RS zwr5S6xJ6oz=hGM4lbX571_|huU1^-9Dm@`V2`*n^v^Ro=1mSRhz;OxBof?R0HSl2l zQ=gtL)HSZ<-i;5)LB$p|VO!{;x=^kv&Pe0R@J_fuOHA76ysJkDo4{c5{f-vv{>8fq$$@CHBUufe0BHqn?uWeyXY;c=b1oQIYi$f54XM z84np9L#vUdbaXttE7L(Gs_Ps(KPZf_L+7G^deBHo++S!;J@v>UE7ajG7R)r8QZ4Cy z5+=A`bA<)E#a0np^x-89Q~5?bWM*#ftff}C68D@5B7a5%;%&4fBa|;&8+5Co>TFK+ zu78`k`KoJ5*O(jEN+vjTvO1_n5aUEXoy{lI5VMz8ZgkL?SL4(|7ETFO>Xl1mL^^6H zA@^3p>lUIQfI>5(rP5!6JLy0xNm{-Ui5>^|t2KraS;H*nQMZ;*pIK;mmj)x#gEFS< zQX9=?n)4J(!6tG!C=x2Ed~q+Nh1j$YDu)(={Wc8vDck-wL=FIfR7Ii3#Vep>?j@Yh zPy{Q0u5w72--{A*GtvwsMVA#P#IY8h9g71c){&vH{LmQVg8J~sru}4bTMOino z-cepG`fFu1V3PTddlMy1LyiuUVVOs;$|S%?tc8!d@zsc`8|{RKdYk0|O`AE4A?a{#8`8 zNrh@S@$l!V^Q+VvwSPId9`_D7`@8ByrxRV9kAA?)MACB-8@V|4Ca znudFgsu|4qyDLyVPolL}KEF5HLdNro z>hkt)Z(VK-J!FSiF2e3$#} zB7rM%JsF(ubtP-I#~T|Y0ugc06uiDq7@p2oYPd!I@q45uEjs4io__`x3GZK;YLL=W zR8!po1y-jGjMVA9gfE7~Tu(1MTM6|oPdkyov zes5}w5}70_d?^7p+M=u051%Hw{;LdsM`33Ft2j(#lAwX~d=?E?heu_i=-OgevhW{1 zLp@HVKmT0;z8aFxdm`?t2(bIX91E`-B=IjnuL_qPduDE_&i#vNzHbc=YOv3l z)|Rctw~8k-Mk)pN+p^93R z*CZ=KTUC8op^Obs<6dDL+*$E3T7*3+jXfJDP+lrrB(=dQvuH^3aOmaK*qdUaJa4Y& z`k&Ckb`b=%>__YL&I=k?4QJ$tO7wQ8$|H;~h~iWJA^u0T~d8vpc3-Puc6W<(Zj zcLju()J&Zm&VQETN)oXzOW1dnHe-zGd#O<&<@*m-3~&PjWR^rk>Ng_P>j^>6 zI~9(oDvLi@x6@GK4m4E|aR&-C&Fmg=I=8MxY#N6Uhuk2#uh3X zC!DV$q*K~E9Yw`xs%4~@{Jlh9R?H8U(w}BiOx09TWWNN-t~W$h*i*V<4K?&j$(bgE z!{e$nvtvK5=d8C2!K!d6ct1n%M=|sN9pog{m`{M9Z8oc@iY|y>y6rT~m1I^`o58KS zD}LFj$B*4;yeZ_uMmrL3f)g6vlWy5*=-_Y=k)?w(G_Mp4oHK+6+qOAA9*=v)nEM{7 z*s7Q54)5Gn`t>nMT;^Lisnse<)Q0f>s4~>9=)u*o#ieBDbW|*BeLL_yBO@As50!v%?7^L$^gh?jJ?iWU zIf^Nr>nf~MKk1(LE+CJ4@|TG1H%g*t*G+r&M^6?t3;gd24}DLrg>4eD%#=gvFk+hQ zQ8~{uHN-MTZz7aLuSTb(U%$j${$y`mk05S&SMl0te8@VSOZ8w;fJ42o*kK<}z@x@? zV@&;L!E7CKjOp#RP@MklKE(aR==8^2YQ+i?tqIa0V;}tSnSQvqV zu(vz4(--zvn#)M%$lrtMN&Ndm1>=em)U6wbyI}s!Zr6fq_Q00?$Fj0UlOEgoiI5&K zS*o#!F56`;2w4%*z-P$)0n3?Ao}zqnfDaayl0jueTo-+JdhzaQjadprLI7Y5eKG_`M)nl&>Qb_L9p_TPkIbhfRDfNA| zrq8yFJ|$i=Q~hV=1oVE1nKJSE_JyC|ZZGhycJ(7Gi$0?Y%4CN}%Em*mZuQ18(wv!- zmJC;twVw`GPhM>Flyhh&MKpcBM24S~t@dSq!24|rYvA|R)teS7$=Wt&Bo>%5RX23? zsaxUzS*)h>a_63R3X%~KbD-CS!G+td!oqq_-F7sQbST%`bvm^Tj03U@Wz=`KM8w4r zQOYVUuN3va7HYvVWPiX#%Hi>kTYFVKYTaq^h2DGf?C;ecb9xq$3+L&cG>CX`f-Fp3 z4k5Odh5(33%`WW=7JATzAxVZ9gXT~R{Y8P~_=^*x;Pw+DwXBPeD5Bwvgc<3u#i1}H zJi_e~3?m}WOkpY)XNh|KUR8u3H0%x&Li|-EO0=L9+|_dPf#cG40zP3@R(At59d&7W ze)WX8;x=<}t;`sl`ZMbbdfh?8=Ht$m$@GU!I9X3bsqWrt2GDCN00H~dW}CvgnU6((3@IV+v4*JyW5TNQ}-|qLh@~$ z+v@T%@DCLXz=AE;s|6L|jmECj+ipnLZ|iSzsI@FZ-uM>H_W{M5Gx)#$fY1@L$`BGO zJLhx5Sl_^FGNz9XQtRMgTCy}p9AZG+lvP+`mS3%Q{GW2&0& z^BDPOce30>i?M9K&^i5&)Rq#|!9ywurt$LzUDiC{myDX8-8%EkbbJ6VCk_)Nr zH`U%IRE5d&POZb&pAEAI?n3q$T^`+!moqy|1ug~w3X(0)QN3S_c~@(c4p{eJv;%tD zZ?;QUn`QHp(q_q=`Q|Q`RnfUmrPK={n+@_kNj}1D6vGk)?x&ww+&_?G*+lLI=g-&2 zVxBnd{Q;6o*eDbC>;aN0b4hXd`(>r8RjI!|i|V#h@QV5rG9M>P@2ypgjd-hF;-H=_ zQ0B3(zL!*o^zV~GaL{pvxXbVP3vkK@cmgQ)I{Kq1Ue&-Dk9>mnd7zdUpx zDPHfkMt(cSI5lB;QN5MZ5NXlyy5%eQXb`=Q8F*g(n$B6Sy`y^mYEv`s!V5PrlwtVz z`%HKF!n`7?{dkUxA{F>w#Py8c(|n_Stv6X&w*Vi;w>yq@3PZf0Z_tnKL zHVqSPb@{Y)4ePlw} zlAMCxm1wIT)G^QYeW(H*W%@#N - - - - -'"$thishost - - -

$thishost

-
    " >"$htmlfile" +if [ -n "$infile" ]; then infiles=("$infile") +else array_lsfiles infiles . "*rewrite*.rules" fi ->"$outfile" -array_from_lines rules "$(<"$infile" filter_comment)" -prefix= -for rule in "${rules[@]}"; do - if beginswith "$rule" ^; then - # Collecter les préfixe pour la règle suivante - prefix="${prefix:+$prefix -}${rule#^}" - continue - elif beginswith "$rule" =; then - # ligne litérale - echo "${rule#=}" >>"$outfile" - continue - fi - - IFS=:; set -- $rule; unset IFS - index=1 - done= - while [ -z "$done" ]; do - current="$1"; shift - while endswith "$current" "\\"; do - current="${current%\\}:$1"; shift - done - case $index in - 1) src="$current";; - 2) dest="$current";; - 3) host="$current";; - 4) suffix="$current";; - 5) options="$current";; - 6) prot="${current:-http}";; - 7) proxy_acls="$current";; - *) done=1;; - esac - index=$(($index + 1)) - done - - # mettre en forme prefix s'il est défini - [ -n "$prefix" ] && prefix="$prefix -" - - if [ "$thishost" == "$host" ]; then - host= - fi - - usrc="$src" - - trail=1 - if endswith "$src" '$'; then - trail= - usrc="${src%$}" - fi - - noslash= - if endswith "$suffix" '$'; then - noslash=1 - suffix="${suffix%$}" - fi - if endswith "$dest" '$'; then - noslash=1 - dest="${dest%$}" - fi - - proxy_url= - proxy_use= - - if endswith "$dest" .woa; then - # lien vers une application - if [ -n "$host" ]; then - # sur un autre hôte - if [ -n "$noslash" ]; then - echo "${prefix}RewriteRule ^/$src${trail:+(.*)} $(joinurl "$prot://$host/cgi-bin/WebObjects" "$dest" "$suffix")${trail:+\$1} [L${options:+,$options}]" >>"$outfile" - setx url joinurl "http://$thishost" "$usrc" - setx proxy_url joinurl "$prot://$host/cgi-bin/WebObjects" "$dest" "$suffix" - else - echo "${prefix}RewriteRule ^/$src\$ /$src/" >>"$outfile" - echo "${prefix}RewriteRule ^/$src/(.*) $(joinurl "$prot://$host/cgi-bin/WebObjects" "$dest" "$suffix" "\$1") [L${options:+,$options}]" >>"$outfile" - setx url joinurl "http://$thishost" "$usrc/" - setx proxy_url joinurl "$prot://$host/cgi-bin/WebObjects" "$dest" "$suffix/" - fi - else - # sur le même hôte - if [ -n "$noslash" ]; then - echo "${prefix}RewriteRule ^/$src${trail:+(.*)} $(joinurl /cgi-bin/WebObjects "$dest" "$suffix")${trail:+\$1} [L,P${options:+,$options}]" >>"$outfile" - setx url joinurl "http://$thishost" "$usrc" - setx proxy_url joinurl "$prot://$thishost/cgi-bin/WebObjects" "$dest" "$suffix" - proxy_use=1 - else - echo "${prefix}RewriteRule ^/$src\$ /$src/" >>"$outfile" - echo "${prefix}RewriteRule ^/$src/(.*) $(joinurl /cgi-bin/WebObjects "$dest" "$suffix" "\$1") [L,P${options:+,$options}]" >>"$outfile" - setx url joinurl "http://$thishost" "$usrc/" - setx proxy_url joinurl "$prot://$thishost/cgi-bin/WebObjects" "$dest" "$suffix/" - proxy_use=1 - fi - fi +[ ${#infiles[*]} -gt 0 ] || die "Il faut spécifier le fichier de règles avec -f" +for infile in "${infiles[@]}"; do + if [ -f "$infile" ]; then + estep "$(ppath "$infile")" + legacy_mkRewriteRules "$infile" "$thishost" "$outfile" "$htmlfile" "$proxy_enabled" else - # lien vers une url - if [ -n "$host" ]; then - # sur un autre hôte - if [ -n "$noslash" ]; then - echo "${prefix}RewriteRule ^/$src${trail:+(.*)} $(joinurl "$prot://$host" "$dest" "$suffix")${trail:+\$1} [L${options:+,$options}]" >>"$outfile" - setx url joinurl "http://$thishost" "$usrc" - setx proxy_url joinurl "$prot://$host" "$dest" "$suffix" - else - echo "${prefix}RewriteRule ^/$src\$ /$src/" >>"$outfile" - echo "${prefix}RewriteRule ^/$src/(.*) $(joinurl "$prot://$host" "$dest" "$suffix" "\$1") [L${options:+,$options}]" >>"$outfile" - setx url joinurl "http://$thishost" "$usrc/" - setx proxy_url joinurl "$prot://$host" "$dest" "$suffix/" - fi - else - # sur le même hôte - if [ -n "$noslash" ]; then - echo "${prefix}RewriteRule ^/$src${trail:+(.*)} $(joinurl / "$dest" "$suffix")${trail:+\$1}${options:+ [$options]}" >>"$outfile" - setx url joinurl "http://$thishost" "$usrc" - setx proxy_url joinurl "http://$thishost" "$dest" "$suffix" - else - echo "${prefix}RewriteRule ^/$src\$ /$src/" >>"$outfile" - echo "${prefix}RewriteRule ^/$src/(.*) $(joinurl / "$dest" "$suffix" "\$1")${options:+ [$options]}" >>"$outfile" - setx url joinurl "http://$thishost" "$usrc/" - setx proxy_url joinurl "http://$thishost" "$dest" "$suffix/" - fi - fi + eerror "$(ppath "$infile"): fichier introuvable" fi - has_proxy "$options" && proxy_use=1 - if [ -n "$proxy_enabled" -a -n "$proxy_use" ]; then - if [ "$proxy_acls" == "None" ]; then - : - elif [ -z "$proxy_acls" ]; then - echo "\ - - AddDefaultCharset off - Order Deny,Allow - Allow from all -" >>"$outfile" - else - echo "\ - - AddDefaultCharset off - Order Allow,Deny - Allow from $proxy_acls -" >>"$outfile" - fi - fi - - echo "" >>"$outfile" - if [ -n "$htmlfile" ]; then - echo "
  • $url
    • " >>"$htmlfile" - fi - - # Réinitialiser les préfixes pour chaque règle - prefix= + # réinitialiser pour ne pas écraser un fichier existant + outfile= + htmlfile= done - -if [ -n "$htmlfile" ]; then - echo '
- -' >>"$htmlfile" -fi