Initial commit

2018-09-18 12:13:43 -07:00 · 2018-09-18 12:13:43 -07:00 · 7c1bfbca57
commit 7c1bfbca57
12 changed files with 476 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+www/
--- a/README.md
+++ b/README.md
@ -0,0 +1,23 @@
+# Cloud
+
+This repo is an experiment playing with `docker-compose` to configure a
+reproduceable web service cluster.
+
+It spins up containers for:
+
+* My web blog, a Go program at [github.com/kirsle/blog](https://github.com/kirsle/blog)
+* A Redis cache for the blog.
+* [Gitea](https://gitea.io), a Git web service.
+* PostgreSQL database for Gitea to store its data.
+* An nginx web proxy in front of all of these, exposing domains
+  `blog.kirsle.lh` and `git.kirsle.lh` (localhost-only domains, for testing,
+  with a self-signed SSL certificate in the `ssl/` folder).
+
+Install `docker` and `docker-compose` and `systemctl enable docker.service` and
+all that good stuff, and then:
+
+```bash
+$ docker-compose up
+```
+
+Put `blog.kirsle.lh` and `git.kirsle.lh` in your `/etc/hosts` and visit them.
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,117 @@
+version: "3"
+
+# This Docker cluster spins up the following containers:
+#
+# - My web blog for Kirsle.net (which is a custom Go program)
+# - Redis as a cache for the blog to use.
+# - Gitea, a self-hosted Git server.
+# - PostgreSQL as the database for Gitea.
+# - nginx, a reverse web proxy that makes all of these services available.
+#
+# The services are mounted at my test domains in nginx:
+#
+# - https://blog.kirsle.lh   for the web blog
+# - https://git.kirsle.lh    for Gitea
+#
+# Exported ports:
+# - 80 (nginx)
+# - 443 (nginx)
+# - 22 (gitea-ssh)
+
+# Define named networks to isolate the apps from each other. Each app will
+# list the networks it needs to share with others.
+networks:
+  default:
+    driver: bridge
+  redis:
+    driver: bridge
+  blog:
+    driver: bridge
+  gitea:
+    driver: bridge
+
+# Named volumes to let the apps store their own data persistently on disk
+# between reboots. They end up somewhere at /var/lib/docker/volumes on the
+# host filesystem, useful for self-contained apps.
+volumes:
+  gitea-db-data:
+    driver: local
+  gitea-data:
+    driver: local
+  redis-data:
+    driver: local
+
+services:
+
+  # nginx reverse proxy in front of all the apps
+  nginx:
+    image: nginx
+    restart: always
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - "./nginx/sites-enabled:/etc/nginx/sites-enabled:z"
+      - "./nginx/nginx.conf:/etc/nginx/nginx.conf:z"
+      - "./nginx/ssl_params:/etc/nginx/ssl_params:z"
+      - "./ssl/snakeoil.key:/etc/nginx/certs/privkey.pem:z"
+      - "./ssl/snakeoil.pem:/etc/nginx/certs/fullchain.pem:z"
+    networks:
+      - default
+      - blog
+      - gitea
+
+  # shared Redis cache for various apps
+  redis:
+    image: redis
+    restart: always
+    expose:
+      - 6379
+    volumes:
+      - "redis-data:/data"
+    networks:
+      - redis
+
+  # My custom Go web blog for kirsle.net
+  # https://github.com/kirsle/blog/blob/master/Dockerfile
+  blog:
+    build: /home/kirsle/go/src/github.com/kirsle/blog
+    restart: always
+    expose:
+      - 80
+    volumes:
+      - "./www:/data/www:z"
+    networks:
+      - blog
+      - redis
+
+  # Postgres DB for gitea.
+  gitea-postgres:
+    image: postgres:10.5
+    restart: always
+    environment:
+      - "POSTGRES_USER=gitea"
+      - "POSTGRES_PASSWORD=gitea"
+      - "POSTGRES_DB=gitea"
+    volumes:
+      - "gitea-db-data:/var/lib/postgresql/data"
+    networks:
+      - gitea
+
+  # Gitea git server.
+  gitea:
+    image: gitea/gitea:latest
+    restart: always
+    volumes:
+      - "gitea-data:/data"
+    expose:
+      - 3000
+    ports:
+      - "22:22"
+    networks:
+      - gitea
+    environment:
+      - DISABLE_REGISTRATION=true
+    depends_on:
+      - gitea-postgres
+      - nginx
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@ -0,0 +1,86 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+	gzip_disable "msie6";
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}
+
+
+#mail {
+#	# See sample authentication script at:
+#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+# 
+#	# auth_http localhost/auth.php;
+#	# pop3_capabilities "TOP" "USER";
+#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
+# 
+#	server {
+#		listen     localhost:110;
+#		protocol   pop3;
+#		proxy      on;
+#	}
+# 
+#	server {
+#		listen     localhost:143;
+#		protocol   imap;
+#		proxy      on;
+#	}
+#}
--- a/nginx/sites-enabled/blog
+++ b/nginx/sites-enabled/blog
@ -0,0 +1,18 @@
+server {
+	server_name blog.kirsle.lh;
+	listen 80;
+	listen [::]:80;
+	listen 443 ssl;
+	listen [::]:443 ssl;
+
+	access_log /var/log/nginx/blog.access;
+	error_log /var/log/nginx/blog.error;
+
+	ssl_certificate /etc/nginx/certs/fullchain.pem;
+	ssl_certificate_key /etc/nginx/certs/privkey.pem;
+	include ssl_params;
+
+	location / {
+		proxy_pass http://blog/;
+	}
+}
--- a/nginx/sites-enabled/default
+++ b/nginx/sites-enabled/default
@ -0,0 +1,91 @@
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# http://wiki.nginx.org/Pitfalls
+# http://wiki.nginx.org/QuickStart
+# http://wiki.nginx.org/Configuration
+#
+# Generally, you will want to move this file somewhere, and start with a clean
+# file but keep this around for reference. Or just disable in sites-enabled.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+# Default server configuration
+#
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+
+	# SSL configuration
+	#
+	listen 443 ssl default_server;
+	listen [::]:443 ssl default_server;
+	#
+	# Self signed certs generated by the ssl-cert package
+	# Don't use them in a production server!
+	#
+	# include snippets/snakeoil.conf;
+	ssl_certificate /etc/nginx/certs/fullchain.pem;
+	ssl_certificate_key /etc/nginx/certs/privkey.pem;
+	include ssl_params;
+
+	root /var/www/html;
+
+	# Add index.php to the list if you are using PHP
+	index index.html index.htm index.nginx-debian.html;
+
+	server_name _;
+
+	location / {
+		# First attempt to serve request as file, then
+		# as directory, then fall back to displaying a 404.
+		try_files $uri $uri/ =404;
+	}
+
+	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+	#
+	#location ~ \.php$ {
+	#	include snippets/fastcgi-php.conf;
+	#
+	#	# With php5-cgi alone:
+	#	fastcgi_pass 127.0.0.1:9000;
+	#	# With php5-fpm:
+	#	fastcgi_pass unix:/var/run/php5-fpm.sock;
+	#}
+
+	# deny access to .htaccess files, if Apache's document root
+	# concurs with nginx's one
+	#
+	#location ~ /\.ht {
+	#	deny all;
+	#}
+
+	# nginx server status
+	location /dd-nginx-status {
+		stub_status on;
+		access_log off;
+		allow 127.0.0.1;
+		deny all;
+	}
+}
+
+
+# Virtual Host configuration for example.com
+#
+# You can move that to a different file under sites-available/ and symlink that
+# to sites-enabled/ to enable it.
+#
+#server {
+#	listen 80;
+#	listen [::]:80;
+#
+#	server_name example.com;
+#
+#	root /var/www/example.com;
+#	index index.html;
+#
+#	location / {
+#		try_files $uri $uri/ =404;
+#	}
+#}
--- a/nginx/sites-enabled/gitea
+++ b/nginx/sites-enabled/gitea
@ -0,0 +1,18 @@
+server {
+	server_name git.kirsle.lh;
+	listen 80;
+	listen [::]:80;
+	listen 443 ssl;
+	listen [::]:443 ssl;
+
+	access_log /var/log/nginx/gitea.access;
+	error_log /var/log/nginx/gitea.error;
+
+	ssl_certificate /etc/nginx/certs/fullchain.pem;
+	ssl_certificate_key /etc/nginx/certs/privkey.pem;
+	include ssl_params;
+
+	location / {
+		proxy_pass http://gitea:3000;
+	}
+}
--- a/nginx/ssl_params
+++ b/nginx/ssl_params
@ -0,0 +1,13 @@
+# Common SSL security settings
+ssl_session_timeout 5m;
+
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+ssl_prefer_server_ciphers on;
+ssl_session_cache shared:SSL:10m;
+# ssl_dhparam /etc/ssl/dhparam.pem;
+
+# So the Acme client can use the htdocs method
+location /.well-known {
+	alias /var/www/html/.well-known;
+}
--- a/ssl/snakeoil.crt
+++ b/ssl/snakeoil.crt
@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDLDCCAhQCCQCkbVGrFC3gfjANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJV
+UzEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBh
+bnkgTHRkMRQwEgYDVQQDDAsqLmtpcnNsZS5saDAeFw0xODA5MTgxODQ1MTZaFw00
+MzA1MTAxODQ1MTZaMFgxCzAJBgNVBAYTAlVTMRUwEwYDVQQHDAxEZWZhdWx0IENp
+dHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxFDASBgNVBAMMCyoua2ly
+c2xlLmxoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6SR52KDpWhBQ
+C6cLQM9tyMkqhOCY9Z6OSwRJ8OJoIwc8tBVTFK+2HfnBVPYr44YW93nTh/zCqgKP
+fEXTKIldBsclVf9I0Zvtj8SLMxnqOaabdrntcR/HuXaEtRwFxgXNbChKCJe/e97y
+frMibNiHiu2JA3J48Wwuz4rjVH2qDahrxa2O/2s3/LiYWfAR2FqVltriKWvhh+9L
+JfIfKd9kVO5WQORs0BwzCmWpQvW/XJOKs8rt9S26eWV1xk6OTmcFWi4x6e/pMahG
+e4f4WVgbWdcJtErGZUetW/ssD0W9vcbuROR90Aey7hysBY0LeMsB7OJe+RLec/ka
+7jB23IWoPQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB6aPtwLB2A+t0XZlFbAJmG
+lu8XOp668DlygLqiF3e1aSkC0Y7IfGxTe6X0qUYdbadIsv0rz7/dFatVbv4ZJV4d
+CyLsE1pNrMKSbYwyJ00p0krwY8uiYmlze1f6Kv2WSl0jtlnqyMm5bTXaWjdQrIOp
+K9h6g9jlFCKbCABvAwMrq2q1wlRaAy0ySOtuz5HPBqD0UmU2iOgdgy3ijQhDLt+E
+TU/VOu3iD0LMqiiCNBTuVQrESSvHFuUYZv57Wf55hXQAGdHEGv0Xa8hp/hpur7D0
+h1KRAVFj0mQEdOKCAD3OSE8QHQGWdGe90inBy8iuIhjUsQdhLQ1Xc/uXmckIIWzL
+-----END CERTIFICATE-----
--- a/ssl/snakeoil.csr
+++ b/ssl/snakeoil.csr
@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICnTCCAYUCAQAwWDELMAkGA1UEBhMCVVMxFTATBgNVBAcMDERlZmF1bHQgQ2l0
+eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEUMBIGA1UEAwwLKi5raXJz
+bGUubGgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpJHnYoOlaEFAL
+pwtAz23IySqE4Jj1no5LBEnw4mgjBzy0FVMUr7Yd+cFU9ivjhhb3edOH/MKqAo98
+RdMoiV0GxyVV/0jRm+2PxIszGeo5ppt2ue1xH8e5doS1HAXGBc1sKEoIl7973vJ+
+syJs2IeK7YkDcnjxbC7PiuNUfaoNqGvFrY7/azf8uJhZ8BHYWpWW2uIpa+GH70sl
+8h8p32RU7lZA5GzQHDMKZalC9b9ck4qzyu31Lbp5ZXXGTo5OZwVaLjHp7+kxqEZ7
+h/hZWBtZ1wm0SsZlR61b+ywPRb29xu5E5H3QB7LuHKwFjQt4ywHs4l75Et5z+Rru
+MHbchag9AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAvh9RmKFfPZ4E+wAqBJ5p
+uinlHUtSM9ADiE49ZQZomTou4PeaeXKdTYHSepSYTMrJ7NEWMDDZxfqyJ31LldlJ
+RQtrF5C5wcEra6DuZCbAwxqipeW2xucrAWzyfbsC76gZCD7TWW9TCMyYKvNgQn0M
+zb3UZeDWvI5SVfuVedaEtm4GzD/DvqGWZBHUuVGd1fU9VO889YVC2WHOTD+0rBSr
+arxGuxokooD6VFTKgdeDs6HO+ILxDyVOeTNgfpj1sr7gOgIuJOypCYUr57qKrmLh
+MGYiWNAKXMvpNVTPEQ8vC/zdG0ihcTQ1Ogxyh2AIOv36wE4rHAm3GkizmDMycijW
+hw==
+-----END CERTIFICATE REQUEST-----
--- a/ssl/snakeoil.key
+++ b/ssl/snakeoil.key
@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA6SR52KDpWhBQC6cLQM9tyMkqhOCY9Z6OSwRJ8OJoIwc8tBVT
+FK+2HfnBVPYr44YW93nTh/zCqgKPfEXTKIldBsclVf9I0Zvtj8SLMxnqOaabdrnt
+cR/HuXaEtRwFxgXNbChKCJe/e97yfrMibNiHiu2JA3J48Wwuz4rjVH2qDahrxa2O
+/2s3/LiYWfAR2FqVltriKWvhh+9LJfIfKd9kVO5WQORs0BwzCmWpQvW/XJOKs8rt
+9S26eWV1xk6OTmcFWi4x6e/pMahGe4f4WVgbWdcJtErGZUetW/ssD0W9vcbuROR9
+0Aey7hysBY0LeMsB7OJe+RLec/ka7jB23IWoPQIDAQABAoIBAC9o4npB5pIRBSYJ
+dwlb5RhSiBnzTkeMUaVBnwOkFscgvqBkQbvQK3mXA1CSqsQezWbP2EssBC3sTV9Z
+F6KDpG4vaxE804MEcV+t+RyQJYhJsA2Jq5Y4fzXguwXVR/tHzMk0vDFZInA/GxLW
+vKZjtdRzj0wrKBr4A+Difm39C+qwtLO3d7POLnSnR2n1JatiQJr7uDNb11cFiNST
+Qj/UYvtKTrWPOkWjpX6WtXT0vjbN9QH+xTe7FBBGto5lq14V1ONucSqNDvT1Eqfw
+f0n4ZPla0fPCq4Z9mRD2XunNkh+SXpPK91H+zef16t9JX4L6+6kpg0sy1nBwTQco
+K6u5f8UCgYEA9zjz2q5u9c8YPGdephxix9MJtZQCglxM3amhuJwSN8YRYm0by7FD
+ISs0SianKqFFgx1xqqLPQ0lzCk+nDmjmdft1tpbXaLNs5pyWxT6Utd4Jhf8pnnZk
+wbUX4ggZ8nLuKmXUowTKJPBW+7RybKBOZKSiex6DFA4ktkUd3oueZx8CgYEA8WuM
+STN2k8M2g/53iLrWDbUilDI3At+Mr5AZBikr/nFyyJv7f5V8LALNe7M/mDeaj/kW
+fOuYMWTLqLM3YWWpYUNXXj37Bn7ibKn14dw0igsbWA2iGfIhYL1uU8OB2jcSMpIF
+3R5ztQJxhH8zgAvwQpzEMZk/hcvzSq5QGxzrkSMCgYBwc3VoOQO7x5FsmFBTGoJM
+BlBaSZLCnR1RjkFDaapXuD5cGOkVw/GW+sH0IJTVLTojI5d6WEgSgSxUulpwkYKS
+k+i9PuuIcmTMmNlzqr2V5ANM8f2KWKwH+El+xNSYlXKD0oHgDOOt3ayTHUcW5ewC
+l2hYvE4/JxfH2LR3b+aDXQKBgB7cutBYzd3R5NQ24Z0PFXInJ8Z+LN4nKdr/ttM8
+zCz4382Zcys6NueBbDdWENkqso2ZMDDEBW67DfYBAyFmV6LhcvfPQJnx+owdphs7
+hVPoW5SEGabrdyzgyovWwHDe/WqNlEZSMESBjXV8tV63J/28ALC+gIpgKjfv1LnC
+lrK1AoGAcW4NxYfLIxe6/wFJYeLd6hkNOj9r7p54Jv2dzK+e3E6oN47W5JvyH+9X
+iMSC8FsrgCntrnpObMAZuDAfSp5ycS9YxMJt6FbY0/jnkMyRKv0PURvyLb50QcfN
+PwZIddBX7/Zty52+ZNDWFWRLgnXoTzaNona6sVreFrxi5iGktBA=
+-----END RSA PRIVATE KEY-----
--- a/ssl/snakeoil.pem
+++ b/ssl/snakeoil.pem
@ -0,0 +1,46 @@
+-----BEGIN CERTIFICATE-----
+MIIDLDCCAhQCCQCkbVGrFC3gfjANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJV
+UzEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBh
+bnkgTHRkMRQwEgYDVQQDDAsqLmtpcnNsZS5saDAeFw0xODA5MTgxODQ1MTZaFw00
+MzA1MTAxODQ1MTZaMFgxCzAJBgNVBAYTAlVTMRUwEwYDVQQHDAxEZWZhdWx0IENp
+dHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxFDASBgNVBAMMCyoua2ly
+c2xlLmxoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6SR52KDpWhBQ
+C6cLQM9tyMkqhOCY9Z6OSwRJ8OJoIwc8tBVTFK+2HfnBVPYr44YW93nTh/zCqgKP
+fEXTKIldBsclVf9I0Zvtj8SLMxnqOaabdrntcR/HuXaEtRwFxgXNbChKCJe/e97y
+frMibNiHiu2JA3J48Wwuz4rjVH2qDahrxa2O/2s3/LiYWfAR2FqVltriKWvhh+9L
+JfIfKd9kVO5WQORs0BwzCmWpQvW/XJOKs8rt9S26eWV1xk6OTmcFWi4x6e/pMahG
+e4f4WVgbWdcJtErGZUetW/ssD0W9vcbuROR90Aey7hysBY0LeMsB7OJe+RLec/ka
+7jB23IWoPQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB6aPtwLB2A+t0XZlFbAJmG
+lu8XOp668DlygLqiF3e1aSkC0Y7IfGxTe6X0qUYdbadIsv0rz7/dFatVbv4ZJV4d
+CyLsE1pNrMKSbYwyJ00p0krwY8uiYmlze1f6Kv2WSl0jtlnqyMm5bTXaWjdQrIOp
+K9h6g9jlFCKbCABvAwMrq2q1wlRaAy0ySOtuz5HPBqD0UmU2iOgdgy3ijQhDLt+E
+TU/VOu3iD0LMqiiCNBTuVQrESSvHFuUYZv57Wf55hXQAGdHEGv0Xa8hp/hpur7D0
+h1KRAVFj0mQEdOKCAD3OSE8QHQGWdGe90inBy8iuIhjUsQdhLQ1Xc/uXmckIIWzL
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA6SR52KDpWhBQC6cLQM9tyMkqhOCY9Z6OSwRJ8OJoIwc8tBVT
+FK+2HfnBVPYr44YW93nTh/zCqgKPfEXTKIldBsclVf9I0Zvtj8SLMxnqOaabdrnt
+cR/HuXaEtRwFxgXNbChKCJe/e97yfrMibNiHiu2JA3J48Wwuz4rjVH2qDahrxa2O
+/2s3/LiYWfAR2FqVltriKWvhh+9LJfIfKd9kVO5WQORs0BwzCmWpQvW/XJOKs8rt
+9S26eWV1xk6OTmcFWi4x6e/pMahGe4f4WVgbWdcJtErGZUetW/ssD0W9vcbuROR9
+0Aey7hysBY0LeMsB7OJe+RLec/ka7jB23IWoPQIDAQABAoIBAC9o4npB5pIRBSYJ
+dwlb5RhSiBnzTkeMUaVBnwOkFscgvqBkQbvQK3mXA1CSqsQezWbP2EssBC3sTV9Z
+F6KDpG4vaxE804MEcV+t+RyQJYhJsA2Jq5Y4fzXguwXVR/tHzMk0vDFZInA/GxLW
+vKZjtdRzj0wrKBr4A+Difm39C+qwtLO3d7POLnSnR2n1JatiQJr7uDNb11cFiNST
+Qj/UYvtKTrWPOkWjpX6WtXT0vjbN9QH+xTe7FBBGto5lq14V1ONucSqNDvT1Eqfw
+f0n4ZPla0fPCq4Z9mRD2XunNkh+SXpPK91H+zef16t9JX4L6+6kpg0sy1nBwTQco
+K6u5f8UCgYEA9zjz2q5u9c8YPGdephxix9MJtZQCglxM3amhuJwSN8YRYm0by7FD
+ISs0SianKqFFgx1xqqLPQ0lzCk+nDmjmdft1tpbXaLNs5pyWxT6Utd4Jhf8pnnZk
+wbUX4ggZ8nLuKmXUowTKJPBW+7RybKBOZKSiex6DFA4ktkUd3oueZx8CgYEA8WuM
+STN2k8M2g/53iLrWDbUilDI3At+Mr5AZBikr/nFyyJv7f5V8LALNe7M/mDeaj/kW
+fOuYMWTLqLM3YWWpYUNXXj37Bn7ibKn14dw0igsbWA2iGfIhYL1uU8OB2jcSMpIF
+3R5ztQJxhH8zgAvwQpzEMZk/hcvzSq5QGxzrkSMCgYBwc3VoOQO7x5FsmFBTGoJM
+BlBaSZLCnR1RjkFDaapXuD5cGOkVw/GW+sH0IJTVLTojI5d6WEgSgSxUulpwkYKS
+k+i9PuuIcmTMmNlzqr2V5ANM8f2KWKwH+El+xNSYlXKD0oHgDOOt3ayTHUcW5ewC
+l2hYvE4/JxfH2LR3b+aDXQKBgB7cutBYzd3R5NQ24Z0PFXInJ8Z+LN4nKdr/ttM8
+zCz4382Zcys6NueBbDdWENkqso2ZMDDEBW67DfYBAyFmV6LhcvfPQJnx+owdphs7
+hVPoW5SEGabrdyzgyovWwHDe/WqNlEZSMESBjXV8tV63J/28ALC+gIpgKjfv1LnC
+lrK1AoGAcW4NxYfLIxe6/wFJYeLd6hkNOj9r7p54Jv2dzK+e3E6oN47W5JvyH+9X
+iMSC8FsrgCntrnpObMAZuDAfSp5ycS9YxMJt6FbY0/jnkMyRKv0PURvyLb50QcfN
+PwZIddBX7/Zty52+ZNDWFWRLgnXoTzaNona6sVreFrxi5iGktBA=
+-----END RSA PRIVATE KEY-----