Initial commit

master
Noah 2018-09-18 12:13:43 -07:00
commit 7c1bfbca57
12 changed files with 476 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
www/

23
README.md Normal file
View File

@ -0,0 +1,23 @@
# Cloud
This repo is an experiment playing with `docker-compose` to configure a
reproduceable web service cluster.
It spins up containers for:
* My web blog, a Go program at [github.com/kirsle/blog](https://github.com/kirsle/blog)
* A Redis cache for the blog.
* [Gitea](https://gitea.io), a Git web service.
* PostgreSQL database for Gitea to store its data.
* An nginx web proxy in front of all of these, exposing domains
`blog.kirsle.lh` and `git.kirsle.lh` (localhost-only domains, for testing,
with a self-signed SSL certificate in the `ssl/` folder).
Install `docker` and `docker-compose` and `systemctl enable docker.service` and
all that good stuff, and then:
```bash
$ docker-compose up
```
Put `blog.kirsle.lh` and `git.kirsle.lh` in your `/etc/hosts` and visit them.

117
docker-compose.yml Normal file
View File

@ -0,0 +1,117 @@
version: "3"
# This Docker cluster spins up the following containers:
#
# - My web blog for Kirsle.net (which is a custom Go program)
# - Redis as a cache for the blog to use.
# - Gitea, a self-hosted Git server.
# - PostgreSQL as the database for Gitea.
# - nginx, a reverse web proxy that makes all of these services available.
#
# The services are mounted at my test domains in nginx:
#
# - https://blog.kirsle.lh for the web blog
# - https://git.kirsle.lh for Gitea
#
# Exported ports:
# - 80 (nginx)
# - 443 (nginx)
# - 22 (gitea-ssh)
# Define named networks to isolate the apps from each other. Each app will
# list the networks it needs to share with others.
networks:
default:
driver: bridge
redis:
driver: bridge
blog:
driver: bridge
gitea:
driver: bridge
# Named volumes to let the apps store their own data persistently on disk
# between reboots. They end up somewhere at /var/lib/docker/volumes on the
# host filesystem, useful for self-contained apps.
volumes:
gitea-db-data:
driver: local
gitea-data:
driver: local
redis-data:
driver: local
services:
# nginx reverse proxy in front of all the apps
nginx:
image: nginx
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- "./nginx/sites-enabled:/etc/nginx/sites-enabled:z"
- "./nginx/nginx.conf:/etc/nginx/nginx.conf:z"
- "./nginx/ssl_params:/etc/nginx/ssl_params:z"
- "./ssl/snakeoil.key:/etc/nginx/certs/privkey.pem:z"
- "./ssl/snakeoil.pem:/etc/nginx/certs/fullchain.pem:z"
networks:
- default
- blog
- gitea
# shared Redis cache for various apps
redis:
image: redis
restart: always
expose:
- 6379
volumes:
- "redis-data:/data"
networks:
- redis
# My custom Go web blog for kirsle.net
# https://github.com/kirsle/blog/blob/master/Dockerfile
blog:
build: /home/kirsle/go/src/github.com/kirsle/blog
restart: always
expose:
- 80
volumes:
- "./www:/data/www:z"
networks:
- blog
- redis
# Postgres DB for gitea.
gitea-postgres:
image: postgres:10.5
restart: always
environment:
- "POSTGRES_USER=gitea"
- "POSTGRES_PASSWORD=gitea"
- "POSTGRES_DB=gitea"
volumes:
- "gitea-db-data:/var/lib/postgresql/data"
networks:
- gitea
# Gitea git server.
gitea:
image: gitea/gitea:latest
restart: always
volumes:
- "gitea-data:/data"
expose:
- 3000
ports:
- "22:22"
networks:
- gitea
environment:
- DISABLE_REGISTRATION=true
depends_on:
- gitea-postgres
- nginx

86
nginx/nginx.conf Normal file
View File

@ -0,0 +1,86 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

18
nginx/sites-enabled/blog Normal file
View File

@ -0,0 +1,18 @@
server {
server_name blog.kirsle.lh;
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
access_log /var/log/nginx/blog.access;
error_log /var/log/nginx/blog.error;
ssl_certificate /etc/nginx/certs/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/privkey.pem;
include ssl_params;
location / {
proxy_pass http://blog/;
}
}

View File

@ -0,0 +1,91 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
ssl_certificate /etc/nginx/certs/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/privkey.pem;
include ssl_params;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
# fastcgi_pass unix:/var/run/php5-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
# nginx server status
location /dd-nginx-status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

18
nginx/sites-enabled/gitea Normal file
View File

@ -0,0 +1,18 @@
server {
server_name git.kirsle.lh;
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
access_log /var/log/nginx/gitea.access;
error_log /var/log/nginx/gitea.error;
ssl_certificate /etc/nginx/certs/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/privkey.pem;
include ssl_params;
location / {
proxy_pass http://gitea:3000;
}
}

13
nginx/ssl_params Normal file
View File

@ -0,0 +1,13 @@
# Common SSL security settings
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
# ssl_dhparam /etc/ssl/dhparam.pem;
# So the Acme client can use the htdocs method
location /.well-known {
alias /var/www/html/.well-known;
}

19
ssl/snakeoil.crt Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDLDCCAhQCCQCkbVGrFC3gfjANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJV
UzEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBh
bnkgTHRkMRQwEgYDVQQDDAsqLmtpcnNsZS5saDAeFw0xODA5MTgxODQ1MTZaFw00
MzA1MTAxODQ1MTZaMFgxCzAJBgNVBAYTAlVTMRUwEwYDVQQHDAxEZWZhdWx0IENp
dHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxFDASBgNVBAMMCyoua2ly
c2xlLmxoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6SR52KDpWhBQ
C6cLQM9tyMkqhOCY9Z6OSwRJ8OJoIwc8tBVTFK+2HfnBVPYr44YW93nTh/zCqgKP
fEXTKIldBsclVf9I0Zvtj8SLMxnqOaabdrntcR/HuXaEtRwFxgXNbChKCJe/e97y
frMibNiHiu2JA3J48Wwuz4rjVH2qDahrxa2O/2s3/LiYWfAR2FqVltriKWvhh+9L
JfIfKd9kVO5WQORs0BwzCmWpQvW/XJOKs8rt9S26eWV1xk6OTmcFWi4x6e/pMahG
e4f4WVgbWdcJtErGZUetW/ssD0W9vcbuROR90Aey7hysBY0LeMsB7OJe+RLec/ka
7jB23IWoPQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB6aPtwLB2A+t0XZlFbAJmG
lu8XOp668DlygLqiF3e1aSkC0Y7IfGxTe6X0qUYdbadIsv0rz7/dFatVbv4ZJV4d
CyLsE1pNrMKSbYwyJ00p0krwY8uiYmlze1f6Kv2WSl0jtlnqyMm5bTXaWjdQrIOp
K9h6g9jlFCKbCABvAwMrq2q1wlRaAy0ySOtuz5HPBqD0UmU2iOgdgy3ijQhDLt+E
TU/VOu3iD0LMqiiCNBTuVQrESSvHFuUYZv57Wf55hXQAGdHEGv0Xa8hp/hpur7D0
h1KRAVFj0mQEdOKCAD3OSE8QHQGWdGe90inBy8iuIhjUsQdhLQ1Xc/uXmckIIWzL
-----END CERTIFICATE-----

17
ssl/snakeoil.csr Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICnTCCAYUCAQAwWDELMAkGA1UEBhMCVVMxFTATBgNVBAcMDERlZmF1bHQgQ2l0
eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEUMBIGA1UEAwwLKi5raXJz
bGUubGgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpJHnYoOlaEFAL
pwtAz23IySqE4Jj1no5LBEnw4mgjBzy0FVMUr7Yd+cFU9ivjhhb3edOH/MKqAo98
RdMoiV0GxyVV/0jRm+2PxIszGeo5ppt2ue1xH8e5doS1HAXGBc1sKEoIl7973vJ+
syJs2IeK7YkDcnjxbC7PiuNUfaoNqGvFrY7/azf8uJhZ8BHYWpWW2uIpa+GH70sl
8h8p32RU7lZA5GzQHDMKZalC9b9ck4qzyu31Lbp5ZXXGTo5OZwVaLjHp7+kxqEZ7
h/hZWBtZ1wm0SsZlR61b+ywPRb29xu5E5H3QB7LuHKwFjQt4ywHs4l75Et5z+Rru
MHbchag9AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAvh9RmKFfPZ4E+wAqBJ5p
uinlHUtSM9ADiE49ZQZomTou4PeaeXKdTYHSepSYTMrJ7NEWMDDZxfqyJ31LldlJ
RQtrF5C5wcEra6DuZCbAwxqipeW2xucrAWzyfbsC76gZCD7TWW9TCMyYKvNgQn0M
zb3UZeDWvI5SVfuVedaEtm4GzD/DvqGWZBHUuVGd1fU9VO889YVC2WHOTD+0rBSr
arxGuxokooD6VFTKgdeDs6HO+ILxDyVOeTNgfpj1sr7gOgIuJOypCYUr57qKrmLh
MGYiWNAKXMvpNVTPEQ8vC/zdG0ihcTQ1Ogxyh2AIOv36wE4rHAm3GkizmDMycijW
hw==
-----END CERTIFICATE REQUEST-----

27
ssl/snakeoil.key Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA6SR52KDpWhBQC6cLQM9tyMkqhOCY9Z6OSwRJ8OJoIwc8tBVT
FK+2HfnBVPYr44YW93nTh/zCqgKPfEXTKIldBsclVf9I0Zvtj8SLMxnqOaabdrnt
cR/HuXaEtRwFxgXNbChKCJe/e97yfrMibNiHiu2JA3J48Wwuz4rjVH2qDahrxa2O
/2s3/LiYWfAR2FqVltriKWvhh+9LJfIfKd9kVO5WQORs0BwzCmWpQvW/XJOKs8rt
9S26eWV1xk6OTmcFWi4x6e/pMahGe4f4WVgbWdcJtErGZUetW/ssD0W9vcbuROR9
0Aey7hysBY0LeMsB7OJe+RLec/ka7jB23IWoPQIDAQABAoIBAC9o4npB5pIRBSYJ
dwlb5RhSiBnzTkeMUaVBnwOkFscgvqBkQbvQK3mXA1CSqsQezWbP2EssBC3sTV9Z
F6KDpG4vaxE804MEcV+t+RyQJYhJsA2Jq5Y4fzXguwXVR/tHzMk0vDFZInA/GxLW
vKZjtdRzj0wrKBr4A+Difm39C+qwtLO3d7POLnSnR2n1JatiQJr7uDNb11cFiNST
Qj/UYvtKTrWPOkWjpX6WtXT0vjbN9QH+xTe7FBBGto5lq14V1ONucSqNDvT1Eqfw
f0n4ZPla0fPCq4Z9mRD2XunNkh+SXpPK91H+zef16t9JX4L6+6kpg0sy1nBwTQco
K6u5f8UCgYEA9zjz2q5u9c8YPGdephxix9MJtZQCglxM3amhuJwSN8YRYm0by7FD
ISs0SianKqFFgx1xqqLPQ0lzCk+nDmjmdft1tpbXaLNs5pyWxT6Utd4Jhf8pnnZk
wbUX4ggZ8nLuKmXUowTKJPBW+7RybKBOZKSiex6DFA4ktkUd3oueZx8CgYEA8WuM
STN2k8M2g/53iLrWDbUilDI3At+Mr5AZBikr/nFyyJv7f5V8LALNe7M/mDeaj/kW
fOuYMWTLqLM3YWWpYUNXXj37Bn7ibKn14dw0igsbWA2iGfIhYL1uU8OB2jcSMpIF
3R5ztQJxhH8zgAvwQpzEMZk/hcvzSq5QGxzrkSMCgYBwc3VoOQO7x5FsmFBTGoJM
BlBaSZLCnR1RjkFDaapXuD5cGOkVw/GW+sH0IJTVLTojI5d6WEgSgSxUulpwkYKS
k+i9PuuIcmTMmNlzqr2V5ANM8f2KWKwH+El+xNSYlXKD0oHgDOOt3ayTHUcW5ewC
l2hYvE4/JxfH2LR3b+aDXQKBgB7cutBYzd3R5NQ24Z0PFXInJ8Z+LN4nKdr/ttM8
zCz4382Zcys6NueBbDdWENkqso2ZMDDEBW67DfYBAyFmV6LhcvfPQJnx+owdphs7
hVPoW5SEGabrdyzgyovWwHDe/WqNlEZSMESBjXV8tV63J/28ALC+gIpgKjfv1LnC
lrK1AoGAcW4NxYfLIxe6/wFJYeLd6hkNOj9r7p54Jv2dzK+e3E6oN47W5JvyH+9X
iMSC8FsrgCntrnpObMAZuDAfSp5ycS9YxMJt6FbY0/jnkMyRKv0PURvyLb50QcfN
PwZIddBX7/Zty52+ZNDWFWRLgnXoTzaNona6sVreFrxi5iGktBA=
-----END RSA PRIVATE KEY-----

46
ssl/snakeoil.pem Normal file
View File

@ -0,0 +1,46 @@
-----BEGIN CERTIFICATE-----
MIIDLDCCAhQCCQCkbVGrFC3gfjANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJV
UzEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBh
bnkgTHRkMRQwEgYDVQQDDAsqLmtpcnNsZS5saDAeFw0xODA5MTgxODQ1MTZaFw00
MzA1MTAxODQ1MTZaMFgxCzAJBgNVBAYTAlVTMRUwEwYDVQQHDAxEZWZhdWx0IENp
dHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxFDASBgNVBAMMCyoua2ly
c2xlLmxoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6SR52KDpWhBQ
C6cLQM9tyMkqhOCY9Z6OSwRJ8OJoIwc8tBVTFK+2HfnBVPYr44YW93nTh/zCqgKP
fEXTKIldBsclVf9I0Zvtj8SLMxnqOaabdrntcR/HuXaEtRwFxgXNbChKCJe/e97y
frMibNiHiu2JA3J48Wwuz4rjVH2qDahrxa2O/2s3/LiYWfAR2FqVltriKWvhh+9L
JfIfKd9kVO5WQORs0BwzCmWpQvW/XJOKs8rt9S26eWV1xk6OTmcFWi4x6e/pMahG
e4f4WVgbWdcJtErGZUetW/ssD0W9vcbuROR90Aey7hysBY0LeMsB7OJe+RLec/ka
7jB23IWoPQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB6aPtwLB2A+t0XZlFbAJmG
lu8XOp668DlygLqiF3e1aSkC0Y7IfGxTe6X0qUYdbadIsv0rz7/dFatVbv4ZJV4d
CyLsE1pNrMKSbYwyJ00p0krwY8uiYmlze1f6Kv2WSl0jtlnqyMm5bTXaWjdQrIOp
K9h6g9jlFCKbCABvAwMrq2q1wlRaAy0ySOtuz5HPBqD0UmU2iOgdgy3ijQhDLt+E
TU/VOu3iD0LMqiiCNBTuVQrESSvHFuUYZv57Wf55hXQAGdHEGv0Xa8hp/hpur7D0
h1KRAVFj0mQEdOKCAD3OSE8QHQGWdGe90inBy8iuIhjUsQdhLQ1Xc/uXmckIIWzL
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA6SR52KDpWhBQC6cLQM9tyMkqhOCY9Z6OSwRJ8OJoIwc8tBVT
FK+2HfnBVPYr44YW93nTh/zCqgKPfEXTKIldBsclVf9I0Zvtj8SLMxnqOaabdrnt
cR/HuXaEtRwFxgXNbChKCJe/e97yfrMibNiHiu2JA3J48Wwuz4rjVH2qDahrxa2O
/2s3/LiYWfAR2FqVltriKWvhh+9LJfIfKd9kVO5WQORs0BwzCmWpQvW/XJOKs8rt
9S26eWV1xk6OTmcFWi4x6e/pMahGe4f4WVgbWdcJtErGZUetW/ssD0W9vcbuROR9
0Aey7hysBY0LeMsB7OJe+RLec/ka7jB23IWoPQIDAQABAoIBAC9o4npB5pIRBSYJ
dwlb5RhSiBnzTkeMUaVBnwOkFscgvqBkQbvQK3mXA1CSqsQezWbP2EssBC3sTV9Z
F6KDpG4vaxE804MEcV+t+RyQJYhJsA2Jq5Y4fzXguwXVR/tHzMk0vDFZInA/GxLW
vKZjtdRzj0wrKBr4A+Difm39C+qwtLO3d7POLnSnR2n1JatiQJr7uDNb11cFiNST
Qj/UYvtKTrWPOkWjpX6WtXT0vjbN9QH+xTe7FBBGto5lq14V1ONucSqNDvT1Eqfw
f0n4ZPla0fPCq4Z9mRD2XunNkh+SXpPK91H+zef16t9JX4L6+6kpg0sy1nBwTQco
K6u5f8UCgYEA9zjz2q5u9c8YPGdephxix9MJtZQCglxM3amhuJwSN8YRYm0by7FD
ISs0SianKqFFgx1xqqLPQ0lzCk+nDmjmdft1tpbXaLNs5pyWxT6Utd4Jhf8pnnZk
wbUX4ggZ8nLuKmXUowTKJPBW+7RybKBOZKSiex6DFA4ktkUd3oueZx8CgYEA8WuM
STN2k8M2g/53iLrWDbUilDI3At+Mr5AZBikr/nFyyJv7f5V8LALNe7M/mDeaj/kW
fOuYMWTLqLM3YWWpYUNXXj37Bn7ibKn14dw0igsbWA2iGfIhYL1uU8OB2jcSMpIF
3R5ztQJxhH8zgAvwQpzEMZk/hcvzSq5QGxzrkSMCgYBwc3VoOQO7x5FsmFBTGoJM
BlBaSZLCnR1RjkFDaapXuD5cGOkVw/GW+sH0IJTVLTojI5d6WEgSgSxUulpwkYKS
k+i9PuuIcmTMmNlzqr2V5ANM8f2KWKwH+El+xNSYlXKD0oHgDOOt3ayTHUcW5ewC
l2hYvE4/JxfH2LR3b+aDXQKBgB7cutBYzd3R5NQ24Z0PFXInJ8Z+LN4nKdr/ttM8
zCz4382Zcys6NueBbDdWENkqso2ZMDDEBW67DfYBAyFmV6LhcvfPQJnx+owdphs7
hVPoW5SEGabrdyzgyovWwHDe/WqNlEZSMESBjXV8tV63J/28ALC+gIpgKjfv1LnC
lrK1AoGAcW4NxYfLIxe6/wFJYeLd6hkNOj9r7p54Jv2dzK+e3E6oN47W5JvyH+9X
iMSC8FsrgCntrnpObMAZuDAfSp5ycS9YxMJt6FbY0/jnkMyRKv0PURvyLb50QcfN
PwZIddBX7/Zty52+ZNDWFWRLgnXoTzaNona6sVreFrxi5iGktBA=
-----END RSA PRIVATE KEY-----