Merge "Add Salt 2018.3 tests"
diff --git a/README.rst b/README.rst
index b4b7220..d01adf8 100644
--- a/README.rst
+++ b/README.rst
@@ -172,6 +172,68 @@
limits:
request_body: 114688
+Apache ssl cipher management
+
+.. code-block:: yaml
+
+ parameters:
+ apache:
+ server:
+ enabled: true
+ site:
+ example:
+ enabled: true
+ ssl:
+ enabled: true
+ mode: secure
+ ...
+
+.. code-block:: yaml
+
+ parameters:
+ apache:
+ server:
+ enabled: true
+ site:
+ example:
+ enabled: true
+ ssl:
+ enabled: true
+ mode: normal
+ ...
+
+.. code-block:: yaml
+
+ parameters:
+ apache:
+ server:
+ enabled: true
+ site:
+ example:
+ enabled: true
+ ssl:
+ enabled: true
+ mode: strict
+ ciphers:
+ ECDHE_RSA_AES256_GCM_SHA384:
+ name: 'ECDHE-RSA-AES256-GCM-SHA384'
+ enabled: True
+ ECDHE_ECDSA_AES256_GCM_SHA384:
+ name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
+ enabled: True
+ protocols:
+ TLS1:
+ name: 'TLSv1'
+ enabled: True
+ TLS1_1:
+ name: 'TLSv1.1'
+ enabled: True
+ TLS1_2:
+ name: 'TLSv1.2'
+ enabled: False
+ prefer_server_ciphers: 'on'
+ ...
+
Roundcube webmail, postfixadmin and mailman
.. code-block:: yaml
@@ -209,6 +271,17 @@
- mail01.example.com
- mail01
+Logrotate settings which allow you to rotate the logs in
+a random time in a given time interval. Time in seconds
+
+.. code-block:: yaml
+
+ apache:
+ server:
+ logrotate:
+ start_period: 600
+ end_period: 1200
+
More Information
================
diff --git a/apache/files/_ssl.conf b/apache/files/_ssl.conf
index 4de3f29..7247732 100644
--- a/apache/files/_ssl.conf
+++ b/apache/files/_ssl.conf
@@ -1,29 +1,53 @@
{%- if site.ssl is defined %}
- {%- if site.ssl.enabled %}
+ {%- if site.ssl.enabled %}
SSLEngine on
- {%- if site.ssl.key_file is defined %}
+ {%- if site.ssl.key_file is defined %}
SSLCertificateFile {{ site.ssl.cert_file }}
SSLCertificateKeyFile {{ site.ssl.key_file }}
- {%- if site.ssl.chain_file is defined %}
+ {%- if site.ssl.chain_file is defined %}
SSLCertificateChainFile {{ site.ssl.chain_file }}
- {%- endif %}
- {%- else %}
- {%- if pillar.letsencrypt is defined %}
+ {%- endif %}
+ {%- else %}
+ {%- if pillar.letsencrypt is defined %}
SSLCertificateFile /etc/letsencrypt/live/{{ site.host.name }}/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{{ site.host.name }}/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/{{ site.host.name }}/fullchain.pem
- {%- else %}
+ {%- else %}
SSLCertificateFile /etc/ssl/certs/{{ site.host.name }}.crt
SSLCertificateKeyFile /etc/ssl/private/{{ site.host.name }}.key
SSLCertificateChainFile /etc/ssl/certs/{{ site.host.name }}-ca-chain.crt
- {%- endif %}
- {%- endif %}
+ {%- endif %}
+ {%- endif %}
- {%- if site.ssl.get('strict_transport_security', False) %}
+ {%- if site.ssl.get('strict_transport_security', False) %}
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
- {%- endif %}
+ {%- endif %}
{%- set ssl_mode = site.ssl.get('mode', 'secure') %}
- {%- include "apache/files/_ssl_"+ssl_mode+".conf" %}
- {%- endif %}
+ {%- if ssl_mode not in ['normal', 'secure'] %}
+ {%- if site.ssl.protocols is defined %}
+ {%- set _protocols = [] %}
+ {%- for protocol_name, protocols in site.ssl.get('protocols', {}).iteritems() %}
+ {%- if protocols.get('enabled', False) %}
+ {%- do _protocols.append(protocols.name) %}
+ {%- endif %}
+ {%- endfor %}
+ SSLProtocol {{ ' '.join(_protocols) }}
+ {%- endif %}
+ {%- if site.ssl.ciphers is defined %}
+ {%- set _ciphers = [] %}
+ {%- for cipher_name, ciphers in site.ssl.get('ciphers', {}).iteritems() %}
+ {%- if ciphers.get('enabled', False) %}
+ {%- do _ciphers.append(ciphers.name) %}
+ {%- endif %}
+ {%- endfor %}
+ SSLCipherSuite {{ ':'.join(_ciphers) }}
+ {%- endif %}
+ {%- if site.ssl.prefer_server_ciphers is defined %}
+ SSLHonorCipherOrder {{ site.ssl.prefer_server_ciphers }}
+ {%- endif %}
+ {%- else %}
+ {%- include "apache/files/_ssl_"+ssl_mode+".conf" %}
+ {%- endif %}
+ {%- endif %}
{%- endif %}
\ No newline at end of file
diff --git a/apache/files/static.conf b/apache/files/static.conf
index 88b48d5..b852204 100644
--- a/apache/files/static.conf
+++ b/apache/files/static.conf
@@ -4,7 +4,8 @@
{%- else %}
{%- set root = '/srv/static/sites/'+site.name %}
{%- endif %}
-<VirtualHost *:{% if site.host.port is defined %}{{ site.host.port }}{% else %}{% if site.ssl is defined %}443{% else %}80{% endif %}{% endif %}>
+Listen {% if site.host.address is defined %}{{ site.host.address }}{% else %}0.0.0.0{% endif %}:{% if site.host.port is defined %}{{ site.host.port }}{% else %}{% if site.ssl is defined %}443{% else %}80{% endif %}{% endif %}
+<VirtualHost {% if site.host.address is defined %}{{ site.host.address }}{% else %}*{% endif %}:{% if site.host.port is defined %}{{ site.host.port }}{% else %}{% if site.ssl is defined %}443{% else %}80{% endif %}{% endif %}>
{%- include "apache/files/_name.conf" %}
{%- include "apache/files/_ssl.conf" %}
{%- include "apache/files/_log.conf" %}
diff --git a/apache/map.jinja b/apache/map.jinja
index 5ebdf9f..8d89577 100644
--- a/apache/map.jinja
+++ b/apache/map.jinja
@@ -16,6 +16,10 @@
'www_dir': '/var/www',
'service_user': 'www-data',
'service_group': 'www-data',
+ 'logrotate': {
+ 'start_period': '1',
+ 'end_period': '3600',
+ },
},
'Arch': {
'pkgs': ['apache'],
@@ -75,6 +79,10 @@
'www_dir': '/var/www',
'service_user': 'www-data',
'service_group': 'www-data',
+ 'logrotate': {
+ 'start_period': '1',
+ 'end_period': '3600',
+ },
},
'xenial': {
'pkgs': ['apache2'],
@@ -93,6 +101,10 @@
'www_dir': '/var/www',
'service_user': 'www-data',
'service_group': 'www-data',
+ 'logrotate': {
+ 'start_period': '1',
+ 'end_period': '3600',
+ },
},
}, grain='oscodename', merge=salt['pillar.get']('apache:server'))) %}
@@ -102,7 +114,7 @@
{# TODO: move away from managing listen in ports.conf, instead add this directive #}
{# to specific service config. Currently it conflits with horizon formula, that manage #}
{# port.conf by theirown, it leads to races when applying horizon/apache states. #}
-{%- if site.get('type', '') not in ['wsgi', 'proxy'] %}
+{%- if site.get('type', '') not in ['wsgi', 'proxy', 'static'] %}
{%- if site.host.get('port', 80) %}
{%- do listen_ports.update({site.host.get('port', 80): None}) %}
{%- endif %}
diff --git a/apache/meta/logrotate.yml b/apache/meta/logrotate.yml
new file mode 100644
index 0000000..24135e6
--- /dev/null
+++ b/apache/meta/logrotate.yml
@@ -0,0 +1,22 @@
+{%- from "apache/map.jinja" import server with context %}
+job:
+ apache2:
+ - files:
+ - /var/log/apache2/*.log
+ options:
+ - daily
+ - missingok
+ - rotate: 14
+ - compress
+ - delaycompress
+ - notifempty
+ - sharedscripts
+ - prerotate:
+ RANDOM=$(( $(dd if=/dev/urandom bs=2 count=1 2> /dev/null | cksum | cut -d' ' -f1) % 32767 ));
+ RANDOM_START={{ server.logrotate.start_period }};
+ RANDOM_END={{ server.logrotate.end_period }};
+ RANGE=$(( $RANDOM_END - $RANDOM_START ));
+ RESULT=$(( $RANDOM % $RANGE));
+ RESULT=$(( $RESULT + $RANDOM_START ));
+ sleep $RESULT
+ - postrotate: "if /etc/init.d/apache2 status > /dev/null; then /etc/init.d/apache2 reload > /dev/null; fi"
\ No newline at end of file
diff --git a/apache/meta/prometheus.yml b/apache/meta/prometheus.yml
index 0abe6ab..897713c 100644
--- a/apache/meta/prometheus.yml
+++ b/apache/meta/prometheus.yml
@@ -1,26 +1,41 @@
{%- from "apache/map.jinja" import server with context %}
{%- if server.get('enabled', False) %}
-{%- raw %}
+
server:
alert:
- ApacheDown:
+ ApacheServiceDown:
if: >-
apache_up != 1
+ {%- raw %}
labels:
- severity: warning
+ severity: minor
service: apache
annotations:
- summary: 'Apache service down'
- description: 'Apache service is down on node {{ $labels.host }}'
- ApacheIdleWorkersShortage:
+ summary: "Apache service is down"
+ description: "The Apache service on the {{ $labels.host }} node is down."
+ {%- endraw %}
+ ApacheServiceOutage:
+ if: >-
+ count(label_replace(apache_up, "cluster", "$1", "host", "([^0-9]+).+")) by (cluster) == count(label_replace(apache_up == 0, "cluster", "$1", "host", "([^0-9]+).+")) by (cluster)
+ {% raw %}
+ labels:
+ severity: critical
+ service: apache
+ annotations:
+ summary: "Apache service outage"
+ description: "All Apache services within the {{ $labels.cluster }} cluster are down."
+ {% endraw %}
+ ApacheWorkersAbsent:
if: >-
apache_IdleWorkers == 0
+ {%- raw %}
+ for: 2m
labels:
- severity: warning
+ severity: minor
service: apache
annotations:
- summary: 'Apache idle workers shortage'
- description: 'Apache idle workers shortage on node {{ $labels.host }}'
-{%- endraw %}
+ summary: "Apache has no available idle workers"
+ description: "The Apache service on the {{ $labels.host }} node has no available workers for at least 2 minutes."
+ {%- endraw %}
{%- endif %}
diff --git a/apache/server/site.sls b/apache/server/site.sls
index e572952..64a2857 100644
--- a/apache/server/site.sls
+++ b/apache/server/site.sls
@@ -56,6 +56,10 @@
{%- endif %}
- require:
- pkg: apache_packages
+ {%- if site.enabled %}
+ - require_in:
+ - file: /etc/apache2/sites-enabled/{{ site.type }}_{{ site.name }}{{ server.conf_ext }}
+ {%- endif %}
/etc/ssl/private/{{ site.host.name }}.key:
file.managed:
@@ -66,6 +70,10 @@
{%- endif %}
- require:
- pkg: apache_packages
+ {%- if site.enabled %}
+ - require_in:
+ - file: /etc/apache2/sites-enabled/{{ site.type }}_{{ site.name }}{{ server.conf_ext }}
+ {%- endif %}
/etc/ssl/certs/{{ site.host.name }}-ca-chain.crt:
file.managed:
@@ -76,6 +84,10 @@
{%- endif %}
- require:
- pkg: apache_packages
+ {%- if site.enabled %}
+ - require_in:
+ - file: /etc/apache2/sites-enabled/{{ site.type }}_{{ site.name }}{{ server.conf_ext }}
+ {%- endif %}
{%- else %}
{%- set certs_files = [ site.ssl.key_file, site.ssl.cert_file] %}
@@ -83,9 +95,13 @@
{%- do certs_files.append(site.ssl.chain_file) %}
{%- endif %}
{{ site.name }}_certs_files_exist:
- file.exists:
- - names: {{ certs_files }}
- {%- endif %}
+ file.exists:
+ - names: {{ certs_files }}
+ {%- if site.enabled %}
+ - require_in:
+ - file: /etc/apache2/sites-enabled/{{ site.type }}_{{ site.name }}{{ server.conf_ext }}
+ {%- endif %}
+{%- endif %}
{%- endif %}
diff --git a/metadata.yml b/metadata.yml
index cd91790..c8bab8a 100644
--- a/metadata.yml
+++ b/metadata.yml
@@ -1,3 +1,3 @@
name: "apache"
version: "0.2"
-source: "https://github.com/tcpcloud/salt-formula-apache"
+source: "https://github.com/salt-formulas/salt-formula-apache"
diff --git a/tests/pillar/apache_server_php5.sls b/tests/pillar/apache_server_php5.sls
index 7efc264..dc50f5e 100644
--- a/tests/pillar/apache_server_php5.sls
+++ b/tests/pillar/apache_server_php5.sls
@@ -10,6 +10,7 @@
- authnz_ldap
- dav
- dav_fs
+ - ssl
module_php: php5
user:
cloudlab:
@@ -24,6 +25,153 @@
site:
roundcube:
enabled: true
+ ssl:
+ enabled: true
+ mode: strict
+ ciphers:
+ ECDHE_RSA_AES256_GCM_SHA384:
+ name: 'ECDHE-RSA-AES256-GCM-SHA384'
+ enabled: True
+ ECDHE_ECDSA_AES256_GCM_SHA384:
+ name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
+ enabled: True
+ protocols:
+ TLS1:
+ name: 'TLSv1'
+ enabled: True
+ TLS1_1:
+ name: 'TLSv1.1'
+ enabled: True
+ TLS1_2:
+ name: 'TLSv1.2'
+ enabled: False
+ prefer_server_ciphers: 'on'
+ key: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIG4wIBAAKCAYEAq5spAL9CIZbe687oudIttun6ciXynqHmVb0wqpvKF7SwwrOh
+ AMINZG7rqUYK+LAtbfk53yr8nKaIf8CfGfVPInSgKiA/cW67kXUJ9jQ9VgnE8Hlo
+ Itj3ExmYKoQpMR9zQLHVo6Qzzend1MD+LoS0Gusw2hJEM46bO3RRd6uYFt5oxiTY
+ VVll651kUURVbuTn22xZAeif7Swh4zKzn8jJ0Wha9P+oDJNo74U2k5oRnRBqUxhg
+ s7eZbpzSPZ2AobSB5d+PmlXr8oHBGHTIJ67oCJVpn8LbtE4Rfsk2/s/mhufhXRNf
+ dyj+XZ8TX2Y7mZ86F8iZdLhMEXEkagji0+lumFgtUhqYaLRU40lDr1ifwrOCmFx2
+ q4Jkjl9bbDZ+ckua3uPar7/0JS2ZGW17mU/T6nrf2UxNa7/r6jS5XKCMRLmTH7mh
+ 21PXpDuFursnAVpOiZRks840KvjdIwX8bHVFd+E45nLDhjWNhRjsvRymZfQ3dRoO
+ MFHP/eoOuzQnxG7xAgMBAAECggGAJX8RxogD+zLsIrpjP7cdJgqaHrcL/H2Dxtg/
+ +gdwcR2aQfDeDTxZkMhr1eDoJM7aHl2Gt6y85b29taxxF0ryr6SsGohRVIfNlEru
+ kk132YTo82KTzol580J0bVXTalhk5o31EHyglS20uvgwkhmNARTC5+N1444VfTg9
+ VNi5ssWGP0Vtv7h4/LK3aMp1oHWD8/4ItNIPn9M01GAPv6ov7wHOXho+rgDHvQ5u
+ jnHrx1X+5Yk+GAbWD8VUawIvSSYXoHhKxDYjT8KYEtVZFgP12NIoWp+THczK6JMh
+ dYuSSXXOTlPTfec9/OmJ5eMXCWYS0Ns7J9U0/oG6unfiEVzgcKmz6hBMKQMkVwsR
+ POUbtopQqs6sdekZGq5SuuDvtDENkhwbC0DTmrr2PMinZag+F62cg0TBxQQt+RkS
+ EKJwKalOLH3svsY9bsmXKKBMsl7hIHjslVp3h5Es314q8Vqp3QhwqpD72owuARVo
+ i81S7WeQTmxKWSZquNnSHDtJn1XBAoHBANRFpCF1j9MjqLZ3tXSiT/wP6wW65GK4
+ 8yXfRFW8pZjvMeT0IN9ClHZHB3G1kO/8H4Ksex+IJzieJnp+4UhhN97WBRf5FTXV
+ shftb7V2ZLFWbn2KwnbOSjLcT9UoEVOhwp+TCgV3QIqGHvSLj45pB0uERNoUts5I
+ 5+VnXNDzw2AFqnH3KLgKIRDTEj1okaJrkqyb2EKFDybo3lsCPcqO8qclvKvMv7y4
+ +vqBgV17RoR6vQIXaLgdOHJYo45Z0kV2lwKBwQDO9PawowOh+rOaGOQoqWoOGDVv
+ RTe5INVQFPWm1wvsZYZ+FzP6rP6RHQB/VcNTBUfwGnk8lSulN8vyo4Zipe3UgBK1
+ DM6LjXMhdyOjGiOw3M6BzZHMxiQD2lTvqURpTf8XYlBj/lpw6z/w2B9F1LZPzw7T
+ JTEvPFNMeH77bvy8M+lu5uucOgyU/6gUgEDxdfcVbQRSRJ+wGVrf2BVPIsMWxPcr
+ dY9ziG7WCxdCEGDVRgiAOo1YcSlvdJ6NlCauv7cCgcB70N9K0PsCijM3s525GZAU
+ E+jfn8LlvsG9Hn0KkY36JdNxm+CsuXZFg2rZLbIL+YEbxKXQn6dZBA6ntuiLQoHH
+ TgkMkbKIg0xtXoahTxyuwB6UxeJmUC/BePZr/AIXSSxvzeGzjHquEktuExW6WJLz
+ voQ2vIxgyO/SxLbD/tvAX62q6iLrLqVY3fUuspb4KU0Vt5WuP1S2OnCwnx8Rzs3F
+ J2Lkxvo0B6YFhpLBx007qygiVysy8YBiWkeUmdnnwKMCgcBoMzRFyT3Z/2UQUDoI
+ Mwxf3laBGKOuxVZBhNwOTbYGJzPpJnuYWiOuIqEOe7rlgQIwZNPn6d9Yx1gbabQO
+ 1SaC2J0SpUkVQHnYPqklxNJ1iSc8ealQJe8aNYKQTHRSZN/sASciwXz936SI+ff8
+ 69WDJ2h6bP5vnvr9xKmCpOYBSE3e9ctpFF0jY/lXoR+Rs2hdVE9ZsI2KV6nGjIBm
+ IMWDIFamfgFlFStg/6KNM7vdhe5fyZtDDW7kXB48gHxdfc8CgcEAgnqyIL940xfG
+ BndbV0yWBI6VsmeaQdB/xaJetAMENUZlT/3CP4XecHMBDXhGv1p8nAqfLhlLfpus
+ aJUpSXB+aXz8ftR1Y7efLMKAW2IKs4+U5Fx4S99Ui71vgWYl8sJOqS+1jijSqZ0K
+ JzLO4lnAYfwV5mve8JB5NmGffOaPrBvfiY9Q6/pZ4kHEZAJBr6Nn7tFp8LyRewxM
+ FLDC6kPWlj/qE92b4zsc6DvAW3M/kIsqATRPijLuqyKDfgQ+QAYn
+ -----END RSA PRIVATE KEY-----
+ cert: |
+ -----BEGIN CERTIFICATE-----
+ MIIE3jCCA0agAwIBAgIMWQmRtQWP7bWTfSYmMA0GCSqGSIb3DQEBCwUAMEgxFTAT
+ BgNVBAMTDGNsb3VkIGRldm9wczERMA8GA1UEChMIbWlyYW50aXMxDzANBgNVBAgT
+ BlByYWd1ZTELMAkGA1UEBhMCQ1owHhcNMTcwNTAzMDgxNTQ5WhcNMjcwNTAxMDgx
+ NTQ5WjBVMREwDwYDVQQDEwh3aWxkY2FyZDEPMA0GA1UECxMGZGV2b3BzMREwDwYD
+ VQQKEwhtaXJhbnRpczEPMA0GA1UECBMGUHJhZ3VlMQswCQYDVQQGEwJDWjCCAaIw
+ DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKubKQC/QiGW3uvO6LnSLbbp+nIl
+ 8p6h5lW9MKqbyhe0sMKzoQDCDWRu66lGCviwLW35Od8q/JymiH/Anxn1TyJ0oCog
+ P3Fuu5F1CfY0PVYJxPB5aCLY9xMZmCqEKTEfc0Cx1aOkM83p3dTA/i6EtBrrMNoS
+ RDOOmzt0UXermBbeaMYk2FVZZeudZFFEVW7k59tsWQHon+0sIeMys5/IydFoWvT/
+ qAyTaO+FNpOaEZ0QalMYYLO3mW6c0j2dgKG0geXfj5pV6/KBwRh0yCeu6AiVaZ/C
+ 27ROEX7JNv7P5obn4V0TX3co/l2fE19mO5mfOhfImXS4TBFxJGoI4tPpbphYLVIa
+ mGi0VONJQ69Yn8KzgphcdquCZI5fW2w2fnJLmt7j2q+/9CUtmRlte5lP0+p639lM
+ TWu/6+o0uVygjES5kx+5odtT16Q7hbq7JwFaTomUZLPONCr43SMF/Gx1RXfhOOZy
+ w4Y1jYUY7L0cpmX0N3UaDjBRz/3qDrs0J8Ru8QIDAQABo4G6MIG3MAwGA1UdEwEB
+ /wQCMAAwQQYDVR0RBDowOIIHKi5sb2NhbIIKKi5jaS5sb2NhbIIIKi5jaS5kZXaC
+ CSouY2kudGVzdIIMKi5jaS5zdGFnaW5nMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G
+ A1UdDwEB/wQFAwMHIAAwHQYDVR0OBBYEFGtBfuF1lejUs6Bh87nkCgrjv3UuMB8G
+ A1UdIwQYMBaAFIrt2HX5Q/vHJHZpGDTbhUoF09qfMA0GCSqGSIb3DQEBCwUAA4IB
+ gQAud7sUeG4nCAY9GaeswvRQL58GqJEkfYFXSzWcxwluyTsz/z/7CQiNG77/jHPs
+ IvJBt79uFQWL8YINrdzMIGRpHLpTT6g7hRDtx0T0tzj28bu4twayu9ePMPQIgh/3
+ ISJBIIeJIKQ/EWCm+3ePKKZWp3OscxPUdSLNf+3dmvSWmjdazhq5F/d5i4u5Fqur
+ iHaw6P/bGd2yqSiiYC1Csr1+Rfe+ulyk1NUBtpewX/96KjWNlU7q9F3RxiTNxh7x
+ CDJf5DBHIQP/KCquq8T3uZAOV2sN+HGvO4OzelisnzmRuRm8Lk4ZYNPXFTugdysY
+ HZk3aBIfowkAbNGsGOaiLkc80GxDwXXGCvTLHUXtPYH+Dkw1PRZkP+UhxT9b70El
+ qaZkfvfWEum90BH0km+1dPB/mBMqoTRXVmRyrc2QFsxRGenDbM5RhcT4HfgxCyzC
+ J2EGz8Wzf1bn2kRR4uomSzcoLe8lCM79M+DY21dxP0V8dq2sNvHOqP/0HT62BlEq
+ XtI=
+ -----END CERTIFICATE-----
+ chain: |
+ -----BEGIN CERTIFICATE-----
+ MIIE3jCCA0agAwIBAgIMWQmRtQWP7bWTfSYmMA0GCSqGSIb3DQEBCwUAMEgxFTAT
+ BgNVBAMTDGNsb3VkIGRldm9wczERMA8GA1UEChMIbWlyYW50aXMxDzANBgNVBAgT
+ BlByYWd1ZTELMAkGA1UEBhMCQ1owHhcNMTcwNTAzMDgxNTQ5WhcNMjcwNTAxMDgx
+ NTQ5WjBVMREwDwYDVQQDEwh3aWxkY2FyZDEPMA0GA1UECxMGZGV2b3BzMREwDwYD
+ VQQKEwhtaXJhbnRpczEPMA0GA1UECBMGUHJhZ3VlMQswCQYDVQQGEwJDWjCCAaIw
+ DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKubKQC/QiGW3uvO6LnSLbbp+nIl
+ 8p6h5lW9MKqbyhe0sMKzoQDCDWRu66lGCviwLW35Od8q/JymiH/Anxn1TyJ0oCog
+ P3Fuu5F1CfY0PVYJxPB5aCLY9xMZmCqEKTEfc0Cx1aOkM83p3dTA/i6EtBrrMNoS
+ RDOOmzt0UXermBbeaMYk2FVZZeudZFFEVW7k59tsWQHon+0sIeMys5/IydFoWvT/
+ qAyTaO+FNpOaEZ0QalMYYLO3mW6c0j2dgKG0geXfj5pV6/KBwRh0yCeu6AiVaZ/C
+ 27ROEX7JNv7P5obn4V0TX3co/l2fE19mO5mfOhfImXS4TBFxJGoI4tPpbphYLVIa
+ mGi0VONJQ69Yn8KzgphcdquCZI5fW2w2fnJLmt7j2q+/9CUtmRlte5lP0+p639lM
+ TWu/6+o0uVygjES5kx+5odtT16Q7hbq7JwFaTomUZLPONCr43SMF/Gx1RXfhOOZy
+ w4Y1jYUY7L0cpmX0N3UaDjBRz/3qDrs0J8Ru8QIDAQABo4G6MIG3MAwGA1UdEwEB
+ /wQCMAAwQQYDVR0RBDowOIIHKi5sb2NhbIIKKi5jaS5sb2NhbIIIKi5jaS5kZXaC
+ CSouY2kudGVzdIIMKi5jaS5zdGFnaW5nMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G
+ A1UdDwEB/wQFAwMHIAAwHQYDVR0OBBYEFGtBfuF1lejUs6Bh87nkCgrjv3UuMB8G
+ A1UdIwQYMBaAFIrt2HX5Q/vHJHZpGDTbhUoF09qfMA0GCSqGSIb3DQEBCwUAA4IB
+ gQAud7sUeG4nCAY9GaeswvRQL58GqJEkfYFXSzWcxwluyTsz/z/7CQiNG77/jHPs
+ IvJBt79uFQWL8YINrdzMIGRpHLpTT6g7hRDtx0T0tzj28bu4twayu9ePMPQIgh/3
+ ISJBIIeJIKQ/EWCm+3ePKKZWp3OscxPUdSLNf+3dmvSWmjdazhq5F/d5i4u5Fqur
+ iHaw6P/bGd2yqSiiYC1Csr1+Rfe+ulyk1NUBtpewX/96KjWNlU7q9F3RxiTNxh7x
+ CDJf5DBHIQP/KCquq8T3uZAOV2sN+HGvO4OzelisnzmRuRm8Lk4ZYNPXFTugdysY
+ HZk3aBIfowkAbNGsGOaiLkc80GxDwXXGCvTLHUXtPYH+Dkw1PRZkP+UhxT9b70El
+ qaZkfvfWEum90BH0km+1dPB/mBMqoTRXVmRyrc2QFsxRGenDbM5RhcT4HfgxCyzC
+ J2EGz8Wzf1bn2kRR4uomSzcoLe8lCM79M+DY21dxP0V8dq2sNvHOqP/0HT62BlEq
+ XtI=
+ -----END CERTIFICATE-----
+ -----BEGIN CERTIFICATE-----
+ MIIEWTCCAsGgAwIBAgIMWQmRjiv/O7NwT3AxMA0GCSqGSIb3DQEBCwUAMEgxFTAT
+ BgNVBAMTDGNsb3VkIGRldm9wczERMA8GA1UEChMIbWlyYW50aXMxDzANBgNVBAgT
+ BlByYWd1ZTELMAkGA1UEBhMCQ1owHhcNMTcwNTAzMDgxNTEwWhcNMjcwNTAxMDgx
+ NTEwWjBIMRUwEwYDVQQDEwxjbG91ZCBkZXZvcHMxETAPBgNVBAoTCG1pcmFudGlz
+ MQ8wDQYDVQQIEwZQcmFndWUxCzAJBgNVBAYTAkNaMIIBojANBgkqhkiG9w0BAQEF
+ AAOCAY8AMIIBigKCAYEAyIW/3H2CIvnkflCm4bc9im8TeoE+s/W/OI80d1cgfnVY
+ VRvQMuhfKMV9Ec83qaMoT/VD2TLGoaLTKxvn05jpYd7lFf+ekZXPC1tK+Wgj5w38
+ c/V+tux6uYMPDo9XoHkGqakqE0Y9PkiUcsiOhCXMzrr3SkkpHqLV32kEKz711ibi
+ h4ATeYou7Q0hsRqRfjRj/JAr+nVQiZM39jm1OvA7VYgIrppu2rSSJwsOhneG2dhP
+ EEhpTSWB/kMPmxMQygKGZc08noZsReC7U5F+n2+DDkhdvQtQUqN2UZ4iCWt1aMxd
+ FDYmXm0uB6utJCsxy3uf4Mkfb86RBI5owECel4ASTQcAIRQNsFcaQg408c+sXTuB
+ 44RZBgJY6re2UEGGUiZ0i7mAR07Ava3dve2Rm24t2Lg17WIuIQC+kqIbgvnj9KtS
+ w00JyXFCrbiYmxpx286X27ca7sLGZZnpSNfoGvfX1UFlmmK/89klR+kMktgGdka6
+ pnfbGDLfS5h7AkZnjzAnAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0P
+ AQH/BAUDAwcGADAdBgNVHQ4EFgQUiu3YdflD+8ckdmkYNNuFSgXT2p8wDQYJKoZI
+ hvcNAQELBQADggGBAGkWleGTCwl5v9DyL+ReQ7cIsZp2FZCPATWjrlY69QNpa7s/
+ h7gS0Lx1bmwSVyM/A7DrmHUz2ScUjJJeZuOAt2LaKl8rnMJMSRIj4WosIB886bOw
+ d6polbiVWRFUGEaD/X9L4AJFLE3X8ITuwd4ukwCB4IvEuPLhDVIFHFIk2ur7n0HF
+ XsE/SNmsRuULMXLEqguWmCXhHqsbFoBrmUdUIyVPav9j/XFc/3jG5kAn25Qz9LfV
+ cX1LJihPbtCrc1LtBqV0LrV6aFwcl8c9JFR3qha19za/Fk/JnKz1E6CbVWMLLSOo
+ +fTGf4nvof/jJS61vKwRE3lyxZNciiXQV4fGVRIrVkbULbNSgmQaFtNFBwQ07w61
+ 5ks8/gGnwHKnNc9kQdPm8nNjY7Jqp9XI8RaLoLvqaTAqcempwiyPYT8qu3JE79Dl
+ 6Jw10sI4/PqU5XVTqSCrvmICOOgZbFRWgCLwJzp5rq0cWvJH0N5PyATL6FfhDGm0
+ myUGszN7wRKeJqKa1w==
+ -----END CERTIFICATE-----
type: static
name: roundcube
root: /usr/share/roundcube