cbrand/system_configuration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Committing files 04/15/2023 08:23:32

Browse Source
This commit is contained in:
GoCD User 2023-04-15 01:23:32 -07:00
parent f1c406a61a
commit 4e73cc7011
240 changed files with 38782 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

799
root/database/pgsql/data/postgresql.conf Normal file
View File

@ -0,0 +1,799 @@
# -----------------------------
# PostgreSQL configuration file
# -----------------------------
#
# This file consists of lines of the form:
#
# name = value
#
# (The "=" is optional.) Whitespace may be used. Comments are introduced with
# "#" anywhere on a line. The complete list of parameter names and allowed
# values can be found in the PostgreSQL documentation.
#
# The commented-out settings shown in this file represent the default values.
# Re-commenting a setting is NOT sufficient to revert it to the default value;
# you need to reload the server.
#
# This file is read on server startup and when the server receives a SIGHUP
# signal. If you edit the file on a running system, you have to SIGHUP the
# server for the changes to take effect, run "pg_ctl reload", or execute
# "SELECT pg_reload_conf()". Some parameters, which are marked below,
# require a server shutdown and restart to take effect.
#
# Any parameter can also be given as a command-line option to the server, e.g.,
# "postgres -c log_connections=on". Some parameters can be changed at run time
# with the "SET" SQL command.
#
# Memory units: B = bytes Time units: us = microseconds
# kB = kilobytes ms = milliseconds
# MB = megabytes s = seconds
# GB = gigabytes min = minutes
# TB = terabytes h = hours
# d = days
#------------------------------------------------------------------------------
# FILE LOCATIONS
#------------------------------------------------------------------------------
# The default values of these variables are driven from the -D command-line
# option or PGDATA environment variable, represented here as ConfigDir.
#data_directory = 'ConfigDir' # use data in another directory
# (change requires restart)
#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file
# (change requires restart)
#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file
# (change requires restart)
# If external_pid_file is not explicitly set, no extra PID file is written.
#external_pid_file = '' # write an extra PID file
# (change requires restart)
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
#listen_addresses = 'localhost' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
listen_addresses = '*'
#port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
#superuser_reserved_connections = 3 # (change requires restart)
#unix_socket_directories = '/var/run/postgresql, /tmp' # comma-separated list of directories
# (change requires restart)
#unix_socket_group = '' # (change requires restart)
#unix_socket_permissions = 0777 # begin with 0 to use octal notation
# (change requires restart)
#bonjour = off # advertise server via Bonjour
# (change requires restart)
#bonjour_name = '' # defaults to the computer name
# (change requires restart)
# - TCP settings -
# see "man tcp" for details
#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds;
# 0 selects the system default
#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds;
# 0 selects the system default
#tcp_keepalives_count = 0 # TCP_KEEPCNT;
# 0 selects the system default
#tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds;
# 0 selects the system default
#client_connection_check_interval = 0 # time between checks for client
# disconnection while running queries;
# 0 for never
# - Authentication -
#authentication_timeout = 1min # 1s-600s
#password_encryption = scram-sha-256 # scram-sha-256 or md5
#db_user_namespace = off
# GSSAPI using Kerberos
#krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab'
#krb_caseins_users = off
# - SSL -
#ssl = off
#ssl_ca_file = ''
#ssl_cert_file = 'server.crt'
#ssl_crl_file = ''
#ssl_crl_dir = ''
#ssl_key_file = 'server.key'
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
#ssl_prefer_server_ciphers = on
#ssl_ecdh_curve = 'prime256v1'
#ssl_min_protocol_version = 'TLSv1.2'
#ssl_max_protocol_version = ''
#ssl_dh_params_file = ''
#ssl_passphrase_command = ''
#ssl_passphrase_command_supports_reload = off
# *H9sHZughaS*Kqhm
#------------------------------------------------------------------------------
# RESOURCE USAGE (except WAL)
#------------------------------------------------------------------------------
# - Memory -
shared_buffers = 128MB # min 128kB
# (change requires restart)
#huge_pages = try # on, off, or try
# (change requires restart)
#huge_page_size = 0 # zero for system default
# (change requires restart)
#temp_buffers = 8MB # min 800kB
#max_prepared_transactions = 0 # zero disables the feature
# (change requires restart)
# Caution: it is not advisable to set max_prepared_transactions nonzero unless
# you actively intend to use prepared transactions.
#work_mem = 4MB # min 64kB
#hash_mem_multiplier = 1.0 # 1-1000.0 multiplier on hash table work_mem
#maintenance_work_mem = 64MB # min 1MB
#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem
#logical_decoding_work_mem = 64MB # min 64kB
#max_stack_depth = 2MB # min 100kB
#shared_memory_type = mmap # the default is the first option
# supported by the operating system:
# mmap
# sysv
# windows
# (change requires restart)
dynamic_shared_memory_type = posix # the default is the first option
# supported by the operating system:
# posix
# sysv
# windows
# mmap
# (change requires restart)
#min_dynamic_shared_memory = 0MB # (change requires restart)
# - Disk -
#temp_file_limit = -1 # limits per-process temp file space
# in kilobytes, or -1 for no limit
# - Kernel Resources -
#max_files_per_process = 1000 # min 64
# (change requires restart)
# - Cost-Based Vacuum Delay -
#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables)
#vacuum_cost_page_hit = 1 # 0-10000 credits
#vacuum_cost_page_miss = 2 # 0-10000 credits
#vacuum_cost_page_dirty = 20 # 0-10000 credits
#vacuum_cost_limit = 200 # 1-10000 credits
# - Background Writer -
#bgwriter_delay = 200ms # 10-10000ms between rounds
#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables
#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round
#bgwriter_flush_after = 512kB # measured in pages, 0 disables
# - Asynchronous Behavior -
#backend_flush_after = 0 # measured in pages, 0 disables
#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching
#maintenance_io_concurrency = 10 # 1-1000; 0 disables prefetching
#max_worker_processes = 8 # (change requires restart)
#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers
#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers
#max_parallel_workers = 8 # maximum number of max_worker_processes that
# can be used in parallel operations
#parallel_leader_participation = on
#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate
# (change requires restart)
#------------------------------------------------------------------------------
# WRITE-AHEAD LOG
#------------------------------------------------------------------------------
# - Settings -
#wal_level = replica # minimal, replica, or logical
# (change requires restart)
#fsync = on # flush data to disk for crash safety
# (turning this off can cause
# unrecoverable data corruption)
#synchronous_commit = on # synchronization level;
# off, local, remote_write, remote_apply, or on
#wal_sync_method = fsync # the default is the first option
# supported by the operating system:
# open_datasync
# fdatasync (default on Linux and FreeBSD)
# fsync
# fsync_writethrough
# open_sync
#full_page_writes = on # recover from partial page writes
#wal_log_hints = off # also do full page writes of non-critical updates
# (change requires restart)
#wal_compression = off # enable compression of full-page writes
#wal_init_zero = on # zero-fill new WAL files
#wal_recycle = on # recycle WAL files
#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers
# (change requires restart)
#wal_writer_delay = 200ms # 1-10000 milliseconds
#wal_writer_flush_after = 1MB # measured in pages, 0 disables
#wal_skip_threshold = 2MB
#commit_delay = 0 # range 0-100000, in microseconds
#commit_siblings = 5 # range 1-1000
# - Checkpoints -
#checkpoint_timeout = 5min # range 30s-1d
#checkpoint_completion_target = 0.9 # checkpoint target duration, 0.0 - 1.0
#checkpoint_flush_after = 256kB # measured in pages, 0 disables
#checkpoint_warning = 30s # 0 disables
max_wal_size = 1GB
min_wal_size = 80MB
# - Archiving -
#archive_mode = off # enables archiving; off, on, or always
# (change requires restart)
#archive_command = '' # command to use to archive a logfile segment
# placeholders: %p = path of file to archive
# %f = file name only
# e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
#archive_timeout = 0 # force a logfile segment switch after this
# number of seconds; 0 disables
# - Archive Recovery -
# These are only used in recovery mode.
#restore_command = '' # command to use to restore an archived logfile segment
# placeholders: %p = path of file to restore
# %f = file name only
# e.g. 'cp /mnt/server/archivedir/%f %p'
#archive_cleanup_command = '' # command to execute at every restartpoint
#recovery_end_command = '' # command to execute at completion of recovery
# - Recovery Target -
# Set these only when performing a targeted recovery.
#recovery_target = '' # 'immediate' to end recovery as soon as a
# consistent state is reached
# (change requires restart)
#recovery_target_name = '' # the named restore point to which recovery will proceed
# (change requires restart)
#recovery_target_time = '' # the time stamp up to which recovery will proceed
# (change requires restart)
#recovery_target_xid = '' # the transaction ID up to which recovery will proceed
# (change requires restart)
#recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed
# (change requires restart)
#recovery_target_inclusive = on # Specifies whether to stop:
# just after the specified recovery target (on)
# just before the recovery target (off)
# (change requires restart)
#recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID
# (change requires restart)
#recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown'
# (change requires restart)
#------------------------------------------------------------------------------
# REPLICATION
#------------------------------------------------------------------------------
# - Sending Servers -
# Set these on the primary and on any standby that will send replication data.
#max_wal_senders = 10 # max number of walsender processes
# (change requires restart)
#max_replication_slots = 10 # max number of replication slots
# (change requires restart)
#wal_keep_size = 0 # in megabytes; 0 disables
#max_slot_wal_keep_size = -1 # in megabytes; -1 disables
#wal_sender_timeout = 60s # in milliseconds; 0 disables
#track_commit_timestamp = off # collect timestamp of transaction commit
# (change requires restart)
# - Primary Server -
# These settings are ignored on a standby server.
#synchronous_standby_names = '' # standby servers that provide sync rep
# method to choose sync standbys, number of sync standbys,
# and comma-separated list of application_name
# from standby(s); '*' = all
#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed
# - Standby Servers -
# These settings are ignored on a primary server.
#primary_conninfo = '' # connection string to sending server
#primary_slot_name = '' # replication slot on sending server
#promote_trigger_file = '' # file name whose presence ends recovery
#hot_standby = on # "off" disallows queries during recovery
# (change requires restart)
#max_standby_archive_delay = 30s # max delay before canceling queries
# when reading WAL from archive;
# -1 allows indefinite delay
#max_standby_streaming_delay = 30s # max delay before canceling queries
# when reading streaming WAL;
# -1 allows indefinite delay
#wal_receiver_create_temp_slot = off # create temp slot if primary_slot_name
# is not set
#wal_receiver_status_interval = 10s # send replies at least this often
# 0 disables
#hot_standby_feedback = off # send info from standby to prevent
# query conflicts
#wal_receiver_timeout = 60s # time that receiver waits for
# communication from primary
# in milliseconds; 0 disables
#wal_retrieve_retry_interval = 5s # time to wait before retrying to
# retrieve WAL after a failed attempt
#recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery
# - Subscribers -
# These settings are ignored on a publisher.
#max_logical_replication_workers = 4 # taken from max_worker_processes
# (change requires restart)
#max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers
#------------------------------------------------------------------------------
# QUERY TUNING
#------------------------------------------------------------------------------
# - Planner Method Configuration -
#enable_async_append = on
#enable_bitmapscan = on
#enable_gathermerge = on
#enable_hashagg = on
#enable_hashjoin = on
#enable_incremental_sort = on
#enable_indexscan = on
#enable_indexonlyscan = on
#enable_material = on
#enable_memoize = on
#enable_mergejoin = on
#enable_nestloop = on
#enable_parallel_append = on
#enable_parallel_hash = on
#enable_partition_pruning = on
#enable_partitionwise_join = off
#enable_partitionwise_aggregate = off
#enable_seqscan = on
#enable_sort = on
#enable_tidscan = on
# - Planner Cost Constants -
#seq_page_cost = 1.0 # measured on an arbitrary scale
#random_page_cost = 4.0 # same scale as above
#cpu_tuple_cost = 0.01 # same scale as above
#cpu_index_tuple_cost = 0.005 # same scale as above
#cpu_operator_cost = 0.0025 # same scale as above
#parallel_setup_cost = 1000.0 # same scale as above
#parallel_tuple_cost = 0.1 # same scale as above
#min_parallel_table_scan_size = 8MB
#min_parallel_index_scan_size = 512kB
#effective_cache_size = 4GB
#jit_above_cost = 100000 # perform JIT compilation if available
# and query more expensive than this;
# -1 disables
#jit_inline_above_cost = 500000 # inline small functions if query is
# more expensive than this; -1 disables
#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if
# query is more expensive than this;
# -1 disables
# - Genetic Query Optimizer -
#geqo = on
#geqo_threshold = 12
#geqo_effort = 5 # range 1-10
#geqo_pool_size = 0 # selects default based on effort
#geqo_generations = 0 # selects default based on effort
#geqo_selection_bias = 2.0 # range 1.5-2.0
#geqo_seed = 0.0 # range 0.0-1.0
# - Other Planner Options -
#default_statistics_target = 100 # range 1-10000
#constraint_exclusion = partition # on, off, or partition
#cursor_tuple_fraction = 0.1 # range 0.0-1.0
#from_collapse_limit = 8
#jit = on # allow JIT compilation
#join_collapse_limit = 8 # 1 disables collapsing of explicit
# JOIN clauses
#plan_cache_mode = auto # auto, force_generic_plan or
# force_custom_plan
#------------------------------------------------------------------------------
# REPORTING AND LOGGING
#------------------------------------------------------------------------------
# - Where to Log -
#log_destination = 'stderr' # Valid values are combinations of
# stderr, csvlog, syslog, and eventlog,
# depending on platform. csvlog
# requires logging_collector to be on.
# This is used when logging to stderr:
logging_collector = on # Enable capturing of stderr and csvlog
# into log files. Required to be on for
# csvlogs.
# (change requires restart)
# These are only used if logging_collector is on:
#log_directory = 'log' # directory where log files are written,
# can be absolute or relative to PGDATA
log_filename = 'postgresql-%a.log' # log file name pattern,
# can include strftime() escapes
#log_file_mode = 0600 # creation mode for log files,
# begin with 0 to use octal notation
log_rotation_age = 1d # Automatic rotation of logfiles will
# happen after that time. 0 disables.
log_rotation_size = 0 # Automatic rotation of logfiles will
# happen after that much log output.
# 0 disables.
log_truncate_on_rotation = on # If on, an existing log file with the
# same name as the new log file will be
# truncated rather than appended to.
# But such truncation only occurs on
# time-driven rotation, not on restarts
# or size-driven rotation. Default is
# off, meaning append to existing files
# in all cases.
# These are relevant when logging to syslog:
#syslog_facility = 'LOCAL0'
#syslog_ident = 'postgres'
#syslog_sequence_numbers = on
#syslog_split_messages = on
# This is only relevant when logging to eventlog (Windows):
# (change requires restart)
#event_source = 'PostgreSQL'
# - When to Log -
#log_min_messages = warning # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# info
# notice
# warning
# error
# log
# fatal
# panic
#log_min_error_statement = error # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# info
# notice
# warning
# error
# log
# fatal
# panic (effectively off)
#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements
# and their durations, > 0 logs only
# statements running at least this number
# of milliseconds
#log_min_duration_sample = -1 # -1 is disabled, 0 logs a sample of statements
# and their durations, > 0 logs only a sample of
# statements running at least this number
# of milliseconds;
# sample fraction is determined by log_statement_sample_rate
#log_statement_sample_rate = 1.0 # fraction of logged statements exceeding
# log_min_duration_sample to be logged;
# 1.0 logs all such statements, 0.0 never logs
#log_transaction_sample_rate = 0.0 # fraction of transactions whose statements
# are logged regardless of their duration; 1.0 logs all
# statements from all transactions, 0.0 never logs
# - What to Log -
#debug_print_parse = off
#debug_print_rewritten = off
#debug_print_plan = off
#debug_pretty_print = on
#log_autovacuum_min_duration = -1 # log autovacuum activity;
# -1 disables, 0 logs all actions and
# their durations, > 0 logs only
# actions running at least this number
# of milliseconds.
#log_checkpoints = off
#log_connections = off
#log_disconnections = off
#log_duration = off
#log_error_verbosity = default # terse, default, or verbose messages
#log_hostname = off
#log_line_prefix = '%m [%p] ' # special values:
# %a = application name
# %u = user name
# %d = database name
# %r = remote host and port
# %h = remote host
# %b = backend type
# %p = process ID
# %P = process ID of parallel group leader
# %t = timestamp without milliseconds
# %m = timestamp with milliseconds
# %n = timestamp with milliseconds (as a Unix epoch)
# %Q = query ID (0 if none or not computed)
# %i = command tag
# %e = SQL state
# %c = session ID
# %l = session line number
# %s = session start timestamp
# %v = virtual transaction ID
# %x = transaction ID (0 if none)
# %q = stop here in non-session
# processes
# %% = '%'
# e.g. '<%u%%%d> '
#log_lock_waits = off # log lock waits >= deadlock_timeout
#log_recovery_conflict_waits = off # log standby recovery conflict waits
# >= deadlock_timeout
#log_parameter_max_length = -1 # when logging statements, limit logged
# bind-parameter values to N bytes;
# -1 means print in full, 0 disables
#log_parameter_max_length_on_error = 0 # when logging an error, limit logged
# bind-parameter values to N bytes;
# -1 means print in full, 0 disables
#log_statement = 'none' # none, ddl, mod, all
#log_replication_commands = off
#log_temp_files = -1 # log temporary files equal or larger
# than the specified size in kilobytes;
# -1 disables, 0 logs all temp files
log_timezone = 'America/Los_Angeles'
#------------------------------------------------------------------------------
# PROCESS TITLE
#------------------------------------------------------------------------------
#cluster_name = '' # added to process titles if nonempty
# (change requires restart)
#update_process_title = on
#------------------------------------------------------------------------------
# STATISTICS
#------------------------------------------------------------------------------
# - Query and Index Statistics Collector -
#track_activities = on
#track_activity_query_size = 1024 # (change requires restart)
#track_counts = on
#track_io_timing = off
#track_wal_io_timing = off
#track_functions = none # none, pl, all
#stats_temp_directory = 'pg_stat_tmp'
# - Monitoring -
#compute_query_id = auto
#log_statement_stats = off
#log_parser_stats = off
#log_planner_stats = off
#log_executor_stats = off
#------------------------------------------------------------------------------
# AUTOVACUUM
#------------------------------------------------------------------------------
#autovacuum = on # Enable autovacuum subprocess? 'on'
# requires track_counts to also be on.
#autovacuum_max_workers = 3 # max number of autovacuum subprocesses
# (change requires restart)
#autovacuum_naptime = 1min # time between autovacuum runs
#autovacuum_vacuum_threshold = 50 # min number of row updates before
# vacuum
#autovacuum_vacuum_insert_threshold = 1000 # min number of row inserts
# before vacuum; -1 disables insert
# vacuums
#autovacuum_analyze_threshold = 50 # min number of row updates before
# analyze
#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum
#autovacuum_vacuum_insert_scale_factor = 0.2 # fraction of inserts over table
# size before insert vacuum
#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze
#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum
# (change requires restart)
#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age
# before forced vacuum
# (change requires restart)
#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for
# autovacuum, in milliseconds;
# -1 means use vacuum_cost_delay
#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for
# autovacuum, -1 means use
# vacuum_cost_limit
#------------------------------------------------------------------------------
# CLIENT CONNECTION DEFAULTS
#------------------------------------------------------------------------------
# - Statement Behavior -
#client_min_messages = notice # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# log
# notice
# warning
# error
#search_path = '"$user", public' # schema names
#row_security = on
#default_table_access_method = 'heap'
#default_tablespace = '' # a tablespace name, '' uses the default
#default_toast_compression = 'pglz' # 'pglz' or 'lz4'
#temp_tablespaces = '' # a list of tablespace names, '' uses
# only default tablespace
#check_function_bodies = on
#default_transaction_isolation = 'read committed'
#default_transaction_read_only = off
#default_transaction_deferrable = off
#session_replication_role = 'origin'
#statement_timeout = 0 # in milliseconds, 0 is disabled
#lock_timeout = 0 # in milliseconds, 0 is disabled
#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled
#idle_session_timeout = 0 # in milliseconds, 0 is disabled
#vacuum_freeze_table_age = 150000000
#vacuum_freeze_min_age = 50000000
#vacuum_failsafe_age = 1600000000
#vacuum_multixact_freeze_table_age = 150000000
#vacuum_multixact_freeze_min_age = 5000000
#vacuum_multixact_failsafe_age = 1600000000
#bytea_output = 'hex' # hex, escape
#xmlbinary = 'base64'
#xmloption = 'content'
#gin_pending_list_limit = 4MB
# - Locale and Formatting -
datestyle = 'iso, mdy'
#intervalstyle = 'postgres'
timezone = 'America/Los_Angeles'
#timezone_abbreviations = 'Default' # Select the set of available time zone
# abbreviations. Currently, there are
# Default
# Australia (historical usage)
# India
# You can create your own file in
# share/timezonesets/.
#extra_float_digits = 1 # min -15, max 3; any value >0 actually
# selects precise output mode
#client_encoding = sql_ascii # actually, defaults to database
# encoding
# These settings are initialized by initdb, but they can be changed.
lc_messages = 'en_US.UTF-8' # locale for system error message
# strings
lc_monetary = 'en_US.UTF-8' # locale for monetary formatting
lc_numeric = 'en_US.UTF-8' # locale for number formatting
lc_time = 'en_US.UTF-8' # locale for time formatting
# default configuration for text search
default_text_search_config = 'pg_catalog.english'
# - Shared Library Preloading -
#local_preload_libraries = ''
#session_preload_libraries = ''
#shared_preload_libraries = '' # (change requires restart)
#jit_provider = 'llvmjit' # JIT library to use
# - Other Defaults -
#dynamic_library_path = '$libdir'
#gin_fuzzy_search_limit = 0
#------------------------------------------------------------------------------
# LOCK MANAGEMENT
#------------------------------------------------------------------------------
#deadlock_timeout = 1s
#max_locks_per_transaction = 64 # min 10
# (change requires restart)
#max_pred_locks_per_transaction = 64 # min 10
# (change requires restart)
#max_pred_locks_per_relation = -2 # negative values mean
# (max_pred_locks_per_transaction
# / -max_pred_locks_per_relation) - 1
#max_pred_locks_per_page = 2 # min 0
#------------------------------------------------------------------------------
# VERSION AND PLATFORM COMPATIBILITY
#------------------------------------------------------------------------------
# - Previous PostgreSQL Versions -
#array_nulls = on
#backslash_quote = safe_encoding # on, off, or safe_encoding
#escape_string_warning = on
#lo_compat_privileges = off
#quote_all_identifiers = off
#standard_conforming_strings = on
#synchronize_seqscans = on
# - Other Platforms and Clients -
#transform_null_equals = off
#------------------------------------------------------------------------------
# ERROR HANDLING
#------------------------------------------------------------------------------
#exit_on_error = off # terminate session on any error?
#restart_after_crash = on # reinitialize after backend crash?
#data_sync_retry = off # retry or panic on failure to fsync
# data?
# (change requires restart)
#recovery_init_sync_method = fsync # fsync, syncfs (Linux 5.8+)
#------------------------------------------------------------------------------
# CONFIG FILE INCLUDES
#------------------------------------------------------------------------------
# These options allow settings to be loaded from files other than the
# default postgresql.conf. Note that these are directives, not variable
# assignments, so they can usefully be given more than once.
#include_dir = '...' # include files ending in '.conf' from
# a directory, e.g., 'conf.d'
#include_if_exists = '...' # include file only if it exists
#include = '...' # include file
#------------------------------------------------------------------------------
# CUSTOMIZED OPTIONS
#------------------------------------------------------------------------------
# Add settings for extensions here

10
root/etc/authselect/dconf-db Normal file
View File

@ -0,0 +1,10 @@
# Generated by authselect on Sat Feb 11 00:24:04 2023
# Do not modify this file manually, use authselect instead. Any user changes will be overwritten.
# You can stop authselect from managing your configuration by calling 'authselect opt-out'.
# See authselect(8) for more details.
[org/gnome/login-screen]
enable-smartcard-authentication=false
enable-fingerprint-authentication=false
enable-password-authentication=true

8
root/etc/authselect/dconf-locks Normal file
View File

@ -0,0 +1,8 @@
# Generated by authselect on Sat Feb 11 00:24:04 2023
# Do not modify this file manually, use authselect instead. Any user changes will be overwritten.
# You can stop authselect from managing your configuration by calling 'authselect opt-out'.
# See authselect(8) for more details.
/org/gnome/login-screen/enable-smartcard-authentication
/org/gnome/login-screen/enable-fingerprint-authentication
/org/gnome/login-screen/enable-password-authentication

6
root/etc/authselect/fingerprint-auth Normal file
View File

@ -0,0 +1,6 @@
# Generated by authselect on Sat Feb 11 00:24:04 2023
# Do not modify this file manually, use authselect instead. Any user changes will be overwritten.
# You can stop authselect from managing your configuration by calling 'authselect opt-out'.
# See authselect(8) for more details.
auth required pam_debug.so auth=authinfo_unavail

22
root/etc/authselect/nsswitch.conf Normal file
View File

@ -0,0 +1,22 @@
# Generated by authselect on Sat Feb 11 00:24:04 2023
# Do not modify this file manually, use authselect instead. Any user changes will be overwritten.
# You can stop authselect from managing your configuration by calling 'authselect opt-out'.
# See authselect(8) for more details.
# In order of likelihood of use to accelerate lookup.
passwd: files sss systemd
shadow: files
group: files sss systemd
hosts: files myhostname resolve [!UNAVAIL=return] dns
services: files sss
netgroup: files sss
sudoers: files sss
automount: files sss
aliases: files
ethers: files
gshadow: files
networks: files dns
protocols: files
publickey: files
rpc: files

32
root/etc/authselect/password-auth Normal file
View File

@ -0,0 +1,32 @@
# Generated by authselect on Sat Feb 11 00:24:04 2023
# Do not modify this file manually, use authselect instead. Any user changes will be overwritten.
# You can stop authselect from managing your configuration by calling 'authselect opt-out'.
# See authselect(8) for more details.
auth required pam_env.so
auth required pam_faildelay.so delay=2000000
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
auth [default=1 ignore=ignore success=ok] pam_localuser.so
auth sufficient pam_unix.so nullok
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
auth sufficient pam_sss.so forward_pass
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_usertype.so issystem
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password requisite pam_pwquality.so local_users_only
password sufficient pam_unix.so yescrypt shadow nullok use_authtok
password sufficient pam_sss.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session optional pam_oddjob_mkhomedir.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_sss.so

11
root/etc/authselect/postlogin Normal file
View File

@ -0,0 +1,11 @@
# Generated by authselect on Sat Feb 11 00:24:04 2023
# Do not modify this file manually, use authselect instead. Any user changes will be overwritten.
# You can stop authselect from managing your configuration by calling 'authselect opt-out'.
# See authselect(8) for more details.
session optional pam_umask.so silent
session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
session [default=1] pam_lastlog.so nowtmp showfailed
session optional pam_lastlog.so silent noupdate showfailed

6
root/etc/authselect/smartcard-auth Normal file
View File

@ -0,0 +1,6 @@
# Generated by authselect on Sat Feb 11 00:24:04 2023
# Do not modify this file manually, use authselect instead. Any user changes will be overwritten.
# You can stop authselect from managing your configuration by calling 'authselect opt-out'.
# See authselect(8) for more details.
auth required pam_debug.so auth=authinfo_unavail

32
root/etc/authselect/system-auth Normal file
View File

@ -0,0 +1,32 @@
# Generated by authselect on Sat Feb 11 00:24:04 2023
# Do not modify this file manually, use authselect instead. Any user changes will be overwritten.
# You can stop authselect from managing your configuration by calling 'authselect opt-out'.
# See authselect(8) for more details.
auth required pam_env.so
auth required pam_faildelay.so delay=2000000
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
auth [default=1 ignore=ignore success=ok] pam_localuser.so
auth sufficient pam_unix.so nullok
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
auth sufficient pam_sss.so forward_pass
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_usertype.so issystem
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password requisite pam_pwquality.so local_users_only
password sufficient pam_unix.so yescrypt shadow nullok use_authtok
password sufficient pam_sss.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session optional pam_oddjob_mkhomedir.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_sss.so

0
root/etc/cockpit/disallowed-users Normal file
View File

263
root/etc/dirsrv/config/slapd-collations.conf Normal file
View File

@ -0,0 +1,263 @@
#
# BEGIN COPYRIGHT BLOCK
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
# Copyright (C) 2018 Red Hat, Inc.
# All rights reserved.
#
# License: GPL (version 3 or any later version).
# See LICENSE for details.
# END COPYRIGHT BLOCK
#
#######################################################################
# Collations
#######################################################################
# collation language country variant strength decomposition oid oid ...
collation "" "" "" 1 3 2.16.840.1.113730.3.3.2.0.1 default
collation ar "" "" 1 3 2.16.840.1.113730.3.3.2.1.1 ar
collation be "" "" 1 3 2.16.840.1.113730.3.3.2.2.1 be be-BY
collation bg "" "" 1 3 2.16.840.1.113730.3.3.2.3.1 bg bg-BG
collation ca "" "" 1 3 2.16.840.1.113730.3.3.2.4.1 ca ca-ES
collation cs "" "" 1 3 2.16.840.1.113730.3.3.2.5.1 cs cs-CZ
collation da "" "" 1 3 2.16.840.1.113730.3.3.2.6.1 da da-DK
collation de "" "" 1 3 2.16.840.1.113730.3.3.2.7.1 de de-DE
collation de AT "" 1 3 2.16.840.1.113730.3.3.2.8.1 de-AT
collation de CH "" 1 3 2.16.840.1.113730.3.3.2.9.1 de-CH
collation el "" "" 1 3 2.16.840.1.113730.3.3.2.10.1 el
collation en "" "" 1 3 2.16.840.1.113730.3.3.2.11.1 en
collation en CA "" 1 3 2.16.840.1.113730.3.3.2.12.1 en-CA
collation en GB "" 1 3 2.16.840.1.113730.3.3.2.13.1 en-GB
collation en IE "" 1 3 2.16.840.1.113730.3.3.2.14.1 en-IE
collation es "" "" 1 3 2.16.840.1.113730.3.3.2.15.1 es es-ES
collation et "" "" 1 3 2.16.840.1.113730.3.3.2.16.1 et et-EE
collation fi "" "" 1 3 2.16.840.1.113730.3.3.2.17.1 fi fi-FI
collation fr "" "" 1 3 2.16.840.1.113730.3.3.2.18.1 fr fr-FR
collation fr BE "" 1 3 2.16.840.1.113730.3.3.2.19.1 fr-BE
collation fr CA "" 1 3 2.16.840.1.113730.3.3.2.20.1 fr-CA
collation fr CH "" 1 3 2.16.840.1.113730.3.3.2.21.1 fr-CH
collation hr "" "" 1 3 2.16.840.1.113730.3.3.2.22.1 hr hr-HR
collation hu "" "" 1 3 2.16.840.1.113730.3.3.2.23.1 hu hu-HU
collation is "" "" 1 3 2.16.840.1.113730.3.3.2.24.1 is is-IS
collation it "" "" 1 3 2.16.840.1.113730.3.3.2.25.1 it
collation it CH "" 1 3 2.16.840.1.113730.3.3.2.26.1 it-CH
collation iw "" "" 1 3 2.16.840.1.113730.3.3.2.27.1 iw
collation ja "" "" 1 3 2.16.840.1.113730.3.3.2.28.1 ja ja-JP
collation ko "" "" 1 3 2.16.840.1.113730.3.3.2.29.1 ko ko-KR
collation lt "" "" 1 3 2.16.840.1.113730.3.3.2.30.1 lt lt-LT
collation lv "" "" 1 3 2.16.840.1.113730.3.3.2.31.1 lv lv-LV
collation mk "" "" 1 3 2.16.840.1.113730.3.3.2.32.1 mk mk-MK
collation nl "" "" 1 3 2.16.840.1.113730.3.3.2.33.1 nl
collation nl BE "" 1 3 2.16.840.1.113730.3.3.2.34.1 nl-BE
collation no "" "" 1 3 2.16.840.1.113730.3.3.2.35.1 no
collation no NO B 1 3 2.16.840.1.113730.3.3.2.36.1 no-NO-B
collation no NO NY 1 3 2.16.840.1.113730.3.3.2.37.1 no-NO-NY
collation pl "" "" 1 3 2.16.840.1.113730.3.3.2.38.1 pl pl-PL
collation ro "" "" 1 3 2.16.840.1.113730.3.3.2.39.1 ro
collation ru "" "" 1 3 2.16.840.1.113730.3.3.2.40.1 ru
collation sh "" "" 1 3 2.16.840.1.113730.3.3.2.41.1 sh
collation sk "" "" 1 3 2.16.840.1.113730.3.3.2.42.1 sk
collation sl "" "" 1 3 2.16.840.1.113730.3.3.2.43.1 sl
collation sq "" "" 1 3 2.16.840.1.113730.3.3.2.44.1 sq
collation sr "" "" 1 3 2.16.840.1.113730.3.3.2.45.1 sr
collation sv "" "" 1 3 2.16.840.1.113730.3.3.2.46.1 sv
collation tr "" "" 1 3 2.16.840.1.113730.3.3.2.47.1 tr tr-TR
collation uk "" "" 1 3 2.16.840.1.113730.3.3.2.48.1 uk uk-UA
collation zh "" "" 1 3 2.16.840.1.113730.3.3.2.49.1 zh
collation zh TW "" 1 3 2.16.840.1.113730.3.3.2.50.1 zh-TW
collation af "" "" 1 3 2.16.840.1.113730.3.3.2.51.1 af
collation af NA "" 1 3 2.16.840.1.113730.3.3.2.52.1 af-NA
collation af ZA "" 1 3 2.16.840.1.113730.3.3.2.53.1 af-ZA
collation ar AE "" 1 3 2.16.840.1.113730.3.3.2.54.1 ar-AE
collation ar BH "" 1 3 2.16.840.1.113730.3.3.2.55.1 ar-BH
collation ar DZ "" 1 3 2.16.840.1.113730.3.3.2.56.1 ar-DZ
collation ar EG "" 1 3 2.16.840.1.113730.3.3.2.57.1 ar-EG
collation ar IQ "" 1 3 2.16.840.1.113730.3.3.2.58.1 ar-IQ
collation ar JO "" 1 3 2.16.840.1.113730.3.3.2.59.1 ar-JO
collation ar KW "" 1 3 2.16.840.1.113730.3.3.2.60.1 ar-KW
collation ar LB "" 1 3 2.16.840.1.113730.3.3.2.61.1 ar-LB
collation ar LY "" 1 3 2.16.840.1.113730.3.3.2.62.1 ar-LY
collation ar MA "" 1 3 2.16.840.1.113730.3.3.2.63.1 ar-MA
collation ar OM "" 1 3 2.16.840.1.113730.3.3.2.64.1 ar-OM
collation ar QA "" 1 3 2.16.840.1.113730.3.3.2.65.1 ar-QA
collation ar SA "" 1 3 2.16.840.1.113730.3.3.2.66.1 ar-SA
collation ar SD "" 1 3 2.16.840.1.113730.3.3.2.67.1 ar-SD
collation ar SY "" 1 3 2.16.840.1.113730.3.3.2.68.1 ar-SY
collation ar TN "" 1 3 2.16.840.1.113730.3.3.2.69.1 ar-TN
collation ar YE "" 1 3 2.16.840.1.113730.3.3.2.70.1 ar-YE
collation as "" "" 1 3 2.16.840.1.113730.3.3.2.71.1 as
collation as IN "" 1 3 2.16.840.1.113730.3.3.2.72.1 as-IN
collation az "" "" 1 3 2.16.840.1.113730.3.3.2.73.1 az
collation az Latn "" 1 3 2.16.840.1.113730.3.3.2.74.1 az-Latn
collation az Latn AZ 1 3 2.16.840.1.113730.3.3.2.75.1 az-Latn-AZ
collation bn "" "" 1 3 2.16.840.1.113730.3.3.2.76.1 bn
collation bn BD "" 1 3 2.16.840.1.113730.3.3.2.77.1 bn-BD
collation bn IN "" 1 3 2.16.840.1.113730.3.3.2.78.1 bn-IN
collation bs "" "" 1 3 2.16.840.1.113730.3.3.2.79.1 bs bs-BA
collation chr "" "" 1 3 2.16.840.1.113730.3.3.2.80.1 chr
collation chr US "" 1 3 2.16.840.1.113730.3.3.2.81.1 chr-US
collation cy "" "" 1 3 2.16.840.1.113730.3.3.2.82.1 cy cy-GB
collation de BE "" 1 3 2.16.840.1.113730.3.3.2.83.1 de-BE
collation de LI "" 1 3 2.16.840.1.113730.3.3.2.84.1 de-LI
collation de LU "" 1 3 2.16.840.1.113730.3.3.2.85.1 de-LU
collation el CY "" 1 3 2.16.840.1.113730.3.3.2.86.1 el-CY
collation el GR "" 1 3 2.16.840.1.113730.3.3.2.87.1 el-GR
collation en AS "" 1 3 2.16.840.1.113730.3.3.2.88.1 en-AS
collation en AU "" 1 3 2.16.840.1.113730.3.3.2.89.1 en-AU
collation en BE "" 1 3 2.16.840.1.113730.3.3.2.90.1 en-BE
collation en BW "" 1 3 2.16.840.1.113730.3.3.2.91.1 en-BW
collation en BZ "" 1 3 2.16.840.1.113730.3.3.2.92.1 en-BZ
collation en GU "" 1 3 2.16.840.1.113730.3.3.2.93.1 en-GU
collation en GY "" 1 3 2.16.840.1.113730.3.3.2.94.1 en-GY
collation en HK "" 1 3 2.16.840.1.113730.3.3.2.95.1 en-HK
collation en IN "" 1 3 2.16.840.1.113730.3.3.2.96.1 en-IN
collation en JM "" 1 3 2.16.840.1.113730.3.3.2.97.1 en-JM
collation en MH "" 1 3 2.16.840.1.113730.3.3.2.98.1 en-MH
collation en MP "" 1 3 2.16.840.1.113730.3.3.2.99.1 en-MP
collation en MT "" 1 3 2.16.840.1.113730.3.3.2.100.1 en-MT
collation en MU "" 1 3 2.16.840.1.113730.3.3.2.101.1 en-MU
collation en NA "" 1 3 2.16.840.1.113730.3.3.2.102.1 en-NA
collation en NZ "" 1 3 2.16.840.1.113730.3.3.2.103.1 en-NZ
collation en PH "" 1 3 2.16.840.1.113730.3.3.2.104.1 en-PH
collation en PK "" 1 3 2.16.840.1.113730.3.3.2.105.1 en-PK
collation en SG "" 1 3 2.16.840.1.113730.3.3.2.106.1 en-SG
collation en TT "" 1 3 2.16.840.1.113730.3.3.2.107.1 en-TT
collation en UM "" 1 3 2.16.840.1.113730.3.3.2.108.1 en-UM
collation en US "" 1 3 2.16.840.1.113730.3.3.2.109.1 en-US
collation en US POSIX 1 3 2.16.840.1.113730.3.3.2.110.1 en-US-POSIX
collation en VI "" 1 3 2.16.840.1.113730.3.3.2.111.1 en-VI
collation en ZA "" 1 3 2.16.840.1.113730.3.3.2.112.1 en-ZA
collation en ZW "" 1 3 2.16.840.1.113730.3.3.2.113.1 en-ZW
collation es AR "" 1 3 2.16.840.1.113730.3.3.2.114.1 es-AR
collation es BO "" 1 3 2.16.840.1.113730.3.3.2.115.1 es-BO
collation es CL "" 1 3 2.16.840.1.113730.3.3.2.116.1 es-CL
collation es CO "" 1 3 2.16.840.1.113730.3.3.2.117.1 es-CO
collation es CR "" 1 3 2.16.840.1.113730.3.3.2.118.1 es-CR
collation es DO "" 1 3 2.16.840.1.113730.3.3.2.119.1 es-DO
collation es EC "" 1 3 2.16.840.1.113730.3.3.2.120.1 es-EC
collation es ES "" 1 3 2.16.840.1.113730.3.3.2.121.1 es-ES
collation es GQ "" 1 3 2.16.840.1.113730.3.3.2.122.1 es-GQ
collation es GT "" 1 3 2.16.840.1.113730.3.3.2.123.1 es-GT
collation es HN "" 1 3 2.16.840.1.113730.3.3.2.124.1 es-HN
collation es MX "" 1 3 2.16.840.1.113730.3.3.2.125.1 es-MX
collation es NI "" 1 3 2.16.840.1.113730.3.3.2.126.1 es-NI
collation es PA "" 1 3 2.16.840.1.113730.3.3.2.127.1 es-PA
collation es PE "" 1 3 2.16.840.1.113730.3.3.2.128.1 es-PE
collation es PR "" 1 3 2.16.840.1.113730.3.3.2.129.1 es-PR
collation es PY "" 1 3 2.16.840.1.113730.3.3.2.130.1 es-PY
collation es SV "" 1 3 2.16.840.1.113730.3.3.2.131.1 es-SV
collation es US "" 1 3 2.16.840.1.113730.3.3.2.132.1 es-US
collation es UY "" 1 3 2.16.840.1.113730.3.3.2.133.1 es-UY
collation es VE "" 1 3 2.16.840.1.113730.3.3.2.134.1 es-VE
collation fa "" "" 1 3 2.16.840.1.113730.3.3.2.135.1 fa fa-IR
collation fil "" "" 1 3 2.16.840.1.113730.3.3.2.136.1 fil fil-PH
collation fo "" "" 1 3 2.16.840.1.113730.3.3.2.137.1 fo fo-FO
collation fr BF "" 1 3 2.16.840.1.113730.3.3.2.138.1 fr-BF
collation fr BI "" 1 3 2.16.840.1.113730.3.3.2.139.1 fr-BI
collation fr BJ "" 1 3 2.16.840.1.113730.3.3.2.140.1 fr-BJ
collation fr BL "" 1 3 2.16.840.1.113730.3.3.2.141.1 fr-BL
collation fr CD "" 1 3 2.16.840.1.113730.3.3.2.142.1 fr-CD
collation fr CF "" 1 3 2.16.840.1.113730.3.3.2.143.1 fr-CF
collation fr CG "" 1 3 2.16.840.1.113730.3.3.2.144.1 fr-CG
collation fr CI "" 1 3 2.16.840.1.113730.3.3.2.145.1 fr-CI
collation fr CM "" 1 3 2.16.840.1.113730.3.3.2.146.1 fr-CM
collation fr DJ "" 1 3 2.16.840.1.113730.3.3.2.147.1 fr-DJ
collation fr GA "" 1 3 2.16.840.1.113730.3.3.2.148.1 fr-GA
collation fr GN "" 1 3 2.16.840.1.113730.3.3.2.149.1 fr-GN
collation fr GP "" 1 3 2.16.840.1.113730.3.3.2.150.1 fr-GP
collation fr GQ "" 1 3 2.16.840.1.113730.3.3.2.151.1 fr-GQ
collation fr KM "" 1 3 2.16.840.1.113730.3.3.2.152.1 fr-KM
collation fr LU "" 1 3 2.16.840.1.113730.3.3.2.153.1 fr-LU
collation fr MC "" 1 3 2.16.840.1.113730.3.3.2.154.1 fr-MC
collation fr MF "" 1 3 2.16.840.1.113730.3.3.2.155.1 fr-MF
collation fr MG "" 1 3 2.16.840.1.113730.3.3.2.156.1 fr-MG
collation fr ML "" 1 3 2.16.840.1.113730.3.3.2.157.1 fr-ML
collation fr MQ "" 1 3 2.16.840.1.113730.3.3.2.158.1 fr-MQ
collation fr NE "" 1 3 2.16.840.1.113730.3.3.2.159.1 fr-NE
collation fr RE "" 1 3 2.16.840.1.113730.3.3.2.160.1 fr-RE
collation fr RW "" 1 3 2.16.840.1.113730.3.3.2.161.1 fr-RW
collation fr SN "" 1 3 2.16.840.1.113730.3.3.2.162.1 fr-SN
collation fr TD "" 1 3 2.16.840.1.113730.3.3.2.163.1 fr-TD
collation fr TG "" 1 3 2.16.840.1.113730.3.3.2.164.1 fr-TG
collation ga "" "" 1 3 2.16.840.1.113730.3.3.2.165.1 ga
collation ga IE "" 1 3 2.16.840.1.113730.3.3.2.166.1 ga-IE
collation ga IN "" 1 3 2.16.840.1.113730.3.3.2.167.1 ga-IN
collation ha "" "" 1 3 2.16.840.1.113730.3.3.2.168.1 ha
collation ha Latn "" 1 3 2.16.840.1.113730.3.3.2.169.1 ha-Latn
collation ha Latn GH 1 3 2.16.840.1.113730.3.3.2.170.1 ha-Latn-GH
collation ha Latn NE 1 3 2.16.840.1.113730.3.3.2.171.1 ha-Latn-NE
collation ha Latn NG 1 3 2.16.840.1.113730.3.3.2.172.1 ha-Latn-NG
collation he "" "" 1 3 2.16.840.1.113730.3.3.2.173.1 he he-IL
collation hi "" "" 1 3 2.16.840.1.113730.3.3.2.174.1 hi hi-IN
collation hy "" "" 1 3 2.16.840.1.113730.3.3.2.175.1 hy hy-AM
collation id "" "" 1 3 2.16.840.1.113730.3.3.2.176.1 id id-ID
collation ig "" "" 1 3 2.16.840.1.113730.3.3.2.177.1 ig ig-NG
collation it IT "" 1 3 2.16.840.1.113730.3.3.2.178.1 it-IT
collation ka "" "" 1 3 2.16.840.1.113730.3.3.2.179.1 ka
collation ka GE "" 1 3 2.16.840.1.113730.3.3.2.180.1 ka-GE
collation kk "" "" 1 3 2.16.840.1.113730.3.3.2.181.1 kk kk-KZ
collation kl "" "" 1 3 2.16.840.1.113730.3.3.2.182.1 kl kl-GL
collation kn "" "" 1 3 2.16.840.1.113730.3.3.2.183.1 kn kn-IN
collation kok "" "" 1 3 2.16.840.1.113730.3.3.2.184.1 kok kok-IN
collation ml "" "" 1 3 2.16.840.1.113730.3.3.2.185.1 ml ml-IN
collation ms "" "" 1 3 2.16.840.1.113730.3.3.2.186.1 ms
collation ms BN "" 1 3 2.16.840.1.113730.3.3.2.187.1 ms-BN
collation ms MY "" 1 3 2.16.840.1.113730.3.3.2.188.1 ms-MY
collation mt "" "" 1 3 2.16.840.1.113730.3.3.2.189.1 mt mt-MT
collation nl NL "" 1 3 2.16.840.1.113730.3.3.2.190.1 nl-NL
collation nn "" "" 1 3 2.16.840.1.113730.3.3.2.191.1 nn nn-NO
collation om "" "" 1 3 2.16.840.1.113730.3.3.2.192.1 om
collation om ET "" 1 3 2.16.840.1.113730.3.3.2.193.1 om-ET
collation om KE "" 1 3 2.16.840.1.113730.3.3.2.194.1 om-KE
collation or "" "" 1 3 2.16.840.1.113730.3.3.2.195.1 or or-IN
collation pa "" "" 1 3 2.16.840.1.113730.3.3.2.196.1 pa
collation pa Arab "" 1 3 2.16.840.1.113730.3.3.2.197.1 pa-Arab
collation pa Arab PK 1 3 2.16.840.1.113730.3.3.2.198.1 pa-Arab-PK
collation pa Guru "" 1 3 2.16.840.1.113730.3.3.2.199.1 pa-Guru
collation pa Guru IN 1 3 2.16.840.1.113730.3.3.2.200.1 pa-Guru-IN
collation ps "" "" 1 3 2.16.840.1.113730.3.3.2.201.1 ps ps-AF
collation pt "" "" 1 3 2.16.840.1.113730.3.3.2.202.1 pt
collation pt BR "" 1 3 2.16.840.1.113730.3.3.2.203.1 pt-BR
collation pt PT "" 1 3 2.16.840.1.113730.3.3.2.204.1 pt-PT
collation ro MD "" 1 3 2.16.840.1.113730.3.3.2.205.1 ro-MD
collation ro RO "" 1 3 2.16.840.1.113730.3.3.2.206.1 ro-RO
collation ru MD "" 1 3 2.16.840.1.113730.3.3.2.207.1 ru-MD
collation ru RU "" 1 3 2.16.840.1.113730.3.3.2.208.1 ru-RU
collation ru UA "" 1 3 2.16.840.1.113730.3.3.2.209.1 ru-UA
collation si "" "" 1 3 2.16.840.1.113730.3.3.2.210.1 si si-LK
collation sk SK "" 1 3 2.16.840.1.113730.3.3.2.211.1 sk-SK
collation sl SI "" 1 3 2.16.840.1.113730.3.3.2.212.1 sl-SI
collation sq AL "" 1 3 2.16.840.1.113730.3.3.2.213.1 sq-AL
collation sr Cyrl "" 1 3 2.16.840.1.113730.3.3.2.214.1 sr-Cyrl
collation sr Cyrl BA 1 3 2.16.840.1.113730.3.3.2.215.1 sr-Cyrl-BA
collation sr Cyrl ME 1 3 2.16.840.1.113730.3.3.2.216.1 sr-Cyrl-ME
collation sr Cyrl RS 1 3 2.16.840.1.113730.3.3.2.217.1 sr-Cyrl-RS
collation sr Latn "" 1 3 2.16.840.1.113730.3.3.2.218.1 sr-Latn
collation sr Latn BA 1 3 2.16.840.1.113730.3.3.2.219.1 sr-Latn-BA
collation sr Latn ME 1 3 2.16.840.1.113730.3.3.2.220.1 sr-Latn-ME
collation sr Latn RS 1 3 2.16.840.1.113730.3.3.2.221.1 sr-Latn-RS
collation sv FI "" 1 3 2.16.840.1.113730.3.3.2.222.1 sv-FI
collation sv SE "" 1 3 2.16.840.1.113730.3.3.2.223.1 sv-SE
collation sw "" "" 1 3 2.16.840.1.113730.3.3.2.224.1 sw
collation sw KE "" 1 3 2.16.840.1.113730.3.3.2.225.1 sw-KE
collation sw TZ "" 1 3 2.16.840.1.113730.3.3.2.226.1 sw-TZ
collation ta "" "" 1 3 2.16.840.1.113730.3.3.2.227.1 ta
collation ta IN "" 1 3 2.16.840.1.113730.3.3.2.228.1 ta-IN
collation ta LK "" 1 3 2.16.840.1.113730.3.3.2.229.1 ta-LK
collation te "" "" 1 3 2.16.840.1.113730.3.3.2.230.1 te te-IN
collation th "" "" 1 3 2.16.840.1.113730.3.3.2.231.1 th th-TH
collation ur "" "" 1 3 2.16.840.1.113730.3.3.2.232.1 ur
collation ur IN "" 1 3 2.16.840.1.113730.3.3.2.233.1 ur-IN
collation ur PK "" 1 3 2.16.840.1.113730.3.3.2.234.1 ur-PK
collation vi "" "" 1 3 2.16.840.1.113730.3.3.2.235.1 vi vi-VN
collation yo "" "" 1 3 2.16.840.1.113730.3.3.2.236.1 yo yo-NG
collation zh Hans "" 1 3 2.16.840.1.113730.3.3.2.237.1 zh-Hans
collation zh Hans CN 1 3 2.16.840.1.113730.3.3.2.238.1 zh-Hans-CN
collation zh Hans SG 1 3 2.16.840.1.113730.3.3.2.239.1 zh-Hans-SG
collation zh Hant HK 1 3 2.16.840.1.113730.3.3.2.240.1 zh-Hant-HK
collation zh Hant MO 1 3 2.16.840.1.113730.3.3.2.241.1 zh-Hant-MO
collation zh Hant TW 1 3 2.16.840.1.113730.3.3.2.242.1 zh-Hant-TW
collation zu "" "" 1 3 2.16.840.1.113730.3.3.2.243.1 zu
collation zu ZA "" 1 3 2.16.840.1.113730.3.3.2.244.1 zu-ZA
collation "" "" "" 3 3 2.16.840.1.113730.3.3.2.0.3
collation en "" "" 3 3 2.16.840.1.113730.3.3.2.11.3

726
root/etc/dirsrv/schema/kerberos.schema Normal file
View File

@ -0,0 +1,726 @@
# Novell Kerberos Schema Definitions
# Novell Inc.
# 1800 South Novell Place
# Provo, UT 84606
#
# VeRsIoN=1.0
# CoPyRiGhT=(c) Copyright 2006, Novell, Inc. All rights reserved
#
# OIDs:
# joint-iso-ccitt(2)
# country(16)
# us(840)
# organization(1)
# Novell(113719)
# applications(1)
# kerberos(301)
# Kerberos Attribute Type(4) attr# version#
# specific attribute definitions
# Kerberos Attribute Syntax(5)
# specific syntax definitions
# Kerberos Object Class(6) class# version#
# specific class definitions
#
# iso(1)
# member-body(2)
# United States(840)
# mit (113554)
# infosys(1)
# ldap(4)
# attributeTypes(1)
# Kerberos(6)
########################################################################
########################################################################
# Attribute Type Definitions #
########################################################################
##### This is the principal name in the RFC 1964 specified format
attributetype ( 2.16.840.1.113719.1.301.4.1.1
NAME 'krbPrincipalName'
EQUALITY caseExactIA5Match
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
##### If there are multiple krbPrincipalName values for an entry, this
##### is the canonical principal name in the RFC 1964 specified
##### format. (If this attribute does not exist, then all
##### krbPrincipalName values are treated as canonical.)
attributetype ( 1.2.840.113554.1.4.1.6.1
NAME 'krbCanonicalName'
EQUALITY caseExactIA5Match
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE)
##### This specifies the type of the principal, the types could be any of
##### the types mentioned in section 6.2 of RFC 4120
attributetype ( 2.16.840.1.113719.1.301.4.3.1
NAME 'krbPrincipalType'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
##### This flag is used to find whether directory User Password has to be used
##### as kerberos password.
##### TRUE, if User Password is to be used as the kerberos password.
##### FALSE, if User Password and the kerberos password are different.
attributetype ( 2.16.840.1.113719.1.301.4.5.1
NAME 'krbUPEnabled'
DESC 'Boolean'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE)
##### The time at which the principal expires
attributetype ( 2.16.840.1.113719.1.301.4.6.1
NAME 'krbPrincipalExpiration'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE)
##### The krbTicketFlags attribute holds information about the kerberos flags for a principal
##### The values (0x00000001 - 0x00800000) are reserved for standards and
##### values (0x01000000 - 0x80000000) can be used for proprietary extensions.
##### The flags and values as per RFC 4120 and MIT implementation are,
##### DISALLOW_POSTDATED 0x00000001
##### DISALLOW_FORWARDABLE 0x00000002
##### DISALLOW_TGT_BASED 0x00000004
##### DISALLOW_RENEWABLE 0x00000008
##### DISALLOW_PROXIABLE 0x00000010
##### DISALLOW_DUP_SKEY 0x00000020
##### DISALLOW_ALL_TIX 0x00000040
##### REQUIRES_PRE_AUTH 0x00000080
##### REQUIRES_HW_AUTH 0x00000100
##### REQUIRES_PWCHANGE 0x00000200
##### DISALLOW_SVR 0x00001000
##### PWCHANGE_SERVICE 0x00002000
attributetype ( 2.16.840.1.113719.1.301.4.8.1
NAME 'krbTicketFlags'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
##### The maximum ticket lifetime for a principal in seconds
attributetype ( 2.16.840.1.113719.1.301.4.9.1
NAME 'krbMaxTicketLife'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
##### Maximum renewable lifetime for a principal's ticket in seconds
attributetype ( 2.16.840.1.113719.1.301.4.10.1
NAME 'krbMaxRenewableAge'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
##### Forward reference to the Realm object.
##### (FDN of the krbRealmContainer object).
##### Example: cn=ACME.COM, cn=Kerberos, cn=Security
attributetype ( 2.16.840.1.113719.1.301.4.14.1
NAME 'krbRealmReferences'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
##### List of LDAP servers that kerberos servers can contact.
##### The attribute holds data in the ldap uri format,
##### Examples: acme.com#636, 164.164.164.164#1636, ldaps://acme.com:636
#####
##### The values of this attribute need to be updated, when
##### the LDAP servers listed here are renamed, moved or deleted.
attributetype ( 2.16.840.1.113719.1.301.4.15.1
NAME 'krbLdapServers'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
##### A set of forward references to the KDC Service objects.
##### (FDNs of the krbKdcService objects).
##### Example: cn=kdc - server 1, ou=uvw, o=xyz
attributetype ( 2.16.840.1.113719.1.301.4.17.1
NAME 'krbKdcServers'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
##### A set of forward references to the Password Service objects.
##### (FDNs of the krbPwdService objects).
##### Example: cn=kpasswdd - server 1, ou=uvw, o=xyz
attributetype ( 2.16.840.1.113719.1.301.4.18.1
NAME 'krbPwdServers'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
##### This attribute holds the Host Name or the ip address,
##### transport protocol and ports of the kerberos service host
##### The format is host_name-or-ip_address#protocol#port
##### Protocol can be 0 or 1. 0 is for UDP. 1 is for TCP.
attributetype ( 2.16.840.1.113719.1.301.4.24.1
NAME 'krbHostServer'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
##### This attribute holds the scope for searching the principals
##### under krbSubTree attribute of krbRealmContainer
##### The value can either be 1 (ONE) or 2 (SUB_TREE).
attributetype ( 2.16.840.1.113719.1.301.4.25.1
NAME 'krbSearchScope'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
##### FDNs pointing to Kerberos principals
attributetype ( 2.16.840.1.113719.1.301.4.26.1
NAME 'krbPrincipalReferences'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
##### This attribute specifies which attribute of the user objects
##### be used as the principal name component for Kerberos.
##### The allowed values are cn, sn, uid, givenname, fullname.
attributetype ( 2.16.840.1.113719.1.301.4.28.1
NAME 'krbPrincNamingAttr'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE)
##### A set of forward references to the Administration Service objects.
##### (FDNs of the krbAdmService objects).
##### Example: cn=kadmindd - server 1, ou=uvw, o=xyz
attributetype ( 2.16.840.1.113719.1.301.4.29.1
NAME 'krbAdmServers'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
##### Maximum lifetime of a principal's password
attributetype ( 2.16.840.1.113719.1.301.4.30.1
NAME 'krbMaxPwdLife'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
##### Minimum lifetime of a principal's password
attributetype ( 2.16.840.1.113719.1.301.4.31.1
NAME 'krbMinPwdLife'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
##### Minimum number of character clases allowed in a password
attributetype ( 2.16.840.1.113719.1.301.4.32.1
NAME 'krbPwdMinDiffChars'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
##### Minimum length of the password
attributetype ( 2.16.840.1.113719.1.301.4.33.1
NAME 'krbPwdMinLength'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
##### Number of previous versions of passwords that are stored
attributetype ( 2.16.840.1.113719.1.301.4.34.1
NAME 'krbPwdHistoryLength'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
##### Number of consecutive pre-authentication failures before lockout
attributetype ( 1.3.6.1.4.1.5322.21.2.1
NAME 'krbPwdMaxFailure'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
##### Period after which bad preauthentication count will be reset
attributetype ( 1.3.6.1.4.1.5322.21.2.2
NAME 'krbPwdFailureCountInterval'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
##### Period in which lockout is enforced
attributetype ( 1.3.6.1.4.1.5322.21.2.3
NAME 'krbPwdLockoutDuration'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
##### Policy attribute flags
attributetype ( 1.2.840.113554.1.4.1.6.2
NAME 'krbPwdAttributes'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
##### Policy maximum ticket lifetime
attributetype ( 1.2.840.113554.1.4.1.6.3
NAME 'krbPwdMaxLife'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
##### Policy maximum ticket renewable lifetime
attributetype ( 1.2.840.113554.1.4.1.6.4
NAME 'krbPwdMaxRenewableLife'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
##### Allowed enctype:salttype combinations for key changes
attributetype ( 1.2.840.113554.1.4.1.6.5
NAME 'krbPwdAllowedKeysalts'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE)
##### FDN pointing to a Kerberos Password Policy object
attributetype ( 2.16.840.1.113719.1.301.4.36.1
NAME 'krbPwdPolicyReference'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE)
##### The time at which the principal's password expires
attributetype ( 2.16.840.1.113719.1.301.4.37.1
NAME 'krbPasswordExpiration'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE)
##### This attribute holds the principal's key (krbPrincipalKey) that is encrypted with
##### the master key (krbMKey).
##### The attribute is ASN.1 encoded.
#####
##### The format of the value for this attribute is explained below,
##### KrbKeySet ::= SEQUENCE {
##### attribute-major-vno [0] UInt16,
##### attribute-minor-vno [1] UInt16,
##### kvno [2] UInt32,
##### mkvno [3] UInt32 OPTIONAL,
##### keys [4] SEQUENCE OF KrbKey,
##### ...
##### }
#####
##### KrbKey ::= SEQUENCE {
##### salt [0] KrbSalt OPTIONAL,
##### key [1] EncryptionKey,
##### s2kparams [2] OCTET STRING OPTIONAL,
##### ...
##### }
#####
##### KrbSalt ::= SEQUENCE {
##### type [0] Int32,
##### salt [1] OCTET STRING OPTIONAL
##### }
#####
##### EncryptionKey ::= SEQUENCE {
##### keytype [0] Int32,
##### keyvalue [1] OCTET STRING
##### }
attributetype ( 2.16.840.1.113719.1.301.4.39.1
NAME 'krbPrincipalKey'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
##### FDN pointing to a Kerberos Ticket Policy object.
attributetype ( 2.16.840.1.113719.1.301.4.40.1
NAME 'krbTicketPolicyReference'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE)
##### Forward reference to an entry that starts sub-trees
##### where principals and other kerberos objects in the realm are configured.
##### Example: ou=acme, ou=pq, o=xyz
attributetype ( 2.16.840.1.113719.1.301.4.41.1
NAME 'krbSubTrees'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
##### Holds the default encryption/salt type combinations of principals for
##### the Realm. Stores in the form of key:salt strings. This will be
##### subset of the supported encryption/salt types.
##### Example: aes256-cts-hmac-sha384-192:normal
attributetype ( 2.16.840.1.113719.1.301.4.42.1
NAME 'krbDefaultEncSaltTypes'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
##### Holds the supported encryption/salt type combinations of principals for
##### the Realm. Stores in the form of key:salt strings.
##### The supported encryption types are mentioned in RFC 3961
##### The supported salt types are,
##### NORMAL
##### V4
##### NOREALM
##### ONLYREALM
##### SPECIAL
##### AFS3
##### Example: aes256-cts-hmac-sha384-192:normal
attributetype ( 2.16.840.1.113719.1.301.4.43.1
NAME 'krbSupportedEncSaltTypes'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
##### This attribute holds the principal's old keys (krbPwdHistory) that is encrypted with
##### the kadmin/history key.
##### The attribute is ASN.1 encoded.
#####
##### The format of the value for this attribute is explained below,
##### KrbKeySet ::= SEQUENCE {
##### attribute-major-vno [0] UInt16,
##### attribute-minor-vno [1] UInt16,
##### kvno [2] UInt32,
##### mkvno [3] UInt32 OPTIONAL -- actually kadmin/history key,
##### keys [4] SEQUENCE OF KrbKey,
##### ...
##### }
#####
##### KrbKey ::= SEQUENCE {
##### salt [0] KrbSalt OPTIONAL,
##### key [1] EncryptionKey,
##### s2kparams [2] OCTET STRING OPTIONAL,
##### ...
##### }
#####
##### KrbSalt ::= SEQUENCE {
##### type [0] Int32,
##### salt [1] OCTET STRING OPTIONAL
##### }
#####
##### EncryptionKey ::= SEQUENCE {
##### keytype [0] Int32,
##### keyvalue [1] OCTET STRING
##### }
attributetype ( 2.16.840.1.113719.1.301.4.44.1
NAME 'krbPwdHistory'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
##### The time at which the principal's password last password change happened.
attributetype ( 2.16.840.1.113719.1.301.4.45.1
NAME 'krbLastPwdChange'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE)
##### The time at which the principal was last administratively unlocked.
attributetype ( 1.3.6.1.4.1.5322.21.2.5
NAME 'krbLastAdminUnlock'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE)
##### This attribute holds the kerberos master key.
##### This can be used to encrypt principal keys.
##### This attribute has to be secured in directory.
#####
##### This attribute is ASN.1 encoded.
##### The format of the value for this attribute is explained below,
##### KrbMKey ::= SEQUENCE {
##### kvno [0] UInt32,
##### key [1] MasterKey
##### }
#####
##### MasterKey ::= SEQUENCE {
##### keytype [0] Int32,
##### keyvalue [1] OCTET STRING
##### }
attributetype ( 2.16.840.1.113719.1.301.4.46.1
NAME 'krbMKey'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
##### This stores the alternate principal names for the principal in the RFC 1964 specified format
attributetype ( 2.16.840.1.113719.1.301.4.47.1
NAME 'krbPrincipalAliases'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
##### The time at which the principal's last successful authentication happened.
attributetype ( 2.16.840.1.113719.1.301.4.48.1
NAME 'krbLastSuccessfulAuth'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE)
##### The time at which the principal's last failed authentication happened.
attributetype ( 2.16.840.1.113719.1.301.4.49.1
NAME 'krbLastFailedAuth'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE)
##### This attribute stores the number of failed authentication attempts
##### happened for the principal since the last successful authentication.
attributetype ( 2.16.840.1.113719.1.301.4.50.1
NAME 'krbLoginFailedCount'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
##### This attribute holds the application specific data.
attributetype ( 2.16.840.1.113719.1.301.4.51.1
NAME 'krbExtraData'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
##### This attributes holds references to the set of directory objects.
##### This stores the DNs of the directory objects to which the
##### principal object belongs to.
attributetype ( 2.16.840.1.113719.1.301.4.52.1
NAME 'krbObjectReferences'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
##### This attribute holds references to a Container object where
##### the additional principal objects and stand alone principal
##### objects (krbPrincipal) can be created.
attributetype ( 2.16.840.1.113719.1.301.4.53.1
NAME 'krbPrincContainerRef'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
##### A list of authentication indicator strings, one of which must be satisfied
##### to authenticate to the principal as a service.
##### FreeIPA OID:
##### joint-iso-ccitt(3) country(16) us(840) organization(1) netscape(113730)
##### ldap(3) freeipa(8) krb5(15) attributes(2)
attributetype ( 2.16.840.1.113730.3.8.15.2.1
NAME 'krbPrincipalAuthInd'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
##### A list of services to which a service principal can delegate.
attributetype ( 1.3.6.1.4.1.5322.21.2.4
NAME 'krbAllowedToDelegateTo'
EQUALITY caseExactIA5Match
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
########################################################################
########################################################################
# Object Class Definitions #
########################################################################
#### This is a kerberos container for all the realms in a tree.
objectclass ( 2.16.840.1.113719.1.301.6.1.1
NAME 'krbContainer'
SUP top
STRUCTURAL
MUST ( cn ) )
##### The krbRealmContainer is created per realm and holds realm specific data.
objectclass ( 2.16.840.1.113719.1.301.6.2.1
NAME 'krbRealmContainer'
SUP top
STRUCTURAL
MUST ( cn )
MAY ( krbMKey $ krbUPEnabled $ krbSubTrees $ krbSearchScope $ krbLdapServers $ krbSupportedEncSaltTypes $ krbDefaultEncSaltTypes $ krbTicketPolicyReference $ krbKdcServers $ krbPwdServers $ krbAdmServers $ krbPrincNamingAttr $ krbPwdPolicyReference $ krbPrincContainerRef ) )
##### An instance of a class derived from krbService is created per
##### kerberos authentication or administration server in an realm and holds
##### references to the realm objects. These references is used to further read
##### realm specific data to service AS/TGS requests. Additionally this object
##### contains some server specific data like pathnames and ports that the
##### server uses. This is the identity the kerberos server logs in with. A key
##### pair for the same is created and the kerberos server logs in with the same.
#####
##### krbKdcService, krbAdmService and krbPwdService derive from this class.
objectclass ( 2.16.840.1.113719.1.301.6.3.1
NAME 'krbService'
SUP top
ABSTRACT
MUST ( cn )
MAY ( krbHostServer $ krbRealmReferences ) )
##### Representative object for the KDC server to bind into a LDAP directory
##### and have a connection to access Kerberos data with the required
##### access rights.
objectclass ( 2.16.840.1.113719.1.301.6.4.1
NAME 'krbKdcService'
SUP krbService
STRUCTURAL )
##### Representative object for the Kerberos Password server to bind into a LDAP directory
##### and have a connection to access Kerberos data with the required
##### access rights.
objectclass ( 2.16.840.1.113719.1.301.6.5.1
NAME 'krbPwdService'
SUP krbService
STRUCTURAL )
###### The principal data auxiliary class. Holds principal information
###### and is used to store principal information for Person, Service objects.
objectclass ( 2.16.840.1.113719.1.301.6.8.1
NAME 'krbPrincipalAux'
SUP top
AUXILIARY
MAY ( krbPrincipalName $ krbCanonicalName $ krbUPEnabled $ krbPrincipalKey $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpiration $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPwdChange $ krbLastAdminUnlock $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ krbLoginFailedCount $ krbExtraData $ krbAllowedToDelegateTo $ krbPrincipalAuthInd ) )
###### This class is used to create additional principals and stand alone principals.
objectclass ( 2.16.840.1.113719.1.301.6.9.1
NAME 'krbPrincipal'
SUP top
MUST ( krbPrincipalName )
MAY ( krbObjectReferences ) )
###### The principal references auxiliary class. Holds all principals referred
###### from a service
objectclass ( 2.16.840.1.113719.1.301.6.11.1
NAME 'krbPrincRefAux'
SUP top
AUXILIARY
MAY krbPrincipalReferences )
##### Representative object for the Kerberos Administration server to bind into a LDAP directory
##### and have a connection Id to access Kerberos data with the required access rights.
objectclass ( 2.16.840.1.113719.1.301.6.13.1
NAME 'krbAdmService'
SUP krbService
STRUCTURAL )
##### The krbPwdPolicy object is a template password policy that
##### can be applied to principals when they are created.
##### These policy attributes will be in effect, when the Kerberos
##### passwords are different from users' passwords (UP).
objectclass ( 2.16.840.1.113719.1.301.6.14.1
NAME 'krbPwdPolicy'
SUP top
MUST ( cn )
MAY ( krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailureCountInterval $ krbPwdLockoutDuration $ krbPwdAttributes $ krbPwdMaxLife $ krbPwdMaxRenewableLife $ krbPwdAllowedKeysalts ) )
##### The krbTicketPolicyAux holds Kerberos ticket policy attributes.
##### This class can be attached to a principal object or realm object.
objectclass ( 2.16.840.1.113719.1.301.6.16.1
NAME 'krbTicketPolicyAux'
SUP top
AUXILIARY
MAY ( krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge ) )
##### The krbTicketPolicy object is an effective ticket policy that is associated with a realm or a principal
objectclass ( 2.16.840.1.113719.1.301.6.17.1
NAME 'krbTicketPolicy'
SUP top
MUST ( cn ) )

2532
root/etc/dirsrv/slapd-medusa/dse.ldif Normal file
View File

File diff suppressed because it is too large Load Diff

2532
root/etc/dirsrv/slapd-medusa/dse.ldif.bak Normal file
View File

File diff suppressed because it is too large Load Diff

2532
root/etc/dirsrv/slapd-medusa/dse.ldif.startOK Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
root/etc/dirsrv/slapd-medusa/key4.db Normal file
View File

Binary file not shown.

1
root/etc/dirsrv/slapd-medusa/noise.txt Normal file
View File

@ -0,0 +1 @@
4eTiIy84sfDz0Eiyv.wC.KwxxAj.kGFMVA6UNWaYBR6YvKly6RrC0n4HGu8tvHUdKrIGwEuCJH0V16ao632Q9k15hOecgCtVsPALWiGPl0122dQvSoZDRkgeOG4iemUi91eB0aY9fRtdGkyqrIbHlRY9s8PTL6XulAaGrR0FfFV6pMCZnLNsCR3S1Atv9AOJKEPgIvmp8fyudR4VA1sLfsvqbAtf2xovHdNqhhIJ8lKbW4u0Z7Mketa4uEroY.UbI

1
root/etc/dirsrv/slapd-medusa/pin.txt Normal file
View File

@ -0,0 +1 @@
Internal (Software) Token:UpU0cFftep2vlX1yLvqgzt4HtDUROfkGSlQ0.LuGKZVHBG5fv6sHUuE1cGilYLRYc

5
root/etc/dirsrv/slapd-medusa/pkcs11.txt Normal file
View File

@ -0,0 +1,5 @@
library=
name=NSS Internal PKCS #11 Module
parameters=configdir='/etc/dirsrv/slapd-medusa' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' cryptoTokenDescription='Communicator Generic Crypto Svcs' dbTokenDescription='Internal (Software) Token ' minPS=0
NSS=trustOrder=75 cipherOrder=100 slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,SHA256,SHA512,Camellia,SEED,ECC,RANDOM askpw=any timeout=0 ] } Flags=internal,critical

1
root/etc/dirsrv/slapd-medusa/pwdfile.txt Normal file
View File

@ -0,0 +1 @@
UpU0cFftep2vlX1yLvqgzt4HtDUROfkGSlQ0.LuGKZVHBG5fv6sHUuE1cGilYLRYc

14
root/etc/dirsrv/slapd-medusa/schema/99user.ldif Normal file
View File

@ -0,0 +1,14 @@
#
# BEGIN COPYRIGHT BLOCK
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
# Copyright (C) 2005 Red Hat, Inc.
# All rights reserved.
#
# License: GPL (version 3 or any later version).
# See LICENSE for details.
# END COPYRIGHT BLOCK
#
#
# User-defined schema
#
dn: cn=schema

8
root/etc/dirsrv/ssca/README.txt Normal file
View File

@ -0,0 +1,8 @@
SSCA - Simple Self-Signed Certificate Authority
This is part of the 389 Directory Server project's lib389 toolkit. It
creates a simple, standalone certificate authority for testing and
development purposes. It's suitable for evaluation and testing purposes
only.

708
root/etc/dnsmasq.conf Normal file
View File

@ -0,0 +1,708 @@
# Configuration file for dnsmasq.
#
# Format is one option per line, legal options are the same
# as the long options legal on the command line. See
# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
# Listen on this specific port instead of the standard DNS port
# (53). Setting this to zero completely disables DNS function,
# leaving only DHCP and/or TFTP.
#port=5353
# The following two options make you a better netizen, since they
# tell dnsmasq to filter out queries which the public DNS cannot
# answer, and which load the servers (especially the root servers)
# unnecessarily. If you have a dial-on-demand link they also stop
# these requests from bringing up the link unnecessarily.
# Never forward plain names (without a dot or domain part)
#domain-needed
# Never forward addresses in the non-routed address spaces.
#bogus-priv
# Uncomment these to enable DNSSEC validation and caching:
# (Requires dnsmasq to be built with DNSSEC option.)
#conf-file=/usr/share/dnsmasq/trust-anchors.conf
#dnssec
# Replies which are not DNSSEC signed may be legitimate, because the domain
# is unsigned, or may be forgeries. Setting this option tells dnsmasq to
# check that an unsigned reply is OK, by finding a secure proof that a DS
# record somewhere between the root and the domain does not exist.
# The cost of setting this is that even queries in unsigned domains will need
# one or more extra DNS queries to verify.
#dnssec-check-unsigned
# Uncomment this to filter useless windows-originated DNS requests
# which can trigger dial-on-demand links needlessly.
# Note that (amongst other things) this blocks all SRV requests,
# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
# This option only affects forwarding, SRV records originating for
# dnsmasq (via srv-host= lines) are not suppressed by it.
#filterwin2k
# Change this line if you want dns to get its upstream servers from
# somewhere other that /etc/resolv.conf
#resolv-file=
# By default, dnsmasq will send queries to any of the upstream
# servers it knows about and tries to favour servers to are known
# to be up. Uncommenting this forces dnsmasq to try each query
# with each server strictly in the order they appear in
# /etc/resolv.conf
#strict-order
# If you don't want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this.
#no-resolv
# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
# files for changes and re-read them then uncomment this.
#no-poll
# Add other name servers here, with domain specs if they are for
# non-public domains.
#server=/localnet/192.168.0.1
# Example of routing PTR queries to nameservers: this will send all
# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
#server=/3.168.192.in-addr.arpa/10.1.2.3
# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
#local=/localnet/
# Add domains which you want to force to an IP address here.
# The example below send any host in double-click.net to a local
# web-server.
#address=/double-click.net/127.0.0.1
# --address (and --server) work with IPv6 addresses too.
#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
# Add the IPs of all queries to yahoo.com, google.com, and their
# subdomains to the vpn and search ipsets:
#ipset=/yahoo.com/google.com/vpn,search
# Add the IPs of all queries to yahoo.com, google.com, and their
# subdomains to netfilters sets, which is equivalent to
# 'nft add element ip test vpn { ... }; nft add element ip test search { ... }'
#nftset=/yahoo.com/google.com/ip#test#vpn,ip#test#search
# Use netfilters sets for both IPv4 and IPv6:
# This adds all addresses in *.yahoo.com to vpn4 and vpn6 for IPv4 and IPv6 addresses.
#nftset=/yahoo.com/4#ip#test#vpn4
#nftset=/yahoo.com/6#ip#test#vpn6
# You can control how dnsmasq talks to a server: this forces
# queries to 10.1.2.3 to be routed via eth1
# server=10.1.2.3@eth1
# and this sets the source (ie local) address used to talk to
# 10.1.2.3 to 192.168.1.1 port 55 (there must be an interface with that
# IP on the machine, obviously).
# server=10.1.2.3@192.168.1.1#55
# If you want dnsmasq to change uid and gid to something other
# than the default, edit the following lines.
user=dnsmasq
group=dnsmasq
# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
#interface=
# Listen only on localhost by default
interface=lo
# Or you can specify which interface _not_ to listen on
#except-interface=
# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
#listen-address=
# If you want dnsmasq to provide only DNS service on an interface,
# configure it as shown above, and then use the following line to
# disable DHCP and TFTP on it.
#no-dhcp-interface=
# Serve DNS and DHCP only to networks directly connected to this machine.
# Any interface= line will override it.
#local-service
# On systems which support it, dnsmasq binds the wildcard address,
# even when it is listening on only some interfaces. It then discards
# requests that it shouldn't reply to. This has the advantage of
# working even when interfaces come and go and change address. If you
# want dnsmasq to really bind only the interfaces it is listening on,
# uncomment this option. About the only time you may need this is when
# running another nameserver on the same machine.
#
# To listen only on localhost and do not receive packets on other
# interfaces, bind only to lo device. Comment out to bind on single
# wildcard socket.
bind-interfaces
# Comment out above line and uncoment following 2 lines.
# Update interface name, use ip link to get its name.
#bind-dynamic
#interface=eno1
# If you don't want dnsmasq to read /etc/hosts, uncomment the
# following line.
#no-hosts
# or if you want it to read another file, as well as /etc/hosts, use
# this.
#addn-hosts=/etc/banner_add_hosts
# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.
#expand-hosts
# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
# as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
# domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"
#domain=thekelleys.org.uk
# Set a different domain for a particular subnet
#domain=wireless.thekelleys.org.uk,192.168.2.0/24
# Same idea, but range rather then subnet
#domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
# Uncomment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and optionally
# a lease time. If you have more than one network, you will need to
# repeat this for each network on which you want to supply DHCP
# service.
#dhcp-range=192.168.0.50,192.168.0.150,12h
# This is an example of a DHCP range where the netmask is given. This
# is needed for networks we reach the dnsmasq DHCP server via a relay
# agent. If you don't know what a DHCP relay agent is, you probably
# don't need to worry about this.
#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
# This is an example of a DHCP range which sets a tag, so that
# some DHCP options may be set only for this network.
#dhcp-range=set:red,192.168.0.50,192.168.0.150
# Use this DHCP range only when the tag "green" is set.
#dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h
# Specify a subnet which can't be used for dynamic address allocation,
# is available for hosts with matching --dhcp-host lines. Note that
# dhcp-host declarations will be ignored unless there is a dhcp-range
# of some type for the subnet in question.
# In this case the netmask is implied (it comes from the network
# configuration on the machine running dnsmasq) it is possible to give
# an explicit netmask instead.
#dhcp-range=192.168.0.0,static
# Enable DHCPv6. Note that the prefix-length does not need to be specified
# and defaults to 64 if missing/
#dhcp-range=1234::2, 1234::500, 64, 12h
# Do Router Advertisements, BUT NOT DHCP for this subnet.
#dhcp-range=1234::, ra-only
# Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
# hosts. Use the DHCPv4 lease to derive the name, network segment and
# MAC address and assume that the host will also have an
# IPv6 address calculated using the SLAAC algorithm.
#dhcp-range=1234::, ra-names
# Do Router Advertisements, BUT NOT DHCP for this subnet.
# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
#dhcp-range=1234::, ra-only, 48h
# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
# so that clients can use SLAAC addresses as well as DHCP ones.
#dhcp-range=1234::2, 1234::500, slaac
# Do Router Advertisements and stateless DHCP for this subnet. Clients will
# not get addresses from DHCP, but they will get other configuration information.
# They will use SLAAC for addresses.
#dhcp-range=1234::, ra-stateless
# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
# from DHCPv4 leases.
#dhcp-range=1234::, ra-stateless, ra-names
# Do router advertisements for all subnets where we're doing DHCPv6
# Unless overridden by ra-stateless, ra-names, et al, the router
# advertisements will have the M and O bits set, so that the clients
# get addresses and configuration from DHCPv6, and the A bit reset, so the
# clients don't use SLAAC addresses.
#enable-ra
# Supply parameters for specified hosts using DHCP. There are lots
# of valid alternatives, so we will give examples of each. Note that
# IP addresses DO NOT have to be in the range given above, they just
# need to be on the same network. The order of the parameters in these
# do not matter, it's permissible to give name, address and MAC in any
# order.
# Always allocate the host with Ethernet address 11:22:33:44:55:66
# The IP address 192.168.0.60
#dhcp-host=11:22:33:44:55:66,192.168.0.60
# Always set the name of the host with hardware address
# 11:22:33:44:55:66 to be "fred"
#dhcp-host=11:22:33:44:55:66,fred
# Always give the host with Ethernet address 11:22:33:44:55:66
# the name fred and IP address 192.168.0.60 and lease time 45 minutes
#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
# Give a host with Ethernet address 11:22:33:44:55:66 or
# 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
# that these two Ethernet interfaces will never be in use at the same
# time, and give the IP address to the second, even if it is already
# in use by the first. Useful for laptops with wired and wireless
# addresses.
#dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
# Give the machine which says its name is "bert" IP address
# 192.168.0.70 and an infinite lease
#dhcp-host=bert,192.168.0.70,infinite
# Always give the host with client identifier 01:02:02:04
# the IP address 192.168.0.60
#dhcp-host=id:01:02:02:04,192.168.0.60
# Always give the InfiniBand interface with hardware address
# 80:00:00:48:fe:80:00:00:00:00:00:00:f4:52:14:03:00:28:05:81 the
# ip address 192.168.0.61. The client id is derived from the prefix
# ff:00:00:00:00:00:02:00:00:02:c9:00 and the last 8 pairs of
# hex digits of the hardware address.
#dhcp-host=id:ff:00:00:00:00:00:02:00:00:02:c9:00:f4:52:14:03:00:28:05:81,192.168.0.61
# Always give the host with client identifier "marjorie"
# the IP address 192.168.0.60
#dhcp-host=id:marjorie,192.168.0.60
# Enable the address given for "judge" in /etc/hosts
# to be given to a machine presenting the name "judge" when
# it asks for a DHCP lease.
#dhcp-host=judge
# Never offer DHCP service to a machine whose Ethernet
# address is 11:22:33:44:55:66
#dhcp-host=11:22:33:44:55:66,ignore
# Ignore any client-id presented by the machine with Ethernet
# address 11:22:33:44:55:66. This is useful to prevent a machine
# being treated differently when running under different OS's or
# between PXE boot and OS boot.
#dhcp-host=11:22:33:44:55:66,id:*
# Send extra options which are tagged as "red" to
# the machine with Ethernet address 11:22:33:44:55:66
#dhcp-host=11:22:33:44:55:66,set:red
# Send extra options which are tagged as "red" to
# any machine with Ethernet address starting 11:22:33:
#dhcp-host=11:22:33:*:*:*,set:red
# Give a fixed IPv6 address and name to client with
# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
# Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
# Note also that the [] around the IPv6 address are obligatory.
#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
# Ignore any clients which are not specified in dhcp-host lines
# or /etc/ethers. Equivalent to ISC "deny unknown-clients".
# This relies on the special "known" tag which is set when
# a host is matched.
#dhcp-ignore=tag:!known
# Send extra options which are tagged as "red" to any machine whose
# DHCP vendorclass string includes the substring "Linux"
#dhcp-vendorclass=set:red,Linux
# Send extra options which are tagged as "red" to any machine one
# of whose DHCP userclass strings includes the substring "accounts"
#dhcp-userclass=set:red,accounts
# Send extra options which are tagged as "red" to any machine whose
# MAC address matches the pattern.
#dhcp-mac=set:red,00:60:8C:*:*:*
# If this line is uncommented, dnsmasq will read /etc/ethers and act
# on the ethernet-address/IP pairs found there just as if they had
# been given as --dhcp-host options. Useful if you keep
# MAC-address/host mappings there for other purposes.
#read-ethers
# Send options to hosts which ask for a DHCP lease.
# See RFC 2132 for details of available options.
# Common options can be given to dnsmasq by name:
# run "dnsmasq --help dhcp" to get a list.
# Note that all the common settings, such as netmask and
# broadcast address, DNS server and default route, are given
# sane defaults by dnsmasq. You very likely will not need
# any dhcp-options. If you use Windows clients and Samba, there
# are some options which are recommended, they are detailed at the
# end of this section.
# Override the default route supplied by dnsmasq, which assumes the
# router is the same machine as the one running dnsmasq.
#dhcp-option=3,1.2.3.4
# Do the same thing, but using the option name
#dhcp-option=option:router,1.2.3.4
# Override the default route supplied by dnsmasq and send no default
# route at all. Note that this only works for the options sent by
# default (1, 3, 6, 12, 28) the same line will send a zero-length option
# for all other option numbers.
#dhcp-option=3
# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
# Send DHCPv6 option. Note [] around IPv6 addresses.
#dhcp-option=option6:dns-server,[1234::77],[1234::88]
# Send DHCPv6 option for namservers as the machine running
# dnsmasq and another.
#dhcp-option=option6:dns-server,[::],[1234::88]
# Ask client to poll for option changes every six hours. (RFC4242)
#dhcp-option=option6:information-refresh-time,6h
# Set option 58 client renewal time (T1). Defaults to half of the
# lease time if not specified. (RFC2132)
#dhcp-option=option:T1,1m
# Set option 59 rebinding time (T2). Defaults to 7/8 of the
# lease time if not specified. (RFC2132)
#dhcp-option=option:T2,2m
# Set the NTP time server address to be the same machine as
# is running dnsmasq
#dhcp-option=42,0.0.0.0
# Set the NIS domain name to "welly"
#dhcp-option=40,welly
# Set the default time-to-live to 50
#dhcp-option=23,50
# Set the "all subnets are local" flag
#dhcp-option=27,1
# Send the etherboot magic flag and then etherboot options (a string).
#dhcp-option=128,e4:45:74:68:00:00
#dhcp-option=129,NIC=eepro100
# Specify an option which will only be sent to the "red" network
# (see dhcp-range for the declaration of the "red" network)
# Note that the tag: part must precede the option: part.
#dhcp-option = tag:red, option:ntp-server, 192.168.1.1
# The following DHCP options set up dnsmasq in the same way as is specified
# for the ISC dhcpcd in
# https://web.archive.org/web/20040313070105/http://us1.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
# adapted for a typical dnsmasq installation where the host running
# dnsmasq is also the host running samba.
# you may want to uncomment some or all of them if you use
# Windows clients and Samba.
#dhcp-option=19,0 # option ip-forwarding off
#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
#dhcp-option=45,0.0.0.0 # netbios datagram distribution server
#dhcp-option=46,8 # netbios node type
# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
#dhcp-option=252,"\n"
# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
# probably doesn't support this......
#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
# Send RFC-3442 classless static routes (note the netmask encoding)
#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
# Send vendor-class specific options encapsulated in DHCP option 43.
# The meaning of the options is defined by the vendor-class so
# options are sent only when the client supplied vendor class
# matches the class given here. (A substring match is OK, so "MSFT"
# matches "MSFT" and "MSFT 5.0"). This example sets the
# mtftp address to 0.0.0.0 for PXEClients.
#dhcp-option=vendor:PXEClient,1,0.0.0.0
# Send microsoft-specific option to tell windows to release the DHCP lease
# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
# value as a four-byte integer - that's what microsoft wants. See
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
#dhcp-option=vendor:MSFT,2,1i
# Send the Encapsulated-vendor-class ID needed by some configurations of
# Etherboot to allow is to recognise the DHCP server.
#dhcp-option=vendor:Etherboot,60,"Etherboot"
# Send options to PXELinux. Note that we need to send the options even
# though they don't appear in the parameter request list, so we need
# to use dhcp-option-force here.
# See http://syslinux.zytor.com/pxe.php#special for details.
# Magic number - needed before anything else is recognised
#dhcp-option-force=208,f1:00:74:7e
# Configuration file name
#dhcp-option-force=209,configs/common
# Path prefix
#dhcp-option-force=210,/tftpboot/pxelinux/files/
# Reboot time. (Note 'i' to send 32-bit value)
#dhcp-option-force=211,30i
# Set the boot filename for netboot/PXE. You will only need
# this if you want to boot machines over the network and you will need
# a TFTP server; either dnsmasq's built-in TFTP server or an
# external one. (See below for how to enable the TFTP server.)
#dhcp-boot=pxelinux.0
# The same as above, but use custom tftp-server instead machine running dnsmasq
#dhcp-boot=pxelinux,server.name,192.168.1.100
# Boot for iPXE. The idea is to send two different
# filenames, the first loads iPXE, and the second tells iPXE what to
# load. The dhcp-match sets the ipxe tag for requests from iPXE.
#dhcp-boot=undionly.kpxe
#dhcp-match=set:ipxe,175 # iPXE sends a 175 option.
#dhcp-boot=tag:ipxe,http://boot.ipxe.org/demo/boot.php
# Encapsulated options for iPXE. All the options are
# encapsulated within option 175
#dhcp-option=encap:175, 1, 5b # priority code
#dhcp-option=encap:175, 176, 1b # no-proxydhcp
#dhcp-option=encap:175, 177, string # bus-id
#dhcp-option=encap:175, 189, 1b # BIOS drive code
#dhcp-option=encap:175, 190, user # iSCSI username
#dhcp-option=encap:175, 191, pass # iSCSI password
# Test for the architecture of a netboot client. PXE clients are
# supposed to send their architecture as option 93. (See RFC 4578)
#dhcp-match=peecees, option:client-arch, 0 #x86-32
#dhcp-match=itanics, option:client-arch, 2 #IA64
#dhcp-match=hammers, option:client-arch, 6 #x86-64
#dhcp-match=mactels, option:client-arch, 7 #EFI x86-64
# Do real PXE, rather than just booting a single file, this is an
# alternative to dhcp-boot.
#pxe-prompt="What system shall I netboot?"
# or with timeout before first available action is taken:
#pxe-prompt="Press F8 for menu.", 60
# Available boot services. for PXE.
#pxe-service=x86PC, "Boot from local disk"
# Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
#pxe-service=x86PC, "Install Linux", pxelinux
# Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
# Beware this fails on old PXE ROMS.
#pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
# Use bootserver on network, found my multicast or broadcast.
#pxe-service=x86PC, "Install windows from RIS server", 1
# Use bootserver at a known IP address.
#pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
# If you have multicast-FTP available,
# information for that can be passed in a similar way using options 1
# to 5. See page 19 of
# http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
# Enable dnsmasq's built-in TFTP server
#enable-tftp
# Set the root directory for files available via FTP.
#tftp-root=/var/ftpd
# Do not abort if the tftp-root is unavailable
#tftp-no-fail
# Make the TFTP server more secure: with this set, only files owned by
# the user dnsmasq is running as will be send over the net.
#tftp-secure
# This option stops dnsmasq from negotiating a larger blocksize for TFTP
# transfers. It will slow things down, but may rescue some broken TFTP
# clients.
#tftp-no-blocksize
# Set the boot file name only when the "red" tag is set.
#dhcp-boot=tag:red,pxelinux.red-net
# An example of dhcp-boot with an external TFTP server: the name and IP
# address of the server are given after the filename.
# Can fail with old PXE ROMS. Overridden by --pxe-service.
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
# If there are multiple external tftp servers having a same name
# (using /etc/hosts) then that name can be specified as the
# tftp_servername (the third option to dhcp-boot) and in that
# case dnsmasq resolves this name and returns the resultant IP
# addresses in round robin fashion. This facility can be used to
# load balance the tftp load among a set of servers.
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
# Set the limit on DHCP leases, the default is 150
#dhcp-lease-max=150
# The DHCP server needs somewhere on disk to keep its lease database.
# This defaults to a sane location, but if you want to change it, use
# the line below.
#dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases
# Set the DHCP server to authoritative mode. In this mode it will barge in
# and take over the lease for any client which broadcasts on the network,
# whether it has a record of the lease or not. This avoids long timeouts
# when a machine wakes up on a new network. DO NOT enable this if there's
# the slightest chance that you might end up accidentally configuring a DHCP
# server for your campus/company accidentally. The ISC server uses
# the same option, and this URL provides more information:
# http://www.isc.org/files/auth.html
#dhcp-authoritative
# Set the DHCP server to enable DHCPv4 Rapid Commit Option per RFC 4039.
# In this mode it will respond to a DHCPDISCOVER message including a Rapid Commit
# option with a DHCPACK including a Rapid Commit option and fully committed address
# and configuration information. This must only be enabled if either the server is
# the only server for the subnet, or multiple servers are present and they each
# commit a binding for all clients.
#dhcp-rapid-commit
# Run an executable when a DHCP lease is created or destroyed.
# The arguments sent to the script are "add" or "del",
# then the MAC address, the IP address and finally the hostname
# if there is one.
#dhcp-script=/bin/echo
# Set the cachesize here.
#cache-size=150
# If you want to disable negative caching, uncomment this.
#no-negcache
# Normally responses which come from /etc/hosts and the DHCP lease
# file have Time-To-Live set as zero, which conventionally means
# do not cache further. If you are happy to trade lower load on the
# server for potentially stale date, you can set a time-to-live (in
# seconds) here.
#local-ttl=
# If you want dnsmasq to detect attempts by Verisign to send queries
# to unregistered .com and .net hosts to its sitefinder service and
# have dnsmasq instead return the correct NXDOMAIN response, uncomment
# this line. You can add similar lines to do the same for other
# registries which have implemented wildcard A records.
#bogus-nxdomain=64.94.110.11
# If you want to fix up DNS results from upstream servers, use the
# alias option. This only works for IPv4.
# This alias makes a result of 1.2.3.4 appear as 5.6.7.8
#alias=1.2.3.4,5.6.7.8
# and this maps 1.2.3.x to 5.6.7.x
#alias=1.2.3.0,5.6.7.0,255.255.255.0
# and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
#alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
# Change these lines if you want dnsmasq to serve MX records.
# Return an MX record named "maildomain.com" with target
# servermachine.com and preference 50
#mx-host=maildomain.com,servermachine.com,50
# Set the default target for MX records created using the localmx option.
#mx-target=servermachine.com
# Return an MX record pointing to the mx-target for all local
# machines.
#localmx
# Return an MX record pointing to itself for all local machines.
#selfmx
# Change the following lines if you want dnsmasq to serve SRV
# records. These are useful if you want to serve ldap requests for
# Active Directory and other windows-originated DNS requests.
# See RFC 2782.
# You may add multiple srv-host lines.
# The fields are <name>,<target>,<port>,<priority>,<weight>
# If the domain part if missing from the name (so that is just has the
# service and protocol sections) then the domain given by the domain=
# config option is used. (Note that expand-hosts does not need to be
# set for this to work.)
# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 389
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 389 (using domain=)
#domain=example.com
#srv-host=_ldap._tcp,ldapserver.example.com,389
# Two SRV records for LDAP, each with different priorities
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
# A SRV record indicating that there is no LDAP server for the domain
# example.com
#srv-host=_ldap._tcp.example.com
# The following line shows how to make dnsmasq serve an arbitrary PTR
# record. This is useful for DNS-SD. (Note that the
# domain-name expansion done for SRV records _does_not
# occur for PTR records.)
#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
# Change the following lines to enable dnsmasq to serve TXT records.
# These are used for things like SPF and zeroconf. (Note that the
# domain-name expansion done for SRV records _does_not
# occur for TXT records.)
#Example SPF.
#txt-record=example.com,"v=spf1 a -all"
#Example zeroconf
#txt-record=_http._tcp.example.com,name=value,paper=A4
# Provide an alias for a "local" DNS name. Note that this _only_ works
# for targets which are names from DHCP or /etc/hosts. Give host
# "bert" another name, bertrand
#cname=bertand,bert
# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
#log-queries
# Log lots of extra information about DHCP transactions.
#log-dhcp
# Include another lot of configuration options.
#conf-file=/etc/dnsmasq.more.conf
#conf-dir=/etc/dnsmasq.d
# Include all the files in a directory except those ending in .bak
#conf-dir=/etc/dnsmasq.d,.bak
# Include all files in a directory which end in .conf
#conf-dir=/etc/dnsmasq.d/,*.conf
# Include all files in /etc/dnsmasq.d except RPM backup files
conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig
# If a DHCP client claims that its name is "wpad", ignore that.
# This fixes a security hole. see CERT Vulnerability VU#598349
#dhcp-name-match=set:wpad-ignore,wpad
#dhcp-ignore-names=tag:wpad-ignore

17
root/etc/fstab Normal file
View File

@ -0,0 +1,17 @@
#
# /etc/fstab
# Created by anaconda on Mon Jan 16 20:45:32 2023
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
/dev/mapper/fedora_medusa-root / xfs defaults 0 0
UUID=c8c7437c-a14f-41aa-aa28-b1cfad21044c /boot xfs defaults 0 0
UUID=c8b73610-7988-479b-a970-080b0c0c4338 /home_new auto defaults 0 0
UUID=da9f470f-35de-4ba8-a03f-8831ef0d4e88 /database auto defaults 0 0
UUID=61C9-3A22 /media/320 auto defaults 0 0
UUID=9c4956b5-2f9e-46d7-8db3-4e6081347c01 /gocd auto defaults 0 0

73
root/etc/go/cruise-config.xml
View File

@ -65,17 +65,61 @@
</config-repos> </config-repos>
<pipelines group="defaultGroup" /> <pipelines group="defaultGroup" />
<pipelines group="System-Configuration"> <pipelines group="System-Configuration">
<pipeline name="capture-files"> <pipeline name="capture_files" lockBehavior="unlockWhenFinished">
<materials> <materials>
<git url="ssh://gogs@git.jcolebrand.info:4022/cbrand/system_configuration.git" branch="main" /> <git url="ssh://gogs@git.jcolebrand.info:4022/cbrand/system_configuration.git" branch="main" autoUpdate="false" materialName="system_configuration" />
</materials> </materials>
<stage name="run-capture"> <stage name="capture" cleanWorkingDir="true">
<approval type="manual" allowOnlyOnSuccess="true" />
<jobs> <jobs>
<job name="powershell"> <job name="capture">
<tasks> <tasks>
<exec command="sudo"> <exec command="sudo">
<arg>pwsh</arg> <arg>pwsh</arg>
<arg>capture.ps1</arg> <arg>capture.ps1</arg>
</exec>
<exec command="pwsh">
<arg>upload.ps1</arg>
</exec>
</tasks>
</job>
</jobs>
</stage>
</pipeline>
<pipeline name="apply_files" lockBehavior="unlockWhenFinished">
<materials>
<git url="ssh://gogs@git.jcolebrand.info:4022/cbrand/system_configuration.git" branch="main" autoUpdate="false" materialName="system_configuration" />
</materials>
<stage name="apply" cleanWorkingDir="true">
<approval type="manual" allowOnlyOnSuccess="true" />
<jobs>
<job name="apply">
<tasks>
<exec command="sudo">
<arg>pwsh</arg>
<arg>capture.ps1</arg>
</exec>
<exec command="pwsh">
<arg>upload.ps1</arg>
</exec>
</tasks>
</job>
</jobs>
</stage>
</pipeline>
</pipelines>
<pipelines group="Database-Maintenance">
<pipeline name="run-ldap2pg" lockBehavior="unlockWhenFinished">
<materials>
<git url="ssh://gogs@git.jcolebrand.info:4022/cbrand/system_configuration.git" branch="main" autoUpdate="false" />
</materials>
<stage name="run-ldap2pg">
<approval type="manual" />
<jobs>
<job name="run-ldap2pg">
<tasks>
<exec command="pwsh">
<arg>runldap2pg.ps1</arg>
<runif status="passed" /> <runif status="passed" />
</exec> </exec>
</tasks> </tasks>
@ -84,4 +128,25 @@
</stage> </stage>
</pipeline> </pipeline>
</pipelines> </pipelines>
<pipelines group="jellyfin">
<pipeline name="moviedrop" lockBehavior="unlockWhenFinished">
<timer>0 0 4 ? * *</timer>
<materials>
<git url="ssh://gogs@git.jcolebrand.info:4022/cbrand/system_configuration.git" branch="main" autoUpdate="false" />
</materials>
<stage name="moviedrop">
<approval type="manual" />
<jobs>
<job name="moviedrop">
<tasks>
<exec command="sudo">
<arg>pwsh</arg>
<arg>moviedrop.ps1</arg>
</exec>
</tasks>
</job>
</jobs>
</stage>
</pipeline>
</pipelines>
</cruise> </cruise>

85
root/etc/go/cruise-config.xml.bak Normal file
View File

@ -0,0 +1,85 @@
<?xml version="1.0" encoding="utf-8"?>
<cruise xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="cruise-config.xsd" schemaVersion="139">
<server jobTimeout="10" agentAutoRegisterKey="a1887244-6e5b-41a0-b04c-299f9d555fda" webhookSecret="0aab7ed7-9e7d-4b7d-ba65-9f51ae793460" serverId="fb4411a5-449d-4c2b-b8f8-ec9c53107a20" tokenGenerationKey="c306d243-81cd-4201-9fdf-5457ef2b78d7">
<security>
<authConfigs>
<authConfig id="jcolebrand.info" pluginId="cd.go.authentication.ldap">
<property>
<key>Url</key>
<value>ldaps://medusa.jcolebrand.info</value>
</property>
<property>
<key>SearchBases</key>
<value>dc=jcolebrand,dc=info</value>
</property>
<property>
<key>ManagerDN</key>
<value>cn=go,ou=services,dc=jcolebrand,dc=info</value>
</property>
<property>
<key>Password</key>
<encryptedValue>AES:wOo1/UYbNwt/wswcXBLjyw==:QcPbN2VPu1ElhyBCXXSL0A==</encryptedValue>
</property>
<property>
<key>UserSearchFilter</key>
<value />
</property>
<property>
<key>UserLoginFilter</key>
<value>(uid={0})</value>
</property>
<property>
<key>DisplayNameAttribute</key>
<value>uid</value>
</property>
<property>
<key>EmailAttribute</key>
<value />
</property>
<property>
<key>SearchTimeout</key>
<value />
</property>
</authConfig>
</authConfigs>
<admins>
<user>cbrand</user>
</admins>
</security>
<artifacts>
<artifactsDir>/gocd/artifacts</artifactsDir>
<purgeSettings>
<purgeStartDiskSpace>50.0</purgeStartDiskSpace>
<purgeUptoDiskSpace>50.0</purgeUptoDiskSpace>
</purgeSettings>
</artifacts>
</server>
<config-repos>
<config-repo id="pipeline" pluginId="json.config.plugin">
<git url="ssh://git.jcolebrand.info:4022/jcolebrand.info/pipeline.git" branch="main" />
<rules>
<allow action="refer" type="*">jcolebrand.info</allow>
<allow action="refer" type="*">defaultGroup</allow>
</rules>
</config-repo>
</config-repos>
<pipelines group="defaultGroup">
<pipeline name="jcolebrand.info">
<materials>
<git url="http://git.jcolebrand.info/jcolebrand.info/gocd.git" branch="main" />
</materials>
<stage name="stage-1">
<jobs>
<job name="hello-world">
<tasks>
<exec command="/usr/bin/pwsh">
<arg>hello.ps1</arg>
<runif status="any" />
</exec>
</tasks>
</job>
</jobs>
</stage>
</pipeline>
</pipelines>
</cruise>

11
root/etc/hosts Normal file
View File

@ -0,0 +1,11 @@
# Loopback entries; do not change.
# For historical reasons, localhost precedes localhost.localdomain:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# See hosts(5) for proper format and other examples:
# 192.168.1.10 foo.mydomain.org foo
# 192.168.1.13 bar.mydomain.org bar
192.168.50.2 medusa.jcolebrand.info
192.168.50.3 euryale.jcolebrand.info
192.168.50.2 watch.jcolebrand.info

36
root/etc/httpd/conf.d/BackupPC.conf Normal file
View File

@ -0,0 +1,36 @@
<DirectoryMatch /usr/(share|libexec)/BackupPC/>
# BackupPC requires valid authentication in order for the web interface to
# function properly. One can view the web interface without authentication
# though all functionality is disabled.
#
# htpasswd -c /etc/BackupPC/apache.users yourusername
#
AuthType Basic
AuthUserFile /etc/BackupPC/apache.users
AuthName "BackupPC"
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAll>
Require valid-user
<RequireAny>
Require local
</RequireAny>
</RequireAll>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
order deny,allow
deny from all
allow from 127.0.0.1
allow from ::1
require valid-user
</IfModule>
</DirectoryMatch>
Alias /BackupPC/images /usr/share/BackupPC/html/
ScriptAlias /BackupPC /usr/libexec/BackupPC/BackupPC_Admin
ScriptAlias /backuppc /usr/libexec/BackupPC/BackupPC_Admin

12
root/etc/httpd/conf.d/lookup_identity.conf Normal file
View File

@ -0,0 +1,12 @@
# Load the module in /etc/httpd/conf.modules.d/55-lookup_identity.conf
# <Location /login>
# LookupUserAttr mail REMOTE_USER_EMAIL " "
# LookupUserAttr givenname REMOTE_USER_FIRSTNAME
# LookupUserAttr sn REMOTE_USER_LASTNAME
# LookupUserAttrIter custom REMOTE_USER_CUSTOM
# LookupUserGroups REMOTE_USER_GROUPS ":"
# LookupUserGroupsIter REMOTE_USER_GROUP
# </Location>

0
root/etc/httpd/conf.d/nss.conf Normal file
View File

19
root/etc/httpd/conf.d/pgadmin4.conf Normal file
View File

@ -0,0 +1,19 @@
LoadModule wsgi_module modules/mod_wsgi.so
WSGIDaemonProcess pgadmin processes=1 threads=25 python-home=/usr/pgadmin4/venv
WSGIScriptAlias /pgadmin4 /usr/pgadmin4/web/pgAdmin4.wsgi
<Directory /usr/pgadmin4/web/>
WSGIProcessGroup pgadmin
WSGIApplicationGroup %{GLOBAL}
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>

219
root/etc/httpd/conf.d/ssl.conf Normal file
View File

@ -0,0 +1,219 @@
#
# When we also provide SSL we have to listen to the
# standard HTTPS port in addition.
#
Listen 443 https
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names. NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
#ServerName www.example.com:443
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# List the protocol versions which clients are allowed to connect with.
# The OpenSSL system profile is configured by default. See
# update-crypto-policies(8) for more details.
#SSLProtocol all -SSLv3
#SSLProxyProtocol all -SSLv3
# User agents such as web browsers are not configured for the user's
# own preference of either security or performance, therefore this
# must be the prerogative of the web server administrator who manages
# cpu load versus confidentiality, so enforce the server's cipher order.
SSLHonorCipherOrder on
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
# The OpenSSL system profile is configured by default. See
# update-crypto-policies(8) for more details.
SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that restarting httpd will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
# require an ECC certificate which can also be configured in
# parallel.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
# ECC keys, when in use, can also be configured in parallel
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convenience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is sent or allowed to be received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is sent and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

36
root/etc/httpd/conf.d/userdir.conf Normal file
View File

@ -0,0 +1,36 @@
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
UserDir disabled
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disabled" line above, and uncomment
# the following line instead:
#
#UserDir public_html
</IfModule>
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory "/home/*/public_html">
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>

20
root/etc/httpd/conf.d/welcome.conf Normal file
View File

@ -0,0 +1,20 @@
#
# This configuration file enables the default "Welcome" page if there
# is no default index page present for the root URL. To disable the
# Welcome page, comment out all the lines below.
#
# NOTE: if this file is removed, it will be restored on upgrades.
#
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /.noindex.html
</LocationMatch>
<Directory /usr/share/httpd/noindex>
AllowOverride None
Require all granted
</Directory>
Alias /.noindex.html /usr/share/httpd/noindex/index.html
Alias /poweredby.png /usr/share/httpd/icons/apache_pb3.png
Alias /system_noindex_logo.png /usr/share/httpd/icons/system_noindex_logo.png

1
root/etc/httpd/conf.modules.d/00-brotli.conf Normal file
View File

@ -0,0 +1 @@
LoadModule brotli_module modules/mod_brotli.so

3
root/etc/httpd/conf.modules.d/00-dav.conf Normal file
View File

@ -0,0 +1,3 @@
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_lock_module modules/mod_dav_lock.so

1
root/etc/httpd/conf.modules.d/00-lua.conf Normal file
View File

@ -0,0 +1 @@
LoadModule lua_module modules/mod_lua.so

23
root/etc/httpd/conf.modules.d/00-mpm.conf Normal file
View File

@ -0,0 +1,23 @@
# Select the MPM module which should be used by uncommenting exactly
# one of the following LoadModule lines. See the httpd.conf(5) man
# page for more information on changing the MPM.
# prefork MPM: Implements a non-threaded, pre-forking web server
# See: http://httpd.apache.org/docs/2.4/mod/prefork.html
#
# NOTE: If enabling prefork, the httpd_graceful_shutdown SELinux
# boolean should be enabled, to allow graceful stop/shutdown.
#
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
# worker MPM: Multi-Processing Module implementing a hybrid
# multi-threaded multi-process web server
# See: http://httpd.apache.org/docs/2.4/mod/worker.html
#
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
# event MPM: A variant of the worker MPM with the goal of consuming
# threads only for connections with active processing
# See: http://httpd.apache.org/docs/2.4/mod/event.html
#
LoadModule mpm_event_module modules/mod_mpm_event.so

18
root/etc/httpd/conf.modules.d/00-optional.conf Normal file
View File

@ -0,0 +1,18 @@
#
# This file lists modules included with the Apache HTTP Server
# which are not enabled by default.
#
#LoadModule asis_module modules/mod_asis.so
#LoadModule buffer_module modules/mod_buffer.so
#LoadModule heartbeat_module modules/mod_heartbeat.so
#LoadModule heartmonitor_module modules/mod_heartmonitor.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule dialup_module modules/mod_dialup.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule log_debug_module modules/mod_log_debug.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
#LoadModule ratelimit_module modules/mod_ratelimit.so
#LoadModule reflector_module modules/mod_reflector.so
#LoadModule sed_module modules/mod_sed.so
#LoadModule speling_module modules/mod_speling.so

18
root/etc/httpd/conf.modules.d/00-proxy.conf Normal file
View File

@ -0,0 +1,18 @@
# This file configures all the proxy modules:
LoadModule proxy_module modules/mod_proxy.so
LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_express_module modules/mod_proxy_express.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

1
root/etc/httpd/conf.modules.d/00-ssl.conf Normal file
View File

@ -0,0 +1 @@
LoadModule ssl_module modules/mod_ssl.so

2
root/etc/httpd/conf.modules.d/00-systemd.conf Normal file
View File

@ -0,0 +1,2 @@
# This file configures systemd module:
LoadModule systemd_module modules/mod_systemd.so

11
root/etc/httpd/conf.modules.d/01-cgi.conf Normal file
View File

@ -0,0 +1,11 @@
# This configuration file loads a CGI module appropriate to the MPM
# which has been configured in 00-mpm.conf. mod_cgid should be used
# with a threaded MPM; mod_cgi with the prefork MPM.
<IfModule !mpm_prefork_module>
LoadModule cgid_module modules/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
LoadModule cgi_module modules/mod_cgi.so
</IfModule>

6
root/etc/httpd/conf.modules.d/01-session.conf Normal file
View File

@ -0,0 +1,6 @@
LoadModule session_module modules/mod_session.so
LoadModule session_cookie_module modules/mod_session_cookie.so
LoadModule session_dbd_module modules/mod_session_dbd.so
LoadModule auth_form_module modules/mod_auth_form.so
#LoadModule session_crypto_module modules/mod_session_crypto.so

1
root/etc/httpd/conf.modules.d/10-auth_gssapi.conf Normal file
View File

@ -0,0 +1 @@
LoadModule auth_gssapi_module modules/mod_auth_gssapi.so

1
root/etc/httpd/conf.modules.d/10-h2.conf Normal file
View File

@ -0,0 +1 @@
LoadModule http2_module modules/mod_http2.so

1
root/etc/httpd/conf.modules.d/10-proxy_h2.conf Normal file
View File

@ -0,0 +1 @@
LoadModule proxy_http2_module modules/mod_proxy_http2.so

6
root/etc/httpd/conf.modules.d/10-wsgi-python3.conf Normal file
View File

@ -0,0 +1,6 @@
# NOTE: mod_wsgi_python3 can not coexist in the same apache process as
# mod_wsgi (python2). Only load if mod_wsgi is not already loaded.
<IfModule !wsgi_module>
LoadModule wsgi_module modules/mod_wsgi_python3.so
</IfModule>

3
root/etc/httpd/conf.modules.d/55-lookup_identity.conf Normal file
View File

@ -0,0 +1,3 @@
# LoadModule lookup_identity_module modules/mod_lookup_identity.so

171
root/etc/idmapd.conf Normal file
View File

@ -0,0 +1,171 @@
[General]
#Verbosity = 0
# The following should be set to the local NFSv4 domain name
# The default is the host's DNS domain name.
#Domain = local.domain.edu
# In multi-domain environments, some NFS servers will append the identity
# management domain to the owner and owner_group in lieu of a true NFSv4
# domain. This option can facilitate lookups in such environments. If
# set to a value other than "none", the nsswitch plugin will first pass
# the name to the password/group lookup function without stripping the
# domain off. If that mapping fails then the plugin will try again using
# the old method (comparing the domain in the string to the Domain value,
# stripping it if it matches, and passing the resulting short name to the
# lookup function). Valid values are "user", "group", "both", and
# "none". The default is "none".
#No-Strip = none
# Winbind has a quirk whereby doing a group lookup in UPN format
# (e.g. staff@americas.example.com) will cause the group to be
# displayed prefixed with the full domain in uppercase
# (e.g. AMERICAS.EXAMPLE.COM\staff) instead of in the familiar netbios
# name format (e.g. AMERICAS\staff). Setting this option to true
# causes the name to be reformatted before passing it to the group
# lookup function in order to work around this. This setting is
# ignored unless No-Strip is set to either "both" or "group".
# The default is "false".
#Reformat-Group = false
# The following is a comma-separated list of Kerberos realm
# names that should be considered to be equivalent to the
# local realm, such that <user>@REALM.A can be assumed to
# be the same user as <user>@REALM.B
# If not specified, the default local realm is the domain name,
# which defaults to the host's DNS domain name,
# translated to upper-case.
# Note that if this value is specified, the local realm name
# must be included in the list!
#Local-Realms =
[Mapping]
#Nobody-User = nobody
#Nobody-Group = nobody
[Translation]
# Translation Method is an comma-separated, ordered list of
# translation methods that can be used. Distributed methods
# include "nsswitch", "umich_ldap", and "static". Each method
# is a dynamically loadable plugin library.
# New methods may be defined and inserted in the list.
# The default is "nsswitch".
#Method = nsswitch
# Optional. This is a comma-separated, ordered list of
# translation methods to be used for translating GSS
# authenticated names to ids.
# If this option is omitted, the same methods as those
# specified in "Method" are used.
#GSS-Methods = <alternate method list for translating GSS names>
#-------------------------------------------------------------------#
# The following are used only for the "static" Translation Method.
#-------------------------------------------------------------------#
[Static]
# A "static" list of GSS-Authenticated names to
# local user name mappings
#someuser@REALM = localuser
#-------------------------------------------------------------------#
# The following are used only for the "umich_ldap" Translation Method.
#-------------------------------------------------------------------#
[UMICH_SCHEMA]
# server information (REQUIRED)
LDAP_server = medusa.jcolebrand.info
# the default search base (REQUIRED)
LDAP_base = dc=jcolebrand,dc=info
#-----------------------------------------------------------#
# The remaining options have defaults (as shown)
# and are therefore not required.
#-----------------------------------------------------------#
# whether or not to perform canonicalization on the
# name given as LDAP_server
#LDAP_canonicalize_name = true
# absolute search base for (people) accounts
# Service accounts are considered people accounts too
LDAP_people_base = dc=jcolebrand,dc=info
# absolute search base for groups
LDAP_group_base = ou=groups,dc=jcolebrand,dc=info
# Whether to follow ldap referrals
#LDAP_follow_referrals = true
# Set to true to enable SSL - anything else is not enabled
LDAP_use_ssl = true
# Controls the LDAP server certificate validation behavior
# It can take the same values as ldap.conf(5)'s TLS_REQCERT
# tunable
#LDAP_tls_reqcert = "hard"
# Location of CA certificate, mandatory if LDAP_tls_reqcert
# is not set to "never"
#LDAP_ca_cert = /etc/ldapca.cert
# SASL mechanism to use while binding to LDAP
#LDAP_sasl_mech = <SASL mech>
# SASL realm to be used for SASL auth
#LDAP_sasl_realm = <SASL realm>
# Authentication identity to be used for SASL auth
#LDAP_sasl_authcid = <SASL authcid>
# Authorization identity for SASL auth
#LDAP_sasl_authzid = <SASL authzid>
# Cyrus SASL security properties
#LDAP_sasl_secprops = <secprops>
# Specifies whether the LDAP server hostname should be canonicalised.
# If set to yes LDAP lib with do a reverse hostname lookup.
# If this is not set the LDAP library's default will be used.
#LDAP_sasl_canonicalize <yes | no>
# Specifies the kerberos ticket cache to be used
#LDAP_sasl_krb5_ccname = <kerberos ticket cache>
# Objectclass mapping information
# Mapping for the person (account) object class
#NFSv4_person_objectclass = NFSv4RemotePerson
# Mapping for the nfsv4name attribute the person object
#NFSv4_name_attr = NFSv4Name
# Mapping for the UID number
#NFSv4_uid_attr = UIDNumber
# Mapping for the GSSAPI Principal name
#GSS_principal_attr = GSSAuthName
# Mapping for the account name attribute (usually uid)
# The value for this attribute must match the value of
# the group member attribute - NFSv4_member_attr
#NFSv4_acctname_attr = uid
# Mapping for the group object class
#NFSv4_group_objectclass = NFSv4RemoteGroup
# Mapping for the GID attribute
#NFSv4_gid_attr = GIDNumber
# Mapping for the Group NFSv4 name
#NFSv4_group_attr = NFSv4Name
# Mapping for the Group member attribute (usually memberUID)
# The value of this attribute must match the value of NFSv4_acctname_attr
#NFSv4_member_attr = memberUID

42
root/etc/krb5.conf Normal file
View File

@ -0,0 +1,42 @@
# To opt out of the system crypto-policies configuration of krb5, remove the
# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated.
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
spake_preauth_groups = edwards25519
dns_canonicalize_hostname = fallback
qualify_shortname = ""
default_realm = JCOLEBRAND.INFO
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
JCOLEBRAND.INFO = {
kdc = medusa.jcolebrand.info
admin_server = medusa.jcolebrand.info
database_module = LDAP
}
[domain_realm]
.jcolebrand.info = JCOLEBRAND.INFO
jcolebrand.info = JCOLEBRAND.INFO
[dbmodules]
LDAP = {
ldap_kerberos_container_dn = "cn=mit-krb5,ou=apps,dc=jcolebrand,dc=info"
db_library = kldap
ldap_kdc_dn = "cn=krb5-kdc,ou=profile,dc=jcolebrand,dc=info"
ldap_kadmind_dn = "cn=krb5-adm,ou=profile,dc=jcolebrand,dc=info"
ldap_cert_path = /etc/ssl/certs/ISRG_Root_X1.1.pem
ldap_servers = ldaps://jcolebrand.info
}

56
root/etc/krb5.conf.save Normal file
View File

@ -0,0 +1,56 @@
# To opt out of the system crypto-policies configuration of krb5, remove the
# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated.
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
spake_preauth_groups = edwards25519
dns_canonicalize_hostname = fallback
qualify_shortname = ""
default_realm = JCOLEBRAND.INFO
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
JCOLEBRAND.INFO = {
kdc = medusa.jcolebrand.info
admin_server = medusa.jcolebrand.info
database_module = LDAP
}
[domain_realm]
.example.com = JCOLEBRAND.INFO
example.com = JCOLEBRAND.INFO
[dbmodules]
JCOLEBRAND.INFO = {
ldap_kerberos_container_dn = "cn=krbcontainer,dc=jcolebrand,dc=info"
db_library = kldap
ldap_kdc_dn = "cn=kdc service,ou=profile,dc=jcolebrand,dc=info"
ldap_kadmind_dn = "cn=kadmin service,ou=profile,dc=jcolebrand,dc=info"
ldap_cert_path = /etc/ssl/certs/ISRG_Root_X1.1.pem
ldap_servers = ldaps://jcolebrand.info
}
[dbmodules]
EXAMPLE.COM = {
db_library = kldap
}
[dbdefaults]
ldap_servers = ldapi:///
ldap_kerberos_container_dn = "cn=mit-krb5,ou=apps,dc=examle,dc=com"
ldap_kdc_dn = "uid=krb5-kdc,ou=dso,dc=examle,dc=com"
ldap_kadmind_dn = "uid=krb5-adm,ou=dso,dc=examle,dc=com"
ldap_service_password_file = /etc/secrets/krb5-ldap.pass
ldap_conns_per_server = 5
disable_last_success = true

BIN
root/etc/krb5.keytab Normal file
View File

Binary file not shown.

1
root/etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/aa64898d65ae7d0e84c1a1a26d40dbc5/regr.json Normal file
View File

@ -0,0 +1 @@
{"body": {}, "uri": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/87589503"}

33
root/etc/letsencrypt/archive/medusa.jcolebrand.info/cert5.pem Normal file
View File

@ -0,0 +1,33 @@
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgISA+4kMlyxNplZdw9rUGQY9ioXMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzAyMTEwNzU0MTBaFw0yMzA1MTIwNzU0MDlaMCExHzAdBgNVBAMT
Fm1lZHVzYS5qY29sZWJyYW5kLmluZm8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC/YFmBVNmtid7+IrqwZLno7NLtkFM3B0xzHglRqD8NKerQnRE9oNtR
bzMi/4+DYIQwQ0q/2ut5qGqGKxv8nh60hT31NV0OqEHP7esL6cBzKOu42KxOdaZ6
v6xE0zi3eyqJpMwuxfLcx4kbiKsr/OxyYY/Sh+mbaia7JHmqym7Kmh+l86fDsVwe
HrW5kwTB8qUtAV62s3Zx2VIAQL2VQAO6hl5oaB/Qlv7Y4hbF/GvW3jDEqn3j0j38
6GWMEJAJpb55sMWHPKcb18DAJmVxMn1pxySeoGhzTjstAM5f+NdET4MLsfbwIzpX
nVMXVf1MU3Lym5Alr630XsLYO3ajhMhjAgMBAAGjggK9MIICuTAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC
MAAwHQYDVR0OBBYEFJdbL/wx73dsBWfXvjxIK9E2VfVEMB8GA1UdIwQYMBaAFBQu
sxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYV
aHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5s
ZW5jci5vcmcvMIGMBgNVHREEgYQwgYGCE2FwaS5qY29sZWJyYW5kLmluZm+CD2pj
b2xlYnJhbmQuaW5mb4IWbWVkdXNhLmpjb2xlYnJhbmQuaW5mb4IVdmlkZW8uamNv
bGVicmFuZC5pbmZvghV3YXRjaC5qY29sZWJyYW5kLmluZm+CE3d3dy5qY29sZWJy
YW5kLmluZm8wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAm
BggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEE
AdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20
mQAAAYY/rpKNAAAEAwBHMEUCIQDfMECO/mgG0b4hh0dywELto7fHs6Wi+4cio1IQ
27LzvgIgZqQ2vxMVLFy+WkWkXsHLBBTeDszqRIv6favGmukKKSAAdgB6MoxU2Lct
tiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYY/rpKgAAAEAwBHMEUCIQDyLKeU
urcHgdVVGM3p9f55HlGInbFqVN8xVJ8Ogzyu/QIgYym3mcplpjd+5pafp/1a1kwv
rPa2Rec89yiodZf8G7MwDQYJKoZIhvcNAQELBQADggEBAFuxhfJYMBR+0pJSjG9L
2QQUWw4paFj2Y21Zxnfy5CeS2CJeOelNAqpGfl7E5FRpkrZaiJG0jXpP5oLigFnA
C/Y3Rs2wQ+SzuPErzTO3QynSbbjWOgbKxS5oipeIoNXF8ZBSnTctaMNTK90Edqnh
0Is8I5x1v9V7XdsADQp8btEKuF2bqr1PdE6KNQyDncm0P3Kbnvi2QNgZgEjQF2e9
VNgUmIaNTsOUiPudeMW9o3FecyEFLd0Rmj1GdHYi5mjdnf/D4/xHrfl1QQtEjqje
fbsfu2iYxF7xfqSAWs3nbuDxdxh6IVjImJkTIaY+5nnzDcfwhbpBRhcDv51IUyKM
DU8=
-----END CERTIFICATE-----

61
root/etc/letsencrypt/archive/medusa.jcolebrand.info/chain4.pem Normal file
View File

@ -0,0 +1,61 @@
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----

61
root/etc/letsencrypt/archive/medusa.jcolebrand.info/chain5.pem Normal file
View File

@ -0,0 +1,61 @@
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----

93
root/etc/letsencrypt/archive/medusa.jcolebrand.info/fullchain4.pem Normal file
View File

@ -0,0 +1,93 @@
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISBDxG2iPivOV0PPMapQQA8vmWMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzAyMDUwODU3MzZaFw0yMzA1MDYwODU3MzVaMCAxHjAcBgNVBAMT
FXZpZGVvLmpjb2xlYnJhbmQuaW5mbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAP1FrAK94neuVu+QmvjuJXL7b7uprChD+/tCMC1Z1Pj9eNHUKYpm5iHU
/K/7RBrK7UgxyyCkgL/ep22VsqPwFEPNnMovb5u2Q+js7sIxlkw9rhadRfcBBRra
R1uudFXi9WiI2Fktj3LXgLKAGCtOWs0lLHGdoUEY6oBzvMNTXcG5KklVXcBuX38X
GsCtbp1K8slPP2A5Slqru33d5M9T161D3nBTf+iXxvq4V6HIFBomYPS8hpx7iQ3S
/mg5ik6DVEylrTEaKKFxhqT74jkwcfUz1hJJKEz/aHl5jtmOclil69BgIoXeiKkw
+SAhUOEc2NQZY7AimfXCrcfPBhPUue8CAwEAAaOCAqcwggKjMA4GA1UdDwEB/wQE
AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
ADAdBgNVHQ4EFgQUoZrMsw3F/j/yUDlaKRk3qkWGu8wwHwYDVR0jBBgwFoAUFC6z
F7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVo
dHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxl
bmNyLm9yZy8wdQYDVR0RBG4wbIIPamNvbGVicmFuZC5pbmZvghZtZWR1c2EuamNv
bGVicmFuZC5pbmZvghV2aWRlby5qY29sZWJyYW5kLmluZm+CFXdhdGNoLmpjb2xl
YnJhbmQuaW5mb4ITd3d3Lmpjb2xlYnJhbmQuaW5mbzBMBgNVHSAERTBDMAgGBmeB
DAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxl
dHNlbmNyeXB0Lm9yZzCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AHoyjFTYty22
IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhiECfRYAAAQDAEgwRgIhANgR1NAM
3zADl4DTefPwdVDG81XVngUxafuRZEbGjiagAiEAv5Ph20RWoodpMlJX9URrUwn8
9zjb1ReLdO5zLqJMq/MAdwCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yC
igAAAYYhAn0jAAAEAwBIMEYCIQDbBtPv8Vu0+zs7dsQKeCa6+lTWg091Ejfw3r+H
wbA95QIhAKC6DClqUmHdlLohTIeFLI9LonwzcTZeMs5LBMZb0WkkMA0GCSqGSIb3
DQEBCwUAA4IBAQAk71YJmt1Druf/bJBg4T7fMhV+Oz+L4blRNpKpSZlYCb/RyjBR
uR1ljoEiy1dEFp3lxMhOI2yKqHiv5Ia2A671ASaMq9tp6WsXWTESZfJVZM/igjKv
jQuCM1f+4tmh4o4U4FfcT4IoaZB9azcmuVAEsoee83mBtPDY3tRMNuuDUIGjXcby
pejGqcjTlaWc78B/8Ak3Phfi/XrbWEe7HVAgPqMYpoI9pUhSZhTYJ2cqSD9x7tmK
xlLdC3ECEbOcXcY9uPUuWyplMTJTqFabgSC35WEPieJ61qrU+VOae9eaElsZw7dq
GvJ0oNWfJNssweuND0UZkxdbjv0ePjkx1dMg
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----

94
root/etc/letsencrypt/archive/medusa.jcolebrand.info/fullchain5.pem Normal file
View File

@ -0,0 +1,94 @@
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgISA+4kMlyxNplZdw9rUGQY9ioXMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzAyMTEwNzU0MTBaFw0yMzA1MTIwNzU0MDlaMCExHzAdBgNVBAMT
Fm1lZHVzYS5qY29sZWJyYW5kLmluZm8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC/YFmBVNmtid7+IrqwZLno7NLtkFM3B0xzHglRqD8NKerQnRE9oNtR
bzMi/4+DYIQwQ0q/2ut5qGqGKxv8nh60hT31NV0OqEHP7esL6cBzKOu42KxOdaZ6
v6xE0zi3eyqJpMwuxfLcx4kbiKsr/OxyYY/Sh+mbaia7JHmqym7Kmh+l86fDsVwe
HrW5kwTB8qUtAV62s3Zx2VIAQL2VQAO6hl5oaB/Qlv7Y4hbF/GvW3jDEqn3j0j38
6GWMEJAJpb55sMWHPKcb18DAJmVxMn1pxySeoGhzTjstAM5f+NdET4MLsfbwIzpX
nVMXVf1MU3Lym5Alr630XsLYO3ajhMhjAgMBAAGjggK9MIICuTAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC
MAAwHQYDVR0OBBYEFJdbL/wx73dsBWfXvjxIK9E2VfVEMB8GA1UdIwQYMBaAFBQu
sxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYV
aHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5s
ZW5jci5vcmcvMIGMBgNVHREEgYQwgYGCE2FwaS5qY29sZWJyYW5kLmluZm+CD2pj
b2xlYnJhbmQuaW5mb4IWbWVkdXNhLmpjb2xlYnJhbmQuaW5mb4IVdmlkZW8uamNv
bGVicmFuZC5pbmZvghV3YXRjaC5qY29sZWJyYW5kLmluZm+CE3d3dy5qY29sZWJy
YW5kLmluZm8wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAm
BggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEE
AdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20
mQAAAYY/rpKNAAAEAwBHMEUCIQDfMECO/mgG0b4hh0dywELto7fHs6Wi+4cio1IQ
27LzvgIgZqQ2vxMVLFy+WkWkXsHLBBTeDszqRIv6favGmukKKSAAdgB6MoxU2Lct
tiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYY/rpKgAAAEAwBHMEUCIQDyLKeU
urcHgdVVGM3p9f55HlGInbFqVN8xVJ8Ogzyu/QIgYym3mcplpjd+5pafp/1a1kwv
rPa2Rec89yiodZf8G7MwDQYJKoZIhvcNAQELBQADggEBAFuxhfJYMBR+0pJSjG9L
2QQUWw4paFj2Y21Zxnfy5CeS2CJeOelNAqpGfl7E5FRpkrZaiJG0jXpP5oLigFnA
C/Y3Rs2wQ+SzuPErzTO3QynSbbjWOgbKxS5oipeIoNXF8ZBSnTctaMNTK90Edqnh
0Is8I5x1v9V7XdsADQp8btEKuF2bqr1PdE6KNQyDncm0P3Kbnvi2QNgZgEjQF2e9
VNgUmIaNTsOUiPudeMW9o3FecyEFLd0Rmj1GdHYi5mjdnf/D4/xHrfl1QQtEjqje
fbsfu2iYxF7xfqSAWs3nbuDxdxh6IVjImJkTIaY+5nnzDcfwhbpBRhcDv51IUyKM
DU8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----

28
root/etc/letsencrypt/archive/medusa.jcolebrand.info/privkey4.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD9RawCveJ3rlbv
kJr47iVy+2+7qawoQ/v7QjAtWdT4/XjR1CmKZuYh1Pyv+0Qayu1IMcsgpIC/3qdt
lbKj8BRDzZzKL2+btkPo7O7CMZZMPa4WnUX3AQUa2kdbrnRV4vVoiNhZLY9y14Cy
gBgrTlrNJSxxnaFBGOqAc7zDU13BuSpJVV3Abl9/FxrArW6dSvLJTz9gOUpaq7t9
3eTPU9etQ95wU3/ol8b6uFehyBQaJmD0vIace4kN0v5oOYpOg1RMpa0xGiihcYak
++I5MHH1M9YSSShM/2h5eY7ZjnJYpevQYCKF3oipMPkgIVDhHNjUGWOwIpn1wq3H
zwYT1LnvAgMBAAECggEALfOenk66UJGKh2OaonB+zepNnuRNbm7LQI6FNC04xUYj
zhoqwUgjF99PS1SQyjWoMHGMU6tVCrrIcMr4wuKzooujF1Hc84jxsEiQlx4tET8d
n0/AmmyOcw1IZht0UwLfGKy/aAqqnKD54ij4eZ75PYAxnJmHYMq2/UBCbsPo3lUw
LzvoHwiOx54cwOUDm2PBzZeo83VPQZpzfUvDoqexkDNHRVF0g8MVMoPqntT4sF6t
K5W8/HPObUoVqRapJ/xcivNUcF+hEORzV1ALXPicUYzzidAip4mMnGNe9z9+pIUx
xt8JXzh+s3x78QkaugioeUkAwH3hWQ+2yenvVjqZqQKBgQD9kNrAcamK6GJElIK+
pyosVXpgn252IoN6Ae/O/Qyowbj9h256/X8MkYO2FpKY9OJB2nfo+MV9isVopvyu
Iww/w1ZY+bdyCGmOhvDRVicTFISEp0kNXCsTndD9zGNzl1PYYbL/xvD0yajoqow1
jZbXgFTSpE5vR5M18aU5PrES2QKBgQD/tBh+3aiDErhnDp9CqCDmdbHUV0Tot7S/
GCfO3ygUK+5Ffq7rHvh0tMXQc6zEMxdT8R2lM/9bRFjodTLHYS597cKGyROEaU9b
YrRGjK5hJUXfvCc5vwQPUXLHDm2kmUzb+x6BogFwx67qloWkiFwsMbrQEyVkLU6H
Lz+uBRkmBwKBgQCQnwTVTD659m7N1LJ5kRhxrtMctvImuOqqNN6U/SkyO0OKfqsZ
xOmovnoT6e31BX7itns7yl/BidusI8nsfBrpZz0hhFQH2xpxay+BBhVFQaePjWYS
E6aSCqn/h4qVjBMLUDXqwon94+LNyTAs/zOweAZpGcOOnpEs7EUjUEloiQKBgQDz
L9wwJC2U4yP/15c99Nq9c+f5tDn0PmsnZxjNFc1vScylyXMgaGcRz69mrez8+D5S
djmkmcxdh6YrBvORTerCl3JvcCMgxmtT1Y7wnfFmsOVAgRipQfLhgqvvhtheN/Iy
MSV1UpeeJDtGHnvh3FIVMgKiy+K+4JwT06rznSOq1wKBgDkxVCMIBufVdh1D6mLr
QCVdUVXhkrM9BFRM0N9kFKDhcUKKaa3VVhn3Qgu5+VqVwv0XH34/43fx0ZUx4wG1
A3lhmDjvUNG5cse3tuLHD3by9Q8Wt5TFqi9P5AfBTtQK45qw6NI7dB1CpxLb2PD6
CYLttG4ycWOeuJaXHBKJOeUe
-----END PRIVATE KEY-----

28
root/etc/letsencrypt/archive/medusa.jcolebrand.info/privkey5.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/YFmBVNmtid7+
IrqwZLno7NLtkFM3B0xzHglRqD8NKerQnRE9oNtRbzMi/4+DYIQwQ0q/2ut5qGqG
Kxv8nh60hT31NV0OqEHP7esL6cBzKOu42KxOdaZ6v6xE0zi3eyqJpMwuxfLcx4kb
iKsr/OxyYY/Sh+mbaia7JHmqym7Kmh+l86fDsVweHrW5kwTB8qUtAV62s3Zx2VIA
QL2VQAO6hl5oaB/Qlv7Y4hbF/GvW3jDEqn3j0j386GWMEJAJpb55sMWHPKcb18DA
JmVxMn1pxySeoGhzTjstAM5f+NdET4MLsfbwIzpXnVMXVf1MU3Lym5Alr630XsLY
O3ajhMhjAgMBAAECggEAAJcjcL0s2LRNQCJ4qBmNVWuTMyfQfc5Tw5MAf5sPpNmQ
9g7b3wiyZW/J+7VH5j7ebeQ7awVQ0aLJOA2Gy3CZprtnTn/IQKG/slN0fBI71ENZ
ulmIVulHAP17subndyHNvyZ0SO7A9eubpc071wIYGXOBrFrhSeGcv/nMlkWQkVz+
vVKQGKeRTXyp5gJdlImJyUupK8fTPFzlQJTx9GpBYWvKMrvnUf3ZhtuAN2ZZOLz6
RCQ6vMBgBy37JCSWDNTsHEcQQ6qfJ1OCqxexRz3Jg8/s/e6XCwLW9SOLWBKI/mSI
jRXT4g+eDfetsl9wQB+70f9ERT0oE6YJ+bs7qtC27QKBgQD8sfdsC+agWyd7lLCJ
wc1gLlg1bU9Z4w141oyBJnOw0tBLh2I8Wu37aUfyufg6H1h8s+XKgGFKYaX2jPnX
/QIUZEXkJRQxT31jjFi32ymnatiubc8YZ7wT8T60yCa3jJo/cu9eMERRNB5dVr04
InxymssADTHXgHUBSC56j21gDwKBgQDB4RXWlcipzE+0IApHcGqd2xiKmQFQ1g+o
zwTvNBJdmfqrdXhYEsz6UL5lYKJn8GrBvlw1XeuKaP3vNq/b489hTPUokgaq6LwG
vpflklIHwS0+91Yue5353YW5sx5vz4Rpz0A7iTlkjLm9okbuz9VNq/XFWnAAY+8G
XBt5xRz+bQKBgBwO8sc3hxM1K+wn9XZGY7STUM4V5iK3+G37fLx2dZAjyGcqkDjd
a+FnrkqAZdSmWF/4ZcKXgLYOo6v9uVxHRqzW+X+8skJLbkPYeJ1po3VogsjTfpRa
KGMafXj7ZHkrDpGPBI8z0tIldF2u3PHXunPLRlEqJeek5tkOl8KaHG33AoGAJGk1
RLuUl+76+QUbaRc/rq27Cix6Bshs4HMgphvNZy7H2POSyledj1UirL9dQM/x/LjX
cF5XIgNdzVMj69P42nktgZULE4Xp6gpZVJAKP9KTwMOKt+gXXxmvR5TQHoeGgqid
k5DN6ohTSb30PF1j3dZxrcKyTiB2f2dE8bWHIHECgYEAlTNL6rWMTrniy35bYsxM
2BG932Wy1VQBt6E1pPRa2liRo6ZyGBgMKmXjvu6TiapNq97JRBTQSneVkWxPWg4i
d3dkTpiVQNnou+H9HtxevsuO/JK+Zsu7ECpaKzL5VRYnN7CUa9UhbsJfnkRi9rC5
ZxB2ZawNg8sEmTw8zA7ZQvw=
-----END PRIVATE KEY-----

16
root/etc/letsencrypt/csr/0003_csr-certbot.pem Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICeTCCAWECAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMhW
a4NmdWvmsTgYkqt7Owbt/c7dN20okLKsym7fTxp6YzS0130SGY2x/fnbmngBZu3q
czGFs7MwBdy5zsSOMgWR/72zLECxoLg3U0palCy8X7Q4rWkThZRFgljgmZ9jk4QY
61XyhSioONTb7//R6KrMNiIwccc8RPMmxGzplnUQU5bzcV8ODxv8HhO694ngG4zB
LjRBW+KJlrcMSry9FgBUibLjk1gQk89ZdDwng+MvoQRUU1+4Ea8oyfNI9Tu6ZCa1
o3iqtDKNWnoNnYqggpidSF/fleI6bVGRvPbrelvBmzXEeI5IqlF0Ow8QsllYM8d1
R+XQ9R9NAW+F7Z91UjECAwEAAaA0MDIGCSqGSIb3DQEJDjElMCMwIQYDVR0RBBow
GIIWbWVkdXNhLmpjb2xlYnJhbmQuaW5mbzANBgkqhkiG9w0BAQsFAAOCAQEAbFgy
Q4C10KzqOiX2v1e3yBT4ipWk+BB3KX1OF38vqq9ku0fTFTm3Ir16FworbtRQr3KU
1kytPQXRZ9htZ71t3+cUJR5kkZ/nU6GA9jJz3OWo4Q/UOD7Uo9xgqqjnTICwZ2kU
d5lmry10MkH2lf55gSPIDAPGmptpFwMu/Qf2K8LIZH25H8+gL0hpTQw8d5xmwg4g
LOjwC+mPee7r40ul2YxQxkMDsfK48BE9vgYBTG4rf4KTW5AaBJjWy14umAsVXLDu
VW9pqU80qRXGeVEMzoqvOU6cTSiCwPAJbRNY53V8Yzrq8fRbpeGBlSefmSgUyL1E
guFx9XBV6cwZuh3Bhw==
-----END CERTIFICATE REQUEST-----

16
root/etc/letsencrypt/csr/0004_csr-certbot.pem Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICeTCCAWECAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIjp
l1TiP9KAVnXe4x21yPXser0XF6U/av2bprQPk7b2G60CY/mtIYw/CkP9qfmRTkPF
nsDhJRakyXOb4G0g/ZCy+b4PIecaePtiLeqf8OnRfbu2g43o1nrDbzZ/6pUA+Iy8
7i6ii0Ivd2916g7vrBwEzcPWFs4wLp6MtFV9E1KPkSQOZY/oGLAxyZcQJElyqw9n
bw/GE0jBOw/xSMqBZ8j6ntk8PoezoVN4ScudNznAnf4f2jCaLlzn0tal/IVmcdF9
SVPIQbXtEjZB4Pc/3UXnGt1sKO09SV0Vrkbp5YkXVZje5iWqJ0xsPUI7GwZ6DUV+
krazlsC5LgRGAn2lmBsCAwEAAaA0MDIGCSqGSIb3DQEJDjElMCMwIQYDVR0RBBow
GIIWbWVkdXNhLmpjb2xlYnJhbmQuaW5mbzANBgkqhkiG9w0BAQsFAAOCAQEAeRq+
t5u3QXgTnqysKAWQ7WIdcmOyOn9eVsiGwcNJKLrphu/mb/4OcRQQxOFr0vknagYc
M/+S1Yk+IhklLH7Zc04JqSdedpRyY/fo02Te9dwnQsYd+pujX8Pk+f14JiTUDRMC
XqQS2cRgA3S1nDL3+NkvrR6aTfrm0fkQZozS9HUl8n4JU7V4jvrhakSfV1AQUc1+
OSWPFJEwhbenViuAd4aLWbPM8vXF94RoZbMv2S9FpwyrvRVDc9/fp7LmgGMgBdKH
DrMDQpy4S0T7BYhKMCaFEs4vGQJTuZwlGg1JqjpIZvZetf6PFNmqwT1K9NpbHDGW
WozYvS9iF+RiFtdgeg==
-----END CERTIFICATE REQUEST-----

16
root/etc/letsencrypt/csr/0005_csr-certbot.pem Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICeTCCAWECAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN99
xzn1sG1eVxOnXBB37BsJjPPK+gSQTZ+tI+ZcSEvPh8OnnvMXp2fktJfZYHyJSluj
KLL5IoKQUocXSUKXyuMWrQd94P4lGAMLXac7Clcl3Y6+A6HRMpqVQN+dtCGeWAgc
1U8soCRIQoH1i6k0/sfC5Z4xT0O/tjRODnTg8x0HPznHaKL7FIGeSSJW70WoRuwU
M72QDwPIvZsOn0i7X5btClTT9bNRHjo4Uf2KK4bl2MVcuA7S8SlZacgk5rBMAKXQ
0capW0M2KqiTJ8QZM3zVxe8WDPS65W3BxIdA7r3kgNnEFfvAXwbe02dvJM8csvxv
ypQQ8LJ+Lp1CxBzD4sMCAwEAAaA0MDIGCSqGSIb3DQEJDjElMCMwIQYDVR0RBBow
GIIWbWVkdXNhLmpjb2xlYnJhbmQuaW5mbzANBgkqhkiG9w0BAQsFAAOCAQEAGy8+
r3JVxuS6eJji2LwSd9ujpS+9dlr2RIhPG2Lc3xZj+ztgZ+dIL1Cks6J/DZJFDmMk
hlMWfzyVCc3rGTkLr8mJzQCgC+2tNDDMNMHTfYufVg9yKk4G3AdyMHmgpoRqtteW
jXztkKhOXP1Gww5wsPmnIyQiX7efTsTOFmaj3U33/tAyEWskane/y/JzvgyaX5t2
TldDsOEQy4z4clk89g3x5KSqgOpmye+F9OUWLDTVokzN5gL//jsAgzUbZmcAyxfD
uXyFX4WbtcwLnPhtCBhWeARkf+BvQUxQK8Pjm9Un2Ixz+q8NPzLbctAcoeMw25T5
evuJxIxcGKcNZYNZfA==
-----END CERTIFICATE REQUEST-----

16
root/etc/letsencrypt/csr/0006_csr-certbot.pem Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICeTCCAWECAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNk
tMsMWXn37tSVQKgFPsWSaxLAEU9s73g1fC0PEqj4oiHRqsFjzLOZp6zvARgvIieL
/dul0FZrnkGtnUEXQqg6+zE5dqKTshRtbcn4hIV99+FXszcvmYVrDAeNjkAM9CN8
uT8Nn/svTVCOimJcC0t3IVxylduV54f74fGCSoCSSREyNjVSOMa/Hm94O9UrIFP/
ljp5+J52B53h2ZdPTTTqMY8wFJV/Fvb3ajwsJUhzVEMyLObickSK/2wLlCtFCPqG
EaT85qlpY1YMh3/nZeKkl/c8oC6ylNzZ1GVkLPLrWWPE7XyK5PsZtz/QaYR9CaWD
UFpBQmywcFBbTpDzQzsCAwEAAaA0MDIGCSqGSIb3DQEJDjElMCMwIQYDVR0RBBow
GIIWbWVkdXNhLmpjb2xlYnJhbmQuaW5mbzANBgkqhkiG9w0BAQsFAAOCAQEAWzYY
EAK+wd5c/dwEKV1AYkrsPiBlKlHTmihF7AOVWkmE3atkqzE+BbFXNz+s6Wy/fblo
RgQY7yDZS0Cuk2t0oeSlBAAnd41/AmtHQ4FFR+oQ4g43oUucwIq+JNhoRaef9KjR
PR+mho1GfsKEM3n+NVHAtv/zuYGmp1lA0e23CiYgYlHI7ArgczDH0NaIj8bntmiF
fdXyOEkuZCLLRT8Erf9pK3q+FiDSmJg5Fgv3bWNPhLAxGWDXVmc4sU3cA/quqMSN
F9TSmlmwgumqcJ28Vvns/E2wIKhGctTSQNaf6f0vA9900pNKwahnqRB3znX5dWhZ
O3LhEt5oE4uEyLgFng==
-----END CERTIFICATE REQUEST-----

16
root/etc/letsencrypt/csr/0007_csr-certbot.pem Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICcjCCAVoCAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKzM
u2bgPigRNzLOIwcpjEuhjqW2vvtvoA5qdQnasfrqmd52qzPtvGJHQbOJFF0Uvbpp
sQwnURTHcUbLys8kVxj+cq+XtLW/d0d8/imrSZG1zBzIb0FuW/k5EPCTgl5Ig6mq
c/gvE/K44Czdh46nbvcxVZtXs4pAh0UghpkX0TSyqTl8NBcF3duTb9a3jIWlHGcz
gi028Fn7fUf2kdSytQU75oPiVLAZiOTDA3FJFirkW1+3Y8W6RmhmsUdfXL8mZ7Ca
fYHZb2wKwDdrXkH+aieStm9R2/X6yt/9K6wBI0mXU2L0FYmxV6PuR37Be96hTwT6
3sHoc4Ip/+j7wWrEjHcCAwEAAaAtMCsGCSqGSIb3DQEJDjEeMBwwGgYDVR0RBBMw
EYIPamNvbGVicmFuZC5pbmZvMA0GCSqGSIb3DQEBCwUAA4IBAQBZkfVXFNYjIv4c
9a7hrFa2o3O5GO7pYPENaq6B+1oqugUu3U/5PtSx2BdlqidQrBS0ivimJRlQgQ0Y
r1KFLpVXSGfNd/rmAt0CxmMVQGGhQTYjayLwTX7SPaRFHjcKiCNNxK0tZ6Xcw/fr
MH1LRuzrpSiQw/OgZqSefu/U0rqmYMKTyNZX4DvaWAT7Sa4ZWc4dRPFKdiFnI504
nFV4+JScCOQzTB7a9b6f7XFVbm2We8o4A7WAzOeNarqB9GuSQ1vL5aRsGWVTW0D5
L2zTgNOzqceXbhR+PHwVNXLNw+ctoHdaHoZPO0l3RtMH71G5EwWd8mxf19NZO85P
8tSbZcGm
-----END CERTIFICATE REQUEST-----

16
root/etc/letsencrypt/csr/0008_csr-certbot.pem Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICcjCCAVoCAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMsx
ol34i+79CDX+QFxh713uQ7p6p+SHri8WkZLcoNp4hRhkOk6kDLG/Kw+B2jfO/kl3
0AQkGKhEtVIcWbpmeXCSizGDS7dMAyeT6s+EKuzxbXLbNsm/K+obsKm7vCZCd+yK
GAPq2En8AJzbhVYWHZOrX7zXUGv0m+RDMSdl1Hkg+1qdYUgY3p14osr4MDaDbstT
cPW/U63W1DkHPI0s4eJjua01upjfekdXYmbIHclPXvEF4X1q/96NvHGKgQ9RtDaH
j+iVL2jAdc9N94JNEkIzmiERbwDVcY6upo3aHTAP+1J2V5aaPQwbxgNAmeEeVq5i
OQ4/e1CJzl6t+bvbcU8CAwEAAaAtMCsGCSqGSIb3DQEJDjEeMBwwGgYDVR0RBBMw
EYIPamNvbGVicmFuZC5pbmZvMA0GCSqGSIb3DQEBCwUAA4IBAQC2k3SQt3BHFuxV
Ub+ShmqO9na3ZGx+eZ8BonrQ81VGQLkuj5bIzqVGPvgmeYhx8+sI7OhvZIgeRJg/
u24a/CsNgGrl1VL1nqlMNCeoImkqy+B9RUbQCif2XsFW+WTJ7imAZJVUXf2wmXed
OsQKvIp4Jb6+grcLGnoWDYOKXmacEK/7Kq7ttXu7V2Zf1nj4pnIDdCnyjEPnmmFH
6pbbn+Aj2ol9GIoq/OUGImZ1mHXk3Um0fOZOSrz6qLXiPEVxOjOVYSo67/G8VDIP
tc4KLe4PAU7u0he8nOzrYmHK7TR8kCsZlUXNwagbZvIwtnjag6PNsIuvIIKQkXWE
WFA1GkNN
-----END CERTIFICATE REQUEST-----

16
root/etc/letsencrypt/csr/0009_csr-certbot.pem Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICcjCCAVoCAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMQI
6rQz5AodJk++Bsk25XMOiNFhV/+tMFS9V7TsNFSjvdviGAPq17bWQ0yf2bclBQNG
eJvLERgMY29cHNepaNnbhcKartL/M5rV89r7fk9l00T2gwUYuTKOQtGbvCJct6QO
dOVA/yNrm28aFxp3zKGgz+nZS00mimEZi/QIPC3DXSx/nGUca2am9S/DPYujPhkd
afKFrIb3rvhKunR/3ScVDr+yl8dubUZP7vZqLmnJf00TzSSbicAxz7EkKazZABLV
Oe0kxFKpl4vCU7WN2SQFDGvxCzWuawF60ispDFPeFdO/nmNAEfkjv9l0XbJdvC0/
1d1Z+fWlgvGUpR/tIAECAwEAAaAtMCsGCSqGSIb3DQEJDjEeMBwwGgYDVR0RBBMw
EYIPamNvbGVicmFuZC5pbmZvMA0GCSqGSIb3DQEBCwUAA4IBAQCtpZvzxLlt53UZ
G3uYKxW+BZidqCkax7yZcpOpolgwYv7Nh6MyP4kI73Tgm2wC6EwJiAuXtCiRei7q
MHYVln5aWUK7VGejBi6TsNCGYhshiPXkYV7H222PycXxearAi3uFiHeZTNZJZlLR
eeqDj/FTtQZ0j/i/vhlLYCwGNwWb+U4LxMJxFjDa832miQsCEaOqDkwlA88voUJN
R2bjG+aI8tDHAfXpzMnkPF0T0Xz1GxOOShGxwFwnIf6R4Xx0gjHCFN9PGmJfgeSg
odYtKL3kYu/+s9TgBblCjn4X6XbdEy3XEnTEsosie9sy8XEcNOBEBJoaVAj/faQS
NmWzCF/6
-----END CERTIFICATE REQUEST-----

16
root/etc/letsencrypt/csr/0010_csr-certbot.pem Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICcjCCAVoCAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMf1
enm8e9RPeQblkFEvndP9LnRfJUJp/SbdSITBg5lOHWPLSoGdzyYZIFJMH/4bH5br
dcQcmJam1UjiQybuC7JYyr6+7S62o3PoslDcnwUK8iCj6VbEM9OwVmRkKXy4SqgY
pbAquo1+UCpU1yDogJHeybaqSRaLplRr24nvpKZxlVvkeNzfYW5Wmh2eFDCuynnK
zS+p2f4GQRqeCsR00z0++QIvuQKBf+YjP7gKBh49Wc7igEcoOvZOsHTE8MZx7Qb2
5h9atEnyA0EQOVVY4d9dNPNvMFJyjiOcSMih3tNRBivseeEoZaIM21yMP3y94n3S
y5YXrHPSVuLKipT6sYUCAwEAAaAtMCsGCSqGSIb3DQEJDjEeMBwwGgYDVR0RBBMw
EYIPamNvbGVicmFuZC5pbmZvMA0GCSqGSIb3DQEBCwUAA4IBAQAjr9iT8PbpJ2ws
INwAkxsQEJcM9Rlxq8CstMjK1ICm/6pgE2XavH/VTBm0LEFzk3k23Q7TV9GXqRd8
f498WP4AxcyUk3oPLp5QRV2IFjMBrYrj4sIZxERAsTwt3NJaOw6poLDkLDzg7SCI
yaPxpOjXtRthg7eZRyMa0h0wN67BLSbCZI7YWOhzY9r+Q1RbXDBq7lmzyOJDdqfW
XmUgvH5cuJmdJOopyXCo6/4nyic5SDaDdtRBZKnrZ1gP6mP+snLfT9OZUSlX/4KS
4EQYCCKuBsik6RTo1oXy/OvHOJeiOSxKZaMyaZpqCCPsS0QWgp4HO6OUVUbZhKss
D9coWpOr
-----END CERTIFICATE REQUEST-----

17
root/etc/letsencrypt/csr/0011_csr-certbot.pem Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICnzCCAYcCAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALto
u/6wMVhVCAomZPQx8tvgkOBw+ZRqiK/bxPOdPn5/AJ0uImPg3TVO7CT6V45iCwCl
EABNrnSckC284TyoLbl+0X3IJI9W+I2y05D4bQh63X8Hv53W3jiQ0lI8fdvJsOHS
m9sOlRc95hAxLycZMqavDAK8nsdcLun2TqsRQmljB9HszPgbNUQfg12OBJHfkNlA
Jjy06Hk/TG+gWDbfHRCrt3VtbFOr7F16lYpyt43+S++1kFZPIBDaLhBN7jnLUO6f
JvAh2WhAvPamieqf2L86J8Elovo72NJvyVeIeqpkmAJ/+6oXscJb+s5i428ql17J
YNXji4R+7Kbx1pNUqwcCAwEAAaBaMFgGCSqGSIb3DQEJDjFLMEkwRwYDVR0RBEAw
PoIPamNvbGVicmFuZC5pbmZvghZtZWR1c2EuamNvbGVicmFuZC5pbmZvghN3d3cu
amNvbGVicmFuZC5pbmZvMA0GCSqGSIb3DQEBCwUAA4IBAQChPyYKd2oluqP8VzGd
bBLQ2NTOFP0DwOBW/p5NwKdKapK1FQc7N6VDbpmv7Nei/4I4UQPOwQlfBRT+RkXa
UjnpK9LRwTbp0CGWq+8CrS3U8FbfPAVurKNkUebkV+EGoqYkQV3HUwbK0859iPyO
oeJnbUitwHXfyB8MXKmXbO9vxTf3S2BCuS8mhSvVJuNhHD+jCFUvMemYBB/TrjNU
2rIKzT/iI3vriFJ2jXPZmghbTvh9FearGjMbGHinSYpgyI2e0bs9UBvRIl33V3bl
pKXWtVYGZGSZAkLgKKrsNeWGOV2T+fgAEjSlAUymxsbYn23Suxb+90us1e65kODB
JkPb
-----END CERTIFICATE REQUEST-----

18
root/etc/letsencrypt/csr/0012_csr-certbot.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICzzCCAbcCAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKVe
eIWFqsEaoBmBxH0wwQ34gXRCBpSnzr28zHb39oiwWPbM6QjLdlk6XTqz98n9vs9n
oI2uSHQvdTaqvJBdkrnQTVXtnZ7mSY0i1x6qmbn2SzqKHIhcZCh8A5XW3o32Fnrj
UsaWPOFhthPetUEfGHoVBu20csU4ntW7ck4wDXoVlOJ7qAyKO5PR8XU3Lgs9l/fA
og+qUo3rKcxIuv98BjGA8WQDFW2X2keCNAQpi9cIOHNjQs5H8DkF2SN62Y09M+51
4LMq0+2Da25bqV+bNGhUAHYeEiIKW+gVlXcbeR6jzKJHR4mqGyDuZSW3hoof3ZbS
ryiTtiVzHhL3SMIEIbcCAwEAAaCBiTCBhgYJKoZIhvcNAQkOMXkwdzB1BgNVHREE
bjBsghV2aWRlby5qY29sZWJyYW5kLmluZm+CFXdhdGNoLmpjb2xlYnJhbmQuaW5m
b4IPamNvbGVicmFuZC5pbmZvghZtZWR1c2EuamNvbGVicmFuZC5pbmZvghN3d3cu
amNvbGVicmFuZC5pbmZvMA0GCSqGSIb3DQEBCwUAA4IBAQBef3cVj7rfV4xSapRO
LLo6a6tVDu2HOpF+Rr5nmIKCS6ncSMz4Qr3+dOJ0P6iR3Dz9lPzzHNQomtnf1c2C
7kMvK8DDXvBPmPn/It/mJeOuFVssKTcAu2zDLfWSadjFmg01zLN5jXVcFPJvx92N
ap1w0XDut+N+6PHyLUl2F7dRa4uJuC+SK7Uy5CldPOLtL1kkdsXfFZ7gqK38dZ2x
XY5YFEgjQO+bTeG2HXteMAQXFhILU3v8tjJ7hLwb9eZiRdKGVRm89dCKSQBlqw1V
lo3E3Lw5sGHsL1nJ7MkBur1kw9nmr2Kufbu1Jj7726MNu7HZNPCqJrfUrlrjjUUc
3/up
-----END CERTIFICATE REQUEST-----

18
root/etc/letsencrypt/csr/0013_csr-certbot.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICzzCCAbcCAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKQL
GG76uFoqmsbZhrzmTJiyK/4IwnTlvSZbkjCL1WCskfwoTBBgX1OsBZ098kZFT/AX
eSDF140w0FxLMAbpbPR/TADFTKywrXpqJBkN6Pi/hFzy8E49lLeqDWACusF7fJNX
OtS/fxyR0wujwaZdSgQph2UHuqgo6ZAhag13RYRMaF4xE93e4EcTS8b/4xzGbdjq
7inorVFyg1/4p+xzOlZWvCx9quZLh7Zxw+xyk4HTsAd2QyNFLQ3DTVO4pl+lAHYN
Cj8gWW9VA/0WSuX5+dmmIVLNPj0NKrEPUNf0AQio8H659h3XOqVP7us5yJb3yGIn
V1p4NUxWpreSJeg9MakCAwEAAaCBiTCBhgYJKoZIhvcNAQkOMXkwdzB1BgNVHREE
bjBsghV2aWRlby5qY29sZWJyYW5kLmluZm+CFXdhdGNoLmpjb2xlYnJhbmQuaW5m
b4IPamNvbGVicmFuZC5pbmZvghZtZWR1c2EuamNvbGVicmFuZC5pbmZvghN3d3cu
amNvbGVicmFuZC5pbmZvMA0GCSqGSIb3DQEBCwUAA4IBAQCNwNPovWQwVnCxrgGA
fWINb2nm5BXTE1iS/vlzBOtxTfrjRI1/JaiALtRkGbu/+Yg3peQfNsQGEob3rV1Q
gKLbxhzvqgxqS/miR31L3KjBsJlo0NdTk6QV+cQcZHVuXQB1S95jn9VCclj2kCqm
aoEZwLqakF26Xl3chS7BkbuzGVFYkT5r0B4leD5xdz5tJ0O9nACAvQJ7NT/coDpn
0rtegBU6f5ZM22PZ/SfotEjsZA7JxnzOYmeqydvQioLXbwotoQ8ellZhp9wBvGOU
08JJc1qkUvG0knYEyO5/8b5fTlMlU6de6jYNDG+7v+ROs3jQ5Je5QfLFLuZIrjOl
5vZV
-----END CERTIFICATE REQUEST-----

18
root/etc/letsencrypt/csr/0014_csr-certbot.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICzzCCAbcCAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKli
n08q2qV4SpUPmD3hZEKYR2F2lGmFfGT73TnQSYtUsuUyX2kT757LiiMFQoUl6VMz
Mk77BKHEGsgsdcN1LPMoHiXMgO1lJFZE7JelEvdgAKPuY5KCadbC5I1lOrgOYXHZ
goLmC1BjNBtimr+GDhm9PSqy9YoFpyeDwNEobWZaNQPrtSUMEYVvai335A/NwO/l
mFyw1zmjDy6erPe0bg6zDePsZ1BGCfdByTIYV13YJ+8fuX5hSsYIRNYwJzGEUF8J
EmO91t3X/RQVdx2t97rftUebO80cMOUGjzmszcQcpr9KHHgYnhOL6+PLn2jyWMPz
AKQK4QyK3O/5khjXH00CAwEAAaCBiTCBhgYJKoZIhvcNAQkOMXkwdzB1BgNVHREE
bjBsghV2aWRlby5qY29sZWJyYW5kLmluZm+CFXdhdGNoLmpjb2xlYnJhbmQuaW5m
b4IPamNvbGVicmFuZC5pbmZvghZtZWR1c2EuamNvbGVicmFuZC5pbmZvghN3d3cu
amNvbGVicmFuZC5pbmZvMA0GCSqGSIb3DQEBCwUAA4IBAQAdZ/SJDd0FHRjdSGh8
CtBe6XO+wbP5Q8CwtrhA6e3I8+D6rq4lzKPFM7fHYu+6p0h/0WYyD5/W/m9aWWjb
ROd6ztSm355WX9AJx7sBHUD7jmCSkwriBcCPIpNCRB6VFjn8eP7go2OMcGXx55xx
+id1CB2WB4JNmnOEFFDJIEM36JfUqPuVbotDmRSduj9PtD88vtrI8/phwtfJOK53
Eh/OFHDi2A1oznxXtkK3AZuiNFfo3Or8yaLITMmI1RXk8MN5tAyeym08J3QMAR7g
yEUuTmXFAhASDj1Qpcuywf/X6EcMPs5o/yPXklwCPyPXI6gRpdrhlV24dsk0cWIm
1W/P
-----END CERTIFICATE REQUEST-----

18
root/etc/letsencrypt/csr/0015_csr-certbot.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICzzCCAbcCAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAP1F
rAK94neuVu+QmvjuJXL7b7uprChD+/tCMC1Z1Pj9eNHUKYpm5iHU/K/7RBrK7Ugx
yyCkgL/ep22VsqPwFEPNnMovb5u2Q+js7sIxlkw9rhadRfcBBRraR1uudFXi9WiI
2Fktj3LXgLKAGCtOWs0lLHGdoUEY6oBzvMNTXcG5KklVXcBuX38XGsCtbp1K8slP
P2A5Slqru33d5M9T161D3nBTf+iXxvq4V6HIFBomYPS8hpx7iQ3S/mg5ik6DVEyl
rTEaKKFxhqT74jkwcfUz1hJJKEz/aHl5jtmOclil69BgIoXeiKkw+SAhUOEc2NQZ
Y7AimfXCrcfPBhPUue8CAwEAAaCBiTCBhgYJKoZIhvcNAQkOMXkwdzB1BgNVHREE
bjBsghV2aWRlby5qY29sZWJyYW5kLmluZm+CFXdhdGNoLmpjb2xlYnJhbmQuaW5m
b4IPamNvbGVicmFuZC5pbmZvghZtZWR1c2EuamNvbGVicmFuZC5pbmZvghN3d3cu
amNvbGVicmFuZC5pbmZvMA0GCSqGSIb3DQEBCwUAA4IBAQAYQTSaxYPDJh3VD9ql
EGaJFszsIxSRK5fTUqhlb1u9OYcvqegtExvPHCwtYDLdLGQ4S9FbUJm4KtUF1X5e
axwDu/wbWFNUWOTA++lVfYnN7+2lGPZTx9E7B7Rz9seaocIBr5l57sODtVIj8uFn
GSTtmVRZLR8A41KxpRBclCUE3glSJL8IqmqfgLoEwPGHw7OeoBNyjIeBSRZF1bh4
NO0l8ShcoSMC5AkKwMBrKvEGpfBcZuwpuaGLmTl9yFNuBDerPo/GREQlXnF2X/UT
SvkviOXMc0G8Gzf9yTraLhfi0MG38y/7ci2mEJyR6aLk6TKI6xhRR2WiFHrnnKGZ
c7jf
-----END CERTIFICATE REQUEST-----

18
root/etc/letsencrypt/csr/0016_csr-certbot.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIC6TCCAdECAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9g
WYFU2a2J3v4iurBkuejs0u2QUzcHTHMeCVGoPw0p6tCdET2g21FvMyL/j4NghDBD
Sr/a63moaoYrG/yeHrSFPfU1XQ6oQc/t6wvpwHMo67jYrE51pnq/rETTOLd7Komk
zC7F8tzHiRuIqyv87HJhj9KH6ZtqJrskearKbsqaH6Xzp8OxXB4etbmTBMHypS0B
XrazdnHZUgBAvZVAA7qGXmhoH9CW/tjiFsX8a9beMMSqfePSPfzoZYwQkAmlvnmw
xYc8pxvXwMAmZXEyfWnHJJ6gaHNOOy0Azl/410RPgwux9vAjOledUxdV/UxTcvKb
kCWvrfRewtg7dqOEyGMCAwEAAaCBozCBoAYJKoZIhvcNAQkOMYGSMIGPMIGMBgNV
HREEgYQwgYGCFm1lZHVzYS5qY29sZWJyYW5kLmluZm+CD2pjb2xlYnJhbmQuaW5m
b4ITd3d3Lmpjb2xlYnJhbmQuaW5mb4IVdmlkZW8uamNvbGVicmFuZC5pbmZvghV3
YXRjaC5qY29sZWJyYW5kLmluZm+CE2FwaS5qY29sZWJyYW5kLmluZm8wDQYJKoZI
hvcNAQELBQADggEBADguF1eDuTME2Piz5i0MsfbtATcJ48cyrkt5zDuCgHGQ0ud3
QvvNp3DLiu3ozyLI+vvucuoBWQamoHrb3vk0sm2QdUh1ULLGNS6TdBywASqfIIMG
Cl2j3wFfDCOY2hELw2a792mLO4cq//+ZqmEztrewrxCnGMYYZnwwdNDu772zr6Cg
aKsyathccv9M9/R6tTemI158gaNeLGXJyEi15LkjO3L3+QF8QRlUbNJpJgY4CYfJ
Kxsf3eqMkbCZLkqx19icIdvZtgKp8KatzmtN61SKGFLpqeGpwE7xYtVm+XJlXGEn
i4grb8H8P/An7gmO0CUVNOjqBzN/g9907ee77VM=
-----END CERTIFICATE REQUEST-----

28
root/etc/letsencrypt/keys/0003_key-certbot.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIVmuDZnVr5rE4
GJKrezsG7f3O3TdtKJCyrMpu308aemM0tNd9EhmNsf3525p4AWbt6nMxhbOzMAXc
uc7EjjIFkf+9syxAsaC4N1NKWpQsvF+0OK1pE4WURYJY4JmfY5OEGOtV8oUoqDjU
2+//0eiqzDYiMHHHPETzJsRs6ZZ1EFOW83FfDg8b/B4TuveJ4BuMwS40QVviiZa3
DEq8vRYAVImy45NYEJPPWXQ8J4PjL6EEVFNfuBGvKMnzSPU7umQmtaN4qrQyjVp6
DZ2KoIKYnUhf35XiOm1Rkbz263pbwZs1xHiOSKpRdDsPELJZWDPHdUfl0PUfTQFv
he2fdVIxAgMBAAECggEADMHOClnDp+mShukvq8pG1bfhdeMJ1MJkxm/w2xMOwTei
ahiK8UyuAmMfcmHsyfAC6ysHB1QFf6dS9D2DwGnynv6vS5flfUAiZSCmxeETNu8O
5BXI2xxSYQD1Hi49MhRf8CU7FSfCmXZu2gUgWQi3mWq0FsTBdgetN1OUZgAQ4+bX
nFWAitIgHM0ddhWyXhbLcrBfS7VRU9uuvsbY8SWNiu1WwLTwO2c5ErxVQ9l++rmE
NDwfm0iBl3QSwDmPUHlU8INEKACCeWs8yujqgV17sacIMbyDawIkbA1jD+24Cp81
13sfx6ZGxAIf7qGmVdJlX44Bg0qs8xm6ylssUpLhDQKBgQDV9Ft8yxkHOjYQ0Hif
oweSwny5xgQIAWE2OSyZmDQOiOOsYNi8lwLo8Iv11hl3JY5sNWd6UGP27WhjCTyp
6E6SOM5CxXxFqrC2e9EMCfN/mRqFVDYJF1KMxKaRo/btBB5Q28PqsqsmzobPWwF1
zIfc6OYw1qcazeQPEUDA+oiuLQKBgQDvtQUvL9HS7piA+WRz+rYGzhzES1vrmdCq
UhG0LfeSt3G+M4711YeG5ShP55xcYZWtm6sVHtdm1w7krhDsWXBtE1NoaabJ0Eec
JcJoqVzBiWVrK6PV6YcRE4Rd1gc3s6ruDJbb/f6gAM9lnVuItY/m3CSvtWREbLJV
yObs1RD6lQKBgQC6r1ykpxJPnBtQ0JZvtHEHPWxXLNCXq5yHE5w26PeDNy5xWo/C
/oErf7if6RCPRdXf1TlVIJAZBU3wHD8ygeEM9UQEPw0QPL+0epUNTCGLVKwvais8
A32kFnLA4bCzXsSVCS0JvJxaYBqBE4dSogRqXU19j85/NOepvgQiXnikgQKBgHMD
QxKJ+j4f9xJjFvzC/ZW0TX8tvVQFAGbIa/As4g4GcM/XAzAXHSjvSPFV6uM0e1HK
UEMZAjc41s+IaVxN6bCcRjfiAYHxqnpUb7wyDuxZlUzfqoOXwhPCbo9rgxkJ3ujL
J5M0gniZCunxn5qvqvUVCZE5Env2P3cDpzFZZgUlAoGBAKFdySzf4wRZ5U/6HC7Q
bMS+/5HgUaHUHU8Cgj+s8H+HMm4Pmt2nGHfC7uzhjh5aznuQZUv2EE9LPirqS3kI
XOtY5rrKKWPyOF92lqARW813frloN+q9OS6CbJPNw6GGTuM91M4d/dExMQ/UwQU1
K8KA8JsoEUloNTpRf2OuI80j
-----END PRIVATE KEY-----

28
root/etc/letsencrypt/keys/0004_key-certbot.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCI6ZdU4j/SgFZ1
3uMdtcj17Hq9FxelP2r9m6a0D5O29hutAmP5rSGMPwpD/an5kU5DxZ7A4SUWpMlz
m+BtIP2Qsvm+DyHnGnj7Yi3qn/Dp0X27toON6NZ6w282f+qVAPiMvO4uootCL3dv
deoO76wcBM3D1hbOMC6ejLRVfRNSj5EkDmWP6BiwMcmXECRJcqsPZ28PxhNIwTsP
8UjKgWfI+p7ZPD6Hs6FTeEnLnTc5wJ3+H9owmi5c59LWpfyFZnHRfUlTyEG17RI2
QeD3P91F5xrdbCjtPUldFa5G6eWJF1WY3uYlqidMbD1COxsGeg1FfpK2s5bAuS4E
RgJ9pZgbAgMBAAECggEAF8FH4495+WERH1Rz3ZTL8Hd+eE6IaMCPJL+b9gP54jXj
aWpPxGNYvce2VUOu+UFP7gxc1iR6VepzlZ6HGwgtVqznDiX8AOgj86H+S4ZCu58A
jNBHFRlAFX7RTgh1wDKx7WFehjLnrK0lsO4plTvaheYDeaYswMu1WwcYxvhzoNBN
KbXjzrQrn77JAgUPI2fnZSY4CVh2yoryHdGiw4VsY1KBjCCvTbt6gE4PpWASlegO
yi7bsyt5bh0B2eOqiPDlTNVILEC+qtWN2wjQtChiQ19mMSjfBWrS4kgdwW3jqwqd
NTXXJOwj84IKIN0QbCVJOOzk4lEsHhQq2b9GMv4PmQKBgQC+a9zMj09JjgAcCDet
IE4WtPgsbQYU7IkszjElIq8gXeqP0p1Yvi371CP7t+kRat8z7UuiNXqgIF6+xqEl
ZCRfDCDOxjxU4g/Bt/4xhworkEGQHGAuj59MWIdyjW1b08MXx10fWEhhbG86OAzY
XpUzO/dn9lkME24NuHhzKW/lhwKBgQC4EDhRSKPsYWFG4PNSBo+z6nYq8F1tQtou
tDbcpQxMTzGKAJq5EPCDK1d1PY/99blkbpUvCuD0byLBdpQPpb1leAO7EHbDqPiy
na2SX8XiEueg8JI4rSNUGOhgS+v0YN/6Aw7QqyHzRRik3kw4IylUR8CgIa2J82qU
ODanWEGdzQKBgQCxeKXYoNgsnYPMnHwHhsxArXl/Lj000x8l+yYijijZ6a3rTUgI
pXcF9blzqPw3l3tfUhHjpCQdiQ3EkCswRhz/2LXbATbJhcdZrLnkPw9jepcgUNHz
kzfMV9YlFVqO8tYpG03XINiUtBMWF5chMUWs8n6rDhYAAzvW3c6kxkHbkQKBgQCj
VtGDYIEHjcsziQCkc+omcRR4OmHOShswgwCEgXsOZODDZJHpVVz6KgYspnsXlW31
8CQ3YOIMSGuBX2c5E42ldAFricq7C0HX0BFt6cvDOZ+PtK0t2oeVY50jh3xWm3ln
djs5dgRky5Z5CER/NMTCZAJOmFRWLUsRSWlGzA0+qQKBgQCd+j0fnXPFQJv9zGwu
/u1tXbmGMVKfoYiOCJvRP4WuKPubCufon0Lt8U/IbJWC+I3evsGHhBy2TAe42GB7
KBXrTEjmu7/nWQ/lVH/uv5UsRHZy850EhtXWSXlZq4pVYbVu5zNunw5w72rpAXUP
tUfShS0ps4sgKxEeYu8ZEvWBLg==
-----END PRIVATE KEY-----

28
root/etc/letsencrypt/keys/0005_key-certbot.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDffcc59bBtXlcT
p1wQd+wbCYzzyvoEkE2frSPmXEhLz4fDp57zF6dn5LSX2WB8iUpboyiy+SKCkFKH
F0lCl8rjFq0HfeD+JRgDC12nOwpXJd2OvgOh0TKalUDfnbQhnlgIHNVPLKAkSEKB
9YupNP7HwuWeMU9Dv7Y0Tg504PMdBz85x2ii+xSBnkkiVu9FqEbsFDO9kA8DyL2b
Dp9Iu1+W7QpU0/WzUR46OFH9iiuG5djFXLgO0vEpWWnIJOawTACl0NHGqVtDNiqo
kyfEGTN81cXvFgz0uuVtwcSHQO695IDZxBX7wF8G3tNnbyTPHLL8b8qUEPCyfi6d
QsQcw+LDAgMBAAECggEAASJFuv0MnplubqqYNHsvRvnW7bu3ZgOHaUp7FqWcNkpA
wZTdoRUbI9NMuUKAk1Es/+cFg1bxPmFWEdpj5EMZ4+oPCa0xUYjFpOpPWNRbWpLW
G23KXe1OSOt970SBD/SaNLxUtrievWBief9RbJPYwRGzkYhlgw37cit9NkmX4itP
UOupK+20tjh/bG/Wrsc7emCAzs7TUCK5Je1xcSqH1Gx1x1Z7cU7dRKAeoGs9Vx2b
D3xUE9s6PHMZSf80BfI+S7gbBg1kJXwq9gnBtz3PSJ1mFhjdg8dNUjGONCSSwtTl
N0BvapeiARFMMlTEqgBWcHWFloHbBloI+RNdn9/J/QKBgQDyF+wUtA316alZYCzX
ERkMwHaiHAwCdqxruOierhu4v0S3KBDqXA/z8/cFfKqVR8R5m5PkQggkLwIMDsIK
uHCTzsV62hl6epI7uXqslPBKs6t0V/i8kc8yQYLRMD7jA6+k42LQ2ulh7S6h+nqu
2Hhi9valdkr51OoHtxvSUof8NwKBgQDsVE35yIY5+4AujsM3rqhv+x/tyEtdzulJ
TFPpzp1YWGWSFE70Z5JVZeiQOiSuOchPTzYbpUqJeR76VIgvY9OKIENbbAzWfC0F
fPqkwvc610S56xLVeQEuXTsuFh798SK6vg8kxS5NBKr8M59jRxkAfZyGfUmYxm9U
n9QGAh6/1QKBgQDEJNGnrIIrHZeRzDRIQ5gSFtWHXkX0sQXdeUEvX00ikAUyiAm8
d76NHrqi/XCP5kevZ3eZVk6WUmfMMSDR4sGDX+HsOUyvSSO1s/9KWJmfTJa7epMS
5OgEhcNhjT9GWrQyWfCz2smAB9Tic7h2dPiE5ibLxF3WsMS0X4zxCOEYXQKBgQCE
IQpLiepJxqw+24CXxCXWHeAXEHHaq9FQMsWDpgngl+OJzaLrEHEHH+froyZY5mNw
vAezYzGONNK2AMb3P+fIhQtDtOBklp6RP/PeZEbXdf2tuJkaEwIvCt8IgEOplMTn
BVXwJ/IgC2kRgkctuVVoKdJ2etvH98HM3WMsTMkmVQKBgQCO+4RWI8sJ1Fnps+np
ZSUZwVxB6+cvrcpn0EAEn5WGea83Rv9J06D+CLkQ6OcASKesr8ViMS7JttaRWqWR
CuG6BICejLNVyNeITDW6Ka5gmw1BRqMU7UvxS119YDmX1ngJ/AjC4CV8DxI8o/u0
qe6+zN1Zj63KNVjnU8F6y/dy+w==
-----END PRIVATE KEY-----

28
root/etc/letsencrypt/keys/0006_key-certbot.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzZLTLDFl59+7U
lUCoBT7FkmsSwBFPbO94NXwtDxKo+KIh0arBY8yzmaes7wEYLyIni/3bpdBWa55B
rZ1BF0KoOvsxOXaik7IUbW3J+ISFfffhV7M3L5mFawwHjY5ADPQjfLk/DZ/7L01Q
jopiXAtLdyFccpXbleeH++HxgkqAkkkRMjY1UjjGvx5veDvVKyBT/5Y6efiedged
4dmXT0006jGPMBSVfxb292o8LCVIc1RDMizm4nJEiv9sC5QrRQj6hhGk/OapaWNW
DId/52XipJf3PKAuspTc2dRlZCzy61ljxO18iuT7Gbc/0GmEfQmlg1BaQUJssHBQ
W06Q80M7AgMBAAECggEAF/Q3i/FfNUEc+/feBVGF+z283GkXJqLmKwgBR8b+d9+T
Tq6/fUlFOSooUJgtbjxE9EDmKeEvO4rtO9nh6KIhfXM6vWzt4XGVUtL12QU9NNII
OmfKf3D0r/MGTS/isbzJEMADwF6iYRkE2t/drJqby3zh0IVga0zN+MNyfRwntJka
sn7x2IqkPwurQsjP227BgbyMVq4F07D4c0eVwtnMzafKa6Y2ouGIke8TdDTSbyPL
77nmKz8JS8nh0r6K1w63tNkqZCU1viOntyzDM51CTJjWuFvBvFXF83JHthEXmFaV
EpmDHPdCoW1srPyWQpZgvmWPeNUxzB7V8JR5vPkBwQKBgQDO7euHv/L+wkOF+oSV
GmU54v4LS7WtbmQghCAyGC8nIkqTfgq3hcvt54ppv+lVtOgITcn+HpUQoCAjHNe+
g0VMDuROw4rOFqvlBgrCUffw8ODtJeQCOxyWrReCm9JZq44j0ixWhc5yFuEJiuD8
+g4qqJIopmlblih/SvJUGYFrWwKBgQDd7ygDdK9UaeECbhqvtA5Vl2om78A2bQpw
WiSeYsqe6CirVdg2gIbbYLQEzoO8TJjPSvqo2rJofiXzMmB1c8O+zi1S+cvojriG
RkfZ8Ei979RcpVWhXxulKSuR7kn1Z8WpnPzozU1EVB2WJTufd22/7VdBM0hdOAtv
gJ1rz9ttoQKBgQClczXO5Hq1lz3F8ffv/5rQHd5hybcJZCpKlVnos81/zLs0EqMe
+auEHI1e4EMAdBTSDuBifrFRCbaoXHdjrDHMDlwdXdutzBLEm4AevssvqmktNA6K
ehjxoJQbqdsWN0T+/xzUUUgvkHt91bzuiECrevzh46x5viXDIXmAJKSF4QKBgA5/
RdTb9WwFMo6PFK0vjNQofOWoOZ0UiF8IdGXoPCYfMjDm/aWpxaVk7r11pANT2ZOI
6VDIYGkU/HOjccuaUUoQe8N0z84ULJeQ1ba1zHqjxPJ8VlihNtQWGWOB9lDSg4Xt
3FN0vbxd5kTdj8R976xe25lFuU9ljtGszBuzyzihAoGAekX01V0nkuoOVm8AKJcm
9yQYBij/iiC4CF4lrK4AVP8nnAh4M2tpJn1Zqr1y/BeRJ6PSOX2LT5nFX0S8jUjC
f8gK8qLcIdwByt6PePlB+19QDLkn7jRngXMvQgnoCcrwVgCBdpTogg1AWpfhLNGC
BSqwmDjlr5nrH7tMLKwzfMM=
-----END PRIVATE KEY-----

28
root/etc/letsencrypt/keys/0007_key-certbot.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCszLtm4D4oETcy
ziMHKYxLoY6ltr77b6AOanUJ2rH66pnedqsz7bxiR0GziRRdFL26abEMJ1EUx3FG
y8rPJFcY/nKvl7S1v3dHfP4pq0mRtcwcyG9Bblv5ORDwk4JeSIOpqnP4LxPyuOAs
3YeOp273MVWbV7OKQIdFIIaZF9E0sqk5fDQXBd3bk2/Wt4yFpRxnM4ItNvBZ+31H
9pHUsrUFO+aD4lSwGYjkwwNxSRYq5Ftft2PFukZoZrFHX1y/Jmewmn2B2W9sCsA3
a15B/monkrZvUdv1+srf/SusASNJl1Ni9BWJsVej7kd+wXveoU8E+t7B6HOCKf/o
+8FqxIx3AgMBAAECggEAP47wcTcS9bbbWD8VCDnihiEO8GoG1kHpG9RRZ0X/B/1J
ileYwjlz/KwcAPbvPAt4e7wLaJ5/hsaTJkioOMezl5hjw61nxR//NhbF/7qmjUdS
o9WfgnAeuU0hq3N+VMKUVxBApq1eR31zy1zSUwjH2nlVdRVtjvEMMEN17pKhmyFu
SSdkTQPClstkefbYtzkXmSYXviSVgCMr38a137BEydHmzxFJ1G23F8naE1xouFJN
0CiduEapiwgaVOjt9B81pu/8fkPnWbzG2qUypvuSsHF9ZmeYMMt5CbFretnHuIoU
bIM0lCQTex+dJh6p6g1cFfllXcc3BNK0QtNCtPqI5QKBgQDrFolE2JERup8uXdWn
qNp/2UN4oO/67vapAErLPo6zkSmvahgccK6ZFNkHrVoqrTPYiyZfu01I3X5Kn9LC
jFqG/biu/1DPXSJKk1bws0UlYznIvosinF0TaiQdyONASRmfo+ulYX/87DCc5cAH
50iuVJAEjBxem5k7J90gFrBb8wKBgQC8K8GgXs8y6eUf7NlkCpTgVtguP4SNlCy+
ippATEGDd7Tb4Xc/M5YqSSb9y/0beZRNjjsnjhqqjPonW/gnAL98km5lDlzf/o1K
k+ZSzcm/vwe5dQ9mnx9EKwUZSkgkk7EAmiCMwMCkqEGFbjmdzSO09C2qw3YrCvv/
Zcmd7BSCbQKBgQC2h5/7QX+Z2WHg+WB7tiI45DN8BNFv73y7CYwJNMBN8icAmQqx
glg+aa59RH7e5e58csZPzDkcm0WEoYVeIuXjLDrqPTi8WN7YMoBtkXPdrKZgFHop
XGj0OxRhv+mar2diyT6dARAEDEtOdyDbwhtvqB7OOQ+J8ZxPDwuk75jtOwKBgEpe
yOJHVoD67HHXvHvLqteXu01cEVmbjKuqQBjVircZIsQcsnKqQtlnnB+G9fxb6v9U
DZEumt95ZI0Vzlgr9YKYpUUPjimBg/pLxiZH60r7h2QHHhUjIspgbl12fFjofnaM
c/ztWbY6Qdsom2EA6PHl5/6rzhJo/vwMEMl3uwtpAoGAaZn0I7nnwoxslCeLpq4T
3mZ0sJ5gPeXGc93L7Vc1A/wOgBoNFIZMsq7yama5WYRObvI+Aq7i7x3HhkTQ1I6T
plyviY4wRdApzWr5I5Xlh/d1YhNuNJPW07xLRWQWsSTrWo7TMAGNreEoJpCPv7r/
oNM2K3CM/9BLDbWNad3BE0w=
-----END PRIVATE KEY-----

28
root/etc/letsencrypt/keys/0008_key-certbot.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDLMaJd+Ivu/Qg1
/kBcYe9d7kO6eqfkh64vFpGS3KDaeIUYZDpOpAyxvysPgdo3zv5Jd9AEJBioRLVS
HFm6Znlwkosxg0u3TAMnk+rPhCrs8W1y2zbJvyvqG7Cpu7wmQnfsihgD6thJ/ACc
24VWFh2Tq1+811Br9JvkQzEnZdR5IPtanWFIGN6deKLK+DA2g27LU3D1v1Ot1tQ5
BzyNLOHiY7mtNbqY33pHV2JmyB3JT17xBeF9av/ejbxxioEPUbQ2h4/olS9owHXP
TfeCTRJCM5ohEW8A1XGOrqaN2h0wD/tSdleWmj0MG8YDQJnhHlauYjkOP3tQic5e
rfm723FPAgMBAAECggEAE69KSIpEnDF9MyXffFOsidAEVbN+QmB2mm84SR8Aokmc
s0E6eNXhuPKJLGZrCo8OCXYG+++3R83oNv0yICG/UA2SWIictDQz9giZbeMi+XNm
JANiqmbPzU1Dbx4V2ysDTTIPo4mDzJ8SPB/0KePYl665hqThUKQQ2is8PtHZpKZF
9BADqn7961mWcUxo6Mvo+c+pE+R73L+u7yxzD2ND6UuOcAyopuyik70Z8yykXH9R
SFJBcc92TVsN+MU7/QciiA0ep2kPHp/Pb7hE0OuDgsy/mVN3R02hO55ynhlyMjbB
j/7tHqCKOsGH++fAsA8WtlRZL2iDa87LSgItG8Mz4QKBgQDQSR6CH/stQ1kfFKaE
2sXCOX9t0Yxru11l3an5aFepxufEyly7DpBFevJ/CBpB/r56dNRozDmO5eDKZuLU
JxIuNHO6a1D+3BdygCZj+uM3fJ8O24mxgYB/erZtLsbGbXVyqHDU5QEYkyB/od+T
SnA5mzKo6AY9VoXjKkwpJDV2nwKBgQD5vekrbI4XgzCoz/glzk0Q3Ceu9/GYbJXp
JBvPteVV7CsfhYpNlC0x9fpz1HlhAdwFHqBIqrSFdkMWvbavRo4BqoN+25boWMT+
VAucrJ3kWwp3wMo0p/q5qJEIRz46ltthKMWjDKhPHt+BB8FeqG42qYBOUH4T0/F8
7w0OARN3UQKBgGKuYd/w2wYk5HKPTB2hsRRGPZOANnFMQgHjNYbO4smzTVe1MJ4H
Vl800vNQmXAvC3vlIkXMjHChhREgEdPF9x0hCLuH4MX+7LT49jdkRIajapCVfvU0
j/bV4txzzwVwErcSCvMy1IQaIMmXnd+g4u7IEwZnd51UAvcPsSnE1/etAoGAGfRl
tjCa99CXjwPGG0+8bKMksKduAVRPpCIvjb+urOZVePos7HEY3VdeBwmu76j8z79m
EwdCqZgn0sY2pTKk8YFiFx4FKfKHzpK3fjnmUuQvS1DK8vv+L6tYH08gJYCmHgvZ
tl9LYqWnvsYqj4bbpWyqO/lbkP322/AQIEN2XXECgYEAzaFAgT/Cfd4tyj8t5TkP
QChzB1YO2h4iozPcoQIepXQ0eK/idySt87nNp9rrpfD3Ftk+R6e9S+oTzq08QYab
WibNIj9x1c9/j3eHgHbSHBjpgADAgbg7OHYHkBGe9r+ifsrUvoCWrT0PzjcTpI3I
h6D2LbTzKz3TdMFfUy5sTKI=
-----END PRIVATE KEY-----

28
root/etc/letsencrypt/keys/0009_key-certbot.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDECOq0M+QKHSZP
vgbJNuVzDojRYVf/rTBUvVe07DRUo73b4hgD6te21kNMn9m3JQUDRnibyxEYDGNv
XBzXqWjZ24XCmq7S/zOa1fPa+35PZdNE9oMFGLkyjkLRm7wiXLekDnTlQP8ja5tv
Ghcad8yhoM/p2UtNJophGYv0CDwtw10sf5xlHGtmpvUvwz2Loz4ZHWnyhayG9674
Srp0f90nFQ6/spfHbm1GT+72ai5pyX9NE80km4nAMc+xJCms2QAS1TntJMRSqZeL
wlO1jdkkBQxr8Qs1rmsBetIrKQxT3hXTv55jQBH5I7/ZdF2yXbwtP9XdWfn1pYLx
lKUf7SABAgMBAAECggEAGoUiS1KhzQR4hF0uydXVYKVcuQa0QvCJE02yKdWylqi4
LKD/orgIisGdxSXy7CXj8bd85YapP1mdshkCBeLzPlXGWLdYY08HCjFblgpj4hXi
aPf4bZ4Un9RDEdxBrVxhs54JDmKmoYITOwqKiZgfZNY+imJNH5jRK6WrG05p5b7F
fr3Fj0LXZ3Ye3u6J803dRWhBA8ik0GmTRXmMNogclLIE3qToCshZYHe4BngJ6Dtg
hjI27x2UaczbM+s26aQjOW7JDu96KKMwKd0iT3cAi1oQ57+6NTAkEKbHAnkNlr0U
1jUWS9tFlCYSZBqKEE/82Ye7zJLe/1CzVnVLVgGyKQKBgQDQyfWkx39aW63YlgLT
1RhPfoqhPoEmwDPQcrzjPvzRQhLlktRcT7NE4KYFZ/MuHmVnh8m7mAKpqwl7XuVt
XLNLP8Y78aogSKSnQeG1HsHj61E5kOTx9DSkgt0JcVOfcvbXn4PrxGSiMkuEThOR
TyaunPO1qI2c25o8F3fkBRDTcwKBgQDwXKtz6zdaFhMWy5sU8UdKrR/aFZ9x8Cjh
for2VVJymzAy+TCBHyIef552vyUpDqj3GONb1Vh/xpUoHwKJlcML7AF2+VOvwkGq
yVld83IK+4doUIwvwFbqrh6EBs+XRafKF4jHGBWMUkKXEjHJPpnT1DFoU1P4UyqO
xf9dvVXpuwKBgC3zxTS3E7h3ZRO+MHEe/XLBjxFeCF7W/pBqMFhzjIEh4bbVUhff
Er2eE+wsrMEBv5/Bqwy2sB9XnYahpC0lsfBl4ONglOj2FAcb4OlUE6huKjpZQYpf
DRcIFk31u0nkq59ZZFeHqf5ow2YjKPtaSFE2Cg15Q3G6g3+mSqTM2J8xAoGBAMn/
x2Na6SC/bnl40TMvdo+OoTchdudFQsYHF/ffSrPgMgiUnSvWo1DoRZ9cEnnHxT4s
X16dFIwFsvKN5Q8Fmm6Zf72h2a/a3F8Qahdn8Y7DRk/naXjz9texTxn7s1hZBKL1
VlCjr/BGbYoSk16iSprYOFGJvgbytdBZG7yG0v3jAoGBAJfsBBU1NRqP4C2cpvI8
ZPn/hk93HPJKZJSCMmo3QGky3bxy02EnpUUmPcKDwqPDAzXj76sp76eJG4y5oMGY
q/tj77XDPRl5zQ99rhVpP0N5rE8Nj7ayt2pTFj+haP+56CPhLrBceeho4p8Do6D1
sy4PDE6IIaNSVTLv56+wd3ch
-----END PRIVATE KEY-----

28
root/etc/letsencrypt/keys/0010_key-certbot.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDH9Xp5vHvUT3kG
5ZBRL53T/S50XyVCaf0m3UiEwYOZTh1jy0qBnc8mGSBSTB/+Gx+W63XEHJiWptVI
4kMm7guyWMq+vu0utqNz6LJQ3J8FCvIgo+lWxDPTsFZkZCl8uEqoGKWwKrqNflAq
VNcg6ICR3sm2qkkWi6ZUa9uJ76SmcZVb5Hjc32FuVpodnhQwrsp5ys0vqdn+BkEa
ngrEdNM9PvkCL7kCgX/mIz+4CgYePVnO4oBHKDr2TrB0xPDGce0G9uYfWrRJ8gNB
EDlVWOHfXTTzbzBSco4jnEjIod7TUQYr7HnhKGWiDNtcjD98veJ90suWF6xz0lbi
yoqU+rGFAgMBAAECggEAQcEAgG2xzrQ/mTv+RCRDY0WbdBshloBiBdi4kydLjis4
0Os12f+58c5LaaSs1JO4xJkzRcUdjFTaSDhXWsLmx8QZD7abKkRW5bO8h4i1JiRe
UMt13NlyLYeMMUEav2+e5T4Npiu24vaJiBIUGDc8qDs5276NgEN188bwD6DlZPHa
CnLLbdwtACheBEnreTJyizj7DYZWfxcgrG7wS78WM2DOO1ItqtArUpeu8fXxoxjF
zSp44xzZFHxFUM8XlhdujV5p+6cOIqM6Q2Ohz4jKRN64eY7xsEEACZNo1oV8MXOC
vo8T8rK5KhT/9MYfL7uvz6r1B3LnKonXuDUADxAdtQKBgQDbNY7+o90quMPXWSbE
ZZyxwhohTR1hvS4h9c0BNE5X4OX2FdyoQ5SsTvb/esrwh+h5num7Rh5GxSTV6nJq
SdxqxfRdILaQht4frEKw3stDy4THX/jtDEfHUow7N+XgrZiqR4NshGjTZysuE4ID
ARg4cQjZZhL3in1UHHe8MxJTmwKBgQDphNHfqOxq8sGxHqB8hwSa9eq7UkarbxfF
ZJATTrSZt6jy0GFzZjphsALoBQZ/ne3aJE2zy+6SKgs+jxGsnYwnDQdXhMm6C1sa
g2zolZjkjvgj7JVn9BaaW/3ove3pLpjdrd1yT51BRz7UeeWE9Q/Um4Pvne8ITqh6
54ctONcxXwKBgQCvykeeFTKrq/gBnlDkdsguFQZ3ZiwF0XxJZ6C7MoMRHh3MNsP5
fBiiBcE2J/bO5W6c+b9em2B0SGy9z4Fpk0nbplvMwwsk48MFi1MAG+rNt0wHxwMM
tihpw90JME582znuc+MFBzo5LicGkEZWum399Uevb5gOQ1U2Oo4asqojuQKBgCEE
KHBI//Q3Em+qduJkbKBEOMX3YgqHEINWLpCsRhidwQNjtwOL5qE9M4v+eea9O43m
KB5NrRN5YlGcBNG1DMXQr8MOAT+Or3jWMCXKUO2v0SGzJ4SlHDUC4KlxgRvA/NgK
5w5sdz1th1KfUXY09+IFguf0GoHALU4DQjeAm9xdAoGBAM8JgpVlNIny3xANIz0f
ZQ+XR+dJWFVJ+Z6WDLpNf96u7VYTLDzW7qrAq5o6UU27RD1hoYwJdVdm0Z+p9ME4
wHFTZzr9hgkAQylWie6ibkmMeDMidrVpec/pgqIgfvTC5VHE3dg08U1Y97DU0VSO
1NbaCVO1CGRCNAKe5z0qG0Wr
-----END PRIVATE KEY-----

28
root/etc/letsencrypt/keys/0011_key-certbot.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7aLv+sDFYVQgK
JmT0MfLb4JDgcPmUaoiv28TznT5+fwCdLiJj4N01Tuwk+leOYgsApRAATa50nJAt
vOE8qC25ftF9yCSPVviNstOQ+G0Iet1/B7+d1t44kNJSPH3bybDh0pvbDpUXPeYQ
MS8nGTKmrwwCvJ7HXC7p9k6rEUJpYwfR7Mz4GzVEH4NdjgSR35DZQCY8tOh5P0xv
oFg23x0Qq7d1bWxTq+xdepWKcreN/kvvtZBWTyAQ2i4QTe45y1DunybwIdloQLz2
ponqn9i/OifBJaL6O9jSb8lXiHqqZJgCf/uqF7HCW/rOYuNvKpdeyWDV44uEfuym
8daTVKsHAgMBAAECggEAQPW+SDtRd2FN/pqtXpmbqUxvW2S9lgzRYUenvpuwKE+k
alct83njo1E+eFjQFZn1X11XrQtAH8qPDVONrSVMaCJFwjgoOAk48YDdZcA+pvRT
p28Lo83xTCEizf+Kzq7cIYKLpIQq+Jnrj4xE4GQTEwTVAHPaA5d36YAHZ7N9ViK1
Yqr52Lx4lab3/vfTWW7vGsiEt2A9N2C5x2fzRE5jJaitC+E10tks55y0YHPzLByj
GKU7rTQarx4h9oIhki0nn3+FUHq1bvbkodjCrSvMakZRK1x8Jgx+y7MqJ/6d4M3j
9N9Qj4YsBVrt9GiA9DwClXuLA7uTHE9w1Gp23XgfNQKBgQDxvHdSgRWWVcDGyJQP
v3YxrdMMpJDUtuFqksu9+RMvyudxVq4xtNB+5KpdoLHLF2VI8VfbaeBwHsOZo9d/
jHexiOz3E4rsMIEFroL3Pg1BviUFcelfcR60zYkp24CQtK1QKORWJ1csuJY/NlMe
kCCwiElVdKL72cebBbONZOaZ+wKBgQDGd6IiCxSjpV3eA14DY+gppioxo31aFCBf
WGKMl2FnZ0uD1JSfeY+u+6YwhMVfqGS4N+XgTjxe9i/J09dDZMiJ56cITPeYlUOL
Kk35PLaiRdKrBvO9ZuGvdrowiTlnl2IE/1FaqV6Ty4m7N+JFRu5fbPHHwr92HWum
OBpIZKzRZQKBgQDKmrsnWylMpvK7qMDvsfjOCnIo1oTMw7qKKB67SlbaZ6UzSQMW
hgV5VQ21C0n4fdNWH3ETZNnHHwGxc7DaJlDra2ewbaCx9LUuneUGc+uIfmVo+uAu
LhEeWGXtvxsyLTxVQvCdhLt7r/m9YTqpEwNS8ecEyI0RqKWzOEQU7cyYoQKBgQCO
feQ1RvlZiOf89zPvgTJ1fKy8mOHt45defSm8QQ+Y2wvXqa/PU8q6Wkj2eszuogs2
TEPKKMGleGHVKThbVae5g01kY0Y9EaW96/CxqkqB9VmMm2AyMwSEIt0I7ez+GC0y
41C4o/OYb0EC3tug241Xi/OHdaZbGkJow8zy/v0pFQKBgFNOB0a21poi6U9T47bz
Vms8S1dfrCA1mzNm8uCpcUeGstlNLMzgMd6/HZkVVlLKSyoNIjuC/j2cnhmE27gf
RDD0j6X5rr/bfdSgtlI3AvpNagEIgwS14Cgo1j4mRL5CE4N0OuKJxtz9quWgtwoA
FPFFvJUY0+gBsfNhpSHa9yhk
-----END PRIVATE KEY-----

28
root/etc/letsencrypt/keys/0012_key-certbot.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQClXniFharBGqAZ
gcR9MMEN+IF0QgaUp869vMx29/aIsFj2zOkIy3ZZOl06s/fJ/b7PZ6CNrkh0L3U2
qryQXZK50E1V7Z2e5kmNItceqpm59ks6ihyIXGQofAOV1t6N9hZ641LGljzhYbYT
3rVBHxh6FQbttHLFOJ7Vu3JOMA16FZTie6gMijuT0fF1Ny4LPZf3wKIPqlKN6ynM
SLr/fAYxgPFkAxVtl9pHgjQEKYvXCDhzY0LOR/A5BdkjetmNPTPudeCzKtPtg2tu
W6lfmzRoVAB2HhIiClvoFZV3G3keo8yiR0eJqhsg7mUlt4aKH92W0q8ok7Ylcx4S
90jCBCG3AgMBAAECggEACWuz1vtx6lVPeJSFcpJT9S1Khqp6QH68zt9SEJb4svnE
3651uhwJLnUeOYlmHNo5RAyFv3yFwSSw+z/HxTunb7F3rmT+fT5mQ0WQVr1mS4tF
5txWWshUpl/GPoOCozi5OB/6J7kIV9ierEwcLE0Osmm/PsxwW17p4Ygvr1eadPFt
P96zJeRxdHihGi6VeCU39xNnxtJYfflW31WjXv9KFhnksHdt6lApkdqGNrgiZnwZ
YlfZnTicoADQignj887/gl4xbSW0KFqhiGoYTpHkJEuvZPH54RdGksEw26VpmdbB
Ij7XixT9e9oYJue7ihLWC0HV2nbd3ThGzuLDuc42UQKBgQC6xjvSK5BmiO3baVsz
sxUCxaewT2qzePInn92iKaHJaY66cc8M79vg8dSmrlNaybWJsKnyQyK3KR/Fui0P
DaJ34nH87j4zNOeMw9dc76wyWBpNvxqvMA4BlNyxtqlxP2tLkDambcqIZehWDjIT
LVl4/G056RPa1P/NbiHBvmVKUQKBgQDiqTq50/nXuPry2XLi8mPjCO5W1uboHp48
CIWnNVKsCmyxLcfxeEcbckO2Uo5KGwlkXi/E974A9x2Lc0kPdu8WDVahriaU2tbH
HBduXgYRGfCOkgeMA1tyJogln3IMT8kd4u0Fxb/Jhwsh+4TfIYGTma9Dpw6PKcSr
Ygsj5M2hhwKBgQCZRJtKeN1ihvNJnkdtQYP4ZmKZWFJjPNjak2G49RkCw1CQx1v1
bc+t5EVxEpTsZ6JFf2e2mkkerOyZwZHATJwKbRTFTmxUcRGifgN5DGTuW0YajrxD
DtgvjA0e+JpLiJNvysROBsKw84+ZLsUA37IQinTHlPDqHuhbmAiziJ5uQQKBgFDx
dlNea96p5JRNK0X4ocs2KUdBv3wtUvzFXlV0KW3e2yn622hUN7CJgbzehonYVeZN
7Gk+v8/AcACYzwKCyqbpZIKgmo6WCBVa5tM3KJt60/lWFPPfTwzYzc4Bvsy+wWe2
3kYtdGwXmdYs6Cp24LtBKuHSCtT9aYp6nNfYocaJAoGANYboo+RaogT7XxG2fln9
532iQb1934SBFwkPJMCa2jtmLKi8XoOzj9BF4RNGH6HmKK9I9p30jFvqXnaAzVwc
Fyrxfs6MX/iWznQQFhzS8ZlOdtjtEIBqGcLGYU4j1ERQjcJ11LAdqMi3F7RjRtfR
eQxnnj5g2cA3MWmRjIygDqI=
-----END PRIVATE KEY-----

28
root/etc/letsencrypt/keys/0013_key-certbot.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCkCxhu+rhaKprG
2Ya85kyYsiv+CMJ05b0mW5Iwi9VgrJH8KEwQYF9TrAWdPfJGRU/wF3kgxdeNMNBc
SzAG6Wz0f0wAxUyssK16aiQZDej4v4Rc8vBOPZS3qg1gArrBe3yTVzrUv38ckdML
o8GmXUoEKYdlB7qoKOmQIWoNd0WETGheMRPd3uBHE0vG/+Mcxm3Y6u4p6K1RcoNf
+KfsczpWVrwsfarmS4e2ccPscpOB07AHdkMjRS0Nw01TuKZfpQB2DQo/IFlvVQP9
Fkrl+fnZpiFSzT49DSqxD1DX9AEIqPB+ufYd1zqlT+7rOciW98hiJ1daeDVMVqa3
kiXoPTGpAgMBAAECggEAAUrOFTe34ovx3q2hfFTzFwPWSWC/yWRy5j2z69p6IpIR
b1NQ8BMWRSY2gBvYD/olTE6fB2VPkp7nEUcNWIyXrWBgVKQ5O6YDo9J4uNLNekIl
9IZ8Yp1lEcJO6ynyVypWG6IFBl6AzZSPfUi7sogLGHfMR301WPRDjL1apMMDAu0E
7arDKzEk0vyQ0NUTPRNf9Vx3GGnJHWBhpgAuuzFklR1PlCSqRFBoZya/jvb8H7qw
qgH0dSzryfSHMeyDmuq/qmZvJ8WEIJXli4eKw61nU4CIe18Q4Q2r/TtRDe+JO0nj
7Ljpt+4L4qVW4W3fd+wJ3yRrYGiLJXhwftMf63XZIQKBgQDHwc0t70BZkLs1mHwY
3x+SnZzQ05q3pHToOGsGdl96y2edf2A0aN9cH95d/TUj7FwhbunRQfXMRtgUvE5h
u/FreyWwhgjCgQgOzqGPxRAkJUUCSfP0TLqvWNCM6y02f7MAn94tooIeUitI1VdK
zN5h01D3O8lkkf/RPKbl6jkt8QKBgQDSOxo3hxKOFfr1YUXksiDTrSX4NMR2Rvbm
NyIoJ8o4iOEjqGhDDWPhbJk+p3B3yKKguLjX969ZZm+r6IMsAOBLZDrBYnmzZM4S
GnQW4dpWL22mdUy0nlolmso2+ANUekWLZfGB5XG3MW+DnMNs6Dh+4/wtYI0RbwvZ
MTh8kmZnOQKBgFf70qXC1bMdfnfS3AYQcNWhOmr4aRMuCpgmEW3dQZzSbqb+bZ9n
+cmX99eqKXfTKZlIQxB6XwtEwPQRJO0DXQicSzN/NeiF8Mik1qB+ieeByu2BKUSX
bzrAgcsv4tA4Wt2RjMjI5Ur5ojsITNSTe/fWnbjnyoLTk7vTXSezjM/hAoGBALG0
7/ZcIR0mC1r8fL5SrFkCFgR3ZlKsrevwUtkquU+MtPMVWfzEBtf4mplRpEo8uOuu
+eDlJ74kTuU7yBWcL/zKnrf1a/ZukZrP7a2iAJO1x7RblxleeckrzR8mCnqQWNT6
uWkZ8EPwb9kK3E7lBUyNnw8kfFpuSc+wQZVbk2BRAoGBAKKhEHsNmHEtm0UdFTk9
fFMW0WASKGfajSzPofATB2q5xNpQaSvhXMaCzMj2s1bCgoiqSdg1dGLRFlV9LvOO
wBk3CtuYaR6CLO1a2paJStnCCrEYsFi5MSdbr1srOOExbi+EeIMVAzeGmJcwJJs+
lYfe+7OnreQ+z63HkNr7j8y8
-----END PRIVATE KEY-----

28
root/etc/letsencrypt/keys/0014_key-certbot.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCpYp9PKtqleEqV
D5g94WRCmEdhdpRphXxk+9050EmLVLLlMl9pE++ey4ojBUKFJelTMzJO+wShxBrI
LHXDdSzzKB4lzIDtZSRWROyXpRL3YACj7mOSgmnWwuSNZTq4DmFx2YKC5gtQYzQb
Ypq/hg4ZvT0qsvWKBacng8DRKG1mWjUD67UlDBGFb2ot9+QPzcDv5ZhcsNc5ow8u
nqz3tG4Osw3j7GdQRgn3QckyGFdd2CfvH7l+YUrGCETWMCcxhFBfCRJjvdbd1/0U
FXcdrfe637VHmzvNHDDlBo85rM3EHKa/Shx4GJ4Ti+vjy59o8ljD8wCkCuEMitzv
+ZIY1x9NAgMBAAECggEACpjE5qsDqr5vzAuBtr1XDGOCc7J7bm6PbbHkES3arADM
gFI6bdR1dTW+mppFoxbQFghp6U8C5yvhkQxXAbde7Idh+3NjzXY6Y7tEIeiN2zQC
Vj8fs5a9EFZ4/e+LUOB1cC3vYEkMBCdwpxXwIHM+hpW0MeuoOM5JussfUPZ6gaCh
CYnAq/G1lRII8hYSoXCSiZlY+L6uLRZm1A5xJR2xdRiLo9MKHtIcLTinkMPCQtJ3
xbdyxcqhVxuzkfclUpvM99syFm3s2ShWLjnZ1I4sn/7isctRWu0NmHjuqrpH06kr
iY7b8BD8On9qRpyweFg2oF+wnANl3Xod+CN6djRF8QKBgQDThX/mxdmiMeG/0K86
NB1UUfAt9BAnf7DJI0JRv+/gqJnbjgqVNKebCwcLj7RvXx/PmDu8EhqJUfxtwh+K
hQOSP5J6H3CtxmFpmrQA7e3qQSSARCjAG0jp6vMSzfJCFjG1kzK9FACeBEjQI/mR
lfSNG+s0128oJqXaAgwczwty2wKBgQDNAN6OVA8fuvnvCi0lRKLwWkgslprCePlF
pCHWn/0WF0zZpiLiubM5xDdx3p+opUMMJvxve+xl7xxoFSTi/touiNmgaEP28qzQ
gR8F5VKV9OQ/teWsgbjFQhkIzhLMvpbTB/oOyW/lXjUS4Zoqe0jJXzTwyBy6l3jm
0N2PqEhK9wKBgQCo5vVW5a3/Yi2N6anCpFK3Pia3yygLIl+cfVc7yDRYBMm3FBlH
Q6CCoa+if8HpHOBd+IXai+o8tQcI7fYZulU7tx/T/L8RRFQM68fI5jUQ1au78LFJ
lYAHqeEnpuRH+UkAYOYnLY3AoFM0QUXMBx4cf6q1q0HLofDVwMTDTGEr+QKBgFkw
tKNVvRLABXdThRq+xuktTlNf3ssXWNRMuZAoITNYRc43stvTkT9jt/+prOrxo78I
wzE5yDr9Ee3SrS65VHGEhrJ8Sn2JTViVpMqq4Ahv+FIjsF4iPiJMRJoJFjLQBMyh
ntCKIU24c/zX/HvZEWzTKDRNy/n+ZtJ9MrgKrhE3AoGAC9w0FYUKGtOvswOCLMD7
YxLsUgIneZWqpht4/Dvlfvrg2D2VIIjKmzYqEeckvI6PCG3xt8lHRmJt/W8B3cN+
6DGlkBH4iQmQoy4FIHfakDV/bg6BPRFdrkJKKq6aP4GXft0m02rxePd83L42ENXB
MQAMMbKS/rjchEGpDFeSjHQ=
-----END PRIVATE KEY-----

28
root/etc/letsencrypt/keys/0015_key-certbot.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD9RawCveJ3rlbv
kJr47iVy+2+7qawoQ/v7QjAtWdT4/XjR1CmKZuYh1Pyv+0Qayu1IMcsgpIC/3qdt
lbKj8BRDzZzKL2+btkPo7O7CMZZMPa4WnUX3AQUa2kdbrnRV4vVoiNhZLY9y14Cy
gBgrTlrNJSxxnaFBGOqAc7zDU13BuSpJVV3Abl9/FxrArW6dSvLJTz9gOUpaq7t9
3eTPU9etQ95wU3/ol8b6uFehyBQaJmD0vIace4kN0v5oOYpOg1RMpa0xGiihcYak
++I5MHH1M9YSSShM/2h5eY7ZjnJYpevQYCKF3oipMPkgIVDhHNjUGWOwIpn1wq3H
zwYT1LnvAgMBAAECggEALfOenk66UJGKh2OaonB+zepNnuRNbm7LQI6FNC04xUYj
zhoqwUgjF99PS1SQyjWoMHGMU6tVCrrIcMr4wuKzooujF1Hc84jxsEiQlx4tET8d
n0/AmmyOcw1IZht0UwLfGKy/aAqqnKD54ij4eZ75PYAxnJmHYMq2/UBCbsPo3lUw
LzvoHwiOx54cwOUDm2PBzZeo83VPQZpzfUvDoqexkDNHRVF0g8MVMoPqntT4sF6t
K5W8/HPObUoVqRapJ/xcivNUcF+hEORzV1ALXPicUYzzidAip4mMnGNe9z9+pIUx
xt8JXzh+s3x78QkaugioeUkAwH3hWQ+2yenvVjqZqQKBgQD9kNrAcamK6GJElIK+
pyosVXpgn252IoN6Ae/O/Qyowbj9h256/X8MkYO2FpKY9OJB2nfo+MV9isVopvyu
Iww/w1ZY+bdyCGmOhvDRVicTFISEp0kNXCsTndD9zGNzl1PYYbL/xvD0yajoqow1
jZbXgFTSpE5vR5M18aU5PrES2QKBgQD/tBh+3aiDErhnDp9CqCDmdbHUV0Tot7S/
GCfO3ygUK+5Ffq7rHvh0tMXQc6zEMxdT8R2lM/9bRFjodTLHYS597cKGyROEaU9b
YrRGjK5hJUXfvCc5vwQPUXLHDm2kmUzb+x6BogFwx67qloWkiFwsMbrQEyVkLU6H
Lz+uBRkmBwKBgQCQnwTVTD659m7N1LJ5kRhxrtMctvImuOqqNN6U/SkyO0OKfqsZ
xOmovnoT6e31BX7itns7yl/BidusI8nsfBrpZz0hhFQH2xpxay+BBhVFQaePjWYS
E6aSCqn/h4qVjBMLUDXqwon94+LNyTAs/zOweAZpGcOOnpEs7EUjUEloiQKBgQDz
L9wwJC2U4yP/15c99Nq9c+f5tDn0PmsnZxjNFc1vScylyXMgaGcRz69mrez8+D5S
djmkmcxdh6YrBvORTerCl3JvcCMgxmtT1Y7wnfFmsOVAgRipQfLhgqvvhtheN/Iy
MSV1UpeeJDtGHnvh3FIVMgKiy+K+4JwT06rznSOq1wKBgDkxVCMIBufVdh1D6mLr
QCVdUVXhkrM9BFRM0N9kFKDhcUKKaa3VVhn3Qgu5+VqVwv0XH34/43fx0ZUx4wG1
A3lhmDjvUNG5cse3tuLHD3by9Q8Wt5TFqi9P5AfBTtQK45qw6NI7dB1CpxLb2PD6
CYLttG4ycWOeuJaXHBKJOeUe
-----END PRIVATE KEY-----

28
root/etc/letsencrypt/keys/0016_key-certbot.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/YFmBVNmtid7+
IrqwZLno7NLtkFM3B0xzHglRqD8NKerQnRE9oNtRbzMi/4+DYIQwQ0q/2ut5qGqG
Kxv8nh60hT31NV0OqEHP7esL6cBzKOu42KxOdaZ6v6xE0zi3eyqJpMwuxfLcx4kb
iKsr/OxyYY/Sh+mbaia7JHmqym7Kmh+l86fDsVweHrW5kwTB8qUtAV62s3Zx2VIA
QL2VQAO6hl5oaB/Qlv7Y4hbF/GvW3jDEqn3j0j386GWMEJAJpb55sMWHPKcb18DA
JmVxMn1pxySeoGhzTjstAM5f+NdET4MLsfbwIzpXnVMXVf1MU3Lym5Alr630XsLY
O3ajhMhjAgMBAAECggEAAJcjcL0s2LRNQCJ4qBmNVWuTMyfQfc5Tw5MAf5sPpNmQ
9g7b3wiyZW/J+7VH5j7ebeQ7awVQ0aLJOA2Gy3CZprtnTn/IQKG/slN0fBI71ENZ
ulmIVulHAP17subndyHNvyZ0SO7A9eubpc071wIYGXOBrFrhSeGcv/nMlkWQkVz+
vVKQGKeRTXyp5gJdlImJyUupK8fTPFzlQJTx9GpBYWvKMrvnUf3ZhtuAN2ZZOLz6
RCQ6vMBgBy37JCSWDNTsHEcQQ6qfJ1OCqxexRz3Jg8/s/e6XCwLW9SOLWBKI/mSI
jRXT4g+eDfetsl9wQB+70f9ERT0oE6YJ+bs7qtC27QKBgQD8sfdsC+agWyd7lLCJ
wc1gLlg1bU9Z4w141oyBJnOw0tBLh2I8Wu37aUfyufg6H1h8s+XKgGFKYaX2jPnX
/QIUZEXkJRQxT31jjFi32ymnatiubc8YZ7wT8T60yCa3jJo/cu9eMERRNB5dVr04
InxymssADTHXgHUBSC56j21gDwKBgQDB4RXWlcipzE+0IApHcGqd2xiKmQFQ1g+o
zwTvNBJdmfqrdXhYEsz6UL5lYKJn8GrBvlw1XeuKaP3vNq/b489hTPUokgaq6LwG
vpflklIHwS0+91Yue5353YW5sx5vz4Rpz0A7iTlkjLm9okbuz9VNq/XFWnAAY+8G
XBt5xRz+bQKBgBwO8sc3hxM1K+wn9XZGY7STUM4V5iK3+G37fLx2dZAjyGcqkDjd
a+FnrkqAZdSmWF/4ZcKXgLYOo6v9uVxHRqzW+X+8skJLbkPYeJ1po3VogsjTfpRa
KGMafXj7ZHkrDpGPBI8z0tIldF2u3PHXunPLRlEqJeek5tkOl8KaHG33AoGAJGk1
RLuUl+76+QUbaRc/rq27Cix6Bshs4HMgphvNZy7H2POSyledj1UirL9dQM/x/LjX
cF5XIgNdzVMj69P42nktgZULE4Xp6gpZVJAKP9KTwMOKt+gXXxmvR5TQHoeGgqid
k5DN6ohTSb30PF1j3dZxrcKyTiB2f2dE8bWHIHECgYEAlTNL6rWMTrniy35bYsxM
2BG932Wy1VQBt6E1pPRa2liRo6ZyGBgMKmXjvu6TiapNq97JRBTQSneVkWxPWg4i
d3dkTpiVQNnou+H9HtxevsuO/JK+Zsu7ECpaKzL5VRYnN7CUa9UhbsJfnkRi9rC5
ZxB2ZawNg8sEmTw8zA7ZQvw=
-----END PRIVATE KEY-----

30
root/etc/letsencrypt/live/medusa.jcolebrand.info/chain.pem-0 Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----

31
root/etc/letsencrypt/live/medusa.jcolebrand.info/chain.pem-1 Normal file
View File

@ -0,0 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----

33
root/etc/letsencrypt/live/medusa.jcolebrand.info/fullchain.pem-0 Normal file
View File

@ -0,0 +1,33 @@
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgISA+4kMlyxNplZdw9rUGQY9ioXMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzAyMTEwNzU0MTBaFw0yMzA1MTIwNzU0MDlaMCExHzAdBgNVBAMT
Fm1lZHVzYS5qY29sZWJyYW5kLmluZm8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC/YFmBVNmtid7+IrqwZLno7NLtkFM3B0xzHglRqD8NKerQnRE9oNtR
bzMi/4+DYIQwQ0q/2ut5qGqGKxv8nh60hT31NV0OqEHP7esL6cBzKOu42KxOdaZ6
v6xE0zi3eyqJpMwuxfLcx4kbiKsr/OxyYY/Sh+mbaia7JHmqym7Kmh+l86fDsVwe
HrW5kwTB8qUtAV62s3Zx2VIAQL2VQAO6hl5oaB/Qlv7Y4hbF/GvW3jDEqn3j0j38
6GWMEJAJpb55sMWHPKcb18DAJmVxMn1pxySeoGhzTjstAM5f+NdET4MLsfbwIzpX
nVMXVf1MU3Lym5Alr630XsLYO3ajhMhjAgMBAAGjggK9MIICuTAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC
MAAwHQYDVR0OBBYEFJdbL/wx73dsBWfXvjxIK9E2VfVEMB8GA1UdIwQYMBaAFBQu
sxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYV
aHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5s
ZW5jci5vcmcvMIGMBgNVHREEgYQwgYGCE2FwaS5qY29sZWJyYW5kLmluZm+CD2pj
b2xlYnJhbmQuaW5mb4IWbWVkdXNhLmpjb2xlYnJhbmQuaW5mb4IVdmlkZW8uamNv
bGVicmFuZC5pbmZvghV3YXRjaC5qY29sZWJyYW5kLmluZm+CE3d3dy5qY29sZWJy
YW5kLmluZm8wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAm
BggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEE
AdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20
mQAAAYY/rpKNAAAEAwBHMEUCIQDfMECO/mgG0b4hh0dywELto7fHs6Wi+4cio1IQ
27LzvgIgZqQ2vxMVLFy+WkWkXsHLBBTeDszqRIv6favGmukKKSAAdgB6MoxU2Lct
tiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYY/rpKgAAAEAwBHMEUCIQDyLKeU
urcHgdVVGM3p9f55HlGInbFqVN8xVJ8Ogzyu/QIgYym3mcplpjd+5pafp/1a1kwv
rPa2Rec89yiodZf8G7MwDQYJKoZIhvcNAQELBQADggEBAFuxhfJYMBR+0pJSjG9L
2QQUWw4paFj2Y21Zxnfy5CeS2CJeOelNAqpGfl7E5FRpkrZaiJG0jXpP5oLigFnA
C/Y3Rs2wQ+SzuPErzTO3QynSbbjWOgbKxS5oipeIoNXF8ZBSnTctaMNTK90Edqnh
0Is8I5x1v9V7XdsADQp8btEKuF2bqr1PdE6KNQyDncm0P3Kbnvi2QNgZgEjQF2e9
VNgUmIaNTsOUiPudeMW9o3FecyEFLd0Rmj1GdHYi5mjdnf/D4/xHrfl1QQtEjqje
fbsfu2iYxF7xfqSAWs3nbuDxdxh6IVjImJkTIaY+5nnzDcfwhbpBRhcDv51IUyKM
DU8=
-----END CERTIFICATE-----

30
root/etc/letsencrypt/live/medusa.jcolebrand.info/fullchain.pem-1 Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----

31
root/etc/letsencrypt/live/medusa.jcolebrand.info/fullchain.pem-2 Normal file
View File

@ -0,0 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----

14
root/etc/letsencrypt/options-ssl-nginx.conf Normal file
View File

@ -0,0 +1,14 @@
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file. Contents are based on https://ssl-config.mozilla.org
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";

8
root/etc/letsencrypt/ssl-dhparams.pem Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
-----END DH PARAMETERS-----

16
root/etc/logrotate.d/libvirtd.qemu Normal file
View File

@ -0,0 +1,16 @@
/var/log/libvirt/qemu/*.log {
# The QEMU driver is configured to use virtlogd by
# default, which will perform log rollover.
# This logrotate config is still installed for cases
# where the user has switched off virtlogd.
#
# If virtlogd is active, ensure that size here is
# larger than 'max_size' in the virtlogd config
# so that logrotate becomes a no-op
size 2097153
missingok
rotate 4
compress
delaycompress
copytruncate
}

11
root/etc/logrotate.d/tomcat.disabled Normal file
View File

@ -0,0 +1,11 @@
# This is an example config only and is disabled by default
# If you wish to use it, you'll need to update /etc/tomcat/logging.properties
# to prevent catalina*.log from being rotated by Tomcat
/var/log/tomcat/catalina*.log {
copytruncate
weekly
rotate 52
compress
missingok
create 0644 tomcat tomcat
}

71
root/etc/named.conf Normal file
View File

@ -0,0 +1,71 @@
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.50.2; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { localhost; 192.168.50.0/24; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
geoip-directory "/usr/share/GeoIP";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "jcolebrand.info" IN {
type master;
file "forward.jcolebrand.info";
allow-update { none; };
};
zone "50.168.192.in-addr.arpa" IN {
type master;
file "reverse.jcolebrand.info";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

71
root/etc/named.conf.bak Normal file
View File

@ -0,0 +1,71 @@
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.50.2; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { localhost; 192.168.50.0/24; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
geoip-directory "/usr/share/GeoIP";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "jcolebrand.info" IN {
type master;
file "forward.jcolebrand.info";
allow-update { none; };
};
zone "50.168.192.in-addr.arpa" IN {
type master;
file "reverse.jcolebrand.info";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Some files were not shown because too many files have changed in this diff Show More