libretic/ansible-role-reverse_proxy
7
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

commit initial

Browse source
This commit is contained in:
Olivier Navas 2022-03-02 00:41:53 +01:00
parent a1fe996dca
commit 2f173e2335
44 changed files with 2646 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
README.md
View file

@ -1,2 +1,25 @@
# ansible-role-reverse_proxy
Role : reverse_proxy
====================
Services fournis
----------------
Configure un reverse proxy public pour rediriger les flux vers les applications internes.
Prend en charge la gestion des certificats letsencrypt, des stratégies d'accès, les pages de maintenance, la sécurité via modsecurity.
Variables
---------
Le rôle peut s'utiliser sans paramètre. Il est néanmoins possible d'utiliser les paramètres optionnels suivants :
| Option | Valeur par défaut | Description |
|-------------------------------------------------|-----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------|
| reverse_proxy_SSLProtocol_ | all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 | Surcharge la valeur de SSLProtocol pour ajuster au niveau de sécurité souhaité |
| reverse_proxy_SSLCipherSuite_ | cf. defaults/main.yml | Surcharge la valeur de SSLCipherSuite pour ajuster au niveau de sécurité souhaité |
```yaml
reverse_proxy_enable_port_1443: true
reverse_proxy_SSLProtocol: all -SSLv2 -SSLv3
```

5
defaults/main.yml Normal file
View file

@ -0,0 +1,5 @@
reverse_proxy_SSLProtocol: "all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1"
reverse_proxy_SSLCipherSuite: "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
reverse_proxy_default_serveradmin_email: olivier+admin@navas.rocks
reverse_proxy_default_website: https://libretic.fr
reverse_proxy_default_issue_url: https://libretic.fr/contact

39
files/maintenance.sh Executable file
View file

@ -0,0 +1,39 @@
#!/bin/bash
# FICHIER SOUS CONTROLE D'ANSIBLE, NE PAS MODIFIER DIRECTEMENT
VHOSTS_DIR=/etc/apache2/vhosts.d/
MAINTENANCE_DIR=/var/www/html/rp_maintenance/
TMP=$(mktemp)
while true; do
LISTE_VHOSTS=""
for i in $(ls $VHOSTS_DIR); do
LISTE_VHOSTS="$LISTE_VHOSTS $i"
if [ -f "$MAINTENANCE_DIR/$i" ]; then
LISTE_VHOSTS="$LISTE_VHOSTS (maintenance)"
else
LISTE_VHOSTS="$LISTE_VHOSTS (normal)"
fi
done
echo $LISTE_VHOSTS | xargs dialog --title "Gestion page de maintenance" --menu "Modifier le statut de maintenance du virtualhost :" 0 0 0 2> $TMP
ERR=$?
VHOST=$(cat $TMP)
rm $TMP
if [ "$ERR" == "0" ]; then
if [ -f "$MAINTENANCE_DIR/$VHOST" ]; then
rm $MAINTENANCE_DIR/$VHOST
# dialog --title "Gestion page de maintenance" --msgbox "$VHOST n'est plus en maintenance" 0 0
else
ln -s $MAINTENANCE_DIR/maintenance-generique.html $MAINTENANCE_DIR/$VHOST
# dialog --title "Gestion page de maintenance" --msgbox "$VHOST est mis en maintenance" 0 0
fi
else
exit
fi
done

98
files/modsechelper.sh Executable file
View file

@ -0,0 +1,98 @@
#!/bin/bash
PROGRAM=$(basename $0)
usage() {
echo "Usage: $PROGRAM [-n fichier ] [ -c ] [ -u ] [ file(s) ]"
echo "Liste les erreurs modsecurity rencontrées depuis un fichier d'erreurs apache. Si aucun fichier n'est précisé, utilise l'entrée standard."
echo " -n : uniquement les erreurs plus récentes que la date du fichier indiqué"
echo " -c : a la place la liste, génère la configuration des exceptions pour le reverse proxy pour éviter les erreurs modsecurity detectées"
echo " -u : si combiné avec -c, génère la configuration des exceptions par url plutôt que globalement"
exit 1
}
while getopts "cum:" o; do
case "${o}" in
n)
file=${OPTARG}
echo "option -n non implemente"
exit
;;
c)
conf="true"
;;
u)
byurl="true"
;;
*)
usage
;;
esac
done
shift $((OPTIND-1))
TMP=$(mktemp /tmp/$PROGRAM.XXXXXXX)
TMP_NOPHASE=$(mktemp /tmp/$PROGRAM.XXXXXXX)
if [ "$*" == "" ]; then
FILES="-"
else
FILES="$*"
fi
# retient les lignes modsecurity avec id et uri et conserve les colonnes timestamp, fichier de règle, id, et uri
cat $FILES | grep ModSecurity | grep "\[id" | grep "\[uri" | egrep -o '^\[[A-Za-z0-9:\. ]*\]|\[id "[0-9]*"\]|\[file "[^"]*"\]|\[uri\ "[^"]*"\]' | paste -d "|" - - - - > $TMP_NOPHASE
# formate et ajoute la phase de la regle
while read line
do
TIMESTAMP=$(echo $line | cut -d '|' -f 1 | cut -c 2- | head -c -2)
RULEFILE=$(echo $line | cut -d '|' -f 2 | cut -d '"' -f 2)
ID=$(echo $line | cut -d '|' -f 3 | cut -d '"' -f 2)
URI=$(echo $line | cut -d '|' -f 4 | cut -d '"' -f 2)
PHASE=$(cat "$RULEFILE" | grep -E 'SecRule|id:|phase:' | sed ':a;N;$!ba;s/\n//g' | sed 's/SecRule/\nSecRule/g' | grep $ID | egrep -o 'phase:[^,^"]*?' | paste -)
echo "$TIMESTAMP|$RULEFILE|$ID|$URI|$PHASE" >> $TMP
done < $TMP_NOPHASE
rm $TMP_NOPHASE
if [ "$conf" == "true" ]; then
echo
echo "### Configuration des exclusions mod_security pour le reverse proxy"
if [ "$byurl" == "true" ]; then
echo "# Regles phase 1"
for id in $(cat $TMP | grep "phase:1" | cut -d '|' -f 3 | sort | uniq)
do
echo SecRuleRemoveById $id
done
echo "# Fin regles phase 1"
for url in $(cat $TMP | grep -v "phase:1" | cut -d '|' -f 4 | sort | uniq)
do
echo "<LocationMatch \"^$url\$\">"
for id in $(cat $TMP | grep -v "phase:1" | grep $url | cut -d '|' -f 3 | sort | uniq)
do
echo " SecRuleRemoveById $id"
done
echo "</LocationMatch>"
echo
done
else
for id in $(cat $TMP | cut -d '|' -f 3 | sort | uniq)
do
echo SecRuleRemoveById $id
done
fi
else
cat $TMP
fi
rm $TMP

4
files/purge-apache2-tmp Normal file
View file

@ -0,0 +1,4 @@
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=
*/30 * * * * root /usr/local/bin/purge-apache2-tmp.sh

14
files/purge-apache2-tmp.sh Executable file
View file

@ -0,0 +1,14 @@
#!/bin/bash
MMIN=15
# Il arrive (bug) qu'httpd créée un fichier temporaire qu'il ne supprime pas ensuite
# Ce script supprime ceux plus anciens que MMIN minutes
for dir in $(ls /tmp/*httpd.service* -d)
do
COUNT_ALL=$(find $dir -name 'modproxy.tmp.*' | wc -l)
COUNT_RM=$(find $dir -name 'modproxy.tmp.*' -mmin +$MMIN | wc -l)
logger -t purge-apache2-tmp.sh "Nb total fichiers temporaires : $COUNT_ALL, suppression de $COUNT_RM fichiers de plus de $MMIN minutes"
find $dir -name 'modproxy.tmp.*' -mmin +$MMIN -exec rm -f {} \;
done

1
files/rp_ressources_images/400.svg Normal file
View file

File diff suppressed because one or more lines are too long
Side by side

After

Width:  |  Height:  |  Size: 101 KiB

1
files/rp_ressources_images/401.svg Normal file
View file

File diff suppressed because one or more lines are too long
Side by side

After

Width:  |  Height:  |  Size: 82 KiB

1
files/rp_ressources_images/403.svg Normal file
View file

File diff suppressed because one or more lines are too long
Side by side

After

Width:  |  Height:  |  Size: 86 KiB

623
files/rp_ressources_images/404.svg Normal file
View file

@ -0,0 +1,623 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
height="490"
width="822.693"
version="1.1"
id="svg9283"
sodipodi:docname="404.svg"
inkscape:version="1.0.1 (3bc2e813f5, 2020-09-07)">
<metadata
id="metadata9287">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
</cc:Work>
</rdf:RDF>
</metadata>
<sodipodi:namedview
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1"
objecttolerance="10"
gridtolerance="10"
guidetolerance="10"
inkscape:pageopacity="0"
inkscape:pageshadow="2"
inkscape:window-width="1920"
inkscape:window-height="1027"
id="namedview9285"
showgrid="false"
inkscape:zoom="1.5838229"
inkscape:cx="411.3465"
inkscape:cy="169.8186"
inkscape:window-x="-8"
inkscape:window-y="-8"
inkscape:window-maximized="1"
inkscape:current-layer="svg9283" />
<defs
id="defs9079">
<clipPath
id="a"
clipPathUnits="userSpaceOnUse">
<path
d="M2078.79 781.02l-32.38-30.481s5.71-46.668-4.77-58.09c-10.47-11.437-29.52-27.629-21.9-49.527 7.62-21.91 20.96-31.434 20.96-31.434h122.86s21.9 32.383 21.9 41.903c0 9.531-11.43 120-30.48 127.629-19.04 7.621-76.19 0-76.19 0z"
id="path9064" />
</clipPath>
<clipPath
id="b"
clipPathUnits="userSpaceOnUse">
<path
d="M2448.33 729.59s-4.76-44.77 0-67.621c4.76-22.86 8.57-50.481 8.57-50.481h290.48s29.54 13.332 29.54 29.524c0 16.187-11.44 40.957-63.82 40-57.14 28.578-129.52 92.379-129.52 92.379l-81.92-30.461z"
id="path9067" />
</clipPath>
<clipPath
id="c"
clipPathUnits="userSpaceOnUse">
<path
d="M2331.66 1779.16s-89.05-390.5-157.63-460.98c30.48-64.77-19.05-118.1-19.05-118.1l16.67-436.689s-9.05 10-49.05 8.097c-40-1.898-76.19-20.949-76.19-20.949s-74.29 302.871-24.77 478.121c5.72 161.91 9.53 403.83 3.81 441.92-5.71 38.1-22.67 113.71-22.22 189.85.44 76.14 344.14 50.16 344.14 50.16z"
id="path9070" />
</clipPath>
<clipPath
id="d"
clipPathUnits="userSpaceOnUse">
<path
d="M2232.13 2141.07l142.86 75.24-120 56.2-80.96-65.72z"
id="path9073" />
</clipPath>
<clipPath
id="e"
clipPathUnits="userSpaceOnUse">
<path
d="M2073.39 2494.42c31.75-59.05 26.36-156.2 15.88-234.3 50 15.72 142.86-20.94 142.86-20.94v-98.11s-109.53-67.62-212.39-36.19c-79.05 41.91-108.58 418.11-104.77 443.83 3.81 25.71 174.3 138.1 174.3 138.1s-47.63-133.34-15.88-192.39z"
id="path9076" />
</clipPath>
</defs>
<path
d="M733.207 191.513c.537-.614 1.173-1.39 2.284-2.452a22.17 22.17 0 012.005-1.696l1.181-.834.868-.639a104.27 104.27 0 017.796-5.152c5.807-3.363 12.228-6.76 19.772-9.885 6.334-2.599 13.974-5.314 20.335-7.088 6.364-1.752 11.468-2.523 12.672-.734 1.183 1.754-1.579 5.952-6.367 10.592-4.773 4.644-11.598 9.667-18.114 13.226a77.972 77.972 0 01-11.119 5.005c-3.655 1.35-7.201 2.144-10.57 2.87a105.015 105.015 0 01-9.547 1.506l-1.088.11c-.318.014-.638.035-.962.073-.646.068-1.306.176-1.969.3-1.328.25-2.665.529-3.901.62l-3.276-5.822"
fill="#dfe9f1"
id="path9081" />
<path
d="M735.08 194.415c1.063-.455 2.21-1.126 3.544-1.83.661-.349 1.372-.694 2.11-1.002l1.954-.768 7.71-3.004c2.569-1.015 5.163-1.986 7.715-3.038a312.05 312.05 0 007.59-3.318c10.068-4.574 19.944-9.704 29.589-15.319M782.457 173.247l5.227 2.112M778.959 175.063l-.492-6.132M771.287 178.853l4.66 3.398M765.703 181.455c.202-2.283.39-4.543.545-6.815M759.427 184.217c2.008 1.411 4.028 2.791 6.073 4.171M749.093 188.319l1.094-4.87"
fill="none"
stroke="#c3d0da"
stroke-width="1.0426406000000001"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9083" />
<path
d="M733.628 206.652c1.705-.67 3.844-1.75 7.076-3.312 1.616-.77 3.475-1.645 5.804-2.519.565-.217 1.201-.43 1.83-.642.573-.183 1.149-.367 1.729-.554 1.166-.373 2.317-.681 3.512-1.009 4.722-1.24 9.596-2.115 14.429-2.79 4.821-.694 9.619-1.18 14.335-1.833 1.021-.122 1.969-.289 3.038-.438 1.156-.206 2.336-.415 3.536-.627 2.303-.387 4.519-.73 6.582-1.136 2.076-.4 3.993-.855 5.753-1.439 1.701-.526 3.428-1.43 5.113-2.502 3.352-2.187 6.399-4.824 8.948-6.387 2.55-1.605 4.599-2.187 5.846-1.457 1.226.74 1.706 2.609 1.476 5.54-.28 2.912-1.12 7.001-3.934 12.106-.697 1.267-1.581 2.591-2.602 3.924a32.858 32.858 0 01-3.614 3.892c-2.601 2.375-5.418 4.258-8.169 5.779-2.75 1.523-5.465 2.719-7.973 3.713l-1.844.714-.918.338-1.057.368c-1.412.506-2.799.896-4.17 1.279-6.274 1.63-12.09 2.135-17.298 2.204-5.236.072-9.927-.287-14.27-.645-2.082-.187-4.147-.374-6.19-.556-2.024-.139-4.135-.22-6.212-.383-4.155-.303-8.2-1.065-11.157-2.64l.401-8.988"
fill="#dfe9f1"
id="path9085" />
<path
d="M733.683 211.296c5.75.956 13.514-1.836 21.113-2.359 7.52-.776 14.912-.994 22.307-1.862 3.697-.426 7.388-1.039 11.052-1.954 3.641-.944 7.237-1.9 10.869-3.241 3.6-1.345 7.267-3.09 10.485-5.9 3.178-2.763 5.608-6.095 7.743-9.332M801.66 200.815c2.319 1.097 4.801 2.029 7.519 2.632M796.532 202.747c.265-2.763.404-5.523.319-8.215M785.316 205.772a96.522 96.522 0 005.239 5.81M777.103 207.075a101.027 101.027 0 003.188-8.535M767.915 207.905c1.94 2.671 3.904 5.33 5.938 7.963M752.887 209.144a199.2 199.2 0 013.402-5.964"
fill="none"
stroke="#c3d0da"
stroke-width="1.4044982200000002"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9087" />
<path
d="M703.793 196.764c.604-.27 1.47-.457 2.328-.539.459-.04.815-.069 1.371-.064.599.015 1.045.034 1.23.006.047-.007.057-.019.087-.03.022-.01.168-.001.246-.004l.568.006 1.108.032c.736.028 1.445.073 2.141.128a110.6 110.6 0 013.932.394l1.767.198.838.09.939.122c5.027.669 10.503 1.76 16.316 3.573a87.155 87.155 0 018.941 3.343c3.048 1.35 6.136 2.92 9.104 4.713 5.978 3.565 11.667 7.973 16.902 13.097 4.406 4.3 8.67 9.307 12.417 14.452 3.896 5.23 7.184 10.826 9.461 15.923 4.588 10.25 5.624 18.583 2.791 20.553-2.879 2.008-9.424-2.252-17.248-8.048-3.939-2.945-8.272-6.189-12.685-9.49a710.063 710.063 0 01-13.459-10.452c-4.673-3.786-9.18-7.436-13.58-11.003a404.446 404.446 0 00-12.59-9.837l-12.067-9.051c-2.003-1.463-3.752-2.912-5.451-4.196-.865-.647-1.672-1.237-2.6-1.81-.784-.563-1.837-1.165-2.55-.9l-.257-11.206"
fill="#dfe9f1"
id="path9089" />
<path
d="M704.368 202.364c.67-.156 1.461-.09 2.193.039.45.073.85.165 1.099.232.175.054.55.14.87.218 1.29.328 2.502.718 3.651 1.127 1.15.41 2.244.84 3.296 1.259l3.164 1.256c4.271 1.712 8.496 3.553 12.631 5.574 4.133 2.023 8.179 4.227 12.052 6.675 3.875 2.441 7.563 5.107 11.117 7.905 7.11 5.6 13.632 11.794 19.862 18.228 6.257 6.387 11.761 13.231 16.74 20.496M776.559 247.245a146.564 146.564 0 01-1.46 8.928M772.15 242.673a337.363 337.363 0 019.393-3.641M762.128 233.11a284.39 284.39 0 01-2.393 9.067M754.441 226.65a174.4 174.4 0 0110.618-3.898M745.31 220.03a156.992 156.992 0 01-.74 11.918M729.168 211.059a146.034 146.034 0 017.396-3.924"
fill="none"
stroke="#c3d0da"
stroke-width="1.70369074"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9091" />
<path
d="M141.75 112.585c-1.203.1-2.745-.156-4.01-.793a8.539 8.539 0 01-1.663-1.064c-.637-.56-.43-.333-.546-.396a2.101 2.101 0 00-.594.001l-.278.047-.14.03c-.036.014-.306-.067-.395-.077l-.788-.165-.686-.087c-1.881-.224-4.202-.35-6.991-.482-1.396-.068-2.906-.14-4.556-.263-.82-.06-1.689-.136-2.588-.232l-2.559-.308c-3.427-.455-6.959-1.087-10.598-1.873-6.112-1.342-13.107-3.074-18.948-4.407-5.808-1.407-10.518-2.472-10.928-4.453-.407-1.895 3.732-4.679 10.121-6.395 6.36-1.764 14.7-2.221 21.648-1.476 4 .407 7.712 1.152 11.144 2.064 1.758.465 3.238.937 4.888 1.452a67.776 67.776 0 014.812 1.716c3.142 1.263 6.116 2.861 8.493 4.804.607.479 1.116.99 1.605 1.472.53.493 1.09 1.079 1.496 1.656.422.584.751 1.184 1.002 1.776.145.324.144.504.313.733.145.214.373.399.656.515l.09 6.205"
fill="#dfe9f1"
id="path9093" />
<path
d="M141.055 109.35a4.696 4.696 0 01-2.812-1.545l-.102-.134-.21-.259a6.274 6.274 0 00-1.558-1.32l-.796-.452a18.796 18.796 0 00-1.554-.796c-2.123-.99-4.507-1.681-6.944-2.268-2.449-.577-4.97-1.03-7.504-1.53-2.523-.502-5.037-1.011-7.565-1.47-10.083-1.857-20.435-3.195-31.093-2.335M94.785 97.232a117.261 117.261 0 00-3.198-4.2M98.461 97.56a131.84 131.84 0 00-2.665 5.045M106.366 98.605a221.312 221.312 0 00-1.806-5.05M112.01 99.576a247.863 247.863 0 00-4.021 4.907M118.27 100.787l-2.435-6.395M128.31 102.881a89.604 89.604 0 00-3.324 3.172"
fill="none"
stroke="#c3d0da"
stroke-width=".96904244"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9095" />
<path
d="M128.046 79.5c-.232-.221-.399-.85-.654-1.765-.254-.931-.578-2.107-.936-3.615a32.489 32.489 0 01-.52-2.63l-.426-2.473a132.294 132.294 0 01-.752-5.209c-.875-7.215-1.34-15.767.126-25.31.314-1.977.711-4.1 1.237-6.211a75.707 75.707 0 011.816-6.171c1.36-4.003 2.946-7.724 4.484-10.967a90.741 90.741 0 012.274-4.474c.736-1.367 1.484-2.598 2.25-3.535 1.538-1.905 3.079-2.539 4.175-2.176 1.103.388 1.832 1.488 2.505 3.31.331.93.644 2.082.895 3.614.24 1.592.407 3.276.51 5.095.206 3.622.143 7.609.013 11.492l-.466 11.289c-.428 8.423-1.365 16.555-2.968 23.844-.398 1.82-.834 3.584-1.301 5.281-.477 1.768-.972 3.122-1.424 4.758-.919 3.152-2.061 6.432-4.012 8.364l-6.826-2.511"
fill="#dfe9f1"
id="path9097" />
<path
d="M131.619 80.647c.426-.787.706-2.006.863-3.312.153-1.327.203-2.762.243-4.276l.09-2.331.122-2.241.216-4.498c.268-6.006.483-12.049.926-18.06.44-6.018 1.117-11.968 2.278-17.817 1.123-5.859 2.52-11.73 3.582-17.755M136.779 25.968l5.393-2.84M135.981 30.13a230.648 230.648 0 01-5.591-3.718M134.679 39.26a205.25 205.25 0 015.838-2.235M134.079 45.93a202.278 202.278 0 01-6.16-4.286M133.625 53.404a450.295 450.295 0 017.023-3.828M133.084 65.51l-4.373-3.295"
fill="none"
stroke="#c3d0da"
stroke-width="1.13543828"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9099" />
<path
d="M145.468 97.745l-34.325-4.698c-13.241-1.96-28.294-4.54-45.019-8.874a433.096 433.096 0 01-22.212-6.434c-7.575-2.407-14.996-5.051-21.49-7.696C9.46 64.725-.196 59.52.002 54.953c.19-4.51 10.477-8.125 24.592-9.708 7.068-.801 14.93-1.14 23.08-1.032 8.165.108 16.582.738 24.435 1.879 18.025 2.588 34.243 8.157 47.588 15.159 3.324 1.765 6.508 3.568 9.51 5.501a112.603 112.603 0 018.33 5.89 120.927 120.927 0 0113.12 11.878l-5.189 13.225"
fill="#dfe9f1"
id="path9101" />
<path
d="M147.659 90.73c-10.23-5.24-20.725-9.767-31.766-13.385-11.018-3.69-22.358-6.704-33.816-9.341-11.464-2.625-23.065-4.824-34.707-6.808-11.638-1.947-23.284-3.824-35.116-5.31M43.113 60.485L37.02 50.18M51.373 61.887c-2.369 3.676-4.705 7.35-7.02 11.046M69.263 65.248a841.965 841.965 0 00-3.582-11.737M82.077 68.004c-3.282 3.585-6.5 7.2-9.661 10.847M96.228 71.492a505.793 505.793 0 00-4.809-14.93M118.679 78.296c-2.834 2.108-5.63 4.316-8.354 6.499"
fill="none"
stroke="#c3d0da"
stroke-width="2.21821121"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9103" />
<path
d="M729.704 70.133c-2.515-5.372-2.735-10.61-2.556-13.77a33.626 33.626 0 011.016-6.508c.628-2.484 2.025-6.59 3.917-10.055 1.876-3.467 4.207-6.27 6.562-6.44 2.222-.135 3.802 2.136 4.89 4.556 1.08 2.417 1.69 5.008 1.822 5.58-.11-2.96.204-8.096 3.132-13.888.537-1.064 2.136-4.183 4.321-6.975 2.181-2.79 4.937-5.229 7.635-5.032 3.588.272 6.213 5.086 6.47 11.41a36.442 36.442 0 018.49-5.435c1.958-.935 13.45-6.017 17.018-1.873 2.196 2.534.375 7.294-.258 8.984-1.99 5.265-6.32 8.176-8.046 9.36-2.924 1.997-3.93 2.478-5.677 2.954 7.76 1.616 10.785 6.266 10.333 9.688-.306 2.278-2.854 4.006-5.492 5.236-2.63 1.228-5.353 1.97-6.041 2.162-6.812 1.872-12.688.708-15.708-.092 2.357 1.016 9.95 4.87 9.392 8.536-.304 2.094-3.199 3.562-6.608 4.626-3.408 1.047-7.325 1.716-9.848 2.066-1.383.188-4.21.502-7.924.505-5.39.001-9.476-.612-10.363-.765a52.332 52.332 0 01-4.26-.903c-.598-.872-1.409-2.213-2.217-3.927"
fill="#dfe9f1"
id="path9105" />
<path
d="M728.407 81.183l.036-.212c.018-.14.065-.346.138-.61.139-.528.399-1.293.851-2.214.89-1.867 2.561-4.274 4.693-6.999 2.139-2.737 4.799-5.819 7.84-8.964 3.038-3.15 6.45-6.37 9.982-9.507 14.136-12.584 30.308-23.645 32.612-25.06M760.228 45.605c7.52 1.234 14.89 2.742 22.197 4.41M757.68 47.51c.215-7.478.74-15.049 1.453-22.627M739.528 65.175c7.197.132 14.167.901 21.063 1.913M737.57 66.941c-1.026-7.912-1.22-16.181-1.073-24.444"
fill="none"
stroke="#c3d0da"
stroke-width="2.16101264"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9107" />
<path
d="M136.115 213.928c3.744 7.05 4.394 14.076 4.368 18.335a45.198 45.198 0 01-.923 8.818c-.676 3.382-2.275 8.992-4.581 13.779-2.288 4.79-5.232 8.715-8.384 9.103-2.977.332-5.256-2.612-6.881-5.791-1.618-3.176-2.613-6.617-2.83-7.377.35 3.97.275 10.894-3.265 18.88-.65 1.466-2.588 5.768-5.336 9.668-2.743 3.898-6.28 7.365-9.92 7.28-4.839-.12-8.697-6.412-9.472-14.895a49.022 49.022 0 01-11.042 7.883c-2.569 1.386-17.67 9.001-22.746 3.673-3.126-3.26-1-9.78-.264-12.095 2.318-7.212 7.94-11.418 10.178-13.125 3.797-2.885 5.115-3.601 7.43-4.357-10.538-1.644-14.921-7.691-14.547-12.32.259-3.083 3.568-5.579 7.026-7.411 3.453-1.83 7.063-3.012 7.977-3.316 9.027-2.977 17.004-1.813 21.118-.943-3.238-1.206-13.707-5.873-13.203-10.836.264-2.837 4.056-5.006 8.567-6.666 4.51-1.64 9.729-2.806 13.098-3.447 1.846-.345 5.623-.96 10.613-1.215 7.245-.37 12.782.179 13.984.323 2.378.268 4.357.647 5.786.927.863 1.129 2.045 2.878 3.249 5.125"
fill="#dfe9f1"
id="path9109" />
<path
d="M137.107 198.99l-.034.286c-.016.19-.065.468-.145.828-.152.72-.447 1.767-.995 3.036-1.069 2.568-3.152 5.919-5.832 9.724-2.689 3.825-6.053 8.148-9.93 12.581-3.869 4.44-8.235 9-12.77 13.456-18.144 17.875-39.131 33.84-42.132 35.899M96.75 248.97c-10.19-1.149-20.199-2.675-30.134-4.42M100.046 246.237c.219 10.066.027 20.276-.417 30.512M123.245 221.26c-9.682.312-19.102-.25-28.44-1.141M125.755 218.753c1.918 10.564 2.741 21.667 3.103 32.783"
fill="none"
stroke="#c3d0da"
stroke-width="2.16101264"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9111" />
<path
d="M208.901 58.116l-71.43 110.32h71.43zm0 214.69l-4.317-4.143 4.317-50.622H82.31l-4.318-4.142 4.318-40.303L187.473 8.113l73.462-4.142 4.318 4.142v160.323h34.127v49.605h-34.127v54.764h-56.352M484.299 140.659c0-48.811-14.286-86.512-51.986-86.512-38.096 0-52.382 37.701-52.382 86.512 0 48.81 14.286 86.906 52.382 86.906 37.7 0 51.986-38.096 51.986-86.906zm-161.514 0c0-68.256 33.732-136.512 109.528-136.512 75.398 0 109.527 68.256 109.527 136.512s-34.13 136.908-109.527 136.908c-75.796 0-109.528-68.652-109.528-136.908M683.26 58.116l-71.43 110.32h71.43zm0 214.69l-4.317-4.143 4.317-50.622H556.67l-4.318-4.142 4.317-40.303L661.831 8.113l73.462-4.142 4.318 4.142v160.323l29.812-4.143 4.317 4.143v49.605h-34.13v54.764h-56.35"
fill="#b5c1ca"
id="path9113" />
<path
d="M204.584 53.973l-71.431 110.32h71.431zm0 214.69v-54.764H77.992v-44.446L183.155 3.971h77.78v160.322h34.129V213.9h-34.13v54.764h-56.35M479.981 136.516c0-48.812-14.285-86.51-51.986-86.51-38.095 0-52.382 37.698-52.382 86.51 0 48.81 14.287 86.907 52.382 86.907 37.701 0 51.986-38.096 51.986-86.907zm-161.513 0C318.468 68.26 352.2.004 427.995.004c75.398 0 109.528 68.256 109.528 136.512s-34.13 136.91-109.528 136.91c-75.795 0-109.527-68.654-109.527-136.91M678.943 53.973l-71.431 110.32h71.43zm0 214.69v-54.764H552.352v-44.446L657.513 3.971h77.78v160.322h34.13V213.9h-34.13v54.764h-56.35"
fill="#e4eaed"
id="path9115" />
<path
d="M195.868 458.424c.061-1.399-.07-2.87-.345-4.327l-.23-1.093-.285-1.117-.223-.878-.165-.706a112.98 112.98 0 00-1.75-6.119l-3.68-11.263a699.657 699.657 0 00-8.643-24.426c-3.264-8.666-6.926-17.84-11.122-27.416a490.55 490.55 0 00-6.704-14.66 446.095 446.095 0 00-3.681-7.534 295.448 295.448 0 00-4.053-7.845c-4.734-8.819-10.283-17.93-15.896-26.635-5.615-8.708-11.282-17.054-16.41-24.41l-1.988-2.844a81.945 81.945 0 00-2.021-2.688 108.194 108.194 0 00-3.94-4.714 170.716 170.716 0 00-6.98-7.412c-4.16-4.105-7.243-6.889-9.42-6.2-1.056.339-1.86 1.576-2.312 3.58-.463 2.008-.542 4.768-.242 7.972.29 3.188.974 6.831 1.769 10.51l1.206 5.54c.19.913.385 1.829.548 2.716l.13.673.188.836c.132.564.263 1.132.394 1.705 2.149 9.168 5.33 19.254 8.977 29.223 3.647 9.979 7.724 19.852 11.652 28.85l1.69 3.835 1.763 3.912a310.833 310.833 0 003.628 7.65 302.35 302.35 0 007.598 14.486 284.666 284.666 0 0016.135 25.583 261.088 261.088 0 0016.43 20.882c2.678 3.109 5.398 5.971 7.86 8.612a124.63 124.63 0 013.551 3.974c.574.688 1.119 1.285 1.588 1.983.471.685.83 1.431.996 2.18l13.987-2.415"
fill="#3b97d3"
id="path9117" />
<path
d="M188.615 458.736c-.178-1.279-.586-2.493-1.107-3.715-.259-.602-.481-1.055-.693-1.492l-.696-1.417a115.072 115.072 0 00-2.908-5.377l-5.77-10.027a845.66 845.66 0 01-11.074-20.244c-7.218-13.612-14.127-27.433-20.875-41.347-3.381-6.956-6.672-13.954-10.121-20.858l-10.427-20.715c-3.48-6.917-6.936-13.867-10.257-20.925l-2.468-5.312-2.388-5.26c-1.548-3.315-3.319-6.651-5.108-10.138M122.407 328.48a771.947 771.947 0 01-12.42-4.57M127.343 338.297l7.39-11.934M138.012 359.619l-12.681-1.456M145.492 375.117l6.92-14.598M153.963 392.336l-16.314-3.252M168.204 419.91l3.793-11.52"
fill="none"
stroke="#285680"
stroke-width="2.04688216"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9119" />
<path
d="M183.028 456.861a7.34 7.34 0 00-.001-3.632c-.292-1.13-.77-2.139-1.311-3.076a131.063 131.063 0 00-3.341-5.465c-2.284-3.557-4.716-6.845-6.887-9.881a202.65 202.65 0 01-3.04-4.364c-.953-1.41-1.623-2.663-2.284-3.932-1.301-2.495-2.176-4.79-2.67-6.756-2.849-11.312-.586-21.463-8.145-29.646-1.136-1.229-5.52-6.102-10.441-5.256-2.576.444-3.827 2.242-10.545 9.38-8.156 8.666-10.261 10.167-12.339 9.748-2.616-.528-3.886-3.72-4.995-6.169-2.598-5.741-.367-8.476-3.083-14.003-.782-1.59-2.24-4.618-4.692-4.964-2.538-.356-3.686 2.442-5.55 2.171-1.773-.256-2.14-3.072-2.634-6.767-.493-3.693-1.182-8.217-3.162-12.013-2.134-4.088-7.307-8.337-11.405-6.873-2.65.948-4.11 4.016-5.49 6.996-4.283 9.25-1.118 15.676-5.34 18.873-.305.23-2.314 1.697-4.22 1.108-3.266-1.01-2.248-6.704-6.407-12.87-1.107-1.64-3.624-5.455-6.353-5.109-2.897.37-3.107 5.114-6.238 5.764-2.702.56-4.025-2.68-9.16-5.592-1.084-.614-9.03-5.193-13.325-2.457-2.978 1.897-4.052 7.213-2.968 11.5 1.389 5.495 6.225 8.823 11.925 12.388 5.714 3.577 12.228 7.328 17.32 13.827 1.63 2.08 3.093 4.39 2.933 7.009-.273 4.468-5.23 5.51-6.346 9.197-.397 1.31-.333 2.879.12 4.542.456 1.665 1.47 3.54 2.704 5.244 2.505 3.458 6.205 6.492 10.065 7.725 5.052 1.613 8.691-.232 12.974-2.325 4.28-2.091 9.212-4.45 16.513-4.275.704.017 3.087.101 5.4.582 2.259.47 4.627 1.422 5.183 3.123 1.042 3.19-5.49 5.388-7.454 12.231-1.534 5.341.134 12.795 4.763 16.36 1.683 1.296 3.612 1.97 7.68 1.681 4.062-.286 10.283-1.514 20.312-4.295 9.933-2.751 15.371-4.693 19.18-5.86 3.806-1.165 5.946-1.565 9.06-1.6 2.733-.03 6.057.195 9.578 1.765 1.747.778 3.539 1.873 5.159 3.438.333.322 1.004.951 1.412 1.382.224.234.362.406.542.628.187.225.367.464.54.713.682.981 1.235 2.26 1.075 3.784.943-1.258 1.857-1.675 2.717-2.035.842-.352 1.654-.652 2.671-1.944"
fill="#ee5e43"
id="path9121" />
<path
d="M179.99 457.515s-.06-.287-.267-.788c-.208-.5-.607-1.195-1.26-1.955-.334-.388-.7-.777-1.119-1.183-.481-.466-1.013-.96-1.58-1.493a44.89 44.89 0 00-3.759-3.163c-2.942-2.225-6.744-4.458-11.326-6.829-4.606-2.384-9.559-5.012-14.628-7.69a1059.524 1059.524 0 01-29.427-16.157c-8.792-5.02-16.034-9.022-19.884-10.582a297.736 297.736 0 01-15.866-6.99c-6.322-3.012-13.156-6.872-19.33-10.673a396.133 396.133 0 01-15.853-10.315c-4.05-2.77-6.59-4.541-6.59-4.541"
fill="none"
stroke="#c4422b"
stroke-width="2.3786072000000003"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9123" />
<path
d="M96.74 407.675c-9.56 4.082-19.28 8.02-29.743 11.113"
fill="#f29c1f"
id="path9125" />
<path
d="M96.74 407.675c-9.56 4.082-19.28 8.02-29.743 11.113"
fill="none"
stroke="#c4422b"
stroke-width="2.3786072000000003"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9127" />
<path
d="M91.172 405.347c-1.282-11.616-2.086-23.192-1.454-34.271"
fill="#f29c1f"
id="path9129" />
<path
d="M91.172 405.347c-1.282-11.616-2.086-23.192-1.454-34.271"
fill="none"
stroke="#c4422b"
stroke-width="2.3786072000000003"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9131" />
<path
d="M147.057 434.948c-10.474 4.432-21.111 8.676-32.04 12.617"
fill="#f29c1f"
id="path9133" />
<path
d="M147.057 434.948c-10.474 4.432-21.111 8.676-32.04 12.617M142.516 432.528c.199-11.03.56-22.03 1.143-32.972"
fill="none"
stroke="#c4422b"
stroke-width="2.3786072000000003"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9135" />
<path
d="M107.055 412.856c-.086-7.288-.215-14.585-.214-21.839"
fill="#f29c1f"
id="path9137" />
<path
d="M107.055 412.856c-.086-7.288-.215-14.585-.214-21.839"
fill="none"
stroke="#c4422b"
stroke-width="2.3786072000000003"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9139" />
<path
d="M201.907 456.361c5.176.264 17.621.205 30.849-7.093 14.024-7.74 20.756-19.11 23.136-23.648a113.88 113.88 0 01-11.11 6.89c-10.046 5.458-15.591 6.507-23.3 10.254-4.905 2.387-11.915 6.463-19.575 13.597"
fill="#ee5e43"
id="path9141" />
<path
d="M201.907 455.959c7.772-3.014 17.749-8.296 26.318-17.587 2.686-2.913 6.423-7.036 9.271-13.627 3.152-7.293 3.617-13.909 3.584-17.914a77.62 77.62 0 01-11.705 16.48c-5.484 5.904-8.843 7.65-13.996 12.984-3.798 3.934-8.934 10.192-13.472 19.664"
fill="#ee5e43"
id="path9143" />
<path
d="M201.907 455.34c4.045-3.24 13.312-11.548 18.356-25.788 5.349-15.099 2.833-28.07 1.601-33.044a215.86 215.86 0 00-14.347 35.665 214.89 214.89 0 00-5.61 23.167"
fill="#ee5e43"
id="path9145" />
<path
d="M201.15 456.965c8.802-14.182 9.29-24.101 8.002-30.625-.79-4.013-2.59-8.433-2.59-15.688 0-6.608 1.491-12.005 2.749-15.528-3.05 2.481-7.542 6.867-10.166 13.528-1.46 3.704-2.401 8.26-.977 24.665a309.98 309.98 0 002.983 23.648"
fill="#ee5e43"
id="path9147" />
<path
d="M201.085 456.485c.675-13.976-1.497-24.714-3.396-31.472-2.414-8.592-4.878-12.504-6.892-15.077-4.7-6.01-10.386-9.141-13.852-10.693a61.035 61.035 0 017.642 13.917c3.508 9.03 2.964 14.167 5.312 22.279 1.514 5.229 4.52 12.693 11.186 21.046"
fill="#ee5e43"
id="path9149" />
<path
d="M202.293 456.436c-.996-5.088-4.066-17.148-14.35-28.215-10.906-11.734-23.566-15.513-28.544-16.724a215.73 215.73 0 0024.964 29.235 215.15 215.15 0 0017.93 15.704"
fill="#ee5e43"
id="path9151" />
<path
d="M204.252 456.432c-3.184-4.466-11.384-14.701-26.099-20.921-14.509-6.131-27.384-4.987-32.816-4.19 18.046 5.756 28.263 12.042 34.428 17.103 2.835 2.328 10.236 8.848 20.022 8.59 1.885-.049 3.433-.338 4.465-.582"
fill="#ee5e43"
id="path9153" />
<path
d="M686.005 447.75a79.499 79.499 0 0025.064-2.411c4.656-1.215 8.252-2.604 10.419-3.526 7.673-3.262 25.232-11.721 24.464-19.78-.733-7.686-17.877-10.702-20.067-10.984 5.426-.184 14.614-1.164 24.604-6.28 1.85-.945 7.267-3.7 12.139-7.414 2.436-1.856 4.739-3.959 6.381-6.214.819-1.125 1.478-2.289 1.903-3.478.42-1.182.628-2.384.599-3.747-.151-6.917-9.408-11.865-21.283-12.599a69.243 69.243 0 005.04-6.425 74.34 74.34 0 005.183-8.768 194.37 194.37 0 002.349-4.848c1.052-2.252 2.208-4.91 3.38-7.684 2.38-5.632 5.108-12.476 2.188-16.753-1.784-2.612-5.01-3.72-8.272-4.115-3.257-.395-6.624.057-8.445.367-2.799.474-5.587 1.529-8.052 2.87a35.757 35.757 0 00-6.378 4.472c-3.597 3.146-5.834 6.207-7.081 7.912-4.213 5.756-4.96 7.51-5.927 10.788-1.448-7.261-4.286-12.473-7.573-15.718-3.292-3.251-7.145-4.431-10.412-4.024-1.083.134-2.083.529-3.008 1.062-.861.495-1.85 1.384-2.745 2.399-1.795 2.028-3.363 4.655-4.676 7.336-2.628 5.367-4.222 10.943-4.623 12.359-3.972 14.042-1.22 25.585.692 31.249-2.327-4.257-10.207-18.677-17.461-16.417-4.195 1.305-7.048 7.89-8.77 15.534-1.717 7.623-2.313 16.372-2.246 21.815a74.392 74.392 0 002.018 16.381c2.54 10.612 6.624 17.415 7.492 18.862 1.736 2.897 3.432 5.178 4.728 6.746 1.956.342 4.842.808 8.376 1.032"
fill="#ee5f43"
id="path9155" />
<path
d="M670.643 459.704s1.057-1.895 2.801-5.245c.872-1.674 1.924-3.707 3.175-6.002 1.245-2.284 2.777-4.83 4.434-7.628 6.628-11.185 16.047-25.86 26.326-40.356 10.277-14.494 21.216-28.917 29.917-40.26 4.356-5.682 8.008-10.682 10.94-14.382 2.932-3.703 5.09-6.143 5.888-7.15M719.428 383.91c-3.01-14.035-5.741-28.231-8.37-42.445M716.121 388.896c14.024-1.288 27.984-2.239 41.93-3.065M688.516 427.697c-3.892-12.973-7.263-26.321-10.315-39.786M686.372 432.153c14.795-2.544 29.43-4.3 44.039-5.64"
fill="none"
stroke="#c4422b"
stroke-width="2.69219936"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9157" />
<path
d="M667.748 460.51c.484-1.349 1.452-2.486 2.25-3.463 1.126-1.447 2.109-2.958 3-4.491.895-1.532 1.69-3.135 2.554-4.51a72.557 72.557 0 015.248-7.574c3.53-4.437 7.027-7.623 9.919-9.384 4.546-2.77 9.177-4.348 13.298-6.394 4.128-2.086 7.715-4.445 10.286-9.407.761-1.45 3.788-7.364 1.552-11.856-1.168-2.328-3.072-2.935-11.32-6.579-10.012-4.387-12.007-5.58-12.38-7.605-.452-2.472 1.764-4.918 3.376-6.738 3.85-4.368 6.932-3.505 10.47-8.185 1.027-1.356 2.955-3.988 2.256-6.436-.728-2.512-3.472-2.279-4.025-4.107-.53-1.761 1.584-3.445 4.3-5.92 2.717-2.461 6.028-5.738 7.85-10.364 2.12-5.433 2.267-12.484-1.082-14.842-2.159-1.544-5.183-.812-8.095-.1-9.026 2.186-11.989 8.344-16.625 6.878-.336-.105-2.487-.82-3.103-2.576-1.049-2.989 3.615-5.496 5.666-12.046.276-.86.725-2.291.897-3.702.163-1.456.057-2.73-.85-3.765-.96-1.167-2.309-.915-3.698-.699-1.39.228-2.819.415-3.955-.602-1.968-1.69-.568-4.826-2.105-10.147-.16-.561-.841-2.859-2.033-5.079-1.196-2.218-2.848-4.429-5.099-4.996-1.564-.382-3.385.076-5.072 1.142-1.688 1.062-3.219 2.729-4.208 4.557-2.552 4.741-1.305 9.727-.44 14.439.115.628.2 1.117.297 1.837l.258 2.405a73.99 73.99 0 01.356 4.938c.116 3.342-.083 6.785-1.031 10.289-.605 2.236-1.504 4.447-3.521 5.636-3.438 2.024-6.846-.79-10.167.264-2.352.741-4.484 3.15-5.839 6.033-1.353 2.895-1.937 6.247-1.176 9.099.988 3.747 3.996 5.541 7.466 7.837 3.456 2.3 7.4 5.088 10.02 10.963.52 1.116 3.293 7.804.846 9.807-2.28 1.848-6.492-2.49-12.916-1.756-4.997.565-10.601 3.956-12.044 8.321-.525 1.6-.452 3.197 1.087 6.21 1.535 3.033 4.527 7.445 9.73 14.977 10.342 15.324 12.47 16.878 14.089 22.297.686 2.296 1.258 5.196 1.282 8.755.007.89-.02 1.821-.088 2.794a40.37 40.37 0 01-.308 2.866c-.27 1.701-.845 3.532-1.98 5.268l-.694.985c-.303.516-.62 1.093-.898 1.672 1.331-.093 2.211.761 3.166 1.563.949.812 1.994 1.568 3.233 1.49"
fill="#3b97d3"
id="path9159" />
<path
d="M664.81 457.288l.217-.498.56-1.149c.54-1.096 1.269-2.901 1.806-5.337l1.956-9.864a2506.227 2506.227 0 004.991-26.343c1.763-9.353 3.299-18.828 4.233-26.842.95-8.014 1.326-14.556 1.108-17.98-.234-3.768-.597-9.38-1.18-15.652-.576-6.275-1.357-13.223-2.042-19.743l-.922-9.315c-.238-2.884-.456-5.504-.64-7.717a72.795 72.795 0 00-.645-4.9l-.317-1.84M679.681 369.275c-7.125-6.243-14.409-12.062-21.817-17.656M679.325 363.805c8.879-5.821 17.598-12.225 26.215-18.617M673.108 420.753c-6.705-7.964-13.341-15.744-20.195-23.252M673.957 416.161c9.618-2.81 19.256-5.712 28.862-8.792M679.332 379.77a504.99 504.99 0 0017.99-8.713"
fill="none"
stroke="#285680"
stroke-width="2.04688216"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9161" />
<path
d="M658.619 458.919c-.036-1.706-.78-31-6.251-42.67-.907-1.932-2.145-4.573-4.897-6.821-3.643-2.972-5.976-2.027-10.999-4.87-4.181-2.37-8.953-6.64-8.112-8.803.55-1.411 3.508-1.992 5.821-1.444 4.156.984 4.32 5.165 8.884 6.49 1.992.58 4.787.603 5.583-.73.795-1.328-.677-3.534-1.18-4.288-2.07-3.103-4.893-4.412-10.187-6.706-7.416-3.212-9.936-4.13-13.548-6.586-5.33-3.626-5.368-5.378-5.309-5.984.195-2.052 2.724-4.035 4.972-3.942 1.36.055 1.972.843 6.545 5.399 1.79 1.781 3.442 3.399 5.883 5.133 2.744 1.951 4.127 2.372 5.135 1.904.644-.3 1.148-.97 1.309-1.633.913-3.756-8.656-9.47-11.856-11.383-3.428-2.048-5.739-3.01-9.323-5.974-4.358-3.603-4.564-5.172-4.354-6.062.317-1.338 1.852-2.288 3.165-2.508.935-.157 2.476-.066 6.54 3.394a49.85 49.85 0 015.425 5.41c3.9 4.51 4.935 6.795 6.811 6.663.883-.063 2.05-.667 2.432-1.645 1.743-4.47-13.068-16.224-20.897-21.715-3.252-2.281-6.739-4.49-6.544-7.327.153-2.238 2.57-4.437 4.92-4.58 3.005-.182 5.205 3.044 6.692 5.227 2.168 3.183 1.489 4.232 4.086 8.653 2.808 4.784 4.696 5.42 5.519 5.606 1.119.253 3.177.332 4.028-.815.401-.541.976-1.955-3.179-9.33-3.694-6.555-5.434-7.72-5.476-10.906-.038-2.928 1.375-6.37 3.304-6.655 1.819-.268 3.787 2.316 4.68 4.19 1.439 3.014.283 4.572 1.44 10.637.642 3.363 1.276 4.343 2.106 4.603 1.274.4 2.753-.982 3.14-1.343 4.038-3.773 1.001-8.955 4.49-15.621.823-1.574 2.542-4.858 6.091-5.963 2.932-.913 7.157-.353 9.205 2.612 2.059 2.98.972 7.019-.51 9.355-2.275 3.578-5.1 2.565-11.302 7.032-2.432 1.753-7.758 5.589-7.088 9.416.039.226.354 2.026 1.659 2.592 2.557 1.108 5.32-4.099 12.283-6.794 1.818-.704 6.576-2.545 8.462-.538 1.416 1.505.936 4.873-.722 6.802-1.116 1.299-2.284 1.384-7.642 2.719-6.537 1.628-7.849 2.264-9.038 3.315-1.715 1.514-3.551 4.225-2.728 5.844.761 1.5 3.51 1.481 5.897 1.44 6.596-.116 8.324-2.648 13.928-2.434 1.74.064 5.896.224 6.96 2.635.665 1.507-.017 3.568-1.212 4.756-2.2 2.19-6.17 1.457-9.728.803-3.27-.602-3.496-1.223-6.881-1.68-3.314-.447-5.63-.724-7.163.753-1.252 1.207-1.932 3.543-1.039 4.901.862 1.312 2.744 1.034 10.35.912 1.537-.024 3.969.008 8.836.074 6.628.088 8.234.242 9.113 1.496.981 1.397.772 3.76-.401 4.849-.452.419-1.248.835-4.944.407-3.458-.399-3.843-.886-6.523-1.227-4.075-.519-6.555.179-7.813.645-1.292.478-2.763 1.022-3.032 2.178-.327 1.402 1.265 3.102 2.734 3.946 2.343 1.35 4.094.37 10.883-.416 7.05-.814 8.797-.337 10.004.62.175.138 2.247 1.824 1.956 3.851-.264 1.848-2.327 2.853-3.29 3.323-3.467 1.69-7.31.861-8.625.552-2.572-.61-3.564-1.574-5.884-1.28-.673.082-2.26.284-3.416 1.404-1.318 1.28-1.698 3.393-1.201 6.842.816 5.656 3.14 8.999 4.708 12.295 1.73 3.639 2.193 7.905 3.121 16.439a115.077 115.077 0 01.236 22.296l-7.042.26"
fill="#71c285"
id="path9163" />
<path
d="M176.919 449.358a56.528 56.528 0 01-17.831-1.717 53.329 53.329 0 01-7.413-2.506c-5.46-2.322-17.952-8.339-17.406-14.074.522-5.467 12.719-7.613 14.276-7.814-3.858-.13-10.396-.828-17.504-4.467-1.316-.673-5.168-2.632-8.636-5.275-1.733-1.322-3.37-2.817-4.54-4.42-.582-.8-1.051-1.63-1.353-2.476a7.248 7.248 0 01-.426-2.665c.107-4.923 6.693-8.443 15.14-8.964a49.033 49.033 0 01-3.585-4.572 53.071 53.071 0 01-3.688-6.236c-.287-.575-.927-1.861-1.67-3.45a165.689 165.689 0 01-2.405-5.467c-1.693-4.007-3.634-8.876-1.556-11.919 1.268-1.859 3.563-2.648 5.884-2.928 2.318-.281 4.713.041 6.01.261 1.99.339 3.973 1.088 5.727 2.043a25.427 25.427 0 014.538 3.183c2.559 2.236 4.151 4.414 5.039 5.628 2.996 4.096 3.527 5.342 4.216 7.674 1.028-5.166 3.048-8.873 5.388-11.184 2.343-2.312 5.083-3.152 7.407-2.861.772.096 1.481.376 2.14.755.613.352 1.314.985 1.954 1.708 1.276 1.442 2.392 3.31 3.326 5.22 1.869 3.816 3.004 7.785 3.289 8.79 2.825 9.992.868 18.204-.492 22.234 1.655-3.03 7.261-13.29 12.423-11.682 2.982.931 5.014 5.614 6.238 11.054 1.223 5.422 1.646 11.646 1.598 15.518a53.003 53.003 0 01-1.435 11.655c-1.808 7.55-4.712 12.39-5.33 13.42a38.963 38.963 0 01-3.366 4.799c-1.39.242-3.443.576-5.957.735"
fill="#f29c1f"
id="path9165" />
<path
d="M187.85 457.863s-.754-1.348-1.995-3.73c-.62-1.192-1.368-2.638-2.259-4.272-.885-1.625-1.975-3.436-3.155-5.426-4.716-7.958-11.416-18.4-18.729-28.71-7.312-10.314-15.095-20.574-21.284-28.645-3.1-4.043-5.697-7.6-7.783-10.233-2.088-2.632-3.623-4.37-4.189-5.086M153.14 403.94c2.141-9.987 4.084-20.087 5.953-30.199M155.492 407.487c-9.977-.918-19.91-1.592-29.832-2.182M175.132 435.092c2.77-9.23 5.168-18.727 7.339-28.305M176.656 438.263c-10.524-1.811-20.936-3.06-31.33-4.014"
fill="none"
stroke="#805333"
stroke-width="2.22501104"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9167" />
<path
d="M192.853 456.13c-2.266-4.285-5.461-7.577-8.165-10.12l-3.704-3.411a4516.104 4516.104 0 00-3.17-3.1c-4.795-4.615-9.893-9.278-14.48-14.063-4.751-4.907-9.907-10.752-16.197-17.124a276.938 276.938 0 00-20.52-18.604c-25.06-20.553-61.758-43.312-66.634-37.767-4.872 5.568 22.113 38.356 45.774 61.191a340.887 340.887 0 0020.12 17.919c6.546 5.443 13.386 10.81 20.514 15.11 7.176 4.327 13.946 7.139 20.176 9.576 6.593 2.792 12.197 3.362 16.676 6.79l9.61-6.396"
fill="#3b97d3"
id="path9169" />
<path
d="M187.447 458.783c-2.732-3.354-5.932-5.424-8.752-7.148l-4.056-2.407-.932-.575-1.003-.644-1.997-1.285c-5.306-3.425-10.535-6.85-15.422-10.639-4.905-3.797-9.581-8.034-14.248-12.326-4.65-4.318-9.37-8.598-14.095-12.831-18.902-16.972-38.085-33.576-57.304-50.177M94.912 382.652l-10.804.524M101.696 388.572l1.924-11.375M116.395 401.516l-10.11 2.821M126.942 410.928l.638-13.284M138.627 421.535a760.23 760.23 0 00-13.407 2.402M157.788 437.977c-.396-3.261-.633-6.488-.781-9.706"
fill="none"
stroke="#285680"
stroke-width="2.04688216"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9171" />
<path
d="M422.165 449.66c-.252-2.839-.068-5.725.692-8.804.81-3.285 1.935-6.021 3.016-8.385 1.086-2.368 2.231-4.474 3.055-6.16.835-1.708 6.179-12.495 6.659-13.424l.365-.696s1.052-1.868 1.361-2.404c2.448-4.266 5.162-8.378 7.946-12.358 2.78-3.978 5.674-7.833 8.472-11.578a279.405 279.405 0 014.538-5.883c1.6-2.017 3.243-4.047 4.93-6.081a346.71 346.71 0 0122.437-24.622c3.448-3.429 7.088-6.761 10.95-10.254 3.842-3.471 7.875-6.95 12.022-10.306a210.552 210.552 0 0112.667-9.494c4.316-2.983 8.468-5.328 12.457-7.562 15.913-8.905 28.75-13.677 31.995-10.004 3.217 3.64-3.074 15.364-13.712 29.476-1.33 1.764-22.943 30.246-26.136 34.302-3.171 4.028-6.578 8.126-9.69 11.852-7.234 8.66-14.664 16.498-22.053 23.664-3.713 3.601-7.304 6.925-11.187 10.426-3.768 3.399-7.446 6.374-10.952 9.195-3.418 2.75-6.737 5.436-9.973 8.02-.767.612-1.616 1.372-2.43 2.064-.818.699-5.643 4.76-7.22 6.032-1.577 1.272-3.102 2.525-4.665 3.682-1.529 1.131-2.977 2.15-4.308 3.215-1.328 1.063-2.558 2.155-3.612 3.39-1.074 1.261-1.917 2.721-2.374 4.238l-15.25-1.54"
fill="#3b97d3"
id="path9173" />
<path
d="M430.033 449.523c.275-2.548 1.059-4.95 2.251-7.334 1.144-2.286 2.45-4.134 3.737-5.84 1.295-1.717 2.568-3.129 3.71-4.617l10.674-13.425c2.502-3.032 5.083-5.931 7.682-8.776 0 0 57.061-61.551 62.362-66.971 5.3-5.42 10.688-10.69 16.282-15.625l17.396-14.803M524.341 338.627c4.554.104 9.087.305 13.559.613M516.815 346.31a568.004 568.004 0 01-4.339-14.158M500.667 363.41l13.236 2.87M489.161 375.888l-3.264-16.584M476.31 389.827l17.425 2.168M455.46 412.437c-.497-4.192-.91-8.414-1.328-12.605"
fill="none"
stroke="#285680"
stroke-width="2.3811404700000005"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9175" />
<path
d="M417.035 457.07c-.312-.378-.614-.606-1.17-1.58-.269-.471-.606-1.08-.966-1.845a58.425 58.425 0 01-.574-1.249c-.185-.42-.361-.847-.544-1.275a311.904 311.904 0 01-3.957-9.694c-.621-1.606-1.257-3.24-1.892-4.908-.539-1.42-1.144-2.88-1.75-4.35-1.22-2.97-2.625-6.032-4.107-9.238-2.967-6.412-6.464-13.344-10.21-20.988-.945-1.928-9.594-20.162-11.569-24.454-6.67-14.48-14.556-32.068-19.743-46.902-1.35-3.863-2.233-7.347-3.006-10.487-.76-3.09-1.443-5.915-2.046-8.412-.594-2.47-.769-4.547-.449-6.047.321-1.506 1.05-2.456 1.975-2.946.924-.492 2.002-.599 3.266-.407 1.28.196 2.807.644 5 2.083 2.467 1.62 5.052 3.99 7.524 6.473 2.488 2.5 4.888 5.1 7.148 7.452 10.575 11.01 22.771 26.767 31.718 42.404 2.557 4.47 4.892 8.98 6.949 13.49a187.604 187.604 0 015.42 13.162c3.23 8.799 5.604 17.63 6.91 26.112a103.42 103.42 0 011.142 12.41c.064 2 .047 3.97-.017 5.89-.064 1.87-.162 3.507-.264 5.23a309.564 309.564 0 01-.735 9.846c-.272 2.975-.15 6.33-.996 9.064l-13.057 1.167"
fill="#3b97d3"
id="path9177" />
<path
d="M423.735 456.08c.018-1.019-.164-2.23-.496-3.779l-.538-2.506c-.185-.9-.294-1.671-.444-2.51 0 0-3-17.737-3.318-19.288-.636-3.103-1.428-6.196-2.303-9.28-3.508-12.352-8.739-24.405-14.221-36.306-5.486-11.907-11.794-23.5-18.359-34.907-3.284-5.707-13.37-22.688-14.876-25.401-1.548-2.786-3.09-5.712-4.863-8.702M381.647 343.34l3.168-11.397M386.303 351.435c-4.235.064-8.468.172-12.688.297M395.996 369.281c2.05-3.326 4.04-6.664 6.028-10.05M402.415 382.41a322.933 322.933 0 00-14.148-2.433M408.97 397.281c2.669-4.26 5.243-8.598 7.778-12.982M417.493 421.847a152.468 152.468 0 00-9.682-4.163"
fill="none"
stroke="#285680"
stroke-width="2.04688216"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9179" />
<path
d="M425.736 460.41c-.364-.022-.733-.025-1.1-.087-.395-.067-.677-.072-1.197-.219-.454-.128-.984-.272-1.383-.416l-1.184-.447a32.744 32.744 0 01-3.7-1.85 62.063 62.063 0 01-2.988-1.85c-.927-.601-1.813-1.196-2.512-1.616-.185-.11-.297-.155-.447-.24-.054-.02-.068-.005-.1-.01l-.029-.003.048-.068.757-1.083c.24-.336-1.598 2.226-.83 1.145 0 0-27.258-15.058-29.611-16.41a1612.86 1612.86 0 01-7.032-4.067c-7.933-4.61-17.916-9.504-26.192-13.494-8.257-3.98-14.56-7.354-14.179-9.905.366-2.44 7.338-3.997 17.143-3.62 4.892.187 10.473.9 16.14 2.196 5.663 1.295 11.4 3.206 16.532 5.558 2.99 1.37 5.656 2.807 8.215 4.313 2.56 1.511 4.982 3.103 7.276 4.739a98.646 98.646 0 0112.156 10.26 94.124 94.124 0 014.916 5.263c.757.874 1.49 1.737 2.178 2.61.608.771 1.628 1.955 2.163 2.834 1.127 1.849 2.044 3.5 3.056 5.013.99 1.485 1.953 2.964 3.524 3.7l-1.62 7.753"
fill="#3b97d3"
id="path9181" />
<path
d="M426.092 456.345c-.32-.075-.633-.189-.947-.285a26.517 26.517 0 01-1.065-.463 15.064 15.064 0 01-1.7-1.032 26.242 26.242 0 01-2.647-2.171c-1.556-1.437-2.976-2.983-4.197-4.192-.233-.23-.619-.555-.999-.869l-3.386-2.784a204.648 204.648 0 00-4.627-3.594 211.027 211.027 0 00-19.616-13.067c-6.796-4.006-13.98-7.517-21.5-10.272-7.519-2.756-15.3-4.884-23.177-6.527M362.65 416.633a150.452 150.452 0 00-3.231-6.436M367.98 418.595c-1.977 1.652-3.88 3.299-5.74 5.026M379.192 423.632a151.432 151.432 0 00-.68-7.047M386.908 427.888c-2.65 1.182-5.283 2.377-7.817 3.678M395.23 433.033a234.877 234.877 0 00-.547-9.105M408.101 442.156c-2.112.443-4.2.915-6.272 1.426"
fill="none"
stroke="#285680"
stroke-width="1.23316917"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9183" />
<path
d="M422.768 452.364c.353-1.479.956-2.984 1.683-4.464.701-1.43 1.793-3.11 2.544-4.284.77-1.208 1.525-2.326 1.329-2.561a59.593 59.593 0 012.543-3.631c3.568-4.717 7.813-8.805 11.409-12.003 3.81-3.386 8.539-6.965 14.505-10.148a64.4 64.4 0 014.675-2.264 76.093 76.093 0 014.721-1.848 68.813 68.813 0 0110.74-2.864c3.25-.582 6.775-.962 10.411-.985a53.206 53.206 0 015.515.225c.449.043.948.08 1.352.14l1.161.204c.775.135 1.539.288 2.296.45a86.301 86.301 0 0116.519 5.337c4.861 2.13 9.048 4.452 12.202 6.82 3.148 2.36 5.247 4.799 5.566 7.332.316 2.499-1.192 5.03-4.034 7.372-2.83 2.333-6.981 4.441-11.58 6.19-4.606 1.753-9.636 3.176-14.356 4.369l-1.76.437-17.393 5.11c-.613.172-1.235.333-1.76.454-1.144.264-2.277.542-3.408.813-4.679 1.126-9.687 2.359-14.907 3.401-5.193 1.04-9.653 1.263-13.973 1.867-.54.075-2.405.358-2.405.358-.271.048-.504.058-.879.21-1.303.398-2.332.493-3.388.647-2.001.293-4.183.71-5.716 1.713l-13.612-8.397"
fill="#71c285"
id="path9185" />
<path
d="M429.985 456.247c.711-1.142 1.646-2.16 2.627-3.088a28.21 28.21 0 012.957-2.42c.444-.319.894-.63 1.224-.842.2-.086.804-.585 1.232-.898a58.464 58.464 0 012.823-1.966c3.797-2.467 7.627-4.38 11.3-6.205 7.359-3.658 15.027-7.317 22.879-9.82 7.869-2.51 15.825-4.123 23.644-3.93 8.062.204 16.142.763 24.55 1.077M501.619 427.139a444.19 444.19 0 015.8 10.426M495.948 427.07c.592-4.467 1.483-8.933 2.367-13.39M483.804 428.58a146.788 146.788 0 017.135 10.85M475.027 431.008c-.27-4.842-.339-9.735-.086-14.695M465.368 434.595c4.137 3.58 8.127 7.29 11.879 11.176M450.27 441.76c-.42-3.441-.946-6.805-1.346-10.256"
fill="none"
stroke="#4c8056"
stroke-width="2.47847137"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9187" />
<path
d="M416.763 461.23c-3.759-14.109-5.388-31.003-3.958-50.034.716-9.516 2.194-19.58 4.947-30.187 2.612-10.064 6.07-20.397 10.396-30.837 3.632-8.77 8.059-18.003 12.795-26.828a275.792 275.792 0 013.6-6.53 937.896 937.896 0 013.716-6.413c2.581-4.416 5.349-8.33 8.056-11.834 5.405-7.002 10.54-12.46 14.742-16.267 4.188-3.79 7.548-5.843 9.739-4.947 2.145.879 3.039 4.772 2.713 10.568-.325 5.782-1.94 13.351-3.806 21.243a547.082 547.082 0 00-2.7 11.95c-.974 4.585-2.131 9.335-3.338 14.094a531.078 531.078 0 01-7.942 28.059 420.93 420.93 0 01-4.947 14.861c-.85 2.395-20.375 54.652-22.916 61.747-2.543 7.1-4.801 13.714-6.513 19.928l-14.584 1.426"
fill="#71c285"
id="path9189" />
<path
d="M424.232 459.784c-.088-7.821.493-15.373 1.424-22.824.93-7.448 2.19-14.787 3.69-22.053s3.226-14.46 5.246-21.567c2.023-7.12 4.343-14.075 6.715-21.016 4.741-13.881 9.929-27.564 15.305-41.17l6.117-15.255c.679-1.638 1.391-3.266 2.13-4.888 2.956-6.487 6.332-12.872 9.677-19.475M458.585 326.183l12.212-4.927M454.772 335.837l-9.113-10.901M446.764 356.95l12.81-2.411M441.307 372.324a773.238 773.238 0 01-9.2-13.352M435.653 389.675c5.331-1.827 10.662-3.462 16.014-5.106M428.604 418.597a300.989 300.989 0 01-7.265-9.837"
fill="none"
stroke="#4c8056"
stroke-width="2.28780947"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9191" />
<path
d="M436.505 460.148h-10.594V86.768a5.006 5.006 0 015.006-5.007h.582a5.007 5.007 0 015.006 5.007v373.38"
fill="#35495e"
id="path9193" />
<path
d="M467.904 298.77h-93.901a6.593 6.593 0 01-6.592-6.593v-29.756a6.593 6.593 0 016.592-6.593h93.944a6.59 6.59 0 014.436 1.716c5.382 4.896 10.765 9.792 16.15 14.688a6.593 6.593 0 01.055 9.703l-16.193 15.069a6.594 6.594 0 01-4.491 1.767"
fill="#804537"
id="path9195" />
<path
d="M469.77 300.467h-93.9a6.593 6.593 0 01-6.594-6.592v-29.758a6.593 6.593 0 016.593-6.593h93.946c1.638 0 3.221.612 4.434 1.716l16.15 14.688a6.59 6.59 0 01.056 9.703L474.26 298.7a6.588 6.588 0 01-4.49 1.767"
fill="#f29c1f"
id="path9197" />
<path
d="M481.043 196.05l-83.164 43.6a6.589 6.589 0 01-8.899-2.777l-13.819-26.354a6.593 6.593 0 012.779-8.9l83.203-43.622a6.591 6.591 0 014.725-.54l21.123 5.51c3.732.974 5.836 4.93 4.554 8.569l-7.344 20.864a6.594 6.594 0 01-3.158 3.65"
fill="#4c8056"
id="path9199" />
<path
d="M484.384 196.05l-83.164 43.6a6.593 6.593 0 01-8.901-2.777l-13.816-26.354a6.594 6.594 0 012.777-8.9l83.203-43.622a6.593 6.593 0 014.725-.54l21.124 5.51a6.595 6.595 0 014.555 8.569c-2.45 6.955-4.898 13.91-7.346 20.864a6.597 6.597 0 01-3.157 3.65"
fill="#4fba6f"
id="path9201" />
<path
d="M389.892 117.08l76.065-22.316a5.566 5.566 0 016.907 3.775l7.07 24.105a5.564 5.564 0 01-3.773 6.907l-76.1 22.325c-1.329.39-2.754.27-4.001-.336l-16.573-8.059a5.567 5.567 0 01-2.35-7.848l9.536-16.054a5.56 5.56 0 013.219-2.499"
fill="#2c3e50"
id="path9203" />
<path
d="M392.55 118.344l76.065-22.315a5.565 5.565 0 016.906 3.774l7.071 24.105a5.565 5.565 0 01-3.773 6.908l-76.1 22.325a5.568 5.568 0 01-4-.336c-5.524-2.686-11.05-5.373-16.572-8.06a5.565 5.565 0 01-2.352-7.846l9.536-16.056a5.57 5.57 0 013.218-2.499"
fill="#3b97d3"
id="path9205" />
<path
d="M434.076 124.584a3.158 3.158 0 10-6.318 0 3.158 3.158 0 006.318 0M434.332 201.95a3.124 3.124 0 10-6.249 0 3.124 3.124 0 006.249 0M434.076 278.996a3.16 3.16 0 10-6.319.001 3.16 3.16 0 006.319-.001"
fill="#2c3e50"
id="path9207" />
<path
d="M590.479 451.515a47 47 0 0014.836-1.427 44.825 44.825 0 006.168-2.085c4.544-1.933 14.938-6.94 14.482-11.713-.433-4.549-10.582-6.334-11.877-6.5 3.21-.11 8.65-.689 14.564-3.718 1.095-.56 4.301-2.19 7.185-4.39 1.442-1.098 2.806-2.342 3.778-3.677.485-.665.874-1.356 1.126-2.06.25-.7.372-1.41.354-2.217-.088-4.096-5.568-7.025-12.599-7.459.812-.909 1.939-2.289 2.985-3.804a44.234 44.234 0 003.067-5.189c.241-.479.772-1.548 1.39-2.872a135.857 135.857 0 002.002-4.548c1.41-3.333 3.024-7.385 1.295-9.917-1.055-1.546-2.966-2.203-4.896-2.436-1.928-.234-3.922.033-4.999.217-1.657.283-3.307.904-4.767 1.7a21.102 21.102 0 00-3.776 2.647c-2.13 1.862-3.453 3.673-4.193 4.684-2.493 3.408-2.935 4.445-3.508 6.386-.856-4.298-2.536-7.384-4.483-9.305-1.949-1.925-4.23-2.624-6.164-2.381-.641.078-1.232.312-1.78.626-.51.294-1.094.822-1.626 1.422-1.062 1.2-1.99 2.754-2.768 4.344-1.555 3.174-2.499 6.477-2.736 7.314-2.351 8.314-.723 15.147.409 18.5-1.376-2.52-6.041-11.057-10.336-9.72-2.483.774-4.172 4.672-5.19 9.196-1.018 4.512-1.371 9.692-1.33 12.915.02 1.76.156 5.364 1.193 9.697 1.504 6.282 3.922 10.311 4.435 11.166a33.073 33.073 0 002.8 3.993 44 44 0 004.959.61"
fill="#f29c1f"
id="path9209" />
<path
d="M581.383 458.592s.626-1.121 1.658-3.104c.518-.99 1.14-2.194 1.88-3.553.738-1.352 1.644-2.86 2.626-4.516 3.924-6.622 9.498-15.308 15.585-23.89 6.083-8.58 12.559-17.118 17.71-23.834 2.58-3.363 4.74-6.323 6.475-8.515 1.736-2.19 3.015-3.635 3.487-4.23M610.264 413.725c-1.783-8.31-3.399-16.714-4.955-25.128M608.307 416.676c8.301-.764 16.565-1.327 24.821-1.816M591.965 439.645c-2.305-7.681-4.301-15.581-6.106-23.553M590.696 442.284c8.757-1.507 17.421-2.547 26.068-3.339"
fill="none"
stroke="#805333"
stroke-width="2.22501104"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9211" />
<path
d="M131.76 460.148h560.673"
fill="none"
stroke="#2c3e50"
stroke-width="7.9998000000000005"
stroke-linecap="round"
stroke-linejoin="round"
stroke-miterlimit="10"
id="path9213" />
<path
d="M297.024 109.881a4.182 4.182 0 01-4.181-4.182v-.767a4.181 4.181 0 014.181-4.181h.767a4.182 4.182 0 014.181 4.181v.767a4.182 4.182 0 01-4.181 4.182zm4.227-15.444a3.583 3.583 0 01-3.566 3.162h-2.704a2.17 2.17 0 01-2.17-2.171v-.005c0-2.687.444-4.896 1.332-6.63.886-1.733 2.664-3.682 5.329-5.849 2.663-2.167 4.256-3.585 4.775-4.257.801-1.06 1.202-2.231 1.202-3.51 0-1.776-.709-3.298-2.128-4.565-1.418-1.268-3.332-1.9-5.736-1.9-2.317 0-4.257.66-5.816 1.981-.9.764-1.64 1.759-2.216 2.986a4.58 4.58 0 01-4.706 2.6l-.002-.002a4.184 4.184 0 01-3.208-6.057c.824-1.607 1.986-3.073 3.487-4.401 3.065-2.707 7.09-4.062 12.073-4.062 5.242 0 9.411 1.371 12.508 4.111 3.099 2.741 4.648 5.93 4.648 9.57 0 2.015-.569 3.92-1.705 5.718-1.139 1.799-3.57 4.248-7.296 7.345-1.928 1.603-3.125 2.891-3.59 3.867-.235.493-.406 1.183-.511 2.07M277.172 437.544l-4.317 4.064s.761 6.223-.636 7.745c-1.396 1.525-3.936 3.684-2.92 6.604 1.016 2.921 2.794 4.191 2.794 4.191h16.382s2.92-4.317 2.92-5.587c0-1.27-1.524-16-4.064-17.017-2.539-1.016-10.159 0-10.159 0"
fill="#2c3e50"
id="path9215" />
<g
clip-path="url(#a)"
transform="matrix(.13333 0 0 -.13333 0 541.68)"
id="g9219">
<path
d="M2245.78 599.422h-287v24.129h287v-24.129"
fill="#231f20"
id="path9217" />
</g>
<path
d="M326.444 444.401s-.635 5.97 0 9.016c.635 3.048 1.143 6.731 1.143 6.731h38.73s3.939-1.777 3.939-3.936-1.525-5.461-8.51-5.334c-7.618-3.81-17.269-12.317-17.269-12.317l-10.922 4.062-7.111 1.778"
fill="#2c3e50"
id="path9221" />
<g
clip-path="url(#b)"
transform="matrix(.13333 0 0 -.13333 0 541.68)"
id="g9225">
<path
d="M2776.92 598.781h-362.24v30.481h362.24v-30.481"
fill="#231f20"
id="path9223" />
</g>
<path
d="M297.765 320.968l18.9 43.019s-.889 4.474 0 6.761c.89 2.285 2.414 5.333 2.414 5.333s-1.524 22.096 0 29.462c1.522 7.365 5.333 20.486 4.825 23.323-.508 2.836 2.54 5.123 2.54 6.646v8.89h8.636l9.397-5.84-4.064-58.67s1.015-10.415.254-12.953c-.762-2.54-3.556-12.446-3.556-12.446s4.402-47.748-7.704-62.225c-12.106-14.477-24.551-8.635-24.551-8.635l-7.09 37.335"
fill="#a36648"
id="path9227" />
<path
d="M310.888 304.459s-11.873 52.066-21.017 61.464c4.064 8.636-2.54 15.746-2.54 15.746l2.222 58.226s-1.206-1.334-6.54-1.08c-5.333.253-10.158 2.793-10.158 2.793s-9.906-40.383-3.303-63.75c.763-21.587 1.27-53.843.508-58.922-.761-5.08-3.023-15.161-2.963-25.313.059-10.152 45.886-6.688 45.886-6.688l-2.095 17.524"
fill="#cb8252"
id="path9229" />
<g
clip-path="url(#c)"
transform="matrix(.13333 0 0 -.13333 0 541.68)"
id="g9239">
<path
d="M2040.44 1875.94l23.12-190.12-10.48-348.98s-22.7-121.51-22.99-157.71c-1.6-192.38 5.33-287.931 33.47-431.931"
fill="none"
stroke="#a36648"
stroke-width="10"
stroke-miterlimit="10"
id="path9231" />
<path
d="M2062.3 1644.03s85.06 25.48 87.6 71.83c2.54 46.35 0 163.81 0 163.81"
fill="none"
stroke="#a36648"
stroke-width="10"
stroke-miterlimit="10"
id="path9233" />
<path
d="M2362.92 1830.79c0-1.23-89.69-6.14-96.42-6.93a812.824 812.824 0 00-147.22-3.95c-47.7 3.04-95.36 7.36-143.04 10.88v36.19h386.68v-36.19"
fill="#a36648"
id="path9235" />
<path
d="M2362.92 1830.79c0-1.23-89.69-6.14-96.42-6.93a812.824 812.824 0 00-147.22-3.95c-47.7 3.04-95.36 7.36-143.04 10.88v36.19h386.68v-36.19z"
fill="none"
stroke="#a36648"
stroke-width="10"
stroke-miterlimit="10"
id="path9237" />
</g>
<path
d="M281.08 180.248l-11.104 13.984s3.217 68.744 0 74.839c-3.216 6.097-4.91 9.482-3.895 11.514 1.016 2.032 2.54 7.451 1.694 8.975-.847 1.523-.678 4.063-.678 4.063s20.416 4.53 32.566.773c14.746-4.56 31.514 0 31.514 0s-3.68-16.181-4.333-21.77c-.653-5.586-2.01-26.92-2.01-26.92l4.573-29.631-9.314-22.688-6.688-7.959-4.102-1.91-19.094-.714-9.129-2.556"
fill="#35495e"
id="path9241" />
<path
d="M271.173 259.827l-.494 6.289s17.228-2.165 24.052-5.596c6.822-3.428 14.824-8.125 14.824-8.125l15.98 3.809-.424-6.265-15.556-4.022-29.08 12.7-9.302 1.21"
fill="#2c3e50"
id="path9243" />
<path
d="M283.395 162.232s1.333 6.285 1.08 10.603c-.255 4.317-5.906 10.604-5.906 10.604s12.954 18.477 19.366 18.413c6.413-.064 13.144-16.064 12.953-17.207-.19-1.142-5.224-2.16-5.224-2.16v-13.794l-16.237-13.888-6.032 7.429"
fill="#d08b73"
id="path9245" />
<path
d="M308.22 142.104s3.112-.556 3.048-2.627c-.064-2.072-.125-8.993-13.27-8.993-13.143 0-19.937 10.032-22.794 15.175-2.857 5.144-1.343 8.841 1.257 13.657 2.006 3.715 8.044 12.415 8.044 12.415l2.508-13.627 2.096-.19 3.152 4.063 7.071-.889-2.54-18.604 11.428-.38"
fill="#2c3e50"
id="path9247" />
<path
d="M292.465 160.899c0-2.912-1.789-5.271-3.996-5.271-2.206 0-3.994 2.359-3.994 5.27 0 2.911 1.788 5.27 3.994 5.27 2.207 0 3.996-2.359 3.996-5.27M297.617 256.204l19.048-10.032-16-7.493-10.794 8.762 7.746 8.763"
fill="#d08b73"
id="path9249" />
<g
clip-path="url(#d)"
transform="matrix(.13333 0 0 -.13333 0 541.68)"
id="g9253">
<path
d="M2232.13 2220.61l88.57-43.35 37.15 43.34-152.87 70.01 27.15-70"
fill="#bc6c56"
id="path9251" />
</g>
<path
d="M324.92 204.01s-5.841 11.43-5.08 16.383c.761 4.952 2.507 11.047 2.507 11.047h-12.158s-16.254-4.317-20.318-3.681c-4.063.634-14.73 3.681-14.73 3.681l1.311 4.319 18.279-2.414 11.902 3.742h15.62l7.154-1.202-.678-21.714-3.809-10.16"
fill="#2c3e50"
id="path9255" />
<path
d="M312.221 234.996s-13.334-3.175-18.921-3.301c-5.588-.128-16.848 1.016-16.848 1.016v9.269s18.117-1.016 21.165 1.143c3.048 2.16 13.884 6.816 13.884 6.816l7.578-3.387-6.858-11.556"
fill="#d08b73"
id="path9257" />
<path
d="M310.888 184.645s19.873 5.651 24.192 13.143c4.317 7.493 2.792 18.795 3.681 23.748.89 4.952 6.731 25.905 2.542 29.333-4.192 3.43-30.414 0-30.414 0v-16.508s8.698-1.397 14.666-1.142c-2.92-8.255-5.079-15.367-2.031-24.636 3.047-9.271-12.636-23.938-12.636-23.938"
fill="#35495e"
id="path9259" />
<path
d="M273.66 207.82s6.461 3.996 7.956 12.728l1.496 8.733-12.543 5.207v-24.763l3.091-1.905"
fill="#2c3e50"
id="path9261" />
<path
d="M276.452 209.09c4.233 7.874 3.515 20.827 2.117 31.24 6.667-2.095 19.048 2.793 19.048 2.793v13.081s-14.604 9.016-28.318 4.825c-10.54-5.588-14.478-55.748-13.97-59.177.508-3.428 23.24-18.413 23.24-18.413s-6.35 17.778-2.117 25.652"
fill="#35495e"
id="path9263" />
<g
clip-path="url(#e)"
transform="matrix(.13333 0 0 -.13333 0 541.68)"
id="g9267">
<path
d="M2102.13 2282.45l-12.86-22.33s16.11 1.73 54.29-10c38.17-11.72 110.47-37.14 110.47-37.14l-10.47 42.39-123.81 29.08-17.62-2"
fill="#2c3e50"
id="path9265" />
</g>
<path
d="M291.832 168.69s2.935 5.315 4.473 6.22c1.538.903 9.359 2.263 9.359 2.263v5.123s-6.163-.276-10.375-4.53c-3.736-3.773-3.457-9.075-3.457-9.075"
fill="#bc6c56"
id="path9269" />
<path
d="M292.416 161.725s-2.203 10.475 2.172 13.332c4.372 2.858 8.87 3.238 11.307 2.922 2.437-.319 7.934-2.731 7.934-6.287v-11.556l-17.118-.825-4.295 2.414"
fill="#2c3e50"
id="path9271" />
<path
d="M309.687 141.53c1.82 1.442 3.205 3.483 3.634 5.717.424 2.201.078 6.698.078 6.698s3.821 5.07 3.99 6.255c.17 1.185-4.546.599-4.546.599s-3.584 6.428-7.226 5.834c-3.184-.517-6.397-2.678-8.509-5.044-1.84-2.06-2.299-4.473-2.413-7.126-.1-2.319-.526-4.579-.624-6.899-.079-1.807-.42-4.424.416-6.116 1.749-3.537 8.106-1.28 11.722-1.059 2.075.127 2.448.327 3.478 1.142"
fill="#d08b73"
id="path9273" />
<path
d="M275.141 185.744s14.447 22.076 23.332 20.683c12.503-1.962 15.88-20.683 15.88-20.683"
fill="none"
stroke="#2c3e50"
stroke-width="1.079973"
stroke-miterlimit="10"
id="path9275" />
<path
d="M289.703 158.125s-2.287-.55-2.711 1.186c-.423 1.736.541 3.301 1.477 2.497.936-.804-.046-.967 0-1.775.047-.806 2.418-.637 1.234-1.908"
fill="#bc6c56"
id="path9277" />
</svg>
Side by side

After

Width:  |  Height:  |  Size: 54 KiB

2
files/rp_ressources_images/410.svg Normal file
View file

File diff suppressed because one or more lines are too long
Side by side

After

Width:  |  Height:  |  Size: 55 KiB

1
files/rp_ressources_images/500.svg Normal file
View file

File diff suppressed because one or more lines are too long
Side by side

After

Width:  |  Height:  |  Size: 123 KiB

1
files/rp_ressources_images/502.svg Normal file
View file

File diff suppressed because one or more lines are too long
Side by side

After

Width:  |  Height:  |  Size: 114 KiB

1
files/rp_ressources_images/503.svg Normal file
View file

File diff suppressed because one or more lines are too long
Side by side

After

Width:  |  Height:  |  Size: 43 KiB

1
files/rp_ressources_images/504.svg Normal file
View file

File diff suppressed because one or more lines are too long
Side by side

After

Width:  |  Height:  |  Size: 60 KiB

1
files/rp_ressources_images/maintenance.svg Normal file
View file

File diff suppressed because one or more lines are too long
Side by side

After

Width:  |  Height:  |  Size: 211 KiB

38
files/vhosts.d.template/0_vhost.conf Normal file
View file

@ -0,0 +1,38 @@
# RETIRER TOUS LES COMMENTAIRES, CONSERVER LA LIGNE UTILE PARMI CELLES CI-DESSOUS ET REMPLACER LES CHAMPS EN S'AIDANT DE LA DOCUMENTATION CI-DESSOUS
#
# Use vhost_HTTP_Generic $vhostFQDN $protoDest $urlDest $logPolicy $accessPolicy $indexingConf $modsecurityStatus
# Use vhost_HTTPS_Generic $vhostFQDN $cert $protoDest $urlDest $logPolicy $accessPolicy $indexingConf $modsecurityStatus
#
## DOCUMENTAION D'UTILISATION
#
# L'activation de le fonction reverse proxy pour un virtualhost se fait par l'utilisation d'une des macros disponibles
#
# vhost_HTTP_Generic : mandataire HTTP vers un serveur mandate interne
# vhost_HTTPS_Generic : mandataire HTTPS avec support des certificats région et redirection automatique HTTP -> HTTPS
#
#
## PARAMETRES
#
# Chaque macro nécessite plusieurs paramètres qui signifient
#
# $vhostFQDN : FQDN du virtualhost ; il est impératif qu'il corresponde au nom du répertoire dans lequel se trouve la configuration
# $cert : Si HTTPS, le certificat à presenter au navigateur : LE = letsencrypt
# $protoDest : Mode d'acces au mandaté : http | https | balancer
# $urlDest : En mode http et https, indiquer l'url du serveur mandaté, sans le protocole
# En mode balancer, répéter le FQDN pour utiliser comme nom de balancer. Il doit aussi figurer dans la configuration supplémentaire
# $logPolicy : Niveau de log souhaité : debug | info | notice | warn | error | crit | alert | emerg ou combinaison, avec guillemets "debug ssl:warn authz_core:crit dumpio:trace7 rewrite:trace6"
# $accessPolicy : Accessibilite du virtualhost : OpenAccessPolicy | InternalAccessPolicy | ManagementAccessPolicy | LDAPAccessPolicy
# $indexingConf : Stratégie vis a vis des moteurs de recherche : AllowCrawlerIndexing | BlockCrawlerIndexing
# $modsecurityStatus : Activation ou pas du module mod_security pour le virtualhost : On | Off | DetectionOnly
# La valeur "On" est preferable en production mais peut amener à gerer une liste d'exclusions
# La valeur "DetectionOnly" est a utiliser pendant la phase d'apprentissage
## CONFIGURATION FACULTATIVE
# si nécessaire, créer un de ces fichiers de configuration facultatifs, au même niveau que le fichier 00_vhost.conf parmi les choix suivants :
# 01_vhost_additional.conf : permet de préciser des directives de configuration supplémentaires pour le virtualhost
# 02_mds_exclusion.conf : permet de définir les exclusions modsecurity ; le programme modsechelper.sh peut aider à les déterminer

112
files/vhosts.d.template/1_vhost_additional.conf.exemple Normal file
View file

@ -0,0 +1,112 @@
# RETIRER TOUS LES COMMENTAIRES, ET NE LAISSER QUE CE QUI EST UTILE
### Pour désactiver la réutilisation des connections http avec le navigateur
#KeepAlive Off
### Pour désactiver la réutilisation des connections http avec le serveur mandaté
#SetEnv proxy-nokeepalive 1
### Réécriture des URLS
#RewriteEngine On
#RewriteRule ^/$ /moncontexte/index.php [L,R]
### Si l'application utilise des frames, autorise l'ouverture des frames de l'application par elle même
#Header set X-Frame-Options SAMEORIGIN
### pour autoriser que les pages du site soient imbriquées dans un frame d'un autre site
# pour les navigateurs qui ne supportent pas CSP
#Header append X-Frame-Options "ALLOW-FROM https://url-du-site-parent"
# pour les navigateurs qui supportent CSP
#Header set Content-Security-Policy "frame-ancestors 'self' https://url-du-site-parent;"
### Utile si l'application est mal foutue et ne positionne pas correctement ses types MIME
#Header unset X-Content-Type-Options
# Si l'application fournit des urls référencées dans des pages d'une autre application,
# et a besoin de ses propres cookies, force attribut SameSite=None pour tous ses cookies
# Header edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure
### exemple pour fichier de log spécifique pour certains motifs d'url
#SetEnvIf Request_URI ^/motifatrouver(/|$) monenv
#ErrorLog ${APACHE_LOG_DIR}/$vhostFQDN-monenv-error.log env=monenv
#CustomLog ${APACHE_LOG_DIR}/$vhostFQDN-monenv-access.log combined env=monenv
### Debug des flux
# En cas de besoin de debug des flux chiffres, permet d'enregistrer les IO dans le error.log
# à combiner avec dumpio:trace7 dans loglevel ; attention à la quantité de logs, ne pas laisser actif au dela du debug
#DumpIOInput On
#DumpIOOutput On
### En cas de serveur mandaté en https, désactive les contrôles SSL du serveur mandaté si ce dernier utilise un certificat autosigné
#SSLProxyVerify none
#SSLProxyCheckPeerCN off
#SSLProxyCheckPeerName off
#SSLProxyCheckPeerExpire off
### Augmente les timeouts si le serveur mandaté a besoin de beaucoup de temps pour répondre
#Timeout 600
### Exemple de configuration de load balancer ; remplacer FQDN par le FQDN du virtualhost, et utiliser ça comme nom de balancer dans la macro de configuration
## stickysession: le nom du cookie utilisé pour stocker la route vers le backend
## retry : délai pendant lequel un serveur backend ne sera pas retenté s'il est considéré en défaut
## connectiontimeout : délai accordé pour créer la connexion vers le serveur backend avant de le considérer en défaut
## lbmethod : méthode d'équilibrage entre les balancermembers
## failonstatus : les codes d'erreur http qui peuvent être retournés par le backend et qu'on va considérer comme un défaut du backend
#Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
#<Proxy "balancer://FQDN">
# BalancerMember "http://fqdn1" route=1 retry=10 connectiontimeout=5
# BalancerMember "http://fqdn2" route=2 retry=10 connectiontimeout=5
# ProxySet lbmethod=byrequests failonstatus=500,503 stickysession=ROUTEID
#</Proxy>
### Pour utiliser des accesspolicy différentes par portion d'URL
#<locationmatch "\
# (?=^/motif1/)|\
# (?=^/motif2/)">
# Use InternalAccessPolicy
#</Locationmatch>
### Pour donner accès à des utilisateurs en plus de ceux acceptés par la policy
#<Location />
# Use InternalAccessPolicy
#
# Authname "Acces restreint"
# Authtype Basic
# AuthBasicProvider ldap-interne
# Use ConnexionLdapInterne
# Require ldap-user login1
# Require ldap-user login2
# Require ldap-attribute "memberof=cn=xxxxx"
#</Location>
### Si une API du site mandaté utilise des codes d'erreur HTTP pour communiquer une information fonctionnelle à son client (beurk)
#<Location "/api/">
# ProxyErrorOverride off
#</Location>
### Si l'application utilise des URLs avec des slashes encodés
#AllowEncodedSlashes On
### Pour utiliser les websockets. Principe général : il faut détecter la nécessité d'activer les websockets.
## Soit parce que le client a déjà inséré dans ses entêtes des attributs en rapport :
#RewriteEngine On
#RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
#RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
#RewriteRule .* ws://%{SERVER_NAME}%{REQUEST_URI} [P,QSA,L]
## Soit parce que l'url demandée est d'une forme qui permet de détecter que le client s'adresse à une partie serveur développée avec des websockets
#<Location /websockify>
# ProxyPass ws://$urlDest/websockify
# ProxyPassReverse ws://$vhostFQDN/websockify
#</Location>

10
files/vhosts.d.template/2_mds_exclusion.conf.exemple Normal file
View file

@ -0,0 +1,10 @@
# RETIRER TOUS LES COMMENTAIRES, GENERER LA CONFIGURATION AVEC modsechelper.sh
## Exceptions applicables a tout le virtualhost
#SecRuleRemoveById id
# Exceptions applicables par chemin de l'url
#<LocationMatch "^/$">
# SecRuleRemoveById id
#</LocationMatch>

5
handlers/main.yml Normal file
View file

@ -0,0 +1,5 @@
- name: restart fail2ban
service: name=fail2ban state=restarted
- name: restart apache2
service: name=apache2 state=restarted

7
meta/main.yml Normal file
View file

@ -0,0 +1,7 @@
galaxy_info:
author: Olivier Navas
description: installe et configure un reverse proxy
license: GPL-3.0-or-later
min_ansible_version: 2.9
galaxy_tags: []

170
tasks/main.yml Normal file
View file

@ -0,0 +1,170 @@
#- name: install - Allow Apache to listen on tcp port 9090
# tags: install
# seport:
# ports: 9090
# proto: tcp
# setype: http_port_t
# state: present
#- name: install - enable module openid
# tags: install
# shell: dnf module enable -y mod_auth_openidc
# changed_when: false
- name: install - packages
tags: install
package:
state: present
name:
- apache2
- apache2-utils
- modsecurity-crs
- libapache2-mod-security2
- libapache2-mod-auth-openid
- libapache2-mod-perl2
- fail2ban
- whois
- dialog
- name: install - enable fail2ban
tags: install
service: name=fail2ban state=started enabled=yes
- name: install - dossier vhosts.d
tags: install
file:
path: /etc/apache2/vhosts.d
state: directory
mode: 0660
- name: install - supprime vhost par défaut
tags: install
file:
path: "{{ item }}"
state: absent
with_items:
- /etc/apache2/sites-enabled/000-default.conf
- /etc/apache2/sites-enabled/default-ssl.conf
- name: configure - fail2ban
tags: configure
template:
src: jail.local
dest: /etc/fail2ban/jail.d/
notify:
- restart fail2ban
- name: configure - apache modules
community.general.apache2_module:
state: present
ignore_configcheck: yes
force: yes
name: "{{ item }}"
failed_when: false
with_items:
- access_compat
- alias
- auth_basic
# - auth_openid
- authn_core
- authn_file
- authnz_ldap
- authz_core
- authz_host
- authz_user
- autoindex
- deflate
- dir
# - dump_io
- env
- filter
- headers
- include
- macro
- md
- mime
- mpm_event
- negotiation
- proxy
- proxy_ajp
- proxy_balancer
- proxy_connect
- proxy_http
- proxy_wstunnel
- remoteip
- reqtimeout
- rewrite
- security2
- setenvif
- ssl
- status
- unique_id
- name: configure - apache2 templates
tags: configure
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: custom_reverse_proxy.conf, dest: /etc/apache2/conf-enabled/ }
- { src: custom_ssl.conf, dest: /etc/apache2/conf-enabled/ }
notify:
- restart apache2
- name: configure - apache2 fichiers
tags: configure
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: vhosts.d.template, dest: /etc/apache2/ }
- { src: purge-apache2-tmp, dest: /etc/cron.d/ }
notify:
- restart apache2
- name: configure - httpd pages statiques
tags: configure
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: rp_ressources_images, dest: /var/www/html/rp_ressources/images }
- name: configure - httpd pages statiques templates
tags: configure
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: rp_ressources/400.html, dest: /var/www/html/rp_ressources/ }
- { src: rp_ressources/401.html, dest: /var/www/html/rp_ressources/ }
- { src: rp_ressources/403.html, dest: /var/www/html/rp_ressources/ }
- { src: rp_ressources/404.html, dest: /var/www/html/rp_ressources/ }
- { src: rp_ressources/410.html, dest: /var/www/html/rp_ressources/ }
- { src: rp_ressources/500.html, dest: /var/www/html/rp_ressources/ }
- { src: rp_ressources/502.html, dest: /var/www/html/rp_ressources/ }
- { src: rp_ressources/503.html, dest: /var/www/html/rp_ressources/ }
- { src: rp_ressources/504.html, dest: /var/www/html/rp_ressources/ }
- { src: rp_ressources/customization.css, dest: /var/www/html/rp_ressources/ }
- { src: rp_ressources/header.html, dest: /var/www/html/rp_ressources/ }
- { src: rp_ressources/robots_disabled.txt, dest: /var/www/html/rp_ressources/ }
- { src: rp_ressources/robots_enabled.txt, dest: /var/www/html/rp_ressources/ }
- { src: rp_maintenance/maintenance-generique.html, dest: /var/www/html/rp_maintenance/ }
- { src: rp_maintenance/auth/index.html, dest: /var/www/html/rp_maintenance/auth }
- name: configure - scripts et pages statiques
tags: configure
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0775
with_items:
- { src: modsechelper.sh, dest: /usr/local/bin/ }
- { src: maintenance.sh, dest: /usr/local/bin/ }
- { src: purge-apache2-tmp.sh, dest: /usr/local/bin/ }
- name: install - active apache2
tags: install
service: name=apache2 state=started enabled=yes

497
templates/custom_reverse_proxy.conf Normal file
View file

@ -0,0 +1,497 @@
# {{ ansible_managed }}
BufferedLogs Off
TraceEnable Off
Timeout 300
KeepAlive On
MaxKeepAliveRequests 512
KeepAliveTimeout 15
# Configuration MPM Event
ServerLimit 64
ThreadsPerChild 32
AsyncRequestWorkerFactor 2
MaxRequestWorkers 2048
MaxRequestsPerChild 16384
GracefulShutdownTimeout 2
# Supprime les informations version
ServerTokens ProductOnly
ServerSignature Off
SecServerSignature ";-)"
# Configuration headers
Header unset X-Powered-By
Header unset X-AspNet-Version
Header unset Server
Header set X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection 1;mode=block
Header set X-Content-Type-Options nosniff
Header set Strict-Transport-Security "max-age=16070400"
# Configuration modsecurity
SecTmpDir /var/lib/mod_security
SecDataDir /var/lib/mod_security
# ModSecurity Core Rules Set configuration
IncludeOptional modsecurity.d/*.conf
IncludeOptional modsecurity.d/activated_rules/*.conf
# Default recommended configuration
SecRuleEngine On
SecRequestBodyAccess On
SecRule REQUEST_HEADERS:Content-Type "text/xml" \
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
# 300 Mo
SecRequestBodyLimit 314572800
# 128 Ko
SecRequestBodyNoFilesLimit 131072
SecRequestBodyInMemoryLimit 131072
SecRequestBodyLimitAction Reject
SecRule REQBODY_ERROR "!@eq 0" \
"id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
"id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body \
failed strict validation: \
PE %{REQBODY_PROCESSOR_ERROR}, \
BQ %{MULTIPART_BOUNDARY_QUOTED}, \
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
DB %{MULTIPART_DATA_BEFORE}, \
DA %{MULTIPART_DATA_AFTER}, \
HF %{MULTIPART_HEADER_FOLDING}, \
LF %{MULTIPART_LF_LINE}, \
SM %{MULTIPART_MISSING_SEMICOLON}, \
IQ %{MULTIPART_INVALID_QUOTING}, \
IP %{MULTIPART_INVALID_PART}, \
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
"id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
#SecPcreMatchLimit 50000
#SecPcreMatchLimitRecursion 50000
SecPcreMatchLimit 250000000
SecPcreMatchLimitRecursion 250000000
SecRule TX:/^MSC_/ "!@streq 0" \
"id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
SecResponseBodyAccess Off
SecDebugLog /var/log/apache2/modsec_debug.log
#SecDebugLogLevel 4
SecDebugLogLevel 0
#SecAuditEngine RelevantOnly
SecAuditEngine Off
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts ABIJDEFHZ
SecAuditLogType Serial
SecAuditLog /var/log/apache2/modsec_audit.log
SecArgumentSeparator &
SecCookieFormat 0
# Macros
<Macro ProxyCommon>
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
</Macro>
<Macro OpenAccessPolicy>
Require all granted
</Macro>
<Macro InternalAccessPolicy>
Require ip 10.0.0.0/8
Require ip 172.16.0.0/12
Require ip 192.168.0.0/16
</Macro>
<Macro InternalAdminAccessPolicy>
Require ip 192.168.3.11/32
</Macro>
<Macro LDAPUserAccessPolicy>
Authname "Acces reserve aux utilisateurs disposant d'un compte valide"
Authtype Basic
AuthBasicProvider ldap
AuthLDAPBindAuthoritative on
AuthLDAPUrl ldap://{{ reverse_proxy_ldap_srv }}/{{ reverse_proxy_ldap_basedn }}?{{ reverse_proxy_ldap_userdn }}
Require valid-user
</Macro>
<Macro LDAPAdminAccessPolicy>
Authname "Acces reserve aux administrateurs"
Authtype Basic
AuthBasicProvider ldap
AuthLDAPBindAuthoritative on
AuthLDAPUrl ldap://{{ reverse_proxy_ldap_srv }}/{{ reverse_proxy_ldap_basedn }}?{{ reverse_proxy_ldap_userdn }}
Require valid-user
Require ldap-user {{ reverse_proxy_ldap_admins }}
</Macro>
<Macro BlockCrawlerIndexing>
Header set X-Robots-Tag "noindex, nofollow"
ProxyPass /robots.txt !
RewriteEngine On
RewriteRule ^/robots\.txt$ /rp_ressources/robots_disabled.txt [L]
</Macro>
<Macro AllowCrawlerIndexing>
Header set X-Robots-Tag "all"
ProxyPass /robots.txt !
RewriteEngine On
RewriteRule ^/robots\.txt$ /rp_ressources/robots_enabled.txt [L]
</Macro>
<Macro ErrorDocumentPages>
ProxyErrorOverride On
ErrorDocument 400 /rp_ressources/400.html
ErrorDocument 401 /rp_ressources/401.html
ErrorDocument 403 /rp_ressources/403.html
ErrorDocument 404 /rp_ressources/404.html
ErrorDocument 500 /rp_ressources/500.html
ErrorDocument 502 /rp_ressources/502.html
ErrorDocument 503 /rp_ressources/503.html
ErrorDocument 504 /rp_ressources/504.html
ErrorDocument {{ reverse_proxy_http_modsecurity_error_code }} /rp_ressources/{{ reverse_proxy_http_modsecurity_error_code }}.html
</Macro>
<Macro CheckMaintenancePage>
RewriteEngine On
<Location "/rp_maintenance/auth/">
Use LDAPAdminAccessPolicy
</Location>
# Si on est en maintenance
<If "-f %{DOCUMENT_ROOT} . '/maintenance/${VHOST_FQDN}'">
RewriteCond %{REMOTE_ADDR} !127.0.0.1
RewriteCond %{REQUEST_URI} !^/rp_ressources/*
RewriteCond %{REQUEST_URI} !^/rp_maintenance/*
RewriteCond %{HTTP_COOKIE} !rp_acces_maintenance=([^;]+)
RewriteRule ^.*$ %{DOCUMENT_ROOT}/maintenance/${VHOST_FQDN}
Header Set Cache-Control "no-store"
</If>
</Macro>
# Redirige un domaine http vers https
<Macro vhost_redirect_http-https $domain>
<VirtualHost *:80>
ServerName $domain
Redirect permanent / https://$domain/
</VirtualHost>
</Macro>
# Redirige un domaine http vers n'importe qu'elle autre adresse http où https
<Macro vhost_redirect_http_generic $domainSource $domainDest $accessPolicy>
<VirtualHost *:80>
ServerName $domainSource
Redirect permanent / $domainDest/
#Restriction configuration
<Location />
Use $accessPolicy
Use ErrorDocumentPages
</Location>
</VirtualHost>
</Macro>
<Macro vhost_HTTPS_Generic $vhostFQDN $cert $protoDest $urlDest $logPolicy $accessPolicy $indexingConf $modsecurityStatus>
Use vhost_redirect_http-https $vhostFQDN
Define VHOST_FQDN $vhostFQDN
<Perl>
if ( $cert eq "LE" )
{
print "------- Utilisation d'un certificat LetsEncrypt pour $vhostFQDN -------\n";
$MDomain{"$vhostFQDN"} = {
MDCertificateAgreement => 'accepted',
MDContactEmail => '{{ reverse_proxy_default_serveradmin_email }}',
MDStapling => 'on',
};
}
</Perl>
<VirtualHost *:443>
<Perl>
$ENV{'PERL_CONF_DEBUG'} and print "------- Generation du vhosts $vhostFQDN -------\n";
</Perl>
# Definition du virtualhost
ServerName $vhostFQDN
DocumentRoot "/var/www/html"
# Configuration SSL avec le bon certificat
# Include conf.patterns.d/01_ssl_$cert.conf
SSLEngine on
# Niveau de log souhaite
LogLevel $logPolicy
ErrorLog ${APACHE_LOG_DIR}/$vhostFQDN-error.log
CustomLog ${APACHE_LOG_DIR}/$vhostFQDN-access.log combined
# Politique vis a vis des moteurs de recherche
Use $indexingConf
# Configuration de l'accessibilite du virtualhost (public, interne, restreint)
<Location />
Use $accessPolicy
</Location>
# Inclusion de la configuration additionnelle
<Perl>
my $dir=$ENV{"$vhostFQDN"};
my $config_file="$dir/1_vhost_additional.conf";
if( -f $config_file)
{
$ENV{'PERL_CONF_DEBUG'} and print "Inclusion du fichier '$config_file'\n";
push @Include, "$config_file";
}
</Perl>
# Configuration du chemin vers la page de status du load balancer
<Location "/balancer-manager">
SecRuleEngine off
SetHandler balancer-manager
Use InternalAdminAccessPolicy
</Location>
# Configuration du chemin vers les ressources reverse proxy
<Location "/rp_ressources">
SecRuleEngine off
Use OpenAccessPolicy
</Location>
# Configuration de la fonction reverse proxy
Use ProxyCommon
ProxyPass /rp_ressources !
ProxyPass /rp_maintenance !
ProxyPass /balancer-manager !
ProxyPass / $protoDest://$urlDest/
ProxyPassReverse / $protoDest://$vhostFQDN/
<If "'$protoDest' == 'http'">
RequestHeader set X-Forwarded-Proto "https"
</If>
# Definition des pages d'erreur
Use ErrorDocumentPages
# Gestion de la page de maintenance
Use CheckMaintenancePage
# Gestion mod_security et inclusion des exceptions
<IfModule mod_security2.c>
SecRuleEngine $modsecurityStatus
<Perl>
my $dir=$ENV{"$vhostFQDN"};
my $config_file="$dir/2_mds_exclusion.conf";
if( -f $config_file)
{
$ENV{'PERL_CONF_DEBUG'} and print "Inclusion du fichier '$config_file'\n";
push @Include, "$config_file";
}
</Perl>
</IfModule>
<Perl>
$ENV{'PERL_CONF_DEBUG'} and print "----------------------------------------------\n";
</Perl>
</VirtualHost>
Undefine VHOST_FQDN
</Macro>
<Macro vhost_HTTP_Generic $vhostFQDN $protoDest $urlDest $logPolicy $accessPolicy $indexingConf $modsecurityStatus>
Define VHOST_FQDN $vhostFQDN
<VirtualHost *:80>
<Perl>
$ENV{'PERL_CONF_DEBUG'} and print "------- Generation du vhosts $vhostFQDN -------\n";
</Perl>
# Definition du virtualhost
ServerName $vhostFQDN
DocumentRoot "/var/www/html"
# Niveau de log souhaite
LogLevel $logPolicy
ErrorLog ${APACHE_LOG_DIR}/$vhostFQDN-error.log
CustomLog ${APACHE_LOG_DIR}/$vhostFQDN-access.log combined
# Politique vis a vis des moteurs de recherche
Use $indexingConf
# Configuration de l'accessibilite du virtualhost (public, interne, restreint)
<Location />
Use $accessPolicy
</Location>
# Inclusion de la configuration additionnelle
<Perl>
my $dir=$ENV{"$vhostFQDN"};
my $config_file="$dir/1_vhost_additional.conf";
if( -f $config_file)
{
$ENV{'PERL_CONF_DEBUG'} and print "Inclusion du fichier '$config_file'\n";
push @Include, "$config_file";
}
</Perl>
# Configuration du chemin vers la page de status du load balancer
<Location "/balancer-manager">
SecRuleEngine off
SetHandler balancer-manager
Use InternalAdminAccessPolicy
</Location>
# Configuration du chemin vers les ressources reverse proxy
<Location "/rp_ressources">
SecRuleEngine off
Use OpenAccessPolicy
</Location>
# Configuration de la fonction reverse proxy
Use ProxyCommon
ProxyPass /rp_ressources !
ProxyPass /rp_maintenance !
ProxyPass /balancer-manager !
ProxyPass / $protoDest://$urlDest/
ProxyPassReverse / $protoDest://$vhostFQDN/
<If "'$protoDest' == 'https'">
RequestHeader set X-Forwarded-Proto "http"
</If>
# Definition des pages d'erreur
Use ErrorDocumentPages
# Gestion de la page de maintenance
Use CheckMaintenancePage
# Gestion mod_security et inclusion des exceptions
<IfModule mod_security2.c>
SecRuleEngine $modsecurityStatus
<Perl>
my $dir=$ENV{"$vhostFQDN"};
my $config_file="$dir/2_mds_exclusion.conf";
if( -f $config_file)
{
$ENV{'PERL_CONF_DEBUG'} and print "Inclusion du fichier '$config_file'\n";
push @Include, "$config_file";
}
</Perl>
</IfModule>
<Perl>
$ENV{'PERL_CONF_DEBUG'} and print "----------------------------------------------\n";
</Perl>
</VirtualHost>
Undefine VHOST_FQDN
</Macro>
# Virtualhosts techniques
# Fait en sorte que si fqdn demandé ne correspond a aucun connu apache ne serve pas le 1er
<VirtualHost *:80>
Redirect / http://erreur.libretic.fr/
</VirtualHost>
# Permet l'acces a des pages d'info apache
ExtendedStatus on
Listen 9090 http
<VirtualHost *:9090>
ServerName localhost
DocumentRoot /var/www/html/
<Location /server-info>
SetHandler server-info
Use InternalAdminAccessPolicy
Require host localhost
</Location>
<Location /status>
SetHandler server-status
Use InternalAdminAccessPolicy
Require host localhost
</Location>
LogLevel info
ErrorLog ${APACHE_LOG_DIR}/monitoring-page-error.log
CustomLog ${APACHE_LOG_DIR}/monitoring-page-access.log combined
</VirtualHost>
# Perl scan vhosts.d
PerlSetEnv VHOSTS_DIR /etc/apache2/vhosts.d
PerlSetEnv VHOST_DEFAULT_FILE 0_vhost.conf
PerlSetEnv PERL_CONF_DEBUG 1
PerlSetVar StatusOptionsAll On
PerlSetVar StatusDeparseOptions "-p -sC"
<Perl>
$Apache2::Server::SaveConfig = 1
</Perl>
<Perl>
my $VHOSTS_REGEX='^\s*Use\s+vhost.+?\s+(.+?)\s+?';
my @vhosts_sub_dirs=`find $ENV{'VHOSTS_DIR'} -mindepth 1 -maxdepth 1 -type d`;
$ENV{'PERL_CONF_DEBUG'} and print "------ Pre-Traitement ------\n";
for my $subdir (@vhosts_sub_dirs)
{
chomp $subdir;
my $config_file="${subdir}/$ENV{'VHOST_DEFAULT_FILE'}";
open my $vhost_file, "<", $config_file or die;
while(my $line = <$vhost_file>)
{
if(my @matches = $line =~ /$VHOSTS_REGEX/)
{
my $vhost_name=${matches[0]};
$ENV{'PERL_CONF_DEBUG'} and print "Identification du vhost: $vhost_name\n";
push @PerlSetEnv, ["$vhost_name" => "$subdir"];
}
}
close $config_file;
}
$ENV{'PERL_CONF_DEBUG'} and print "----------------------------\n";
</Perl>
<Perl>
use Apache2::PerlSections ( );
$ENV{'PERL_CONF_DEBUG'} and print "------ Chargement des vhosts ------\n";
foreach my $key (keys %ENV) {
my $subdir=$ENV{$key};
my $config_file="${subdir}/$ENV{'VHOST_DEFAULT_FILE'}";
if( -f $config_file )
{
$ENV{'PERL_CONF_DEBUG'} and print "Ajout du vhost: $key\n";
push @Include, "$config_file";
}
}
$ENV{'PERL_CONF_DEBUG'} and print "-----------------------------------\n";
print STDERR Apache::PerlSections->dump( );
</Perl>

43
templates/custom_ssl.conf Normal file
View file

@ -0,0 +1,43 @@
# {{ ansible_managed }}
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names. NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec
SSLProtocol {{ reverse_proxy_SSLProtocol }}
SSLHonorCipherOrder on
SSLCompression Off
SSLCipherSuite "{{ reverse_proxy_SSLCipherSuite }}"

366
templates/httpd.conf Normal file
View file

@ -0,0 +1,366 @@
# {{ ansible_managed }}
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so 'log/access_log'
# with ServerRoot set to '/www' will be interpreted by the
# server as '/www/log/access_log', where as '/log/access_log' will be
# interpreted as '/log/access_log'.
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used. If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "/etc/httpd"
ServerName {{ ansible_fqdn }}
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
Include conf.modules.d/*.conf
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User apache
Group apache
ServerTokens Prod
ServerSignature Off
FileETag None
TraceEnable off
HostnameLookups Off
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin {{ reverse_proxy_serveradmin_email }}
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
AllowOverride none
Require all denied
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
#DocumentRoot "/var/www/html"
#
# Relax access to content within /var/www.
#
#<Directory "/var/www">
# AllowOverride None
# Allow open access:
# Require all granted
#</Directory>
# Further relax access to the default document root:
#<Directory "/var/www/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
# Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
# AllowOverride None
#
# Controls who can get stuff from this server.
#
# Require all granted
#</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
Require all denied
</Files>
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "logs/error_log"
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
SetEnvIf Remote_Addr "127\.0\.0\.1" loopback
<IfModule log_config_module>
# BufferedLogs On
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
#CustomLog "logs/access_log" common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
CustomLog "logs/access_log" combined env=!loopback
</IfModule>
#<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
# ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
#</IfModule>
#
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
#<Directory "/var/www/cgi-bin">
# AllowOverride None
# Options None
# Require all granted
#</Directory>
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig /etc/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
#
# Specify a default charset for all content served; this enables
# interpretation of all content as UTF-8 by default. To use the
# default browser choice (ISO-8859-1), or to allow the META tags
# in HTML content to override this choice, comment out this
# directive:
#
#AddDefaultCharset UTF-8
<IfModule mime_magic_module>
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
MIMEMagicFile conf/magic
</IfModule>
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults if commented: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
EnableSendfile on
# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf
IncludeOptional macro.d/*.conf
#IncludeOptional vhosts.d/*.conf
IncludeOptional technical_vhosts.d/*.conf
IncludeOptional perl.d/*.conf

49
templates/jail.local Normal file
View file

@ -0,0 +1,49 @@
# {{ ansible_managed }}
[DEFAULT]
ignoreip = 127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
destemail = olivier+fail2ban@navas.rocks
banaction = nftables-multiport
banaction_allports = nftables-allports
action = %(action_mwl)s
apache_error_log = /var/log/apache2/*error.log
apache_access_log = /var/log/apache2/*access.log
[sshd]
enabled = true
[apache-auth]
enabled = true
logpath = %(apache_error_log)s
[apache-badbots]
enabled = true
[apache-noscript]
enabled = true
[apache-overflows]
enabled = true
[apache-nohome]
enabled = true
[apache-botsearch]
enabled = true
[apache-fakegooglebot]
enabled = true
[apache-modsecurity]
enabled = true
[apache-shellshock]
enabled = true
[recidive]
enabled = true

47
templates/rp_maintenance/auth/index.html Normal file
View file

@ -0,0 +1,47 @@
<!doctype html>
<HTML>
<HEAD>
<title>Maintenance en cours :-[</title>
<meta name="description" content="Maintenance en cours..." />
<meta http-equiv="Content-Type" content="text/html; charset=utf8" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css" integrity="sha384-TX8t27EcRE3e/ihU7zmQxVncDAy5uIKz4rEkgIXeMed4M0jlfIDPvg6uqKI2xXr2" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ho+j7jyWK8fNQe+A12Hb8AhRq26LrZ/JpcUGGOn+Y7RsweNrtN/tE3MoK7ZeZDyx" crossorigin="anonymous"></script>
<script src="https://www.w3schools.com/lib/w3data.js"></script>
<link href="/rp_ressources/crna_customization.css" rel="stylesheet">
<script type="text/javascript">
function setAccesMaintenanceCookie() {
var date = new Date();
date.setTime(date.getTime()+(60*60*1000));
document.cookie = "rp_acces_maintenance=yes; path=/; expires=" + date.toGMTString();
}
</script>
</HEAD>
<BODY onload="setAccesMaintenanceCookie()">
<div w3-include-html="/rp_ressources/header.html"></div><script>w3IncludeHTML();</script>
<main role="main">
<div class="container">
<div class="text-center"><img src="/rp_ressources/images/maintenance.svg" class="illustration"></div>
<div class="jumbotron py-3">
<div class="col-sm-8 mx-auto">
<h1 class="display-5">Avertissement</h1>
<p class="lead"></p>
<p>L'application demandée est en maintenance. En tant que personnel de la DSI vous allez pouvoir y accéder. Cependant, merci de vous assurer
auprès de l'équipe en charge de la maintenance que vos actions dans l'application ne risquent pas de perturber l'opération en cours.</p>
<a class="btn btn-primary" href="/" role="button">Accéder à l'application</a>
</div>
</div>
</div>
</main>
</BODY>
</HTML>

42
templates/rp_maintenance/maintenance-generique.html Normal file
View file

@ -0,0 +1,42 @@
<!doctype html>
<HTML>
<HEAD>
<title>Maintenance en cours :-[</title>
<meta name="description" content="Maintenance en cours..." />
<meta http-equiv="refresh" content="120">
<meta http-equiv="Content-Type" content="text/html; charset=utf8" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css" integrity="sha384-TX8t27EcRE3e/ihU7zmQxVncDAy5uIKz4rEkgIXeMed4M0jlfIDPvg6uqKI2xXr2" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ho+j7jyWK8fNQe+A12Hb8AhRq26LrZ/JpcUGGOn+Y7RsweNrtN/tE3MoK7ZeZDyx" crossorigin="anonymous"></script>
<script src="https://www.w3schools.com/lib/w3data.js"></script>
<link href="/rp_ressources/customization.css" rel="stylesheet">
</HEAD>
<BODY>
<div w3-include-html="/rp_ressources/header.html"></div><script>w3IncludeHTML();</script>
<main role="main">
<div class="container">
<div class="text-center"><img src="/rp_ressources/images/maintenance.svg" class="illustration"></div>
<div class="jumbotron py-3">
<div class="col-sm-8 mx-auto">
<h1 class="display-5">Une maintenance est en cours</h1>
<p class="lead">Nous vous remercions pour votre compréhension et vous prions de nous excuser pour la gêne occasionnée</p>
<p>Vous pouvez rester sur cette page et le service demandé apparaîtra sitôt qu'il sera de nouveau disponible.
En attendant vous pouvez également aller visiter <a href="{{ reverse_proxy_default_website }}">{{ reverse_proxy_default_website }}</a></p>
<a class="btn btn-primary" href="/" role="button">Retourner à la page d'accueil</a>
<a class="btn btn-primary" href="/rp_maintenance/auth/" role="button">S'identifier pour accéder à l'application</a>
</div>
</div>
</div>
</main>
</BODY>
</HTML>

41
templates/rp_ressources/400.html Normal file
View file

@ -0,0 +1,41 @@
<!doctype html>
<HTML>
<HEAD>
<title>Erreur 400 :-[</title>
<meta name="description" content="Erreur 400... Requ&ecirc;te mal formul&eacute;e" />
<meta http-equiv="Content-Type" content="text/html; charset=utf8" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css" integrity="sha384-TX8t27EcRE3e/ihU7zmQxVncDAy5uIKz4rEkgIXeMed4M0jlfIDPvg6uqKI2xXr2" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ho+j7jyWK8fNQe+A12Hb8AhRq26LrZ/JpcUGGOn+Y7RsweNrtN/tE3MoK7ZeZDyx" crossorigin="anonymous"></script>
<script src="https://www.w3schools.com/lib/w3data.js"></script>
<link href="/rp_ressources/customization.css" rel="stylesheet">
</HEAD>
<BODY>
<div w3-include-html="/rp_ressources/header.html"></div><script>w3IncludeHTML();</script>
<main role="main">
<div class="container">
<div class="text-center"><img src="/rp_ressources/images/400.svg" class="illustration"></div>
<div class="jumbotron py-3">
<div class="col-sm-8 mx-auto">
<h1 class="display-5">Requête mal formulée</h1>
<p class="lead">Le service demandé n'a pas pu vous répondre.</p>
<p>Le serveur ne peut pas traiter votre demande car mal formul&eacute;e (par exemple, probl&egrave;me de syntaxe, de taille...)
Si vous pensez que ce comportement est anormal, vous pouvez <a href="{{ reverse_proxy_default_issue_url }}">signaler une anomalie.</a></p>
<a class="btn btn-primary" href="/" role="button">Retourner &agrave; la page d'accueil</a>
</div>
</div>
</div>
</main>
</BODY>
</HTML>

40
templates/rp_ressources/401.html Normal file
View file

@ -0,0 +1,40 @@
<!doctype html>
<HTML>
<HEAD>
<title>Erreur 401 :-[</title>
<meta name="description" content="Erreur 401... Acc&egrave;s non autoris&eacute;" />
<meta http-equiv="Content-Type" content="text/html; charset=utf8" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css" integrity="sha384-TX8t27EcRE3e/ihU7zmQxVncDAy5uIKz4rEkgIXeMed4M0jlfIDPvg6uqKI2xXr2" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ho+j7jyWK8fNQe+A12Hb8AhRq26LrZ/JpcUGGOn+Y7RsweNrtN/tE3MoK7ZeZDyx" crossorigin="anonymous"></script>
<script src="https://www.w3schools.com/lib/w3data.js"></script>
<link href="/rp_ressources/customization.css" rel="stylesheet">
</HEAD>
<BODY>
<div w3-include-html="/rp_ressources/header.html"></div><script>w3IncludeHTML();</script>
<main role="main">
<div class="container">
<div class="text-center"><img src="/rp_ressources/images/401.svg" class="illustration"></div>
<div class="jumbotron py-3">
<div class="col-sm-8 mx-auto">
<h1 class="display-5">Accès non autorisé</h1>
<p class="lead"></p>
<p>L'accès à la page demandée nécessite une autorisation.</p>
<a class="btn btn-primary" href="/" role="button">Retourner &agrave; la page d'accueil</a>
</div>
</div>
</div>
</main>
</BODY>
</HTML>

40
templates/rp_ressources/403.html Normal file
View file

@ -0,0 +1,40 @@
<!doctype html>
<HTML>
<HEAD>
<title>Erreur 403 :-[</title>
<meta name="description" content="Erreur 403... Acc&egrave;s refus&eacute;" />
<meta http-equiv="Content-Type" content="text/html; charset=utf8" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css" integrity="sha384-TX8t27EcRE3e/ihU7zmQxVncDAy5uIKz4rEkgIXeMed4M0jlfIDPvg6uqKI2xXr2" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ho+j7jyWK8fNQe+A12Hb8AhRq26LrZ/JpcUGGOn+Y7RsweNrtN/tE3MoK7ZeZDyx" crossorigin="anonymous"></script>
<script src="https://www.w3schools.com/lib/w3data.js"></script>
<link href="/rp_ressources/customization.css" rel="stylesheet">
</HEAD>
<BODY>
<div w3-include-html="/rp_ressources/header.html"></div><script>w3IncludeHTML();</script>
<main role="main">
<div class="container">
<div class="text-center"><img src="/rp_ressources/images/403.svg" class="illustration"></div>
<div class="jumbotron py-3">
<div class="col-sm-8 mx-auto">
<h1 class="display-5">Accès refusé</h1>
<p class="lead">L'accès à la page demandée vous a été refusé</p>
<p>Votre identifiant ou mot de passe est peut-être incorrect, ou bien l'application ne vous y autorise pas l'accès.</p>
<a class="btn btn-primary" href="/" role="button">Retourner &agrave; la page d'accueil</a>
</div>
</div>
</div>
</main>
</BODY>
</HTML>

40
templates/rp_ressources/404.html Normal file
View file

@ -0,0 +1,40 @@
<!doctype html>
<HTML>
<HEAD>
<title>Erreur 404 :-[</title>
<meta name="description" content="Erreur 404... La page demand&eacute;e n'a pas &eacute;t&eacute; trouv&eacute;e" />
<meta http-equiv="Content-Type" content="text/html; charset=utf8" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css" integrity="sha384-TX8t27EcRE3e/ihU7zmQxVncDAy5uIKz4rEkgIXeMed4M0jlfIDPvg6uqKI2xXr2" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ho+j7jyWK8fNQe+A12Hb8AhRq26LrZ/JpcUGGOn+Y7RsweNrtN/tE3MoK7ZeZDyx" crossorigin="anonymous"></script>
<script src="https://www.w3schools.com/lib/w3data.js"></script>
<link href="/rp_ressources/customization.css" rel="stylesheet">
</HEAD>
<BODY>
<div w3-include-html="/rp_ressources/header.html"></div><script>w3IncludeHTML();</script>
<main role="main">
<div class="container">
<div class="text-center"><img src="/rp_ressources/images/404.svg" class="illustration404"></div>
<div class="jumbotron py-3">
<div class="col-sm-8 mx-auto">
<h1 class="display-5">Oups...</h1>
<p class="lead">Il semble que vous vous soyez égaré...</p>
<p>La page que vous avez demandée n'a pas été trouvée, mais pas d'inquiétude, vous pouvez revenir sur <a href="{{ reverse_proxy_default_website }}">{{ reverse_proxy_default_website }}</a> ou bien...</p>
<a class="btn btn-primary" href="/" role="button">Retourner à la page d'accueil</a>
</div>
</div>
</div>
</main>
</BODY>
</HTML>

42
templates/rp_ressources/410.html Normal file
View file

@ -0,0 +1,42 @@
<!doctype html>
<HTML>
<HEAD>
<title>Erreur 410 :-[</title>
<meta name="description" content="Erreur 410... Requête bloquée par WAF" />
<meta http-equiv="Content-Type" content="text/html; charset=utf8" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css" integrity="sha384-TX8t27EcRE3e/ihU7zmQxVncDAy5uIKz4rEkgIXeMed4M0jlfIDPvg6uqKI2xXr2" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ho+j7jyWK8fNQe+A12Hb8AhRq26LrZ/JpcUGGOn+Y7RsweNrtN/tE3MoK7ZeZDyx" crossorigin="anonymous"></script>
<script src="https://www.w3schools.com/lib/w3data.js"></script>
<link href="/rp_ressources/customization.css" rel="stylesheet">
</HEAD>
<BODY>
<div w3-include-html="/rp_ressources/header.html"></div><script>w3IncludeHTML();</script>
<main role="main">
<div class="container">
<div class="text-center"><img src="/rp_ressources/images/410.svg" class="illustration"></div>
<div class="jumbotron py-3">
<div class="col-sm-8 mx-auto">
<h1 class="display-5">Requête bloquée par WAF</h1>
<p class="lead">L'accès à la page demandée a été refusée par le WAF</p>
<p>Une anomalie de sécurité a été détectée. Si vous pensez que ce comportement est anormal,
vous pouvez <a href="{{ reverse_proxy_default_issue_url }}">signaler une anomalie.</a></p>
<a class="btn btn-primary" href="/" role="button">Retourner &agrave; la page d'accueil</a>
</div>
</div>
</div>
</main>
</BODY>
</HTML>

41
templates/rp_ressources/500.html Normal file
View file

@ -0,0 +1,41 @@
<!doctype html>
<HTML>
<HEAD>
<title>Erreur 500 :-[</title>
<meta name="description" content="Erreur 500... Erreur interne" />
<meta http-equiv="Content-Type" content="text/html; charset=utf8" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css" integrity="sha384-TX8t27EcRE3e/ihU7zmQxVncDAy5uIKz4rEkgIXeMed4M0jlfIDPvg6uqKI2xXr2" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ho+j7jyWK8fNQe+A12Hb8AhRq26LrZ/JpcUGGOn+Y7RsweNrtN/tE3MoK7ZeZDyx" crossorigin="anonymous"></script>
<script src="https://www.w3schools.com/lib/w3data.js"></script>
<link href="/rp_ressources/customization.css" rel="stylesheet">
</HEAD>
<BODY>
<div w3-include-html="/rp_ressources/header.html"></div><script>w3IncludeHTML();</script>
<main role="main">
<div class="container">
<div class="text-center"><img src="/rp_ressources/images/500.svg" class="illustration"></div>
<div class="jumbotron py-3">
<div class="col-sm-8 mx-auto">
<h1 class="display-5">Erreur interne</h1>
<p class="lead">Une erreur s'est produite pendant l'exécution de votre demande</p>
<p>Vous pouvez tenter de recommencer. Si malgré tout l'erreur se reproduit et que vous pensez que ce comportement n'est pas normal,
vous pouvez <a href="{{ reverse_proxy_default_issue_url }}">signaler une anomalie.</a></p>
<a class="btn btn-primary" href="/" role="button">Retourner &agrave; la page d'accueil</a>
</div>
</div>
</div>
</main>
</BODY>
</HTML>

39
templates/rp_ressources/502.html Normal file
View file

@ -0,0 +1,39 @@
<!doctype html>
<HTML>
<HEAD>
<title>Erreur 502 :-[</title>
<meta name="description" content="Erreur 502... Erreur de passerelle" />
<meta http-equiv="Content-Type" content="text/html; charset=utf8" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css" integrity="sha384-TX8t27EcRE3e/ihU7zmQxVncDAy5uIKz4rEkgIXeMed4M0jlfIDPvg6uqKI2xXr2" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ho+j7jyWK8fNQe+A12Hb8AhRq26LrZ/JpcUGGOn+Y7RsweNrtN/tE3MoK7ZeZDyx" crossorigin="anonymous"></script>
<script src="https://www.w3schools.com/lib/w3data.js"></script>
<link href="/rp_ressources/customization.css" rel="stylesheet">
</HEAD>
<BODY>
<div w3-include-html="/rp_ressources/header.html"></div><script>w3IncludeHTML();</script>
<main role="main">
<div class="container">
<div class="text-center"><img src="/rp_ressources/images/502.svg" class="illustration"></div>
<div class="jumbotron py-3">
<div class="col-sm-8 mx-auto">
<h1 class="display-5">Erreur de passerelle</h1>
<p class="lead">Le service demandé n'a pas pu vous répondre.</p>
<p>Le service demand&eacute; n'a pas pu &ecirc;tre atteint par la passerelle, probablement en raison d'un dysfonctionnement de ce dernier.</p>
<a class="btn btn-primary" href="/" role="button">Retourner &agrave; la page d'accueil</a>
</div>
</div>
</div>
</main>
</BODY>
</HTML>

41
templates/rp_ressources/503.html Normal file
View file

@ -0,0 +1,41 @@
<!doctype html>
<HTML>
<HEAD>
<title>Erreur 503 :-[</title>
<meta name="description" content="Erreur 503... Service indisponible" />
<meta http-equiv="Content-Type" content="text/html; charset=utf8" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css" integrity="sha384-TX8t27EcRE3e/ihU7zmQxVncDAy5uIKz4rEkgIXeMed4M0jlfIDPvg6uqKI2xXr2" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ho+j7jyWK8fNQe+A12Hb8AhRq26LrZ/JpcUGGOn+Y7RsweNrtN/tE3MoK7ZeZDyx" crossorigin="anonymous"></script>
<script src="https://www.w3schools.com/lib/w3data.js"></script>
<link href="/rp_ressources/customization.css" rel="stylesheet">
</HEAD>
<BODY>
<div w3-include-html="/rp_ressources/header.html"></div><script>w3IncludeHTML();</script>
<main role="main">
<div class="container">
<div class="text-center"><img src="/rp_ressources/images/503.svg" class="illustration"></div>
<div class="jumbotron py-3">
<div class="col-sm-8 mx-auto">
<h1 class="display-5">Service indisponible</h1>
<p class="lead">Le service demandé n'a pas pu vous répondre.</p>
<p>L'application est soit indisponible ou soit protégée par un dispositif de sécurité. Si vous pensez que ce comportement est anormal,
vous pouvez <a href="{{ reverse_proxy_default_issue_url }}">signaler une anomalie.</a></p>
<a class="btn btn-primary" href="/" role="button">Retourner &agrave; la page d'accueil</a>
</div>
</div>
</div>
</main>
</BODY>
</HTML>

41
templates/rp_ressources/504.html Normal file
View file

@ -0,0 +1,41 @@
<!doctype html>
<HTML>
<HEAD>
<title>Erreur 504 :-[</title>
<meta name="description" content="Erreur 504... D&eacute;lai d'attente d&eacute;pass&eacute;" />
<meta http-equiv="Content-Type" content="text/html; charset=utf8" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css" integrity="sha384-TX8t27EcRE3e/ihU7zmQxVncDAy5uIKz4rEkgIXeMed4M0jlfIDPvg6uqKI2xXr2" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ho+j7jyWK8fNQe+A12Hb8AhRq26LrZ/JpcUGGOn+Y7RsweNrtN/tE3MoK7ZeZDyx" crossorigin="anonymous"></script>
<script src="https://www.w3schools.com/lib/w3data.js"></script>
<link href="/rp_ressources/customization.css" rel="stylesheet">
</HEAD>
<BODY>
<div w3-include-html="/rp_ressources/header.html"></div><script>w3IncludeHTML();</script>
<main role="main">
<div class="container">
<div class="text-center"><img src="/rp_ressources/images/504.svg" class="illustration"></div>
<div class="jumbotron py-3">
<div class="col-sm-8 mx-auto">
<h1 class="display-5">Délai d'attente dépassé</h1>
<p class="lead">Le délai accordé à l'application pour répondre à votre demande est dépassé.</p>
<p>L'application est peut-être momentanément surchargée ou défaillante. Si le problême persiste, ou si vous pensez que ce comportement est anormal,
vous pouvez <a href="{{ reverse_proxy_default_issue_url }}">signaler une anomalie.</a></p>
<a class="btn btn-primary" href="/" role="button">Retourner &agrave; la page d'accueil</a>
</div>
</div>
</div>
</main>
</BODY>
</HTML>

43
templates/rp_ressources/customization.css Normal file
View file

@ -0,0 +1,43 @@
body {
padding-bottom: 100px;
}
.navbar {
margin-bottom: 0px;
}
.logo_rp_header {
height: 60px;
}
.logo_rp_footer {
height: 50px;
}
html {
position: relative;
min-height: 100%;
}
.footer {
position: absolute;
bottom: 0;
width: 100%;
height: 70px;
}
.illustration {
padding-top: 20px;
padding-bottom: 20px;
width: 80%;
max-width: 500px;
}
.illustration404 {
padding-top: 40px;
padding-bottom: 40px;
width: 100%;
max-width: 700px;
}

21
templates/rp_ressources/header.html Normal file
View file

@ -0,0 +1,21 @@
<header>
<nav class="navbar navbar-collapse navbar-light bg-dark">
<a class="navbar-brand" href="https://libretic.fr"><img src="/rp_ressources/images/logo_libretic.png" class="logo_rp_header"></a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#rp_navbar" aria-controls="rp_navbar" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="rp_navbar">
<div class="row">
<div class="col-sm-8 col-md-7 py-4">
<p class="ml-2 text-white">
Libretic<br>1 le clos du buc<br>33360 Cénac
</p>
<p class="text-muted small">Illustration par <a href="https://www.freepik.com/vectors" class="text-muted">Freepik</a> / <a href="https://storyset.com/web" class="text-muted">Storyset</a></p>
</div>
<div class="col-sm-4 offset-md-1 py-4 center">
<p><a href="{{ reverse_proxy_default_issue_url }}">Signaler une anomalie</a></p>
</div>
</div>
</div>
</nav>
</header>

3
templates/rp_ressources/robots_disabled.txt Normal file
View file

@ -0,0 +1,3 @@
User-agent: *
Disallow: /

3
templates/rp_ressources/robots_enabled.txt Normal file
View file

@ -0,0 +1,3 @@
User-agent: *
Crawl-delay: 10

2
tests/inventory Normal file
View file

@ -0,0 +1,2 @@
localhost

5
tests/test.yml Normal file
View file

@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- reverse-proxy

1
vars/main.yml Normal file
View file

@ -0,0 +1 @@
reverse_proxy_http_modsecurity_error_code: 410