From user-return-5336-archive-asf-public=cust-asf.ponee.io@guacamole.apache.org Fri Feb 22 10:24:03 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 9949518077A for ; Fri, 22 Feb 2019 11:24:02 +0100 (CET) Received: (qmail 41477 invoked by uid 500); 22 Feb 2019 10:24:01 -0000 Mailing-List: contact user-help@guacamole.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@guacamole.apache.org Delivered-To: mailing list user@guacamole.apache.org Received: (qmail 41305 invoked by uid 99); 22 Feb 2019 10:24:01 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 22 Feb 2019 10:24:01 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 1CAD9C5A6C for ; Fri, 22 Feb 2019 10:24:01 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.702 X-Spam-Level: X-Spam-Status: No, score=0.702 tagged_above=-999 required=6.31 tests=[HTML_MESSAGE=2, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001, WEIRD_PORT=0.001] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id ppvZoWad9H1b for ; Fri, 22 Feb 2019 10:23:57 +0000 (UTC) Received: from mail.ipc.pt (mail.ipc.pt [193.137.79.171]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 4490D6247F for ; Fri, 22 Feb 2019 10:23:57 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.ipc.pt (Postfix) with ESMTP id 060B38CFFF for ; Fri, 22 Feb 2019 10:23:51 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at ipc.pt Received: from mail.ipc.pt ([127.0.0.1]) by localhost (mail.ipc.pt [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EojcM43YtyoI for ; Fri, 22 Feb 2019 10:23:49 +0000 (GMT) Received: from webmail.ipc.pt (localhost [127.0.0.1]) by mail.ipc.pt (Postfix) with ESMTPSA id E4C798CFFE for ; Fri, 22 Feb 2019 10:23:49 +0000 (GMT) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_1e6959799fd1eaca72fe7a9033bbf929" Date: Fri, 22 Feb 2019 10:23:49 +0000 From: =?UTF-8?Q?Paulo_Gon=C3=A7alves?= To: user@guacamole.apache.org Subject: Re: Newbie Question : Guacamole with HTTPS In-Reply-To: References: Message-ID: X-Sender: pafgoncalves@ipc.pt User-Agent: Roundcube Webmail/1.2.3 --=_1e6959799fd1eaca72fe7a9033bbf929 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 You are configuring apache to use "http" and tomcat to listen for "https". You should remove the following parts and maybe change the port number (in apache you have 8080 not 8443) to use "http" on tomcat. Or you can change apache to use "https" and adjust the port. You also need to "proxy" the websocket in apache: ProxyPass ws://192.168.1.2:8080/guacamole/websocket-tunnel ProxyPassReverse ws://192.168.1.2:8080/guacamole/websocket-tunnel --- Paulo Alexandre Figueiredo Gonçalves Departamento de Tecnologias de Informação e Comunicação (DTIC) Email: pafgoncalves@ipc.pt | Voip: 301103 Serviços Centrais Rua da Misericórdia, Lagar dos Cortiços - S. Martinho do Bispo, 3045-093 Coimbra Tel.: +351 239 791 250 Site:www.ipc.pt [1] | E-mail:ipc@ipc.pt A 2019-02-22 09:49, Nick Couchman escreveu: > On Fri, Feb 22, 2019 at 4:04 AM Kamal Ezzaki wrote: > >> Hello, I m using Guacamole1.0.0 in centos 7, I Read the Configuration Page about Proxing Guacamole , i m using tomcat and i did added this Configuration : >> vi /etc/guacamole/apache.conf >> >> >> Order allow,deny >> Allow from all >> ProxyPass http://192.168.1.2:8080/guacamole/ flushpackets=on >> ProxyPassReverse http://192.168.1.2:8080/guacamole/ >> >> >> vi /etc/tomcat/server.xml >> >> > maxThreads="150" SSLEnabled="true" scheme="https" secure="true" >> clientAuth="false" sslProtocol="TLS" >> /> >> >> and than restart tomcat and restart guacd and when i try https://192.168.1.2:8443/ give me innacessible > > You don't need to restart guacd, you need to restart Tomcat. Guacamole has two distinct components, Guacamole Server (guacd), which listens on port 4822, and Guacamole Client, which runs in Tomcat. Guacamole Client presents the Web interface in Tomcat, and connects to Guacamole server (guacd). The configuration you're changing above is the Tomcat configuration, so you need to restart Tomcat. > > Also, check and see if there is a firewall running on your system - if so, you'll need to open port 8443 on the firewall. > > Finally, while you can do TLS (HTTPS) support directly in Tomcat, most people don't - most people use a reverse proxy of some sort (httpd, nginx) to front the Tomcat configuration. There are a wide variety of reasons for this - one of them is that you normally cannot run Tomcat on a port lower than 1024 (like 443) under a non-root account, and running Tomcat as root is a really bad idea. Instructions for proxying Guacamole Client behind httpd and nginx can be found in the manual: > > http://guacamole.apache.org/doc/gug/proxying-guacamole.html > > -Nick Links: ------ [1] http://www.ipc.pt --=_1e6959799fd1eaca72fe7a9033bbf929 Content-Type: multipart/related; boundary="=_2a5159f11f48b04a8521908fa0f16fe3" --=_2a5159f11f48b04a8521908fa0f16fe3 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=UTF-8

You are configuring apache to use "http" and tomcat to li= sten for "https".

You should remove the following parts and maybe change the port number (= in apache you have 8080 not 8443) to use "http" on tomcat.

<Connector port=3D"8443" protocol=3D"org.apache.coyote.http11.Http1= 1Protocol"
               maxThreads=3D"1= 50" SSLEnabled=3D"true" scheme=3D"https" s= ecure=3D"true"
               clientAuth=3D"false" sslProtocol=3D"TLS"
         />
 
Or you can change apache to use "https" and adjust the port.
 
You also need to "proxy" the websocket in apache:
 
<Location /guacamole/websocket-tunnel>
   ProxyPa= ss ws://192.168.1.2:8080/guacamole/websocket-tunnel
   Proxy= PassReverse ws://192.168.1.2:8080/guacamole/webso= cket-tunnel
</Location>
---
Paulo Alexandre Figueiredo Gonçalves=
Departamento de Tecnologias de = Informação e Comunicação (DTIC)
 
Email: pafgoncalves@ipc= =2Ept | Voip: 301103
 
3D"Logo_IPC"  Serviços Centra= is
Rua da Misericórdia, Lagar dos Cortiç= os - S. Martinho do Bispo, 3045-093 Coimbra
Tel.: +351 239 791 250
Site:www.ipc.pt | E-mail:ip= c@ipc.pt


A 2019-02-22 09:49, Nick Couchman escreveu:

On Fri, Feb 22, 2019 at 4:04 AM Kamal Ezzaki <kamalezzaki1@gmail.com> wrote:
Hello, I m using Guacamole1.0.0 in centos 7, I Read the Configuration = Page about Proxing Guacamole , i m using tomcat and i did added this Config= uration :
 
vi /etc/guacamole/apache.conf

<Location /guacamole/>
    Order allow,deny
    Allow from all
    ProxyPass http://192.168.1.2:8080/guacamole/ flushpackets=3Don
    ProxyPassReverse http://192.168.1.2:8080/guacamole/
</Location>
 
vi /etc/tomcat/server.xml
 
<Connector port=3D"8443" protocol=3D"org.apache.coyote.http11.Http1= 1Protocol"
               maxThreads=3D"1= 50" SSLEnabled=3D"true" scheme=3D"https" secure=3D"true"
               clientAuth=3D"f= alse" sslProtocol=3D"TLS"
         />
 
and than restart tomcat and restart guacd and when i try https://192.168.1.2:8443/  give me = innacessible 
 
 
You don't need to restart guacd, you need to restart Tomcat.  Gua= camole has two distinct components, Guacamole Server (guacd), which listens= on port 4822, and Guacamole Client, which runs in Tomcat.  Guacamole = Client presents the Web interface in Tomcat, and connects to Guacamole serv= er (guacd).  The configuration you're changing above is the Tomcat con= figuration, so you need to restart Tomcat.
 
Also, check and see if there is a firewall running on your system - if= so, you'll need to open port 8443 on the firewall.
 
Finally, while you can do TLS (HTTPS) support directly in Tomcat, most= people don't - most people use a reverse proxy of some sort (httpd, nginx)= to front the Tomcat configuration.  There are a wide variety of reaso= ns for this - one of them is that you normally cannot run Tomcat on a port = lower than 1024 (like 443) under a non-root account, and running Tomcat as = root is a really bad idea.  Instructions for proxying Guacamole Client= behind httpd and nginx can be found in the manual:
 
 
-Nick
--=_2a5159f11f48b04a8521908fa0f16fe3 Content-Transfer-Encoding: base64 Content-ID: <287e92f48a1bb43062ec2a777feea25e@ipc.pt> Content-Type: image/png; name=287e92f4.png Content-Disposition: inline; filename=287e92f4.png; size=9817 iVBORw0KGgoAAAANSUhEUgAAAIwAAAAsCAYAAAC33FDQAAAABmJLR0QA/wD/AP+gvaeTAAAACXBI WXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4gwRDB0ql8CRfAAAABl0RVh0Q29tbWVudABDcmVhdGVk IHdpdGggR0lNUFeBDhcAACAASURBVHja7Xx5lFTVtfdvn3tvTV1VXT3P0DRTM88gKDjkORsTh+eY mOhTEzXPBI0JJMYkzmbU50v0JQaNQ5yeaMBEAYmIIIPQTE1DQzf0PFd3VXVNt+6953x/1LlQtExi 3vvWtz7uWrWqqXvvOfvss88+e//27wCcvk5fp6/T1+nrf/gaXuiB2Hvz0J9Jfk5f8lJPqwAYP8yP dx85C1T9PFY+Nv/LAqjmXMRe/bD1zRc/aA4DMACI05o6vXqOuFY9seBnjPBTRoR97YMvfevJml8A 6AUwcNpoTnuYQ9erP5rDCgLOnymEnyQNPvjGmrZXn1/ZtImAKgHEAYRPayl9sePdvPbsCoim247r oRjRqe7zikNlJ3qXDb2/4rH5n5Ehz+9gn9ezlhe4D71z/aObRF841b1lX+iJbz9V8/PnVzY1A9AE EAIQA2CejC4ZEdPUo4rCNJUduvH+o58dA2NExTmuobogp8bY59DvZ54VYslx9aAw+jztn/jBZ/99 ujqyzLuYC1HEuSABkBCwOOfBcNzc2dYb37PoT7VNUqlmptte/tC8sQ5VOZ8I5xNhOARUzkVv0uBb W3rif3/1w9baT+qCYUZkciGspQ/MVf1Z6re5wGzDFN3f+c9tvz7YFYsCSACw7HZXPjZ/JDHcwzmy O/uT73zzl5++v+zBeVe6HMosiwsSAgziGKMj0NodvU8//np9w8rH5y8UAqWmJSium0owksqLJsxC IUAelzKwaW//sy+uat5KhIgQMP94z3RWmuueqCrsCkY4UwD5QohwMsU3H+yKLf/FG/W1HcFk7K0H 5ub5PepCS8DDuTC7+pMr7ni65pOUwZNCIAVArHhsfjljuI9zeD6u7fvdw6/sOQAg+t4jZ01TVXa3 xTlv6Ij+5TtPb98IIJmdpZnhmCFe//Ecl8+jTVIVupqA2YIQ4FwEE7q1fl9b9O8/fG7XHsYo6VSZ mUhZfPlD83IUxmaoCl1FhCkQyOZAwrJEw8BgatXu5siGR1/de1BuudaJtt0TbkkVRe5pjOFBBgKp BFVhEEKACwUel4qigLPvuXtn/PHWX299hhH1VxZ7EvPG59A3L6j6LRG+AcCvMAJj6dnjXEBV2Tnj h/vvXXxd9SfXP7rx9niKd0BgUDcsD6DdrjBMIg2I6+bHABoAtMiVLgCAQ8zUiN2pqACEKAPQTER3 aQqb7ZAj4kJAyKErjEAECAFIf9gN4E1NYY9zIaAqBJ/HhaIc1yEbEwCau2O7AfQIgSYA4RFF3reJ cAkAxR6TEAKays6eNCL7vpvOH/7dx1+rf5sxfIMxuo8BgEIYVui584LpRV9bvrFzE4AeAEkBMYUR u1tVCfGk2QZgOYB6IXAJI9ykKAzcEk4AQQDN4Zgx8Ny9s9x52c6/EXCOPS5bBofKvjRzTM79N36p 4sZXVreuS6Ss7mUPnjnF41ReATCOCFAZO6QHU+EzinNd1xYEnN352Y5f3fPszleJMCAEkgD4KRuM bnDN5VBABIRjRvTPq5rX53idbMbowPDqCt9oxih/ZLF38TlTCprW7Ohdc6Az1vTM3dN/SIR/BwDT Eua62r4dn9QFW7gQ/IzqvOHzJuRNdqjMkeVW5i35/qw3rnl4400Ammsaw+KCGU6TQBACPJ605kir 78vwMmRaApoCi0BKcDCVB2D62l19yyqLPI2hQSM/njKzJlRmjy4OOAu4gPi0fuBAX0SPKIwMVSG8 +EELCFRFlLYMiwv+wt8PrneozGIMJgGcA+aqLd0AUAGga9UTCz4kwlQASJnc2NYQqt/eEGrzZ2na gsn548ry3KXJlDUfwN6BqOH3e7SMvQra9edVPLZ8Y+d35Bh6DFOQpsAkgtraG68GcABAr25y5nQw gICuAb0MwAQAEQDhyiL3HgKGAUAyxfWNe4K797REugsCLs+CSfnji3NcBZzjXABdN19YmZvlVmps f9EeTHa9v7lre1tfYrCiwO27eHbx9OIcV6HCqGhyVeCXc8fn9WyoC64D0AkgeSxPc0KDMUxO0pMj ljDNd9Z3tAHofH4F3nv27ulfH13unUYEXDSr+JY1O3rbF141ulRT6EGRXuXigT/v/vumvf1tcqUE V23tWX3mhLzKB2+a8AMBoCDgHP+1Lw37+surW17c1zrYc/70Qob0KiAuUAIgAEDLlIlz6QgI0A2e BaD4l2/UfwzgAwAjAOT99ttTvl6c4yzgXGDpuva2DXuCdQDaAUQBRBRG8cPtCfHSB81NADoAdAPQ 5SpLAAgtuXfmDYwwlaSx3PfHXe/VHgzbYxp47r2D71w4s2hsU1c8DiBXT3Gn3XZHfyJSnufxl+W5 qxZdW33r46/v/RWAmG5w5nGmF2IixfMA5AFwWZwz28slU5YPQD4A7d2Hz3yUgGFEQCxhJe/6z23v tvTEe+Ri6n9meeNbV88vm/TxrmAPgLwrzix9EgJQFcL63cG9P1pS+7E0vF4Agy+vbnn/v743/eZR pd4pChG+c/nIn26oC94px959rLjthAbDRWZgTARgEEAdgP0gTAAwDQAYUT6AiumjAl+23eXmPf0H N+3t75Vbyg45Ian1u4Nac098cmWx5yLOBaaNyjnn5dUtn7T1JXQhjog8FPmhITKRHYCJdKCnyJXb CaAfgKswx3mBvSU5NcYBdAHYKr/jmsoMLo5YREm5/dXKMQoARlHAlSjJcy0GAEUhvLKqZUftwXA/ gCYAu2Sf1oot3TUAfAAiLocyTfaLx1+tr3n2e9PPSRkcZ03Ku3DalsAn2xpDA7Gk6cjxajIwhSLn go4SxKrVFb4ch8IuBABNYfiPv+7d1NITDwHYL2XoBSD+++P2GgD+K+aV5bgcygi54PmPltRulWPa Lt8JA1BWb+uJji7zPseFQGm+u8rnUWcPxs0g0sH+UeOZz5lWCyE7bgfQUlnkGWMrcnvjQD+AbJ9H myrkb2t39nXIVVgLYKfEMywALJo0/grgIgDwuZU8IiqPxI12IQQd1pv4PNmXIQeqA4Dfo0UOpyBI SUNqAtAKwHA5mBOHYxy6/4ZxM4tynMUFAecct0MxgoOpjbf8asuy6aMDTFNYdVr5Ap/U9vdJo9sp F0FYKlYF4AJgZXuUmN1310Ay8kFNT/3Zk/PHepxK1nXnVlyxrTFU1xPSfeX57pMaX0Whx88YlQFA ImWJj3YG++QcbJOLd1A+qgFwfWl6wQKFkYcIaOyIBaVuGqTBNEsd0RsftXV++9Kq5+x+JlZmj95Q F9wK4KD0rqduMAICPo/m+t6VoxaMLvNVjSr1TlMVGgcAPSE9sWxDZ7OqkJ2mgQB0h/SYNJh2aSyH 9ka3Q206JA6RpikUSBncO8TDfN6LA0hJI7AyEiNIQzXlfSNLU1RxOB9m588onCZE2lvKOGU6gO3t wURUbovQDcu0ONelwbRKA01mZJwJAJbDwQ65c4fKjJdXt3w0pzp3mFNj7jnVuWfOG5+3oLUn3j9t VOCkVO/SmBOABwBiCTOlEHTp2dqlwabskBNArCTXze25HYybKbkN29ttDABnROBC6BywKO2h4XYo fgB+afj0hYA7IQCfR3VdNb/8bM7TGUjK5FZfJBX+9Zv7NkUTZheAVkbp9FcA8HtUJgWMD025s71a lv0P0+LcsLjGBTTxv4Q+Z3ZiccGfX9G0y+1UYg6VxVWF+K6Dkf0AxkRi5n6RVioURkwaYjRjTMhI rCxpoCJjEzcbO6L12xpC78wbn3c95wI/uGbst17/qPWVk8SNyeLCXgzQVKZIjzEoZbCGyADGyNY1 OR2KahuSNCxhZ5FSD4qtj1AsJQA4j4bnfG6DSWdJpr58Y0e926HEBwZTwQNdsfCug5HBWNIMSZe3 g4i6AZRxLjB1ZCB/zY5ecbQint+tnXfIEw3oMSFggo6dzv1PXpwL8fLqlj1yy+qQnkIH0G9xnrC4 6GIK5bscChte5PE0dsY+j2UKAKkfP1/7+7d/Nm9SdpY60edRc+aOzztHIL39nshuwjEjyYUIK0RZ fo+mlhW4XQ3t0WPiaLphhQVUnQRcpXmubACcCCSGdPSXxbPHZ85vzf5Q6Hgp9QmR3iF4F6JxI7nk /aadv1vWuPYvH7au3bin/9NY0twCYB2ADQBaYklrGaXTaXxpWuE4lVE2AHdm8Lrk3pmFmkp3pgUl /GNbTzOAhMooQRn6Sy8siIzP/+QVBrAPwCcA1gJYD6BuMGH26Ia1xV6V/3bRiNnSbWdljunP9830 /OTGcR4ATHw29rIAhF5f07qYcxgAMK7CN55RevuGEMebB7HzYDicMvlBALCEwKJrxs6XAbZHygAA eGXxHN+dXx7p3Hkg3CqECMks1HXxrOJRQsCd4T0AgAqyXffYCUpNQ6hDes4jPNEXCnrTVQD0A9gt lWu75qj86Auf2fbsku/PWqgwyvY4Fddz9868Zcu+AeiGpU0eEYiNKPFMd2nKT+T+jg17+ps/ru1r AtDncSoRIuK2xV86p6Qi16vNmlCZ7SnPd4csiw9c88imjw2Tsww9ffHtiQgzx+bkVBZ6CiZXBUpK 81w+RmRt3Bvc+4e/HdS3N4Remj8x/5tCAGX57ty/LJ59997WwVyF0UdVJV4j3++YoWnsa5rKXgXw XELnDrdjSAgI6K+taa356rzS5QUB55VMxnpyuz8ePE+DcTOx62D42TOq887kXGBUmbf0hftm3d3Q Ec11amzD6DIvBbzaPE1h35w6KvDQ7b/d+rcJlf6/l+a6b0kZHN+7cvRlc8bl6q29CVEUcO6bOjK7 IOB1fI0xfEMG0uav/3tfjUy7+78QDnOULCkm3fZ++beVmYK19SUjS9e1f/3Ks8reUBi5KgrcoyoK 3I8CeHRoa7ubIx0/XlK7QaKfTXl+R4hJD6MwojsuqzoHEtWUvRsApnX2xwO5vmwb/T9Z7yOOFcSo CilP/NukawBck3k7FEstBPDWT1+sq118ffXC86cX/tbiAkU5rsqiHNf9AO4/5KqJsL8j+imACeGY kZXrc+AoXia88JkdD7y0eNYVaez5CGnE8eRe/KfaFY//26SHZlfn/MTiAhUF7vFSr4cxCEbY0Rga A+DAjY9t/s1rP55TXRhwzlMV0uZPzL8OwHWfhU2E+I93Gta39Sa65JZsA3f8lAwmljD7kx61Xjd4 oKU3YUfkSfmtDx2owij17LsHNjV0RG+7dE7J7fl+52ivW/U7VFIFwJMpKxkMp8Kb9vY3L1nRtE8C TzsANHIhggnd2mJYwp/QLS/nQiGCIAInIpFMWQkAZ+w8EFGHF2Y1mpYItPcl+mXwaWUOMpmyDhgm b4vEDS0US0UzngEAautP6gndqonrVn4yZXkEwBjBIiJOgACB1u/uLwdQzRjte+zVvUt3NIYSF88q viXP7xjhcalehREzTJ4KRY1wfdtgy++WNfYCGNYT0nuLclwHQ1HDq6d4wg74iWB0DiSb3t3Ydcvc cXn3Gxb3GyZXm7rjA/Y2EEtazU7Nao8nLUdHMBmyazwOlemL/rRryQ3nDYueNSHv+hyfY5jHqbgZ EUuZXB8YTIV2NoUbf7esUQdQojAKXvfIprsWXTf2jlGl3nOzs7RCl0NxMSIyLW5E4mb0YFes58VV zXUNHdEeiTTvlovXOOXio9etOsvz3dX9g6k5kbhZnkxZ7TJeaZDb0dHadAIoBDA2O0sb71BZKSN4 BMAMk/No0koZJo/LlLsRQL30WvqI4qyiWNKclUzxqVyIHNmgCYKwLGHEdatdU6iuJM8t4ro1LhIz ilImb5YyHZDGzKpKsgpTJp85GDenDiZM4lzsBLAZQC8RLCGgVhR4RsR184yUyccLAY/sx84weFy3 QpYl6qRBDwAoIMK4QJZjnKpQCQhuyxIikbJSCd2KSuPf7fOoTYXZzpKBqDGtfzDlkVjJpwB6FUZk cZGX63NMt7iYalqiIJ40IyINwG0uCDgTWU5lciRuzozEDY9pib0ANkr9qADKFEbjs7O0akWhQgi4 TC5EQrf0ZMqKypS/VurUAlDhdioTPU6lSmGUS4BqcYikYZnRhJmU2VYbgL1Sf6EvZDAyqArImkpA xiqtcq8zjtOuQwaHhRLezpaGBLmaBqWCe2TAaXsrD4AS+fFmZFhCepCIVEpKtu2X77fJSTXl824A xbIdRb7TaeMQMvjzASgDUCSfH7oVJCV20S7f0+Q4CgEUSPkcss+oXADdUkYfgFKJafTICY/Ldh1S J6WyPSNDvpRsu0zqKyjHNijldst5sPXqk+OzZeiT7dhorUeWHQoB5Mh/q/JeXOqsR/YTO1HF+mQM hmQHjoyO9KG4yjHeY1LJTvltZxWWVEzqKGV1JvtyHAUu5/JZQ/6tZSgrNcSAM9uBfEYfglsoGc8M LUGIDCAwlWGIiuzXfo/ZZQTZvi2bknHfkG1YQ3TqlN884xmR0X7mu2bGu8oQvdoypIbIO7QvW6eZ Mmc+z0/GGE4F6xKn+B7LmPjjtXUq4J04RbnpFNqmjG8akvaLY7R7Mn2Lk7x3sjKc6HmcjJH837xO s/D/H5+HkwIzLptTwnJ8Dub3aIrXpSgBr0PxeVTF5VBYLGkds/MX7puFaNJkTk2x32PyowS8DsXp UFgsaZ6UoEU5Toyr8LMJldnM41S0gFdTNJUpcd36DIIJAGX5bowp8ynVw3yK16Wqfo+met2qar9z tD6unl/G/FkaUxRSwzHDdts4f0YRzRiTwxwqYy6nonIumG7w44APb2LbyvXM5WDM41RVTWUsnrQy ENY5CMcN5tSY4nWpSsDrUPxZ6fEkUkfX5w3nVZDbqSo+t6p43ZoS8DqU7CxNcTkY0w1+qIJ/rOsb 5w+ngNehZLlUxedRlXDMJHGKlnbc692Hzsx1OZQlHMIFDrJrPUKIJBfoTqb4nubu2PqFz+6oURUC FzC5LFSsenzBnSBxhRCwZFHxiP5iSXPLrb/Z+h/9g6nI8XL/Pyyc4Rpe6LmOES4hokkAsoUQcZOL fZG48Y+n3258fd3uvj4i6EKA/2XRbG9+tvMGIrqQ0hSMXFkBCBomrwvHjFW3/Wbr2zHdGlQYGRYX 1guLZjvKc12vCIFSIUT8gkUfXwcgNXtsbvKRmyfcCqLLhRAkBKAb1s7fLWv8/cqt3b2SoZYZF2HV 4/P/FURfF0I4IYCkYe196JW9v/q0vr8fQOyDJxb8XEDMExyW1CcJIQwu0JtMWTvX1Qbf+81b+5ql bOa7D5/pcmnsMSForBCCHZ4DmEKIYCJl7dzeGH7/wZfr6tM1xSMD1z/dM4MNL/IsEqCLhRAKAOuT 3cGf/uyluq1Hq/Md7zohDiNIjCbCVxRZplIkvUcAEFzAqTFMrso23npg7rtXPbjhO0cUxUh8kxHN AqVBjqHWGYmJMt3gH0nUuDOj8itX6g/xt4fXlbidyocARqfrajbkRVCEGFngd158+2Uj5q/b3fd9 IdC99Gdzy7I92mqZIdEheiYAwalIYTTe5VCufuMnc++59P51V1pcdAGImCnTQ8CXieBU00TuOQCa idABopsY4Qwba9MU9cI51Xl8xZbul2TGGLWN/e2fzSthjJ4CUGI/r3I2m3OxSfJx6gHcxYjyDunz MPMPTo3h4tlFP9lcH7xyXW2wDkAoljSzXQ7nFYwwDKAj5oBzAYfGMH9S3v2Lrhv73cdfq18hM9hD 8P5gwnIR0QMEOG2Zxg33/xLAHRKs68fJEd1PbDCplFA8jjRUPxg3E0+93fCRz6OaRQGnY8rIQGVV SdYIp8a0HJ92xSuLZ+d/68mae2JJ84AQ6BcizSwgApZt6KjZ3x7t1lSmE8gCQbT1xnvjSbNCppQ9 QxHP/MIn2evfn7MUwNi0gRnRNTt7d+84EO70ulR2xvi8YZNG+EcndT4SwMRJI7Kdfre2VKbS6Agm ut/d1Lm9rnmwN8ulKudMya+cPzF/mtuhuNxONvbVH815+fpHN90FYP/e1iiNKPba1V4AmA1A9EVS ISEEgQhJwzJUxhRNITZumO9GADsJ0AWgqwrppiXgdrB/sfuP61bM41SyTIs7BgZT02Xq2mR7WsYI v3hj34q+sD5Qlu/Srp5fPrc411WqMha47ZKqJ9fVBu8CsL+rX1fyfE6AgFjSTDy1tOEjDpEoy/c4 LppROK00313KQP7JVYFFWS61K5Y0d2UCcNUV3tsBOImAZIqnnBpzeF3KuClV2RfsOBD+28mk0ydv MCY/VPNIGpb4x/aeTrmqugDg7Cn5YxZfW32npjJHSY5r/nlTC7+ybEPHUomNkF2r2d4Qiny4o3eP JPAMZqR1vRK3+IyFv3rP7O8S4QypfP3eP+xcfaAz1in77nt3U6c5ttxXxBi5ATjuvmLUHYxhtBBA c0+8+66nt61K6Fa/xFH6N+4JmmvH94165OaJP+ZCINenTbxgRtElK7d2Lz3QFQ8O2acLAGSZFlft LSAcNfTukB6fOjJQWJrnKj9rYv6CdbV97QD6TEsYALimsl8TAT0hvb97QB+cWOnP4gKKYfECibk4 DukFwK6D4WRrb/wg6tHMBRq+e8WoHwoIZGepIwFMAhBp70tExw/3gUBImUKsre0LGyZvBNC+60Bo 0xO3Tlqsqcyd5VSGEWG69Bhhe6vRVPYQERCMpML/2N578Jqzy6e6HIp7xpic2TsOhHdKjOgzW+up Vqsp4w+bcVcvq7pr1u7oe2N/R3S5bRhnTy74itw+ctLsOUkF0xQTQLtTY9uzXOoGj1NZLyvCuyTY 9ZmThYpCP7ZrJGt39h040Bnrk9vXxwD+AeDD+rbB5XtaIisB7BlRlHWzEOm6zjvrOxoSuhWRqOda AB8CWPtJXfCNrlByg+SWaCV5rqkARnT3J33iswkBCXGYf6AojF76oGW3wgicA7dePOISCbBlA+Dv P3bWdQAKVIXhxVXNmxkdkVTYdFOWOU5Kk6GaAdT8y/TClBDp8e5sjHRLQNEXTZpKZvjHCDFZy/tk 0ojs7faJjLhumaYliiWg5wAg3n9s/jUAvKrC8Oba9u0b64IdusFNImDBpPxZAMpljKf9U7ako9Et pAW3AYgKwGlZYhWArwoIpSzfNRzAcAD5nIOgpGOdG84tn3z9OeUFAa92mVNTdADJR/+yd+G63X2D Ryunv/qjOWUSSYXCCKu2drfhMDWyVnolSw5Uu/nCyiJGcAtZ6d5c398jPeEOaWT2MRUnBDYCmEsg FGQ7ywCURGJGxzHPMh2eKNQ1RdobO6Itw4s8w8rz3eWzx+ZO21zf35Dj1UIqY4sIQG9ID/99c1f7 5XNLxx/GRUgM3XK5ELj36jGz3Q6lrDDgvMrrUecKAfFJXf++R1/bu90G1pwq45IPBU0h5ZLZJaVF Oc6xZ4zLqyjNc12jMHKrCmF9bbBZNyxuk6euPrtcVRndBACRuJFcvrGjxTBFZ0K3ZmuKmj+i2Fs8 bWT2xG2N4ToZQ+on2pYYTu3KRFyjOV5Hq92RU2MOCUFnS4I2BIDyAk9hRaFnis+jnePQ2IWaQpcI EnNkcPqZ0q6mUM7hLQ3o7E8MZsD04Qy0OQEgcs7kAmfmSPsHU1G5j/fIoNSwn3dqrOdwpZq5APh1 k3tOJmv0eVRr6br292TwTRfMKJoNoHzhVWPOJsJoIsLKmu46hZGhqUw/Ue1/QqW/sqo060yfRz2f AC8RaEy5t2JyVbbDLjO4nQrPrO39+1dHXvSvC8oXVRS4H1QYTRQC/NV/tG78z2UNnwqBThkr6def XVFqb+m1ByNtusETpsXrm7qjy4jSBvutS0deKOfAfzIwyz/jbLXwZ2lZtrKjCTMlDcBp83OJgHc3 du5v7o53uRxKRGFkcC6M9bXBXOk+e4dyMKJJy8zxpf8tBJDrd1J3SM88BXnESkikrCMyrECWRj0h PX6UVSOcGvMe6idumAAcQoiT0oXCiG9vDNdHE2aX26kUT67KngRgWHmB+wwCPImUlfp4V18HYxR0 aixx3NVKhJdWN++OJ83+LLeWHFmSVTinOndKjlfz/PK2SVc8s/zAvtfWtG5IpqxD8Z1hcmtP62CP 16VSVUlWMQB09id6Vm3r6ZCxSJ38jmW5lGsB5AkBUd862FdZ5BG5PofYUNf/1ykjArdwITCyzFs5 usw7YX97dL80tOMGv1/YYPL8DnicyjRJYcH+9pgdPFoy5kkHvY3hrg+399TILMHeTvozAt4jYPE/ rzzYdv+N4w+57rMn5xfvaYkcEzv69lM1Tat/seBQujmlKpC9qqb7aCCY0FQ20263qScekbKeLETO W3vjnaGYsc3tVC4uynHmnD+9cMbwQs9VIKBnIBmqa470ODXWfiKDIQI+2Nrd3NKb2C+3z+TPbxr/ 1bMnF/yLZCxe8tqa1vWNnbEOyIwzmjRT9z+/e0tcNzvv/uqoUVecWXZeWZ67+Mk7plx87cMbN8V1 q4MIYSEgVJU9LPuh686tmHXtueUzGNE3iGwyI8AI7NI5xbOfXNqw2ZbheMEvO8XtyN6S+JJ7Z05W FLoNSOMIf9vUeUB6gbg84ZxemYSkNJZNAD4CsAbAFrnFHOEFRpd5xYc7+qK6wdfadM8LZhRNLMpx FQ2lJb68aLbvzQfOqARgJA1rHUls4rIzSsZJGqUrc5zv/PzMMxRGFwJAQreMPc2RIICoqrDk59CB saEu+ApRWrYfXlt9IwBVUxhe+bBlB4AwY9TmUFnqJOh+cUkV2QBghdup1NrItWFyP4CRvWE95zA5 nmBxMSgE9j/1dsPT4ZjRDAI8TsV15+Uj5wLwCwH668/nXUJAMaXHmRqMG3osYaViCdOIJkwzmjBj tsKnVAUmOlQ2TAa/6vG25s/lYVSFsfHDfCUTKrPHXTCjqHhYoed8VaEvA8hhjLC9MdS+vTHUKeOG fps9hzS10T1vQl72xOH+vDHlPu7SFN4TSQYffnlvSALDhwLC/WmCM3thZdM9t19StYsIyM7SfM/c PW3hjgOhljB7fgAABbVJREFUnGDEWD5xuD85rMhznkNjN+uG1QLgxqXr2h+58dxh7wHAhOH+kf/1 3el3fLijN7W7ObLmhvMq1Gkjc76mqXSvTQ9dsaWrsTGdpvd63ergSfCxD3mp3y1rXHPpnJIGp8ZG EaXZq10DydiqrT3tALo1hXWoChknqmiW5bsdfo+qTRkZcFw+t+SyPJ/zVvu89+b6gV4AHtMUjgzJ BKUD+BYAe9bvDv78oplFSwDQrDG5Z2kqW2GYvMXlSNNgnQ4F9/5h59r2vkRUU9kAI8SIiOd4HZ4H vj7uXwNZWnZlcVZpZXHWmH1tg7szqCNfzGCEAAJezf3s92bcxLm4KfPUoGEKc29zpGPhMzvWyOyp AUCQ5Ek0LgRuuajyLABncZ4+4wQAlUnP3oJsx9XdIb0rAzewaZPijY/aWiaPyL5n1tjcRzSV3AGv VnjO5MIfCIgfZGb9vSE9BGDykvebeqaNyvn9mDLvbapC2uhy7/QxFb4/CyGOqCFzDrGuNtj4izf2 bZTyNhcEnIOUgRsNSX0P4SY4DLKa9W2Dj0+pyn7OToVf/6jNpq22uh0sqDCyVwINqSIzSE/4xK2T LhdCXJ6pF4sLvnVfqO2FlU07AQw6NZbEYRkI6aM8SQCh7Y2hj8+ZUrDPqbExJXmu/K/MK13QG9I5 I4wnApq646FtDSH7HFW91DNv6YlTOGqMCWRpCwjAHZdVXbDw2R0bZPAbxSkelaV9bZEDXnfujoRu Feim5YIAAWSZFk+Gosbg/vZo76f7+ns/rR/oluSdnTKNTUQT1ruM8YK4bro4FxoRcUmDFBKJDYVi xlSkT+QdEcyalhCMKHH/C7vfvHxuqT6nOufqqpKsKbk+Z0BViOmGleoe0PtqGkL731rbVgNguBAY +M7T256+8bxhrVNHBr46vMg9NuB1ZGsqI4sLROJGeH97tH3l1u6m1dt6OgjoEOm0uzkSN6LJFN9u Wnxk10DS5qFYyZRlJXRrLxEN7+xPJpLp4Nokgvj1f+9776k7pm4kwti+sG5+uL3H5sS2M0YR3eB7 DFNM7BpIGpJeagJQB+PGW4JwYSJpubkQCiOyBGDEk2asqTveu353sPujnb3dMnjdryjUqRt8D+fC 2daXiFtc2Nwac+XW7o6r5pc9X5TjWmhZwjN9VGDKqprujqRhRc2kSC37pL1Oxoq7ZGnCPkpCdc0R lp/tGGmYwlsQcBZK3CdH7hDm5y4+OjUG3eAOybabA6BaxgRGRmBkH1rvlQDUAemSU4bF/QAmA5gp kVOeQdQR8u92ADUZlE8xJMZyybSvWgKCRfI3ZBCc+gDskZzUSMbzIzNALAyRt0ca9j4cPnxeKMc5 Ua7gzbJNRY5hsvz9UzkBBoBKAGfIvlLy9y3ScPwApiN9/pwDqCHCTnlKYIr8PVf2nbl92WM6IAG6 oJzIWUj/bw4xGQvWMqIYFyJPyjZDxnitsv8SCSx2y7HYeBTkOSWvLLvMkXptk3TQfTjGUdmTpWj6 JZ0wPwPa5hksr5h0dQM4fK4FcmIL5LveITwM+6RgWK6k4DH2Tps5F5Bt5Ut5HPJ9+zhul/w25L2c jOdtKqVNuwzLCbHLEvZkeaWCCzOMuUfqoPQov5tSlnJJgzTlRHVKhbvke8VSX51y8ki2VSIneKhO YtIT9Etk3cyQrUDqqU3KkMJhDnW5bM8+X5QlKZ2hIRTWQ3CXlLtc6jcmja1XJiKnTNG0KYHakMxK ZHiNzzD3cZjbqx2FApmpoBNRPmkI5dKmVPKj0AzFUWiMjgy5zaPQQzMXh/08z6BcUgYdkme8K4bQ PDMpnWLIe8i4hyE0zGPRUDNpk8oQGfSM+5QxVptGa2WUIoyM54fqVR3SbjKDZnrKVMhToTH+M949 Ec3wRHTPoz1/vJOUdqbGTiCTOAaDTXwOqiWdgk7oc8qBo9A3j6fT/40Tpqev/5+u/wPZ85x5hGC/ pgAAAABJRU5ErkJggg== --=_2a5159f11f48b04a8521908fa0f16fe3-- --=_1e6959799fd1eaca72fe7a9033bbf929--