2016-10-15 19:57:54 +02:00
<!DOCTYPE html>
< html lang = "fr" dir = "ltr" >
< head >
< meta http-equiv = "content-type" content = "text/html; charset=UTF-8" >
< meta charset = "utf-8" / >
2017-02-07 17:35:26 +01:00
< title > documentation:2.0:authssl< / title > <!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else --><!-- //endif -->
2016-10-15 19:57:54 +02:00
< meta name = "generator" content = "DokuWiki" / >
2017-08-30 18:47:26 +02:00
< meta name = "robots" content = "index,follow" / >
2016-10-15 19:57:54 +02:00
< meta name = "keywords" content = "documentation,2.0,authssl" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "authssl.html" / >
< link rel = "contents" href = "authssl.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "lib/exe/css.php.t.bootstrap3.css" / >
2017-02-07 17:35:26 +01:00
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
2016-10-15 19:57:54 +02:00
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : a u t h s s l " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 " } ;
/*!]]>*/< / script >
2017-02-07 17:35:26 +01:00
< script type = "text/javascript" charset = "utf-8" src = "lib/exe/js.php.t.bootstrap3.js" > < / script > <!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script > <!-- //endif --> <!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.min.js" > < / script >
2017-02-07 17:35:26 +01:00
//else -->
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.js" > < / script > <!-- //endif -->
2017-02-07 17:35:26 +01:00
2016-10-15 19:57:54 +02:00
< / head >
< body >
< div class = "dokuwiki export container" > <!-- TOC START -->
< div id = "dw__toc" >
< h3 class = "toggle" > Table of Contents< / h3 >
< div >
< ul class = "toc" >
< li class = "level1" > < div class = "li" > < a href = "#presentation" > Présentation< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#configuration" > Configuration< / a > < / div >
< ul class = "toc" >
2017-03-04 15:38:41 +01:00
< li class = "level2" > < div class = "li" > < a href = "#with_apache" > With Apache< / a > < / div >
< ul class = "toc" >
< li class = "level3" > < div class = "li" > < a href = "#enable_ssl_in_apache" > Activer SSL dans Apache< / a > < / div > < / li >
< li class = "level3" > < div class = "li" > < a href = "#apache_ssl_global_configuration" > Configuration globale de ssl dans Apache< / a > < / div > < / li >
< li class = "level3" > < div class = "li" > < a href = "#apache_portal_ssl_configuration" > Configuration SSL du portail dans Apache< / a > < / div > < / li >
< / ul >
< / li >
< li class = "level2" > < div class = "li" > < a href = "#with_nginx" > With Nginx< / a > < / div > < / li >
2016-10-15 19:57:54 +02:00
< li class = "level2" > < div class = "li" > < a href = "#configuration_of_lemonldapng" > Configuration de LemonLDAP::NG< / a > < / div > < / li >
< li class = "level2" > < div class = "li" > < a href = "#auto_reloading_ssl_certificates" > Rechargement automatique des certificats SSL< / a > < / div > < / li >
2017-04-13 19:00:28 +02:00
< / ul >
< / li >
< li class = "level1" > < div class = "li" > < a href = "#ssl_by_ajax" > SSL by Ajax< / a > < / div > < / li >
2016-10-15 19:57:54 +02:00
< / ul >
< / div >
< / div > <!-- TOC END -->
< h1 class = "sectionedit1" id = "ssl" > SSL< / h1 >
< div class = "level1" >
< div class = "table sectionedit2" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Authentification < / th > < th class = "col1 centeralign" > Utilisateurs < / th > < th class = "col2 centeralign" > Mot-de-passe < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 centeralign" > ✔ < / td > < td class = "col1" > < / td > < td class = "col2" > < / td >
< / tr >
< / table > < / div > <!-- EDIT2 TABLE [19 - 76] -->
< / div > <!-- EDIT1 SECTION "SSL" [1 - 77] -->
< h2 class = "sectionedit3" id = "presentation" > Présentation< / h2 >
< div class = "level2" >
< p >
< abbr title = "LemonLDAP::NG" > LL::NG< / abbr > utilise le < a href = "http://httpd.apache.org/docs/current/mod/mod_ssl.html" class = "urlextern" title = "http://httpd.apache.org/docs/current/mod/mod_ssl.html" rel = "nofollow" > module SSL d'Apache< / a > , comme n'importe quel < a href = "authapache.html" class = "wikilink1" title = "documentation:2.0:authapache" > module d'authentification d'Apache< / a > avec quelques fonctionnalités supplémentaires :
< / p >
< ul >
< li class = "level1" > < div class = "li" > Choix de n'importe quel attribut du certificat comme nom d'utilisateur principal< / div >
< / li >
< li class = "level1" > < div class = "li" > Autoriser les clients sans certificat dans le chaînage avec d'autres méthodes d'authentification< / div >
< / li >
< / ul >
< / div > <!-- EDIT3 SECTION "Presentation" [78 - 401] -->
< h2 class = "sectionedit4" id = "configuration" > Configuration< / h2 >
< div class = "level2" >
2017-04-13 19:00:28 +02:00
< p >
By default, SSL is required before the portal is displayed (handled by webserver). If you want to display a button to connect to LLNG < em > (compatible with < a href = "authcombination.html" class = "wikilink1" title = "documentation:2.0:authcombination" > Combination< / a > )< / em > , you can activate “SSL by Ajax request” in the manager. See < a href = "#ssl_by_ajax" title = "documentation:2.0:authssl ↵" class = "wikilink1" > SSL by Ajax< / a > below.
< / p >
< / div > <!-- EDIT4 SECTION "Configuration" [402 - 713] -->
2016-10-15 19:57:54 +02:00
2017-03-04 15:38:41 +01:00
< h3 class = "sectionedit5" id = "with_apache" > With Apache< / h3 >
2016-10-15 19:57:54 +02:00
< div class = "level3" >
2017-03-04 15:38:41 +01:00
< / div >
< h4 id = "enable_ssl_in_apache" > Activer SSL dans Apache< / h4 >
< div class = "level4" >
2016-10-15 19:57:54 +02:00
< p >
Installer mod_ssl pour Apache.
< / p >
< p >
Pour CentOS/RHEL :
< / p >
< pre class = "code shell" > yum install mod_ssl< / pre >
2017-03-04 15:38:41 +01:00
< div class = "notetip" > In Debian/Ubuntu mod_ssl is already shipped in < code > apache*-common< / code > package.
2016-10-15 19:57:54 +02:00
2017-03-04 15:38:41 +01:00
< / div > < div class = "notetip" > Pour CentOS/RHEL, il est recommandé de désactiver l'hôte virtuel SSL par défaut configuré dans /etc/httpd/conf.d/ssl.conf.
< / div >
2016-10-15 19:57:54 +02:00
< / div >
2017-03-04 15:38:41 +01:00
< h4 id = "apache_ssl_global_configuration" > Configuration globale de ssl dans Apache< / h4 >
< div class = "level4" >
2016-10-15 19:57:54 +02:00
< p >
Il est possible d'utiliser cette configuration SSL par défaut, par exemple en tête de /etc/lemonldap-ng/portal-apache2.conf :
< / p >
< pre class = "code file apache" > < span class = "kw1" > SSLProtocol< / span > < span class = "kw2" > all< / span > -SSLv2
< span class = "kw1" > SSLCipherSuite< / span > HIGH:MEDIUM
< span class = "kw1" > SSLCertificateFile< / span > /etc/httpd/certs/ow2.cert
< span class = "kw1" > SSLCertificateKeyFile< / span > /etc/httpd/certs/ow2.key
< span class = "kw1" > SSLCACertificateFile< / span > /etc/httpd/certs/ow2-ca.cert< / pre >
< div class = "noteclassic" > Placer vos propres fichiers au lieu de < code > ow2.cert< / code > , < code > ow2.key< / code > , < code > ow2-ca.cert< / code > :< ul >
< li class = "level1" > < div class = "li" > < strong > SSLCertificateFile< / strong > : certificat serveur< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > SSLCertificateKeyFile< / strong > : clef privée du serveur< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > SSLCACertificateFile< / strong > : certificat d'autorité pour valider les certificats clients< / div >
< / li >
< / ul >
< / div >
< p >
SI le port est spécifié, déclarer le port SSL :
< / p >
< pre class = "code file apache" > < span class = "kw1" > NameVirtualHost< / span > *:< span class = "nu0" > 80< / span >
< span class = "kw1" > NameVirtualHost< / span > *:< span class = "nu0" > 443< / span > < / pre >
2017-03-04 15:38:41 +01:00
< / div >
2016-10-15 19:57:54 +02:00
2017-03-04 15:38:41 +01:00
< h4 id = "apache_portal_ssl_configuration" > Configuration SSL du portail dans Apache< / h4 >
< div class = "level4" >
2016-10-15 19:57:54 +02:00
< p >
Éditer l'hôte virtuel du portail pour activer la double authentification SSL :
< / p >
< pre class = "code file apache" > < span class = "kw1" > SSLEngine< / span > < span class = "kw2" > On< / span >
< span class = "kw1" > SSLVerifyClient< / span > optional
< span class = "kw1" > SSLVerifyDepth< / span > < span class = "nu0" > 10< / span >
< span class = "kw1" > SSLOptions< / span > +StdEnvVars
< span class = "kw1" > SSLUserName< / span > SSL_CLIENT_S_DN_CN< / pre >
< p >
Toutes les options SSL sont documentées dans la < a href = "http://httpd.apache.org/docs/current/mod/mod_ssl.html" class = "urlextern" title = "http://httpd.apache.org/docs/current/mod/mod_ssl.html" rel = "nofollow" > page mod_ssl d'Apache< / a > .
< / p >
< p >
Ci-dessous les principales options utilisées par < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > :
< / p >
< ul >
< li class = "level1" > < div class = "li" > < strong > SSLVerifyClient< / strong > : mettre à < code > optional< / code > pour autoriser les utilisateurs ne disposant pas d'un certificat valide à accéder à la page du portail < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > Pour basculer vers un autre backend d'authentification, utiliser le module < a href = "authmulti.html" class = "wikilink1" title = "documentation:2.0:authmulti" > Multi< / a > , par exemple : < code > Multi SSL;LDAP< / code > < / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > SSLOptions< / strong > : mettre à < code > +StdEnvVars< / code > pour obtenir les champs du certificat dans les variables d'environnement< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > SSLUserName< / strong > (optionnel) : champ du certificat à utiliser pour identifier pour identifier un utilisateur dans l'hôte virtuel du portail < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > < / div >
< / li >
< / ul >
2017-04-13 19:00:28 +02:00
< / div > <!-- EDIT5 SECTION "With Apache" [714 - 2684] -->
2016-10-15 19:57:54 +02:00
2017-03-04 15:38:41 +01:00
< h3 class = "sectionedit6" id = "with_nginx" > With Nginx< / h3 >
< div class = "level3" >
< p >
Enable SSL:
< / p >
< pre class = "code file nginx" > ssl on;
ssl_verify_client optional;
ssl_certificate /etc/letsencrypt/live/my/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my/privkey.pem;
ssl_verify_depth 3;
ssl_client_certificate /etc/nginx/ssl/ca.pem;
ssl_crl /etc/nginx/ssl/crl/my.crl;< / pre >
< p >
You must also export SSL_CLIENT_S_< abbr title = "Distinguished Name" > DN< / abbr > _CN in FastCGI params:
< / p >
< pre class = "code file nginx" > map $ssl_client_s_dn $ssl_client_s_dn_cn {
default "";
~/CN=(?< CN> [^/]+) $CN;
}
fastcgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;< / pre >
2017-04-13 19:00:28 +02:00
< / div > <!-- EDIT6 SECTION "With Nginx" [2685 - 3246] -->
2017-03-04 15:38:41 +01:00
< h3 class = "sectionedit7" id = "configuration_of_lemonldapng" > Configuration de LemonLDAP::NG< / h3 >
2016-10-15 19:57:54 +02:00
< div class = "level3" >
< p >
Dans le manager, aller dans < code > Paramètres généraux< / code > > < code > Modules d'authentification< / code > et choisir SSL pour l'authentification.
< / p >
< div class = "notetip" > Vous pouvez ensuite choisir vos modules d'utilisateurs et de mots-de-passe.
< / div >
< p >
Aller ensuite dans < code > Paramètres SSL< / code > :
< / p >
< ul >
< li class = "level1" > < div class = "li" > < strong > Niveau d'authentification< / strong > : niveau d'authentification pour ce module< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Champ extrait du certificat< / strong > : champ du certificat affecté à la variable interne $user< / div >
< / li >
< / ul >
2017-04-13 19:00:28 +02:00
< / div > <!-- EDIT7 SECTION "Configuration of LemonLDAP::NG" [3247 - 3672] -->
2016-10-15 19:57:54 +02:00
2017-03-04 15:38:41 +01:00
< h3 class = "sectionedit8" id = "auto_reloading_ssl_certificates" > Rechargement automatique des certificats SSL< / h3 >
2016-10-15 19:57:54 +02:00
< div class = "level3" >
< p >
Problème connu : de nombreux navigateurs (Firefox, Chrome) enregistrent le fait qu'un certificat n'est pas disponible un certain temps. C'est particulièrement important pour les cartes à puce : lorsqu'elle n'est pas insérée avant que le navigateur ne démarre, l'utilisateur doit redémarrer ce dernier, ou au moins recharger la page (F5).
< / p >
< p >
Il est possible d'éviter ceci avec un code AJAX et 3 "locations" Apache.
< / p >
< p >
1. Modifier l'hôte virtuel du portail comme suit :
< / p >
< pre class = "code file apache" > < span class = "kw1" > SSLEngine< / span > < span class = "kw2" > On< / span >
< span class = "kw1" > SSLCACertificateFile< / span > /etc/apache2/ssl/ca.crt
< span class = "kw1" > SSLCertificateKeyFile< / span > /etc/apache2/ssl/lemonldap.key
< span class = "kw1" > SSLCertificateFile< / span > /etc/apache2/ssl/lemonldap.crt
< span class = "kw1" > SSLVerifyDepth< / span > < span class = "nu0" > 10< / span >
< span class = "kw1" > SSLOptions< / span > +StdEnvVars
< span class = "kw1" > SSLUserName< / span > SSL_CLIENT_S_DN_CN
< span class = "co1" > # DocumentRoot< / span >
< span class = "kw1" > DocumentRoot< / span > /var/lib/lemonldap-ng/portal/
< < span class = "kw3" > Directory< / span > /var/lib/lemonldap-ng/portal/>
< span class = "kw1" > Order< / span > < span class = "kw1" > Deny< / span > ,< span class = "kw1" > Allow< / span >
< span class = "kw1" > Allow< / span > from < span class = "kw2" > all< / span >
< span class = "kw1" > Options< / span > +ExecCGI +< span class = "kw2" > FollowSymLinks< / span >
< span class = "kw1" > SSLVerifyClient< / span > < span class = "kw2" > none< / span >
< /< span class = "kw3" > Directory< / span > >
< < span class = "kw3" > Location< / span > /index>
< span class = "kw1" > Order< / span > < span class = "kw1" > Deny< / span > ,< span class = "kw1" > Allow< / span >
< span class = "kw1" > Allow< / span > from < span class = "kw2" > all< / span >
< span class = "kw1" > SSLVerifyClient< / span > < span class = "kw2" > none< / span >
< /< span class = "kw3" > Location< / span > >
< < span class = "kw3" > Location< / span > /testssl>
< span class = "kw1" > Order< / span > < span class = "kw1" > Deny< / span > ,< span class = "kw1" > Allow< / span >
< span class = "kw1" > Allow< / span > from < span class = "kw2" > all< / span >
< span class = "kw1" > SSLVerifyClient< / span > < span class = "kw1" > require< / span >
< /< span class = "kw3" > Location< / span > >
< span class = "kw1" > Alias< / span > /sslok /var/lib/lemonldap-ng/portal
< < span class = "kw3" > Location< / span > /sslok>
< span class = "kw1" > Order< / span > < span class = "kw1" > Deny< / span > ,< span class = "kw1" > Allow< / span >
< span class = "kw1" > Allow< / span > from < span class = "kw2" > all< / span >
< span class = "kw1" > SSLVerifyClient< / span > < span class = "kw1" > require< / span >
< /< span class = "kw3" > Location< / span > > < / pre >
< ul >
< li class = "level1" > < div class = "li" > /index/ est une page non protégée pour afficher un bouton de test SSL< / div >
< / li >
< li class = "level1" > < div class = "li" > /testssl/ est une page protégée par SSL qui vérifie le certificat< / div >
< / li >
< li class = "level1" > < div class = "li" > /sslok/ est le nouveau portail LemonLDAP::NG. Il faut declarer la nouvelle url dans le manager : Portail → < abbr title = "Uniform Resource Locator" > URL< / abbr > : < a href = "https://auth.example.com/sslok/" class = "urlextern" title = "https://auth.example.com/sslok/" rel = "nofollow" > https://auth.example.com/sslok/< / a > < / div >
< / li >
< / ul >
< p >
2. Il faut ensuite construire la page Ajax, par exemple dans /index/bouton.html. Ça ressemble à :
< / p >
< pre class = "code file html4strict" > < span class = "sc2" > < < a href = "http://december.com/html/4/element/body.html" > < span class = "kw2" > body< / span > < / a > > < / span >
< span class = "sc2" > < < a href = "http://december.com/html/4/element/script.html" > < span class = "kw2" > script< / span > < / a > < span class = "kw3" > src< / span > < span class = "sy0" > =< / span > < span class = "st0" > "./jquery-2.1.4.min.js"< / span > < span class = "kw3" > type< / span > < span class = "sy0" > =< / span > < span class = "st0" > "text/javascript"< / span > > < / span > < span class = "sc2" > < < span class = "sy0" > /< / span > < a href = "http://december.com/html/4/element/script.html" > < span class = "kw2" > script< / span > < / a > > < / span >
< span class = "sc-1" > < !--< script src="./jquery-ui-1.8-rass.js" type="text/javascript"> < /script> --> < / span >
< span class = "sc2" > < < a href = "http://december.com/html/4/element/a.html" > < span class = "kw2" > a< / span > < / a > < span class = "kw3" > href< / span > < span class = "sy0" > =< / span > < span class = "st0" > "http://www.google.fr"< / span > < span class = "kw3" > class< / span > < span class = "sy0" > =< / span > < span class = "st0" > "enteteBouton"< / span > < span class = "kw3" > id< / span > < span class = "sy0" > =< / span > < span class = "st0" > "continuerButton"< / span > > < < a href = "http://december.com/html/4/element/img.html" > < span class = "kw2" > img< / span > < / a > < span class = "kw3" > src< / span > < span class = "sy0" > =< / span > authent.png> < < span class = "sy0" > /< / span > < a href = "http://december.com/html/4/element/a.html" > < span class = "kw2" > a< / span > < / a > > < / span >
< span class = "sc2" > < < a href = "http://december.com/html/4/element/script.html" > < span class = "kw2" > script< / span > < / a > > < / span >
$('.enteteBouton').click( function (e) {
var b=navigator.userAgent.toLowerCase();
if(b.indexOf("msie")!==-1){
document.execCommand("ClearAuthenticationCache")
}
e.preventDefault();
$.ajax({
url:"https://auth.example.com/testssl",
beforeSend:function(){},
type:"GET",
dataType:"html",
success:function(c,a){
if (c !== "") {
alert("Carte OK");
window.location.href = "https://auth.example.com/sslok/";
}
else {
alert('Carte KO');
}
},
error:function (xhr, ajaxOptions, thrownError){
if(xhr.status==404) {
alert("Carte OK");
window.location.href = "https://auth.example.com/sslok/";
}
else {
alert('Carte KO');
}
},
complete:function(c,a){}
});
});
< span class = "sc2" > < < span class = "sy0" > /< / span > < a href = "http://december.com/html/4/element/script.html" > < span class = "kw2" > script< / span > < / a > > < / span >
< span class = "sc2" > < < span class = "sy0" > /< / span > < a href = "http://december.com/html/4/element/body.html" > < span class = "kw2" > body< / span > < / a > > < / span > < / pre >
2017-04-13 19:00:28 +02:00
< div class = "notewarning" > It is incompatible with authentication combination because of Apache parameter “SSLVerifyClient”, which must have the value “require”. To enable SSL with < a href = "authcombination.html" class = "wikilink1" title = "documentation:2.0:authcombination" > Combination< / a > , use < a href = "#ssl_by_ajax" title = "documentation:2.0:authssl ↵" class = "wikilink1" > SSL by Ajax< / a >
2016-10-15 19:57:54 +02:00
< / div >
2017-04-13 19:00:28 +02:00
< / div > <!-- EDIT8 SECTION "Auto reloading SSL Certificates" [3673 - 6936] -->
< h2 class = "sectionedit9" id = "ssl_by_ajax" > SSL by Ajax< / h2 >
< div class = "level2" >
< p >
If you enable this feature, you must configure 2 portal virtual hosts:
< / p >
< ul >
< li class = "level1" > < div class = "li" > the main < em > (which corresponds to portal < abbr title = "Uniform Resource Locator" > URL< / abbr > )< / em > with < code > SSLVerifyClient none< / code > < / div >
< / li >
< li class = "level1" > < div class = "li" > the second with < code > SSLVerifyClient require< / code > and a < code > Header set Allow-Control-Allow-Origin https://portal-main-url< / code > < / div >
< / li >
< / ul >
< p >
then declare the second < abbr title = "Uniform Resource Locator" > URL< / abbr > in SSL options in the Manager. That's all ! Then you can chain it in a < a href = "authcombination.html" class = "wikilink1" title = "documentation:2.0:authcombination" > combination< / a > .
< / p >
< / div > <!-- EDIT9 SECTION "SSL by Ajax" [6937 - ] -->
2016-10-15 19:57:54 +02:00
< / div >
< / body >
< / html >