presentation 1
TRANSCRIPT
![Page 1: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/1.jpg)
1
![Page 2: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/2.jpg)
2
Table of content Introduction Installation Verifying installation Httpd.conf Instances Virtual Hosts Security Tuning Plug-in installation Trouble shooting Uninstalling
![Page 3: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/3.jpg)
3
Introduction to Web Server
A computer program that is responsible for accepting HTTP requests from clients (user agents such as web browsers), and serving them HTTP responses along with optional data contents, which usually are web pages such as HTML documents and linked objects (images, etc.).
Common features Http HTTPS support Logging Authentication Handling of static content Content compression Virtual hosting Large file support
![Page 4: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/4.jpg)
4
![Page 5: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/5.jpg)
5
Historical notes
The world's first web server.
In 1989 Tim Berners-Lee proposed to his employer CERN (European Organization for Nuclear Research) a new project, which had the goal of easing the exchange of information between scientists by using a hypertext system. As a result of the implementation of this project, in 1990 Berners-Lee wrote two programs:
* a browser called WorldWideWeb; * the world's first web server, later known as CERN HTTPd,
which ran on NeXTSTEP.
![Page 6: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/6.jpg)
6
IBM HTTP Server Installation
![Page 7: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/7.jpg)
7
License Agreement
![Page 8: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/8.jpg)
8
Installation Directory
![Page 9: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/9.jpg)
9
Setup Types
![Page 10: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/10.jpg)
10
Make IHS as Windows Service
![Page 11: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/11.jpg)
11
Showing Info Before Instalation
![Page 12: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/12.jpg)
12
Installing…………
![Page 13: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/13.jpg)
13
Installation Completed.
![Page 14: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/14.jpg)
14
IHS Home Dir
![Page 15: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/15.jpg)
15
Start/Stop/Restart HTTP server
In Windows Start the command prompt
e.g.: Start Run Type CMD Enter Go to Http server Bin directory (c:\program files\IBM HTTP Server\
bin\) Use apache.exe to start/stop/restart as below
e.g.: To startapache.exe start To Stop apache.exe stopTo Restart apache.exe restart
In Unix
# /usr/IBMIHS/bin/apachectl start # /usr/IBMIHS/bin/apachectl stop
![Page 16: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/16.jpg)
16
Verifying Web server Installation
![Page 17: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/17.jpg)
17
Verifying Logs post installation
![Page 18: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/18.jpg)
18
Httpd.conf
IHS is configured by placing directives in plain text configuration files. The main configuration file is usually called httpd.conf. The location of this file is set at compile-time, but may be overridden with the -f command line flag. In addition, other configuration files may be added using the Include directive. Any directive may be placed in any of these configuration files. Changes to the main configuration files are only recognized by Apache when it is started or restarted.
Directives in the configuration files are case-insensitive, but arguments to directives are often case sensitive. Lines which begin with the hash character "#" are considered comments, and are ignored. Comments may not be included on a line after a configuration directive. Blank lines and white space occurring before a directive are ignored, so you may indent directives for clarity.
You can check your configuration files for syntax errors without starting the server by using apachectl configtest or the -t command line option.
E.g: # /opt/IBMIHS/bin/apachectl -t /opt/IBMIHS/conf/ins1.conf c:\program files\IBM http server\conf\apache.exe -t opt/IBMIHS/conf/ins1.conf
![Page 19: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/19.jpg)
19
Httpd.conf The Apache HTTP Server configuration file is /etc/httpd/conf/httpd.conf.
The httpd.conf file is well-commented and mostly self-explanatory. Its default configuration works for most situations; however, it is a good idea to become familiar some of the more important configuration options.
Section 1: Global Environment ServerType standalone ServerRoot "/etc/httpd" PidFile /var/run/httpd.pid ResourceConfig /dev/null AccessConfig /dev/null Timeout 300 KeepAlive On MaxKeepAliveRequests 0 KeepAliveTimeout 15 MinSpareServers 16 MaxSpareServers 64 StartServers 16 MaxClients 512 MaxRequestsPerChild 100000
![Page 20: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/20.jpg)
20
Httpd.confPort 80
<IfDefine SSL> Listen 80 Listen 443 </IfDefine>
User www Group www ServerAdmin [email protected] ServerName www.openna.com DocumentRoot "/home/httpd/ona“
<Directory "/home/httpd/ona"> Options None AllowOverride None Order allow,deny Allow from all </Directory>
![Page 21: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/21.jpg)
21
Httpd.conf<IfModule mod_dir.c>
DirectoryIndex index.htm index.html index.php index.php3 default.html index.cgi
</IfModule>
#<IfModule mod_include.c> #Include conf/mmap.conf #</IfModule>
ErrorLog /var/log/httpd/error_log LogLevel warn LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%
{User-Agent}i\"" combined SetEnvIf Request_URI \.gif$ gif-image CustomLog /var/log/httpd/access_log combined env=!gif-image
ErrorDocument 500 "The server made a boo boo. ErrorDocument 404 http://192.168.1.1/error.htm ErrorDocument 403 "Access Forbidden -- Go away.
![Page 22: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/22.jpg)
22
Httpd.conf <IfModule mod_setenvif.c> BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 </IfModule> httpd.conf
![Page 23: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/23.jpg)
23
To create New IHS Instance
In IBM HTTP server we can create multiple web instances by coping the httpd.config file .To start the instance use the –f option as belowSyntax: apachectl -k $action -f <path_to_configuration_file>
apache.exe -k $action -f <path_to_configuration_file>
Action Start/stop/restart
For example, the apachectl command is not in your PATH, the IBM HTTP Server installation directory is /opt/IBMIHS, and an alternate configuration file, /opt/IBMIHS/conf/ins1.conf, is used:
E.g: # /opt/IBMIHS/bin/apachectl -k start -f /opt/IBMIHS/conf/ins1.conf c:\program files\IBM http server\conf\apache.exe -k stop -f
opt/IBMIHS/conf/ins1.conf
![Page 24: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/24.jpg)
24
Virtual Host The term Virtual Host refers to the practice of maintaining
more than one server on one machine, as differentiated by their apparent hostname. For example, it is often desirable for companies sharing a web server to have their own domains, with web servers accessible as www.company1.com and www.company2.com, without requiring the user to know any extra path information.
Apache was one of the first servers to support IP-based virtual hosts right out of the box. Versions 1.1 and later of Apache support both, IP-based and name-based virtual hosts (vhosts).
Running several name-based web sites on a single IP address.
Your server has a single IP address, and multiple aliases (CNAMES) point to this machine in DNS. You want to run a web server for www.example1.com and www.example2.org on this machine.
![Page 25: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/25.jpg)
25
Configuring VHOST Add the below syntax on the httpd.conf to configure virtual host on
your IHS webserver
<VirtualHost addr[:port] [addr[:port]] ...> …………
………… </VirtualHost>
e.g:# Listen for virtual host requests on all IP addressesNameVirtualHost *:80
<VirtualHost *:80>DocumentRoot /www/example1ServerName www.example1.com
# Other directives here
</VirtualHost>
![Page 26: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/26.jpg)
26
Example for VHOST Simple name-based vhosting
Setup: The server machine has a primary name server.domain.tld. There are two aliases (CNAMEs) www.domain.tld and www.sub.domain.tld for the address server.domain.tld.
Server configuration: ... Port 80 ServerName server.domain.tld
NameVirtualHost *:80
<VirtualHost *:80> DocumentRoot /www/domain ServerName www.domain.tld
</VirtualHost> <VirtualHost *:80> DocumentRoot /www/subdomain ServerName www.sub.domain.tld
</VirtualHost>
The asterisks match all addresses, so the main server serves no requests. Due to the fact that www.domain.tld is first in the configuration file, it has the highest priority and can be seen as the default or primary server.
![Page 27: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/27.jpg)
27
Authentication Types
HTTP Basic Authentication
HTTP Digest Authentication
HTTPS Client Authentication
Integrating OS Authentication
![Page 28: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/28.jpg)
28
HTTP Basic Authentication
HTTP Basic Authentication, which is based on a username and password, is the authentication mechanism defined in the HTTP/1.0 specification. A web server requests a web client to authenticate the user. As part of the request, the web server passes the realm (a string) in which the user is to be authenticated. The web client obtains the username and the password from the user and transmits them to the web server. The web server then authenticates the user in the specified realm.
Basic Authentication is not a secure authentication protocol. User passwords are sent in simple base64 ENCODING (not ENCRYPTED !), and the target server is not authenticated
![Page 29: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/29.jpg)
29
HTTP Digest Authentication
Like HTTP Basic Authentication, HTTP Digest Authentication authenticates a user based on a username and a password. However the authentication is performed by transmitting the password in an ENCRYPTED form which is much MORE SECURE than the simple base64 encoding used by Basic Authentication
The advantage of this method is that the cleartext password is protected in transmission, it cannot be determined from the digest that is submitted by the client to the server.
![Page 30: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/30.jpg)
30
HTTPS Client Authentication.
End user authentication using HTTPS (HTTP over SSL) is a strong authentication mechanism. This mechanism requires the user to possess a Public Key Certificate (PKC). Currently, PKCs are useful in e-commerce applications and also for a single-sign-on from within the browser. Servlet containers that are not J2EE technology compliant are not required to support the HTTPS protocol.
Client-certificate authentication is a more secure method of authentication than either BASIC or Digest authentication. It uses HTTP over SSL, in which the server and, optionally, the client authenticate one another with Public Key Certificates. Secure Sockets Layer (SSL) provides data encryption, server authentication, and optional client authentication for a TCP/IP connection. It is issued by a trusted organization, which is called a certificate authority (CA), and provides identification for the bearer. Prior to running an application that uses SSL, you must configure SSL support on the server and set up the public key certificate.
![Page 31: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/31.jpg)
31
Configuring HTTPSThe following steps will guide you through the proper set up of SSL within the
IBM HTTP Server:
1. Confirm that the Global Security Kit (GSKit) is installed and meets the minimum requirements
2. Create a key database file and certificates needed to authenticate the Web server during an SSL handshake
3. Enable SSL directives within the IBM HTTP Server configuration file (httpd.conf)
4. Other considerations when enabling SSL directives within the IBM HTTP Server configuration file (httpd.conf)
![Page 32: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/32.jpg)
32
Verifying GSK1. Confirm that the Global Security Kit is installed and meets the minimum requirements
The Global Security Kit (GSKit) is a required component for the Secure Sockets Layer (SSL) enablement within the IBM HTTP Server. Therefore, it is important to confirm that a supported version of the Global Security Kit is installed prior to enabling SSL.
For a complete listing of IBM HTTP Server releases and corresponding Global Security Kit versions, click IBM HTTP Server: Global Security Kit (GSKit) supported versions.
![Page 33: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/33.jpg)
33
Create a key database file and certificates
![Page 34: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/34.jpg)
34
Create a key database
![Page 35: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/35.jpg)
35
Password For KDB
![Page 36: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/36.jpg)
36
New Self Signed Cert
![Page 37: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/37.jpg)
37
Enter Required Information
![Page 38: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/38.jpg)
38
Example
![Page 39: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/39.jpg)
39
Self signed Cert Is done
![Page 40: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/40.jpg)
40
3 Enable SSL directives within the configuration file
![Page 41: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/41.jpg)
41
Access using Https
![Page 42: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/42.jpg)
42
Double Click the lock to test the cert
![Page 43: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/43.jpg)
43
Check for issued name
![Page 44: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/44.jpg)
44
Tuning IHS
Configure the IBM HTTP Server to show a status page:
Edit the IBM HTTP Server httpd.conf file and remove the comment character (#) from the following lines in this file:
#LoadModule status_module, modules/ApacheModuleStatus.dll,
#<Location/server-status> #SetHandler server-status #</Location>
Save the changes and restart the IBM HTTP Server. In a Web browser, go to: http://yourhost/server-status.
Alternatively, click Reload to update status. (Optional) If the browser supports refresh, go to
http://your_host/server-status?refresh=5 to refresh every five seconds.
![Page 45: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/45.jpg)
45
Tuning IHS
All of these Web servers allocate a thread to handle each client connection. Ensuring that enough threads are available for the maximum number of concurrent client connections helps prevent this tier from being a bottleneck. The settings for these Web servers can be tuned by making changes to the httpd.conf file on the Web server system.
You can check the IBM HTTP Server error_log file to see if there are any warnings about having reached the maximum number of clients (MaxClients). There are several parameters, depending on the specific operating system platform, that determine the maximum number of clients the Web server supports.
Support thousands of concurrent clients. It is not unusual for a single IBM HTTP Server system to support thousands of concurrent clients. If your requirements are to support more concurrent clients than the number of threads that are supported by the Web server operating system and hardware, consider using multiple Web servers.
![Page 46: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/46.jpg)
46
Tuning IHS
Change the setting on the Web server's Access logging parameter to reduce the load on the Web server. If you do not need to log every access to the Application Server, change the default value of the Web server's Access logging parameter. This change will reduce the load on the Web server.
Modify the settings of the Load balancing option and Retry interval on Web server plug-in properties to improve performance. You can improve the performance of IBM HTTP Server (with the WebSphere Web server plug-in) by modifying the following Web server plug-in configuration properties:
* Load balancing option, which specifies the load balancing option that the plug-in uses in sending requests to the various application servers associated with that Web server.
![Page 47: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/47.jpg)
47
Plug-in installation
![Page 48: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/48.jpg)
48
License Agreement
![Page 49: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/49.jpg)
49
OS Prerequisites Check
![Page 50: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/50.jpg)
50
Select Your Webserver
![Page 51: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/51.jpg)
51
Select Remote or Local
![Page 52: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/52.jpg)
52
Plug-in installation Location
![Page 53: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/53.jpg)
53
If Local –Apps Server Location
![Page 54: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/54.jpg)
54
Location Of HTTPD.Conf
![Page 55: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/55.jpg)
55
Webserver Definition Name
![Page 56: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/56.jpg)
56
Plug-in Location
![Page 57: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/57.jpg)
57
Installation In Progress
![Page 58: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/58.jpg)
58
Plug-in Installation Completed
![Page 59: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/59.jpg)
59
Httpd.conf comparison After and before plug-in installation
![Page 60: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/60.jpg)
60
Troubleshooting IHS
![Page 61: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/61.jpg)
61
Troubleshooting IHS Connection Refused error message
Symptoms of poor server response time If you notice that server CPU utilization appears low, but client requests for static pages take a long time to service, your server may be running out of server threads to handle requests. This situation results when you have more inbound requests than you have Apache threads to handle those requests. New connections queue in the TCP/IP stack listen queue wait for acceptance from an available thread. As a thread becomes available, it accepts and handles a connection off of the listen queue. Connections can take a long time to reach the top of the listen queue. This condition will be logged in a single error message in the error log: v The message on AIX, Linux, Solaris, or HP-UX platforms is: ?Server reached MaxClients setting, consider raising the MaxClients setting? v The message on Windows operating systems is: ?Server ran out
![Page 62: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/62.jpg)
62
Error Messages
Message: SSL0600S: Unable to connect to session ID cache
Reason: The server was not able to connect to the Session ID caching daemon.
Solution: Verify that the daemon was successfully started Message: SSL0701S: The password was not entered. Reason: The password was not entered on the command line. Solution: Rerun the command with the password added. Message: SSL0702S: Password exceeds the allowed
length of 512. Reason: The password that was entered is longer than the
allowed maximum of 512 characters. Solution: Use a shorter password.
![Page 63: Presentation 1](https://reader033.vdocuments.site/reader033/viewer/2022061121/54680e7eb4af9fc0698b4bb5/html5/thumbnails/63.jpg)
63