mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-12-23 07:27:05 +00:00
Cronjob for cleaning up expired SSL certificates in order to improve page load times with many domains (#2410)
Fixes #2316.
This commit is contained in:
parent
e0b93718a3
commit
18721e42d1
@ -96,3 +96,12 @@ fi
|
|||||||
if [ ! -f "$STORAGE_ROOT/ssl/dh2048.pem" ]; then
|
if [ ! -f "$STORAGE_ROOT/ssl/dh2048.pem" ]; then
|
||||||
openssl dhparam -out "$STORAGE_ROOT/ssl/dh2048.pem" 2048
|
openssl dhparam -out "$STORAGE_ROOT/ssl/dh2048.pem" 2048
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Cleanup expired SSL certificates from $STORAGE_ROOT/ssl daily
|
||||||
|
cat > /etc/cron.daily/mailinabox-ssl-cleanup << EOF;
|
||||||
|
#!/bin/bash
|
||||||
|
# Mail-in-a-Box
|
||||||
|
# Cleanup expired SSL certificates
|
||||||
|
$(pwd)/tools/ssl_cleanup
|
||||||
|
EOF
|
||||||
|
chmod +x /etc/cron.daily/mailinabox-ssl-cleanup
|
||||||
|
17
tools/ssl_cleanup
Executable file
17
tools/ssl_cleanup
Executable file
@ -0,0 +1,17 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# Cleanup SSL certificates which expired more than 7 days ago from $STORAGE_ROOT/ssl and move them to $STORAGE_ROOT/ssl.expired
|
||||||
|
|
||||||
|
source /etc/mailinabox.conf
|
||||||
|
shopt -s extglob
|
||||||
|
|
||||||
|
retain_after="$(date --date="7 days ago" +%Y%m%d)"
|
||||||
|
|
||||||
|
mkdir -p $STORAGE_ROOT/ssl.expired
|
||||||
|
for file in $STORAGE_ROOT/ssl/*-+([0-9])-+([0-9a-f]).pem; do
|
||||||
|
pem="$(basename "$file")"
|
||||||
|
not_valid_after="$(cut -d- -f1 <<< "${pem: -21}")"
|
||||||
|
|
||||||
|
if [ "$not_valid_after" -lt "$retain_after" ]; then
|
||||||
|
mv "$file" "$STORAGE_ROOT/ssl.expired/${pem}"
|
||||||
|
fi
|
||||||
|
done
|
Loading…
Reference in New Issue
Block a user