#!/bin/ksh -e
#
# The purpose of this script is to prime the OCSP cache of nginx.
#
# Ideally, nginx would prime its worker processes ahead of any client request.
# There are two events that ought to trigger this behaviour:
# the server start-up, and each time a cache expires.
#
# In reality, nginx stands still until a client hits a worker process,
# then the specific worker process primes its own cache only.
#
# Therefore, this script can only prime those worker processes that respond:
# if the script hapens to hit the same worker processes,
# the remaining ones will still need to be primed. To solve this problem,
# a stripped version of the script may run as a midnight cron job.
#

fqdn="$1";

if [[ "$fqdn" == "" ]]; then
echo "usage: $0 FQDN";
exit 0;
fi

clearLastLine() {
tput cuu 1 && tput el;
}

echo "Priming nginx's OCSP cache:";
echo "";

_iterations="20";
for (( COUNTER=1; COUNTER<=$_iterations; COUNTER++ )); do
clearLastLine;
echo -n "iteration $COUNTER of $_iterations: ";
fail=true;
while $fail; do
response="$( ./read_ocsp.sh $fqdn 2>&1 | tail -1 )";
if [[ "$response" =~ "OCSP response: no response sent"
|| "$response" == "" ]]; then
echo -n ".";
sleep 6; # wait for the OCSP update
else
echo "OK";
sleep 3;
fail=false;
fi
done
done