From 1151934a988f1497d6bac0e1dc087a686556fa53 Mon Sep 17 00:00:00 2001
From: Joe Pitt <joe.pitt@jisc.ac.uk>
Date: Mon, 11 May 2026 10:53:52 +0100
Subject: [PATCH 1/2] feat: manage apache/php temp files

---
 docker-compose-dev.yml                     | 7 +++++--
 docker-compose-ha.yml                      | 7 +++++--
 docker-compose-shibb.yml                   | 7 +++++--
 docker-compose.yml                         | 7 +++++--
 misp-web/scripts/misp_maintenance_jobs.ini | 9 ++++++++-
 pages/changelog.md                         | 6 +++++-
 pages/dev/misp-web.md                      | 3 ++-
 pages/dev/misp-workers.md                  | 3 ++-
 8 files changed, 37 insertions(+), 12 deletions(-)

diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
index 81c3421..cb9cfd0 100644
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2023-2024 Jisc Services Limited
+# SPDX-FileCopyrightText: 2023-2026 Jisc Services Limited
 # SPDX-FileContributor: Joe Pitt
 #
 # SPDX-License-Identifier: GPL-3.0-only
@@ -76,6 +76,7 @@ services:
       - ${HTTPS_PORT:-443}:443
     restart: unless-stopped
     volumes:
+      - web_temp:/tmp
       - ./persistent/${COMPOSE_PROJECT_NAME}/data/:/var/www/MISPData
       - ./persistent/${COMPOSE_PROJECT_NAME}/gpg/:/var/www/MISPGnuPG
       - ./persistent/${COMPOSE_PROJECT_NAME}/tls/:/etc/ssl/private
@@ -90,7 +91,9 @@ services:
     image: jisccti/misp-workers-dev:latest
     restart: unless-stopped
     volumes:
+      - web_temp:/tmp/misp-web
       - ./persistent/${COMPOSE_PROJECT_NAME}/data/:/var/www/MISPData
       - ./persistent/${COMPOSE_PROJECT_NAME}/gpg/:/var/www/MISPGnuPG
 volumes:
-  modules_cache:
\ No newline at end of file
+  modules_cache:
+  web_temp:
\ No newline at end of file
diff --git a/docker-compose-ha.yml b/docker-compose-ha.yml
index 4f9f103..7c18a0b 100644
--- a/docker-compose-ha.yml
+++ b/docker-compose-ha.yml
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2023-2025 Jisc Services Limited
+# SPDX-FileCopyrightText: 2023-2026 Jisc Services Limited
 # SPDX-FileContributor: Joe Pitt
 #
 # SPDX-License-Identifier: GPL-3.0-only
@@ -85,6 +85,7 @@ services:
     image: jisccti/misp-web:latest
     restart: unless-stopped
     volumes:
+      - web_temp:/tmp
       #- /etc/letsencrypt/archive/MISP:/etc/letsencrypt/archive/MISP:ro
       #- /etc/letsencrypt/live/MISP:/etc/letsencrypt/live/MISP:ro
       - ./persistent/${COMPOSE_PROJECT_NAME}/custom/:/opt/misp_custom
@@ -102,8 +103,10 @@ services:
     image: jisccti/misp-workers:latest
     restart: unless-stopped
     volumes:
+      - web_temp:/tmp/misp-web
       - ./persistent/${COMPOSE_PROJECT_NAME}/custom/:/opt/misp_custom
       - ./persistent/${COMPOSE_PROJECT_NAME}/data/:/var/www/MISPData
       - ./persistent/${COMPOSE_PROJECT_NAME}/gpg/:/var/www/MISPGnuPG
 volumes:
-  modules_cache:
\ No newline at end of file
+  modules_cache:
+  web_temp:
\ No newline at end of file
diff --git a/docker-compose-shibb.yml b/docker-compose-shibb.yml
index 735b152..2a1719d 100644
--- a/docker-compose-shibb.yml
+++ b/docker-compose-shibb.yml
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2023-2025 Jisc Services Limited
+# SPDX-FileCopyrightText: 2023-2026 Jisc Services Limited
 # SPDX-FileContributor: Joe Pitt
 #
 # SPDX-License-Identifier: GPL-3.0-only
@@ -79,6 +79,7 @@ services:
       - ${HTTPS_PORT:-443}:443
     restart: unless-stopped
     volumes:
+      - web_temp:/tmp
       #- /etc/letsencrypt/archive/MISP:/etc/letsencrypt/archive/MISP:ro
       #- /etc/letsencrypt/live/MISP:/etc/letsencrypt/live/MISP:ro
       - ./persistent/${COMPOSE_PROJECT_NAME}/custom/:/opt/misp_custom
@@ -98,6 +99,7 @@ services:
     image: jisccti/misp-workers:latest
     restart: unless-stopped
     volumes:
+      - web_temp:/tmp/misp-web
       - ./persistent/${COMPOSE_PROJECT_NAME}/custom/:/opt/misp_custom
       - ./persistent/${COMPOSE_PROJECT_NAME}/data/:/var/www/MISPData
       - ./persistent/${COMPOSE_PROJECT_NAME}/gpg/:/var/www/MISPGnuPG
@@ -116,4 +118,5 @@ services:
       - ./persistent/${COMPOSE_PROJECT_NAME}/shibb/logs:/var/log/shibboleth
       - ./persistent/${COMPOSE_PROJECT_NAME}/shibb/run:/run/shibboleth
 volumes:
-  modules_cache:
\ No newline at end of file
+  modules_cache:
+  web_temp:
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 395e46e..83950cb 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2023-2025 Jisc Services Limited
+# SPDX-FileCopyrightText: 2023-2026 Jisc Services Limited
 # SPDX-FileContributor: Joe Pitt
 #
 # SPDX-License-Identifier: GPL-3.0-only
@@ -77,6 +77,7 @@ services:
       - ${HTTPS_PORT:-443}:443
     restart: unless-stopped
     volumes:
+      - web_temp:/tmp
       #- /etc/letsencrypt/archive/MISP:/etc/letsencrypt/archive/MISP:ro
       #- /etc/letsencrypt/live/MISP:/etc/letsencrypt/live/MISP:ro
       - ./persistent/${COMPOSE_PROJECT_NAME}/custom/:/opt/misp_custom
@@ -94,8 +95,10 @@ services:
     image: jisccti/misp-workers:latest
     restart: unless-stopped
     volumes:
+      - web_temp:/tmp/misp-web
       - ./persistent/${COMPOSE_PROJECT_NAME}/custom/:/opt/misp_custom
       - ./persistent/${COMPOSE_PROJECT_NAME}/data/:/var/www/MISPData
       - ./persistent/${COMPOSE_PROJECT_NAME}/gpg/:/var/www/MISPGnuPG
 volumes:
-  modules_cache:
\ No newline at end of file
+  modules_cache:
+  web_temp:
\ No newline at end of file
diff --git a/misp-web/scripts/misp_maintenance_jobs.ini b/misp-web/scripts/misp_maintenance_jobs.ini
index d3cefde..7883ac2 100644
--- a/misp-web/scripts/misp_maintenance_jobs.ini
+++ b/misp-web/scripts/misp_maintenance_jobs.ini
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2023 Jisc Services Limited
+# SPDX-FileCopyrightText: 2023-2026 Jisc Services Limited
 # SPDX-FileContributor: Joe Pitt
 #
 # SPDX-License-Identifier: GPL-3.0-only
@@ -9,6 +9,13 @@ baseurl = hxxp://misp-web
 debug = False
 verifytls = False
 
+[cleanup_temp_files]
+command = /usr/bin/find /tmp/misp-web/ -type f -mmin +120 -delete
+enabled = True
+interval = 60
+lastrun = 0
+needsauthkey = False
+
 [rotate_logs]
 command = /var/www/MISP/venv/bin/python3 /opt/scripts/rotate_logs.py
 enabled = True
diff --git a/pages/changelog.md b/pages/changelog.md
index 6ea0b60..ee4ca05 100644
--- a/pages/changelog.md
+++ b/pages/changelog.md
@@ -1,5 +1,5 @@
 <!--
-SPDX-FileCopyrightText: 2025 Jisc Services Limited
+SPDX-FileCopyrightText: 2025-2026 Jisc Services Limited
 SPDX-FileContributor: Joe Pitt
 
 SPDX-License-Identifier: GPL-3.0-only
@@ -8,6 +8,10 @@ SPDX-License-Identifier: GPL-3.0-only
 
 This page tracks significant changes to the images.
 
+## May 2026 - MISP >=2.5.37
+
+* Made MISP-Web `/tmp` directory a volume and added task to delete stale temporary files
+
 ## December 2025 - MISP >=2.5.27
 
 * Updated images to use PHP 8.5
diff --git a/pages/dev/misp-web.md b/pages/dev/misp-web.md
index 255e850..f294ef4 100644
--- a/pages/dev/misp-web.md
+++ b/pages/dev/misp-web.md
@@ -1,5 +1,5 @@
 <!--
-SPDX-FileCopyrightText: 2024-2025 Jisc Services Limited
+SPDX-FileCopyrightText: 2024-2026 Jisc Services Limited
 SPDX-FileContributor: Joe Pitt
 SPDX-FileContributor: James Ellor
 
@@ -89,5 +89,6 @@ The image uses the following volumes:
 | Mount Point | Purpose |
 |-------------|---------|
 | /etc/ssl/private/ | Holds the TLS certificate (and chain) (`misp.crt`) and the private key (`misp.key`) used to serve MISP over HTTPS. |
+| /tmp | Holds Apache and PHP temporary files. |
 | /var/www/MISPData | Holds the instance specific data which needs to be persisted between updates and container recreations. |
 | /var/www/MISPGnuPG | Holds the GPG/PGP key chain used by MISP for email signing and encryption. |
diff --git a/pages/dev/misp-workers.md b/pages/dev/misp-workers.md
index b3c47bb..e776051 100644
--- a/pages/dev/misp-workers.md
+++ b/pages/dev/misp-workers.md
@@ -1,5 +1,5 @@
 <!--
-SPDX-FileCopyrightText: 2024-2025 Jisc Services Limited
+SPDX-FileCopyrightText: 2024-2026 Jisc Services Limited
 SPDX-FileContributor: Joe Pitt
 SPDX-FileContributor: James Ellor
 
@@ -44,5 +44,6 @@ The image uses the following volumes:
 
 | Mount Point | Purpose |
 |-------------|---------|
+| /tmp/misp-web | Holds Apache and PHP temporary files from misp-web. |
 | /var/www/MISPData | Holds the instance specific data which needs to be persisted between updates and container recreations. |
 | /var/www/MISPGnuPG | Holds the GPG/PGP key chain used by MISP for email signing and encryption. |

From 1cb5f3c6d207dfbb4b3dad69f9d7054f3506b17d Mon Sep 17 00:00:00 2001
From: Joe Pitt <joe.pitt@jisc.ac.uk>
Date: Tue, 12 May 2026 13:48:23 +0100
Subject: [PATCH 2/2] docs: clarify temp file cleanup

---
 pages/changelog.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pages/changelog.md b/pages/changelog.md
index ee4ca05..d644012 100644
--- a/pages/changelog.md
+++ b/pages/changelog.md
@@ -10,7 +10,8 @@ This page tracks significant changes to the images.
 
 ## May 2026 - MISP >=2.5.37
 
-* Made MISP-Web `/tmp` directory a volume and added task to delete stale temporary files
+* Made MISP-Web `/tmp` directory a volume and added task to delete stale temporary files - requires
+    updating `docker-compose.yml` and `misp_maintenance_jobs.ini` to activate
 
 ## December 2025 - MISP >=2.5.27