2.0版本使用AI开发了前端面板dashboard,增加了如下功能:
1.通过dashboard可以快速添加需要监控的URL,并立即生效。
2.将告警列表同步到dashboard中,可快速查看是否有告警
3.前端采用用户名+密码+图形码登录
4.前端的用户名,密码可以在docker-compose.yml中自定义。
5.容器端口暴露了前端面板48080,prometheus49090,grafana 43000
6.证书监控间隔支持自定义,默认为180s,监控超时30s
7.支持在面板上,删除URL目标,修改URL目标,禁用URL目标
8.证书有效期小于30天,中危告警,证书有效期低于7天,高危告警
9.支持公网域名证书
10.支持内网IP证书,内网域名证书等
11.告警是通过alertmanager进行推送,请自行配置邮箱告警或飞书、钉钉告警等
注:docker-compose 里面grafana和dashboard的密码均为弱密码,如有安全要求,请自行修改强密码。
1.安装部署
bash
git clone https://github.com/eagle-qi/ssl-cert-monitoring.git
cd ssl-cert-monitoring
docker-compose up -d --build
2.登录前端
2.1登录页面
2.2仪表盘
2.3证书列表
2.4告警管理
2.5目标管理
2.6添加目标
2.7删除目标,修改目标,禁用目标均可以在面板上操作
3.登录grafana证书监控
如果您习惯使用grafana,我做了一款dashboard SSL证书监控看板,可以查看证书有效期
3.1查看SSL证书监控看板
3.2查看SSL证书告警规则
3.3查看SSL证书监控告警规则文件
bash
cat ssl_cert_alerts.yml
# Alert Rules for SSL Certificate Monitoring
# Save this to: prometheus/ssl_cert_alerts.yml
groups:
- name: ssl_cert_alerts
interval: 30s
rules:
# Alert when certificate check fails (连接失败)
- alert: SSLCertCheckFailed
expr: ssl_cert_check_success == 0
for: 1m
labels:
severity: warning
alert_type: ssl_cert
annotations:
summary: "SSL证书检查失败 - {{ $labels.hostname }}"
description: "无法获取 {{ $labels.hostname }}:{{ $labels.port }} 的SSL证书. 负责人: {{ $labels.owner }}"
owner: "{{ $labels.owner }}"
service: "{{ $labels.service_name }}"
# Alert when certificate expires in 30 days (使用自定义exporter指标)
- alert: SSLCertExpiringWarning
expr: (ssl_cert_not_after_timestamp - time()) / 86400 < 30 and ssl_cert_check_success == 1
for: 5m
labels:
severity: warning
alert_type: ssl_cert
annotations:
summary: "SSL证书即将过期 - {{ $labels.hostname }}"
description: "{{ $labels.hostname }} ({{ $labels.service_name }}) 证书将在 {{ $value | humanizeDuration }} 后过期. 负责人: {{ $labels.owner }}"
owner: "{{ $labels.owner }}"
service: "{{ $labels.service_name }}"
env: "{{ $labels.env }}"
# Alert when certificate expires in 7 days (严重)
- alert: SSLCertExpiringCritical
expr: (ssl_cert_not_after_timestamp - time()) / 86400 < 7 and ssl_cert_check_success == 1
for: 2m
labels:
severity: critical
alert_type: ssl_cert
annotations:
summary: "SSL证书严重警告 - {{ $labels.hostname }}"
description: "{{ $labels.hostname }} ({{ $labels.service_name }}) 证书将在 {{ $value | humanizeDuration }} 后过期! 请立即处理! 负责人: {{ $labels.owner }}"
owner: "{{ $labels.owner }}"
service: "{{ $labels.service_name }}"
env: "{{ $labels.env }}"
# Alert when certificate has expired
- alert: SSLCertExpired
expr: ssl_cert_not_after_timestamp < time() and ssl_cert_check_success == 1
for: 1m
labels:
severity: critical
alert_type: ssl_cert
annotations:
summary: "SSL证书已过期 - {{ $labels.hostname }}"
description: "{{ $labels.hostname }} ({{ $labels.service_name }}) 证书已过期! 请立即更新! 负责人: {{ $labels.owner }}"
owner: "{{ $labels.owner }}"
service: "{{ $labels.service_name }}"
env: "{{ $labels.env }}"