AI+运维提效，ssl-cert-monitoring（SSL证书监控系统）2.0开发完毕

2.0版本使用AI开发了前端面板dashboard，增加了如下功能：

1.通过dashboard可以快速添加需要监控的URL，并立即生效。

2.将告警列表同步到dashboard中，可快速查看是否有告警

3.前端采用用户名+密码+图形码登录

4.前端的用户名，密码可以在docker-compose.yml中自定义。

5.容器端口暴露了前端面板48080，prometheus49090，grafana 43000

6.证书监控间隔支持自定义，默认为180s，监控超时30s

7.支持在面板上，删除URL目标，修改URL目标，禁用URL目标

8.证书有效期小于30天，中危告警，证书有效期低于7天，高危告警

9.支持公网域名证书

10.支持内网IP证书，内网域名证书等

11.告警是通过alertmanager进行推送，请自行配置邮箱告警或飞书、钉钉告警等

注：docker-compose 里面grafana和dashboard的密码均为弱密码，如有安全要求，请自行修改强密码。

1.安装部署

bash 复制代码

git clone https://github.com/eagle-qi/ssl-cert-monitoring.git
cd ssl-cert-monitoring
docker-compose up -d --build

2.登录前端

2.1登录页面

2.2仪表盘

2.3证书列表

2.4告警管理

2.5目标管理

2.6添加目标

2.7删除目标，修改目标，禁用目标均可以在面板上操作

3.登录grafana证书监控

如果您习惯使用grafana，我做了一款dashboard SSL证书监控看板，可以查看证书有效期

3.1查看SSL证书监控看板

3.2查看SSL证书告警规则

3.3查看SSL证书监控告警规则文件

bash 复制代码

cat ssl_cert_alerts.yml

# Alert Rules for SSL Certificate Monitoring
# Save this to: prometheus/ssl_cert_alerts.yml

groups:
  - name: ssl_cert_alerts
    interval: 30s
    rules:
      # Alert when certificate check fails (连接失败)
      - alert: SSLCertCheckFailed
        expr: ssl_cert_check_success == 0
        for: 1m
        labels:
          severity: warning
          alert_type: ssl_cert
        annotations:
          summary: "SSL证书检查失败 - {{ $labels.hostname }}"
          description: "无法获取 {{ $labels.hostname }}:{{ $labels.port }} 的SSL证书. 负责人: {{ $labels.owner }}"
          owner: "{{ $labels.owner }}"
          service: "{{ $labels.service_name }}"

      # Alert when certificate expires in 30 days (使用自定义exporter指标)
      - alert: SSLCertExpiringWarning
        expr: (ssl_cert_not_after_timestamp - time()) / 86400 < 30 and ssl_cert_check_success == 1
        for: 5m
        labels:
          severity: warning
          alert_type: ssl_cert
        annotations:
          summary: "SSL证书即将过期 - {{ $labels.hostname }}"
          description: "{{ $labels.hostname }} ({{ $labels.service_name }}) 证书将在 {{ $value | humanizeDuration }} 后过期. 负责人: {{ $labels.owner }}"
          owner: "{{ $labels.owner }}"
          service: "{{ $labels.service_name }}"
          env: "{{ $labels.env }}"

      # Alert when certificate expires in 7 days (严重)
      - alert: SSLCertExpiringCritical
        expr: (ssl_cert_not_after_timestamp - time()) / 86400 < 7 and ssl_cert_check_success == 1
        for: 2m
        labels:
          severity: critical
          alert_type: ssl_cert
        annotations:
          summary: "SSL证书严重警告 - {{ $labels.hostname }}"
          description: "{{ $labels.hostname }} ({{ $labels.service_name }}) 证书将在 {{ $value | humanizeDuration }} 后过期! 请立即处理! 负责人: {{ $labels.owner }}"
          owner: "{{ $labels.owner }}"
          service: "{{ $labels.service_name }}"
          env: "{{ $labels.env }}"

      # Alert when certificate has expired
      - alert: SSLCertExpired
        expr: ssl_cert_not_after_timestamp < time() and ssl_cert_check_success == 1
        for: 1m
        labels:
          severity: critical
          alert_type: ssl_cert
        annotations:
          summary: "SSL证书已过期 - {{ $labels.hostname }}"
          description: "{{ $labels.hostname }} ({{ $labels.service_name }}) 证书已过期! 请立即更新! 负责人: {{ $labels.owner }}"
          owner: "{{ $labels.owner }}"
          service: "{{ $labels.service_name }}"
          env: "{{ $labels.env }}"