grafana监控网站SSL
效果
前期准备
网络探测:Blackbox Exporter
https://github.com/prometheus/blackbox_exporter
监控模板
https://grafana.com/grafana/dashboards/13230-certificate-monitor/
安装Blackbox Exporter
找到对应版本
https://github.com/prometheus/blackbox_exporter/releases
可以手动安装。
官方提供了docker镜像。当然选择容器方式。
[root@QwQ home]# cat start-blackbox_exporter.sh
docker run --rm -d -p 9115:9115 --name blackbox_exporter -v blackbox_exporter:/config prom/blackbox-exporter:master --config.file=/config/blackbox.yml
第一启动会创建blackbox_exporter volume因缺少配置文件无法启动。
手动创建一个
[root@QwQ _data]# pwd
/var/lib/docker/volumes/blackbox_exporter/_data
[root@QwQ _data]# cat blackbox.yml
modules:
http_2xx:
prober: http
http_post_2xx:
prober: http
http:
method: POST
tcp_connect:
prober: tcp
pop3s_banner:
prober: tcp
tcp:
query_response:
- expect: "^+OK"
tls: true
tls_config:
insecure_skip_verify: true
grpc:
prober: grpc
grpc:
tls: true
preferred_ip_protocol: "ip4"
grpc_plain:
prober: grpc
grpc:
tls: false
service: "service1"
ssh_banner:
prober: tcp
tcp:
query_response:
- expect: "^SSH-2.0-"
- send: "SSH-2.0-blackbox-ssh-check"
irc_banner:
prober: tcp
tcp:
query_response:
- send: "NICK prober"
- send: "USER prober prober prober :prober"
- expect: "PING :([^ ]+)"
send: "PONG ${1}"
- expect: "^:[^ ]+ 001"
icmp:
prober: icmp
再启动一次。
[root@QwQ _data]# docker ps | grep blackbox
eae2c23696c2 prom/blackbox-exporter:master "/bin/blackbox_expor…" 14 minutes ago Up 14 minutes 0.0.0.0:9115->9115/tcp, :::9115->9115/tcp blackbox_exporter
配置Prometheus
如果你没有部署普罗,那么你可以使用下面命令启动一个。
[root@QwQ _data]# cat /home/start-prome.sh
docker run \
-dit \
-p 8081:9090 \
-v /etc/prometheus:/etc/prometheus \
--net=host \
prom/prometheus
修改配置文件
[root@QwQ _data]# cat /etc/prometheus/prometheus.yml
# my global config
global:
scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
# scrape_timeout is set to the global default (10s).
# Alertmanager configuration
alerting:
alertmanagers:
- static_configs:
- targets:
# - alertmanager:9093
- 14.29.000.00:9093
# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
# - "first_rules.yml"
# - "second_rules.yml"
- "rules.yml"
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
- job_name: "prometheus"
# metrics_path defaults to '/metrics'
# scheme defaults to 'http'.
static_configs:
- targets: ["14.29.000.00:9090"]
- job_name: 'blackbox'
metrics_path: /probe
params:
module: [http_2xx] # Look for a HTTP 200 response.
static_configs:
- targets:
- http://prometheus.io # Target to probe with http.
- https://prometheus.io # Target to probe with https.
- http://example.com:8080 # Target to probe with http on port 8080.
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 14.29.000.00:9115 # The blackbox exporter's real hostname:port.