grafana监控网站SSL

效果

前期准备

网络探测：Blackbox Exporter
https://github.com/prometheus/blackbox_exporter
监控模板
https://grafana.com/grafana/dashboards/13230-certificate-monitor/

安装Blackbox Exporter

找到对应版本
https://github.com/prometheus/blackbox_exporter/releases
可以手动安装。
官方提供了docker镜像。当然选择容器方式。

[root@QwQ home]# cat start-blackbox_exporter.sh 
docker run --rm -d -p 9115:9115 --name blackbox_exporter -v blackbox_exporter:/config prom/blackbox-exporter:master --config.file=/config/blackbox.yml

第一启动会创建blackbox_exporter volume因缺少配置文件无法启动。
手动创建一个

[root@QwQ _data]# pwd
/var/lib/docker/volumes/blackbox_exporter/_data
[root@QwQ _data]# cat blackbox.yml 
modules:
  http_2xx:
    prober: http
  http_post_2xx:
    prober: http
    http:
      method: POST
  tcp_connect:
    prober: tcp
  pop3s_banner:
    prober: tcp
    tcp:
      query_response:
      - expect: "^+OK"
      tls: true
      tls_config:
        insecure_skip_verify: true
  grpc:
    prober: grpc
    grpc:
      tls: true
      preferred_ip_protocol: "ip4"
  grpc_plain:
    prober: grpc
    grpc:
      tls: false
      service: "service1"
  ssh_banner:
    prober: tcp
    tcp:
      query_response:
      - expect: "^SSH-2.0-"
      - send: "SSH-2.0-blackbox-ssh-check"
  irc_banner:
    prober: tcp
    tcp:
      query_response:
      - send: "NICK prober"
      - send: "USER prober prober prober :prober"
      - expect: "PING :([^ ]+)"
        send: "PONG ${1}"
      - expect: "^:[^ ]+ 001"
  icmp:
    prober: icmp

再启动一次。

[root@QwQ _data]# docker ps  | grep blackbox
eae2c23696c2   prom/blackbox-exporter:master   "/bin/blackbox_expor…"   14 minutes ago   Up 14 minutes   0.0.0.0:9115->9115/tcp, :::9115->9115/tcp                                                  blackbox_exporter

配置Prometheus

如果你没有部署普罗，那么你可以使用下面命令启动一个。

[root@QwQ _data]# cat /home/start-prome.sh 
docker run \
    -dit \
    -p 8081:9090 \
    -v /etc/prometheus:/etc/prometheus \
    --net=host \
    prom/prometheus

修改配置文件

[root@QwQ _data]# cat /etc/prometheus/prometheus.yml 
# my global config
global:
  scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
  # scrape_timeout is set to the global default (10s).

# Alertmanager configuration
alerting:
  alertmanagers:
    - static_configs:
        - targets:
          # - alertmanager:9093
          - 14.29.000.00:9093

# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
  # - "first_rules.yml"
  # - "second_rules.yml"
  - "rules.yml"

# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
  - job_name: "prometheus"

    # metrics_path defaults to '/metrics'
    # scheme defaults to 'http'.

    static_configs:
      - targets: ["14.29.000.00:9090"]
  - job_name: 'blackbox'
    metrics_path: /probe
    params:
      module: [http_2xx]  # Look for a HTTP 200 response.
    static_configs:
      - targets:
        - http://prometheus.io    # Target to probe with http.
        - https://prometheus.io   # Target to probe with https.
        - http://example.com:8080 # Target to probe with http on port 8080.
    relabel_configs:
      - source_labels: [__address__]
        target_label: __param_target
      - source_labels: [__param_target]
        target_label: instance
      - target_label: __address__
        replacement: 14.29.000.00:9115  # The blackbox exporter's real hostname:port.