From 71c820054059b801ed53ef5c12bef57d975879fa Mon Sep 17 00:00:00 2001
From: Tobias Wiese <tobias@tobiaswiese.com>
Date: Wed, 13 May 2020 16:12:10 +0200
Subject: service/http: Monitor https and https certificates

Check that https endpoints are reachable, and that the certificat
is not about to expire.

Signed-off-by: Tobias Wiese <tobias@tobiaswiese.com>
---
 zones.d/master/hosts.conf    |  6 ++++++
 zones.d/master/services.conf | 30 ++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)

(limited to 'zones.d')

diff --git a/zones.d/master/hosts.conf b/zones.d/master/hosts.conf
index 567fdb7..dba700d 100644
--- a/zones.d/master/hosts.conf
+++ b/zones.d/master/hosts.conf
@@ -7,4 +7,10 @@ object Host "new-babbage.server.tobiaswiese.net" {
 	vars.os = "debian"
 	vars.os_family = "debian"
 	vars.kernel = "linux"
+
+	vars.http_vhosts = {
+		"icinga.tobiaswiese.net" = {
+			http_uri = "/icingaweb2"
+		}
+	}
 }
diff --git a/zones.d/master/services.conf b/zones.d/master/services.conf
index 25ca1c5..2b31393 100644
--- a/zones.d/master/services.conf
+++ b/zones.d/master/services.conf
@@ -32,3 +32,33 @@ apply Service "ssh" {
 
 	assign where (host.address || host.address6) && host.vars.kernel == "linux"
 }
+
+/**
+ * Network Service checks
+ */
+
+template Service "http" {
+	import "generic-network-service"
+
+	check_command = "http"
+
+	vars += {
+		http_vhost = http_vhost
+		http_sni = true
+		http_warn_time = 0.2s
+		http_critical_time = 0.3s
+	}
+	vars += config
+}
+
+apply Service "https-" for (http_vhost => config in host.vars.http_vhosts) {
+	import "http"
+
+	vars.http_ssl = true
+}
+
+apply Service "https-cert-" for (http_vhost => config in host.vars.http_vhosts) {
+	import "http"
+
+	vars.http_certificate = "25,10"
+}
-- 
cgit v1.2.3