Centos7 nginx反向代理gitea和grafana&钉钉告警

[Unit]
Description=nginx - high performance web server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
PrivateTmp=true

[Install]
WantedBy=multi-user.target

server {
    listen 80;
    server_name gitea.sinsenliu.top;

    location / {
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name sinsenliu.top;
    access_log  /usr/local/nginx/logs/gitea_access.log;
    error_log   /usr/local/nginx/logs/gitea_error.log;
    ssl_certificate     /usr/local/keys/www.sinsenliu.top.pem;
    ssl_certificate_key /usr/local/keys/www.sinsenliu.top.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
        proxy_pass http://192.168.238.10:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

server {
    listen 80;
    server_name granfana.sinsenliu.top;

    location / {
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name grafana.sinsenliu.top;
    access_log  /usr/local/nginx/logs/grafana_access.log;
    error_log   /usr/local/nginx/logs/grafana_error.log;
    ssl_certificate     /usr/local/keys/grafana.sinsenliu.top.pem;
    ssl_certificate_key /usr/local/keys/grafana.sinsenliu.top.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://192.168.238.11:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

#!/bin/bash

# 设置证书文件路径
CERT_FILE="/usr/local/keys/www.sinsenliu.top.pem"

# 设置域名
DOMAIN="sinsenliu.top"

# 设置钉钉机器人 Webhook
WEBHOOK_URL="https://oapi.dingtalk.com/robot/send?access_token=d5cf34808fecf21f2906fa1ef9b28b07cddda6ca4e20b6c858ea3d05eb394446"

# 获取证书到期时间（以秒为单位）
expiry_date=$(openssl x509 -noout -enddate -in $CERT_FILE | cut -d= -f 2)

# 打印证书到期时间
echo "Certificate for $DOMAIN expires on: $expiry_date"

# 将到期时间转换为时间戳
expiry_timestamp=$(date -d "$expiry_date" +%s)

# 获取当前时间（以秒为单位）
current_timestamp=$(date +%s)

# 计算到期时间与当前时间的差值（以天为单位）
days_until_expiry=$(( ($expiry_timestamp - $current_timestamp) / 86400 ))

# 如果到期时间小于 400 天，则触发钉钉告警
if [ $days_until_expiry -lt 400 ]; then
  # 发送钉钉告警，消息中包含关键词 "OMG"
  message="{\"msgtype\": \"text\",\"text\": {\"content\": \"域名 $DOMAIN 的证书 $CERT_FILE 到期时间小于 400 天，剩余天数：$days_until_expiry OMG\"}}"
  curl -H "Content-Type: application/json" -d "$message" $WEBHOOK_URL
fi

0 10 * * * /bin/bash /usr/local/scripts/certcheck.sh #每天上午10点运行脚本