-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New feature: Monitor TLS ports #1626
Conversation
For me, I always thought TLS = SSL = HTTPS for some reason. Maybe call it |
is there anything holding this feature up? it looks very useful |
I would very much like to see this feature get implemented. 2 question for @mrubli
|
I personally wouldn't call that equation accurate but renaming is easy and I don't mind. :-) If the name is the only thing holding up this feature I'll spend some time rebasing it and cleaning it up where necessary.
STARTTLS is quite a different beast and apparently takes some work. I don't have time to implement that at this point but if someone wants to help integrating that would be welcome.
The way I understand the API an expired server certificate should make the connection test fail. You could easily verify that by pointing it at https://expired.badssl.com. |
I might have been a bit unclear - what I meant was something like the certificate Expiry from https monitor, so we get warnings BEFORE the cert expires and everything breaks :) |
Ah yes, that sounds like a useful addition to have. I'll look into it if there's interest in merging this feature to begin with. |
hi. yes, the certificate expiration is also something i am looking for. using openssl client on the commandline the info can be found like this: and also a javascript reference that may help: not sure though what is best in terms of splitting the work up (e.g. first release the feature without the expiration check) or combine but even without the expiration check there is value in this feature. @louislam what are your thoughts ? |
This is exactly what I'm looking for right now and have to use custom script to check the validity with the |
@mrubli any news on this one ? |
Can someone please explain if this is already merged in to a release? And if not, are there any plans to do this in the near future? Can't wait to bring this feature to use.. Thanks |
No, the closest thing that exists is the https monitor. (you can configure the HOST Header)
Depends what you mean by near future. Currently, the core team is quite heavily focused on bringing v2.0 on the road. (see #4171) |
Hi @CommanderStorm , thanks for the quick repsonse. Thanks |
I don't know what |
I don't think the app protocol is of any importance in this case as the expected check is at a different layer. TLS is TLS. It's the layer that handles the encryption. It just wraps the protocol in encryption. The monitor many of us want is just the tls part. To make sure the certificate is installed correctly and not expired. We're not trying to validate the application/protocol in any way. |
Description
This adds a new monitor type for TLS ports, similar to the "TCP Port" monitor but ensuring that a valid TLS connection can be established and checking for an expected keyword. This allows monitoring of services like IMAP or POP3.
I haven't spent much time on style or documentation but will gladly do that if there is interest in merging this feature.
My current code is on the feature/tls-monitor-dev branch (needs rebasing): mrubli@6d92a60
I've deployed it on my own server and it works well so far for monitoring IMAP and POP3. A Docker image can be found here:
https://github.com/mrubli/uptime-kuma/pkgs/container/uptime-kuma
Fixes #1079.
Type of change
Please delete any options that are not relevant.
Checklist
(including JSDoc for methods)
Screenshots (if any)