Initial commit.

Author: anas-aso

.github/workflows/test.yml

@@ -0,0 +1,25 @@
+name: test
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Install Go
+      uses: actions/setup-go@v1
+      with:
+        go-version: 1.13
+    - name: Checkout code
+      uses: actions/checkout@v1
+    - name: Cache dependencies
+      uses: actions/cache@v1
+      with:
+        path: ~/go/pkg/mod
+        key: go-${{ hashFiles('**/go.sum') }}
+    - name: Download dependencies
+      run: go mod download
+    - name: Test
+      run: go test -race -covermode=atomic ./...

.gitignore

@@ -0,0 +1,14 @@
+# Ignore all
+*
+
+# Unignore all with extensions
+!*.*
+
+# Unignore all dirs
+!*/
+
+# Unignore Dockerfile
+!Dockerfile
+
+# OS X garbage
+.DS_Store

Dockerfile

@@ -0,0 +1,36 @@
+FROM golang:1.13.5-alpine3.10 AS builder
+
+RUN apk update && \
+    apk upgrade && \
+    apk add --no-cache git
+
+WORKDIR /workdir
+
+# Download the dependecies first for faster iterations
+COPY go.mod go.sum /workdir/
+RUN go mod download
+
+COPY . /workdir/
+
+# Set the version to the tag, otherwise use the commit hash
+RUN git describe --exact-match --tags HEAD > version || git rev-parse HEAD > version && cat version
+
+RUN export VERSION=$(cat version) && \
+    CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -installsuffix cgo -ldflags="-w -s -X main.version=${VERSION}" -o /workdir/ssllabs_exporter
+
+# Create a "nobody" user for the next image
+RUN echo "nobody:x:65534:65534:Nobody:/:" > /etc_passwd
+
+
+
+FROM scratch
+
+COPY --from=builder /workdir/ssllabs_exporter /bin/ssllabs_exporter
+# Required for HTTPS requests done by the application
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+# Required to be able to run as a non-root user (nobody)
+COPY --from=builder /etc_passwd /etc/passwd
+
+USER nobody
+
+ENTRYPOINT ["/bin/ssllabs_exporter"]

Readme.md

@@ -0,0 +1,46 @@
+# SSLLabs exporter
+[![Release](https://img.shields.io/github/release/anas-aso/ssllabs_exporter.svg?style=flat)](https://github.com/anas-aso/ssllabs_exporter/releases/latest)
+[![Build Status](https://github.com/anas-aso/ssllabs_exporter/workflows/test/badge.svg)](https://github.com/anas-aso/ssllabs_exporter/actions)
+[![Go Report Card](https://goreportcard.com/badge/github.com/anas-aso/ssllabs_exporter)](https://goreportcard.com/report/github.com/anas-aso/ssllabs_exporter)
+
+Getting deep analysis of the configuration of any SSL web server on the public Internet à la blackbox_exporter style.
+
+This exporter relays the target server hostname to [SSLLabs API](https://www.ssllabs.com/ssltest), parses the result and export it as Prometheus metrics. It covers retries in case of failures and simplifies the assessment result.
+
+## SSLLabs
+> SSL Labs is a non-commercial research effort, run by [Qualys](https://www.qualys.com/), to better understand how SSL, TLS, and PKI technologies are used in practice.
+
+source: https://www.ssllabs.com/about/assessment.html
+
+This exporter implements SSLLabs API client that would get you the same results as if you use the [web interface](https://www.ssllabs.com/ssltest/).
+
+## Configuration
+ssllabs_exporter doesn't require any configuration file and the available flags can be found as below :
+```bash
+$ ssllabs_exporter --help
+usage: ssllabs_exporter [<flags>]
+
+Flags:
+  --help                     Show context-sensitive help (also try --help-long and --help-man).
+  --listen-address=":19115"  The address to listen on for HTTP requests.
+  --timeout=300              Assessment timeout in seconds (including retries).
+  --log-level=debug          Printed logs level.
+  --version                  Show application version.
+```
+
+## Docker
+The Prometheus exporter is available as a [docker image](https://hub.docker.com/repository/docker/anasaso/ssllabs_exporter) :
+```
+docker run --rm -it anasaso/ssllabs_exporter:latest --help
+```
+
+## How To Use it
+Deploy the exporter to your infrastructure. Kubernetes deployment and service Yaml file are provided [here](examples/kubernetes) as an example.
+
+Then adjust Prometheus config to add a new scrape configuration. Examples of how this look like can be found [here](examples/prometheus) (it includes both static config and Kubernetes service discovery to auto check all the cluster ingresses).
+
+Once deployed, Prometheus Targets view page should look like this : 
+![prometheus-targets-view](https://i.imgur.com/fJCun72.png "Prometheus Targets View")
+
+The Grafana dashboard below is available [here](examples/grafana_dashboard.json).
+![grafana-dashboard](https://i.imgur.com/q71BpOa.png "Grafana Dashboard")