Clarify server ops repo scope
This commit is contained in:
61
README.md
61
README.md
@@ -2,60 +2,15 @@
|
|||||||
|
|
||||||
Server-wide maintenance scripts and operational notes for the Silver Cloud Hetzner host.
|
Server-wide maintenance scripts and operational notes for the Silver Cloud Hetzner host.
|
||||||
|
|
||||||
Suggested repository name:
|
This repo is for host-level improvements that are not tied to one specific app or
|
||||||
|
service. SSL expiry alerts are the first check in the repo; more server-wide
|
||||||
|
maintenance checks can be added here over time.
|
||||||
|
|
||||||
```text
|
## Implemented Checks
|
||||||
silver-server-ops
|
|
||||||
```
|
- SSL certificate expiry alerts
|
||||||
|
|
||||||
## SSL Certificate Expiry Alerts
|
## SSL Certificate Expiry Alerts
|
||||||
|
|
||||||
`scripts/check-cert-expiry.sh` checks every Let's Encrypt certificate under `/etc/letsencrypt/live` and sends an ntfy alert when any certificate expires in less than 14 days.
|
`scripts/check-cert-expiry.sh` checks Let's Encrypt certificates and alerts when
|
||||||
|
any certificate expires in less than 14 days.
|
||||||
Install on the server:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
sudo install -m 0755 scripts/check-cert-expiry.sh /opt/scripts/check-cert-expiry.sh
|
|
||||||
```
|
|
||||||
|
|
||||||
Recommended root cron:
|
|
||||||
|
|
||||||
```cron
|
|
||||||
15 8 * * * /opt/scripts/check-cert-expiry.sh >/var/log/cert-expiry-check.log 2>&1
|
|
||||||
```
|
|
||||||
|
|
||||||
Defaults:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
CERT_DIR=/etc/letsencrypt/live
|
|
||||||
EXPIRY_DAYS=14
|
|
||||||
NTFY_URL=https://ntfy.silverwal.com/silver
|
|
||||||
```
|
|
||||||
|
|
||||||
Optional overrides:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
EXPIRY_DAYS=21 NTFY_URL=https://ntfy.silverwal.com/silver /opt/scripts/check-cert-expiry.sh
|
|
||||||
```
|
|
||||||
|
|
||||||
If your ntfy topic is protected with an access token:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
NTFY_TOKEN=your-token /opt/scripts/check-cert-expiry.sh
|
|
||||||
```
|
|
||||||
|
|
||||||
Manual test:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
sudo /opt/scripts/check-cert-expiry.sh
|
|
||||||
```
|
|
||||||
|
|
||||||
The script exits with `0` when all certificates are healthy and `1` when it sends an alert or cannot run the check correctly.
|
|
||||||
|
|
||||||
## Notification Notes
|
|
||||||
|
|
||||||
ntfy is a good default for this server because it is already self-hosted, simple to call from shell scripts, and supports useful alert metadata such as title, priority, and tags.
|
|
||||||
|
|
||||||
For jobs where silence is also a failure, pair ntfy with a dead man's switch such as Healthchecks. ntfy tells you what the script found; Healthchecks tells you when the script did not run at all.
|
|
||||||
|
|
||||||
If you later want one notification config that can fan out to ntfy, email, Slack, Discord, Telegram, and similar services, use Apprise as the wrapper and keep ntfy as one destination.
|
|
||||||
|
|||||||
Reference in New Issue
Block a user