用Docker部署服务器TCP 延时监控
更多语言
更多操作
用 Docker / Docker Compose 部署“服务器延时(Latency)监控”**的常用方案:Prometheus + Blackbox Exporter + Grafana。Blackbox Exporter 负责对目标做 HTTP / TCP / ICMP(Ping) 探测并产出 probe_* 指标,Prometheus 抓取,Grafana 展示。
1) 目录结构
在一台“监控机”(能访问你要监控的服务器/端口的那台机器)上建目录:
monitoring/
docker-compose.yml
prometheus/
prometheus.yml
rules/
blackbox-alerts.yml # 可选:告警规则
blackbox/
blackbox.yml
grafana/
provisioning/
datasources/
datasource.yml
2) docker-compose.yml
版本我这里选用:
- Prometheus
prom/prometheus:v3.10.0(示例;该 tag 存在于 Docker Hub)(Docker Hub)- Blackbox Exporter
prom/blackbox-exporter:v0.28.0(Docker Hub)- Grafana
grafana/grafana:12.3-ubuntu(你也可换成12.3等)(Docker Hub)- Alertmanager 可选
prom/alertmanager:v0.31.1(Docker Hub)
services:
prometheus:
image: prom/prometheus:v3.10.0
container_name: prometheus
command:
- --config.file=/etc/prometheus/prometheus.yml
- --storage.tsdb.path=/prometheus
- --web.enable-lifecycle
volumes:
- ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro
- ./prometheus/rules:/etc/prometheus/rules:ro
- prometheus_data:/prometheus
ports:
- "9090:9090"
restart: unless-stopped
networks: [monitor]
blackbox-exporter:
image: prom/blackbox-exporter:v0.28.0
container_name: blackbox-exporter
command:
- --config.file=/etc/blackbox/blackbox.yml
volumes:
- ./blackbox/blackbox.yml:/etc/blackbox/blackbox.yml:ro
# 建议:生产环境不对外暴露 9115;需要本机调试再开端口映射
ports:
- "9115:9115"
restart: unless-stopped
networks: [monitor]
# ICMP(ping) 需要额外权限(二选一:cap_add 更推荐;privileged 更大)
cap_add:
- NET_RAW
# privileged: true
grafana:
image: grafana/grafana:12.3-ubuntu
container_name: grafana
environment:
- GF_SECURITY_ADMIN_USER=admin
- GF_SECURITY_ADMIN_PASSWORD=admin # 首次登录后务必修改
volumes:
- grafana_data:/var/lib/grafana
- ./grafana/provisioning:/etc/grafana/provisioning:ro
ports:
- "3000:3000"
restart: unless-stopped
networks: [monitor]
# 可选:Prometheus 规则触发后,用 Alertmanager 分发通知
alertmanager:
image: prom/alertmanager:v0.31.1
container_name: alertmanager
# 先用默认示例配置也能跑起来;要发通知再挂载你自己的 alertmanager.yml
ports:
- "9093:9093"
restart: unless-stopped
networks: [monitor]
networks:
monitor:
volumes:
prometheus_data:
grafana_data:
3) blackbox.yml(探测模块配置)
Blackbox Exporter 支持 HTTP/HTTPS、TCP、ICMP、DNS、gRPC 等探测。(GitHub)
先放最常用的 3 个模块:HTTP 200、TCP 端口连通、ICMP ping。
blackbox/blackbox.yml:
modules:
http_2xx:
prober: http
timeout: 5s
http:
preferred_ip_protocol: "ip4"
valid_http_versions: ["HTTP/1.1", "HTTP/2"]
method: GET
no_follow_redirects: false
tcp_connect:
prober: tcp
timeout: 5s
icmp:
prober: icmp
timeout: 3s
icmp:
preferred_ip_protocol: "ip4"
ICMP 权限提示(很关键):在 Linux 上,ICMP 探测需要
CAP_NET_RAW或 root 等权限;Docker 里通常用cap_add: NET_RAW或privileged解决。(GitHub)
4) prometheus.yml(抓取 blackbox 探测结果)
Prometheus 抓取 Blackbox Exporter 通常用 multi-target exporter pattern:Prometheus 实际请求的是 blackbox 的 /probe,目标地址通过 target 参数传递,并通过 relabel 把目标写到 instance 标签。(Prometheus)
prometheus/prometheus.yml:
global:
scrape_interval: 15s
scrape_timeout: 10s
evaluation_interval: 15s
rule_files:
- /etc/prometheus/rules/*.yml
scrape_configs:
# 1) 抓 blackbox-exporter 自身 /metrics(白盒)
- job_name: blackbox_exporter
static_configs:
- targets: ["blackbox-exporter:9115"]
# 2) HTTP 延时(从监控机到目标 HTTP 服务的响应耗时)
- job_name: blackbox_http
metrics_path: /probe
params:
module: [http_2xx]
static_configs:
- targets:
- https://example.com
- https://api.example.com/health
labels:
group: web
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: blackbox-exporter:9115
# 3) TCP 端口连通 + 连接延时(适合 SSH/DB/Redis 等)
- job_name: blackbox_tcp
metrics_path: /probe
params:
module: [tcp_connect]
static_configs:
- targets:
- 10.0.0.10:22
- 10.0.0.11:5432
labels:
group: tcp
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: blackbox-exporter:9115
# 4) ICMP ping 延时(需要 NET_RAW 权限)
- job_name: blackbox_icmp
metrics_path: /probe
params:
module: [icmp]
static_configs:
- targets:
- 10.0.0.10
- 10.0.0.11
labels:
group: icmp
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: blackbox-exporter:9115
想把“不同模块、不同 targets”合并到一个 job 里也可以(用
labels: module: xxx+__param_module注入),Prometheus 官方指南里有示例。(Prometheus)
5) Grafana:自动配置 Prometheus 数据源
Grafana 支持通过 provisioning 文件自动创建数据源。(Grafana Labs)
grafana/provisioning/datasources/datasource.yml:
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
access: proxy
url: http://prometheus:9090
isDefault: true
editable: false
6) 启动
在 monitoring/ 目录执行:
docker compose up -d
打开:
- Prometheus:
http://<监控机IP>:9090 - Grafana:
http://<监控机IP>:3000(账号密码你在 compose 里设的 admin/admin)
7) 快速验证(建议你先做这一步排错)
7.1 直接访问 blackbox /probe 看输出
Blackbox Exporter 支持直接访问 /probe?target=...&module=... 获取指标输出,probe_success 会告诉你探测是否成功。(GitHub)
例如(在监控机上):
http://localhost:9115/probe?target=prometheus.io&module=http_2xxhttp://localhost:9115/probe?target=10.0.0.10&module=icmp
7.2 Prometheus Targets 页面
Prometheus UI → Status → Targets
看 blackbox_http / blackbox_tcp / blackbox_icmp 是否 UP。
8) 在 Grafana 里看“延时”看哪些指标
最常用的两个:
- 是否可达:
probe_success(1=成功,0=失败)(Prometheus) - 探测总耗时:
probe_duration_seconds(你要的“延时/Latency”核心指标)(Prometheus)
PromQL 示例(Grafana 面板里直接用):
- 某组目标最近 5 分钟平均延时:
avg_over_time(probe_duration_seconds{job="blackbox_icmp"}[5m])
- 最近 5 分钟最大延时(看尖刺):
max_over_time(probe_duration_seconds{job="blackbox_http"}[5m])
- 可用率(过去 10 分钟内成功率):
avg_over_time(probe_success{job="blackbox_http"}[10m]) * 100
想拆解 HTTP 延时(DNS/连接/TLS/传输)
Blackbox Exporter 还会给出 probe_http_duration_seconds{phase="resolve|connect|tls|processing|transfer"} 这种分阶段指标;这些 phase 含义在社区里有明确解释:resolve=DNS、connect=TCP 建连、tls=TLS 握手、processing=等待首字节、transfer=传输响应。(Google Groups)
9) 直接套用的 Grafana Dashboard
Grafana 官方仪表盘库里有现成的 Prometheus Blackbox Exporter dashboard(例如 ID:7587)。你在 Grafana → Dashboards → Import,输入 7587,然后选择 Prometheus 数据源即可。(Grafana Labs)
10) 可选:Prometheus 告警规则(延时过高 / 探测失败)
prometheus/rules/blackbox-alerts.yml:
groups:
- name: blackbox
rules:
- alert: BlackboxProbeFailed
expr: probe_success == 0
for: 2m
labels:
severity: critical
annotations:
summary: "探测失败: {{ $labels.instance }}"
description: "job={{ $labels.job }} 连续 2 分钟探测失败"
- alert: BlackboxHighLatency
expr: probe_duration_seconds > 0.5
for: 5m
labels:
severity: warning
annotations:
summary: "延时过高: {{ $labels.instance }}"
description: "job={{ $labels.job }} 延时 > 0.5s 持续 5 分钟"
Alertmanager 的作用是对 Prometheus 产生的告警做去重/分组/路由到邮件、PagerDuty、Webhook 等。(Prometheus) 如果你想我给你一份“发到企业微信/钉钉/飞书/Telegram/Webhook”的 alertmanager.yml,我也可以直接给模板。
11) 常见坑(你大概率会遇到)
- ICMP 全部失败 大概率是权限问题:Linux 下 ICMP 需要
CAP_NET_RAW/ root / 或配置ping_group_range;Docker 里通常加cap_add: NET_RAW。(GitHub) - HTTP 探测失败但浏览器能打开 常见是:目标需要特定 Host/SNI、重定向、证书问题、内网 DNS 不通。可以先用
/probe?...&debug=true看详细原因(blackbox 支持 debug 参数)。(GitHub) - Grafana 连不上 Prometheus 确认 datasource URL 用的是 Docker 网络内的
http://prometheus:9090(而不是localhost)。 - 不建议把 9115 暴露到公网 Blackbox 会帮你去探测任意目标;暴露公网相当于给别人一个“探测器”。生产建议去掉
ports: "9115:9115"或加防火墙/反代鉴权。