Agent Setup

Self-Hosted Agent — Air-Gapped Install

Run the collector with no internet access — push metrics over your VPN to a MonPG bastion.

Air-gapped means the collector has no path out to api.monpg.app. The pattern here is two layers: a bastion in a network adjacent to both your air-gapped subnet and the public internet, and the collector inside the air-gapped network configured to push to that bastion instead of straight to us.

Bastion

Any reverse proxy works. Caddy is the simplest because the config is two lines and you don't need to think about cert renewal:

# Caddyfile on the bastion
monpg-bastion.internal {
  reverse_proxy https://api.monpg.app {
    header_up Host api.monpg.app
  }
}

Restrict ingress to this bastion — only your air-gapped subnet should be able to reach it. The bastion itself needs egress to api.monpg.app:443, and that's the one path the security review will care about.

Collector config

MONPG_API_ENDPOINT=https://monpg-bastion.internal
MONPG_AGENT_TOKEN=mpa_...
MONPG_DB_HOST=postgres.airgap.local
...

Same env vars otherwise as the regular Docker / binary install. Just point the endpoint at the bastion FQDN.

Image distribution

Since the air-gapped subnet can't pull from our ACR, you mirror the image to a registry inside the air-gap. The standard pull-save-load-push dance:

docker pull monpgacr4wjl3deb.azurecr.io/monpg-collector:latest
docker save monpgacr4wjl3deb.azurecr.io/monpg-collector:latest | gzip > monpg-collector.tar.gz
# transfer to air-gapped registry
gunzip -c monpg-collector.tar.gz | docker load
docker tag monpgacr4wjl3deb.azurecr.io/monpg-collector:latest registry.airgap.local/monpg-collector:latest
docker push registry.airgap.local/monpg-collector:latest

You'll do this every time you upgrade. Worth scripting.

Outage tolerance

The disk-buffer is built for exactly this scenario. If the bastion goes down — bad config, cert expiry, planned maintenance — the collector gzips snapshots into $MONPG_DATA_DIR/buffer/ and replays them when connectivity returns. Default cap is 1000 cycles, which at the 30-second default interval works out to around 8 hours. If you expect longer outages, raise the cap; the snapshots compress well so the disk cost is small.