Opsot
Back to Blog
ProductFeb 20, 20265 min read

Introducing Opsot: Infrastructure Observability Without the Complexity

We built Opsot to solve the monitoring problem we kept running into — complex setups, open ports, and expensive SaaS tools. Today we're sharing it with everyone.

Every developer who has run a production server has been there. Something is slow. A customer is reporting errors. You SSH in, you run htop, you check ps aux. You're flying blind.

The "proper" solution is an observability stack — Prometheus, Grafana, Alertmanager, a Node exporter. You'll spend an afternoon reading docs, another debugging dashboards, and eventually you'll have something that works — at the cost of opening several inbound ports and maintaining complex YAML configs.

The Problem We Kept Running Into

We ran into this exact problem. Our setup: a handful of VPS instances on DigitalOcean and Hetzner running Next.js apps, PM2 processes, and PostgreSQL. The existing tools were either too expensive (Datadog scales fast), too complex (the Prometheus stack is a project in itself), or simply required inbound ports — which our security policy forbade.

So we wrote a script. A Go daemon that polled system metrics and streamed them over a WebSocket. No inbound ports. No configuration. It just worked.

What Opsot Does

The Opsot agent is a statically compiled Go binary. Download it, run it, and it connects outbound to our platform over an encrypted WebSocket. From that moment, your dashboard populates with real-time data: CPU usage, memory, disk I/O, network throughput, and system load.

Beyond system metrics, Opsot auto-discovers your running stack. PM2? It reads the daemon socket and exposes every process — name, status, memory, CPU, restart count. Docker? It hooks into the Docker socket and streams container events and resource usage.

The Security Model

This is what we're most proud of. Every traditional monitoring agent opens an inbound port. Prometheus's Node Exporter opens 9100. This expands your attack surface.

Opsot's agent is architecturally outbound-only. It dials out to api.opsot.com over WSS (WebSocket over TLS 1.3). Your firewall only needs to allow outbound HTTPS on port 443 — which is already open on every server in existence. Zero new inbound rules. Zero new attack vectors.

Available Today

Opsot is live. The Pro plan supports up to 5 servers, and we offer a 14-day free trial on all plans. If you're running Linux servers — VPS, bare metal, or cloud instances — you can be fully monitored in under 3 minutes.

Continue Reading

View All Articles →
Get Started with Opsot