By default, Valpero probes from 10 cloud regions. They can't reach endpoints behind your firewall — internal APIs, intranets, dev/staging servers reachable only via VPN. The self-hosted probe is a small container you run on your own network; it polls Valpero for tasks, runs the checks locally, and reports results back.
Available on the Pro plan and above.
Architecture in two sentences
The probe makes only outbound HTTPS to valpero.com:443. No inbound
ports. It polls every 30 seconds, runs the checks assigned to its
region, posts results back. Same UI as a managed region — just slower
default interval (5-min minimum to keep the polling cost down).
Step 1 — Create a probe node in the dashboard
- Open Dashboard → Probe nodes → New node.
- Pick a region code — short slug like
private-euoroffice. This is the label you'll see next to checks on the dashboard. - Save. You'll get a token like
prb_node_xxxxxxx— copy it now; we don't show it again.
Step 2 — Run the container
On any small Linux box on the network you want to monitor (a VM with 1 vCPU and 256 MB RAM is plenty):
git clone https://github.com/valpero/valpero-probe.git
cd valpero-probe/self-hosted
export VALPERO_TOKEN=prb_node_xxxxxxx
export VALPERO_REGION=private-eu
docker compose up -d
docker compose logs -f valpero-probe
You should see lines like got 4 tasks, posted 4 results. That's it.
If you don't have docker, the probe is a single Python file (probe.py)
that needs Python 3.10+ and httpx. See the project README for the
non-docker run.
Step 3 — Assign monitors to the new region
Now in the dashboard:
- Open any monitor → Settings → Regions.
- Tick your new region (e.g.
private-eu) alongside or instead of cloud regions.
The probe will pick up the task on its next poll cycle (within 30 s).
What can it check?
| Check type | Self-hosted? |
|---|---|
| HTTP / HTTPS | yes |
| TCP port | yes |
| Ping | yes (TCP/443 fallback for unprivileged containers) |
| SSL details | run from cloud regions instead |
| DNS | run from cloud regions instead |
| Page Speed | cloud only |
The probe keeps things simple — anything that needs Chrome / OpenSSL deep-inspect / DNS root introspection runs from our managed regions. It can monitor anything reachable from itself: localhost, internal IPs, private hostnames in the same VPC, services behind a VPN tunnel.
Updating
docker compose pull
docker compose up -d
We rev the image roughly monthly. Major releases ship with a CHANGELOG in the GitHub repo.
Common issues
Logs say tasks fetch 401. Token is wrong or you revoked it in the
dashboard. Mint a new one and rotate the env var.
Logs say tasks fetch 404. The region code doesn't exist on the
account. Make sure VALPERO_REGION matches what you set in the
dashboard, character for character.
Outbound 443 blocked. The probe needs valpero.com:443 reachable.
If your egress is locked down, allow that single hostname. We don't
need any inbound ports.
The probe goes "offline" in the dashboard. We mark a probe stale
after 5 minutes without a poll. Check docker compose ps — the
container probably crashed. Logs in docker compose logs valpero-probe.
Security model
- The probe authenticates with a per-node token. Revoke it in the dashboard at any time and the probe stops working immediately.
- All traffic is TLS to
valpero.com. We pin to standard public CAs. - The probe never opens inbound ports — there's nothing to scan.
- If you're security-conscious about the source: the entire probe is ~150 lines of Python; read it before deploying.
Plan
Self-hosted probes are a Pro+ feature. Free / Lite / Start can use the 10 managed regions, but cannot run their own.