For AI agents: The documentation index is at https://docs.digitalocean.com/llms.txt. Markdown versions of pages use the same URL with index.html.md in place of the HTML page (for example, append index.html.md to the directory path instead of opening the HTML document).

Firewalls place a barrier between your servers and other machines on the network to protect them from external attacks, but they can also prevent the DigitalOcean Metrics Agent from working on your Droplet. This includes DigitalOcean’s Cloud Firewall service and locally installed firewalls protecting your Droplet. Whatever firewall you use, you need to allowlist the metrics agent to access the DigitalOcean monitoring service. Otherwise, the Droplet’s metrics data can’t be reported to the monitoring service.

Configure DigitalOcean Cloud Firewall

If you are using DigitalOcean’s Cloud Firewall, you need to create firewall rules that allow all outgoing IPv4 and IPv6 HTTP/HTTPS traffic through ports 80 and 443.

Configure Locally Installed Firewall

The DigitalOcean Metrics Agent connects to DigitalOcean using ports 80 and 443 on your Droplet. To allow the metrics agent to connect through the firewall, you need to create rules in your firewall software that allow all outgoing IPv4 and IPv6 HTTP/HTTPS traffic through ports 80 and 443.

You can create these rules using UFW for Ubuntu and Debian systems, or Firewalld for CentOS and Fedora systems. These services interface with iptables, the Linux kernel firewall program native to most Linux operating systems. You can also configure these firewall rules in iptables directly, although we recommend using UFW or FirewallD because they are easier to use.

Related Topics

My firewalls are not working correctly

Use this guide to gather information about your firewalls and diagnose problems.

How Do I Disable Process Name Collection in My Metrics Agent?

Modify your metrics agent’s configuration on systemctl or initctl systems to disable process name collection.

What do I do if my traffic is blackholed?

We temporarily trigger a blackhole when a DDoS attack against a resource reaches a mitigation limit. We recommend contacting support and planning strategies to keep your resources online in the future.