Auto-Discovery

Your infrastructure,
mapped automatically.

Install the HostAtlas agent and watch your infrastructure map itself. Every server, every running service, every domain, every container, every SSL certificate — discovered automatically within seconds. No YAML files. No manual inventory. No stale spreadsheets.

Start free — no credit card See what gets discovered
timer First scan in <30 seconds sync Re-scans every 5 minutes memory Under 20 MB RAM

What Gets Discovered

Six categories of infrastructure data, collected automatically.

The agent scans your server comprehensively across six distinct discovery categories. Each scan runs within seconds and captures detailed metadata about every component found.

dns

Servers & Hostnames

The agent identifies the server's hostname, operating system, kernel version, architecture, and public/private IP addresses. This becomes the root node of your infrastructure graph.

check Hostname & FQDN
check OS & kernel version
check CPU cores & total memory
check Public & private IP addresses
hub

Running Services

Detects nginx, Apache, MySQL, PostgreSQL, Redis, and Caddy by scanning the process table. For each service, the agent captures the version number and listening port.

check Process name & PID
check Version detection (e.g. nginx 1.24.0)
check Listening ports (80, 443, 3306...)
check Running / stopped status
language

Domains & Virtual Hosts

Web server configuration files are parsed to extract every domain hosted on the server. Nginx server blocks, Apache VirtualHosts, and Caddy site blocks are all supported.

check nginx server_name directives
check Apache ServerName & ServerAlias
check Caddyfile domain blocks
check Wildcard & subdomain detection
verified

SSL/TLS Certificates

Every SSL certificate referenced in web server configs is read from disk and validated. Expiration dates, issuer information, and Let's Encrypt detection are all captured automatically.

check Certificate expiry dates
check Let's Encrypt auto-detection
check Issuer & subject details
check Domain-to-certificate mapping
deployed_code

Docker Containers

The agent queries the Docker socket to enumerate every container on the server. Image name, tag, running status, port mappings, and resource allocation are all collected.

check Container name & image tag
check Running / stopped / restarting status
check Port mappings (host → container)
check Resource limits & usage
receipt_long

Log File Locations

The agent automatically discovers log file paths for each detected service. Access logs, error logs, and system logs are identified so you can stream them directly from the HostAtlas dashboard.

check nginx access & error logs
check Apache access & error logs
check MySQL / PostgreSQL slow & error logs
check syslog & journald paths

How Discovery Works

Eight steps from install to full visibility.

The discovery process is fully automated. No configuration files to write, no services to define, no ports to specify. The agent handles everything from the moment it starts.

1

Agent installs & registers

A single curl command downloads the Go binary, creates a systemd service, and registers with your HostAtlas workspace using an install key. The entire process takes under 30 seconds.

2

First discovery scan runs

Within 30 seconds of installation, the agent runs its first comprehensive discovery scan. Server metadata, running processes, and system information are collected immediately.

3

Process table scanned

The agent reads /proc to enumerate all running processes. Known service signatures (nginx, apache2, mysqld, postgres, redis-server, caddy) are matched against the process list.

4

Web server configs parsed

When a web server is detected, the agent parses its configuration files: nginx.conf, Apache vhost files, and Caddyfile are read to extract every hosted domain.

5

Docker socket queried

If Docker is present, the agent connects to /var/run/docker.sock and lists all containers. Image names, running states, port mappings, and resource limits are captured for each container.

6

SSL certificates validated

Certificate file paths referenced in web server configs (e.g. ssl_certificate) are read from disk. The agent extracts expiry dates, issuer info, and detects Let's Encrypt certificates.

7

Results pushed to API

The complete discovery payload is sent to the HostAtlas API over HTTPS. The platform processes the data, updates your infrastructure map, and makes everything searchable within seconds.

8

Changes detected as events

On subsequent scans (every 5 minutes), the agent compares results to the previous state. New services, removed domains, stopped containers, and expiring certificates are flagged as events automatically.

info

Continuous discovery, not a one-time scan

Discovery runs every 5 minutes for the lifetime of the agent. When you deploy a new service, add a domain, or spin up a container, it appears in your HostAtlas dashboard automatically — no manual registration, no config file changes, no API calls from your CI/CD pipeline.

prod-web-01 — discovery output
# HostAtlas Agent v1.8.2 — Discovery scan
$ hostatlas-agent discovery --verbose
—— System Information ——————————————
[OK] Hostname: prod-web-01
[OK] OS: Ubuntu 22.04.4 LTS (amd64)
[OK] Kernel: 5.15.0-91-generic
[OK] CPU: 4 cores · RAM: 8192 MB
[OK] IP: 203.0.113.42 (public) / 10.0.1.15 (private)
—— Service Detection —————————————
[OK] nginx 1.24.0 — ports 80, 443 (PID 1842)
[OK] mysql 8.0.35 — port 3306 (PID 2104)
[OK] redis 7.2.4 — port 6379 (PID 2201)
—— Domain Extraction —————————————
[OK] Parsing /etc/nginx/nginx.conf
[OK] Found 4 server blocks across 3 config files
[OK]  ├─ example.com (server_name in /etc/nginx/sites-enabled/example)
[OK]  ├─ api.example.com (server_name in /etc/nginx/sites-enabled/api)
[OK]  ├─ app.example.com (server_name in /etc/nginx/sites-enabled/app)
[OK]  └─ staging.example.com (server_name in /etc/nginx/sites-enabled/staging)
—— SSL Certificates ——————————————
[OK] example.com — Let's Encrypt — expires in 62d
[OK] api.example.com — Let's Encrypt — expires in 62d
[WARN] app.example.com — Let's Encrypt — expires in 8d
[OK] staging.example.com — Let's Encrypt — expires in 47d
—— Docker Containers —————————————
[OK] Docker Engine 24.0.7 detected
[OK]  ├─ app-worker (node:20-alpine) — running — :3000→3000
[OK]  ├─ scheduler (python:3.12-slim) — running — no ports
[WARN]  └─ queue-worker (node:20-alpine) — exited (137)
—— Log Paths ——————————————————
[OK] /var/log/nginx/access.log (12.4 MB)
[OK] /var/log/nginx/error.log (340 KB)
[OK] /var/log/mysql/error.log (1.2 MB)
[OK] /var/log/redis/redis-server.log (890 KB)
[OK] /var/log/syslog (45.8 MB)
[INFO] Discovery complete in 1.2s
[INFO] Summary: 3 services, 4 domains, 4 certs, 3 containers, 5 log paths
[INFO] Payload pushed to api.hostatlas.app (204 OK)
[INFO] Next discovery scan in 300s

Discovery Output

See exactly what
the agent finds.

Every discovery scan produces a structured payload that maps your server's complete infrastructure. The terminal output shows exactly what the agent detects — services with versions, domains from config files, certificates with expiry dates, container statuses, and log file locations.

speed

Sub-second scans

Full discovery completes in under 2 seconds, even on servers running dozens of services and containers.

warning

Warnings surfaced immediately

Expiring certificates, stopped containers, and missing services are flagged with warnings during discovery.

cloud_upload

Pushed over HTTPS

Discovery results are pushed outbound to the HostAtlas API. No inbound ports, no open firewall rules required.

Infrastructure Model

A hierarchy that mirrors reality.

HostAtlas organizes discovered infrastructure into a clear, navigable hierarchy. Every element has a parent, every relationship is tracked, and the entire graph is searchable.

dns

Server

prod-web-01 · Ubuntu 22.04 · 203.0.113.42

ngx

nginx 1.24.0

ports 80, 443 · running

D
example.com SSL 62d
D
api.example.com SSL 62d
D
app.example.com SSL 8d
description /var/log/nginx/access.log
description /var/log/nginx/error.log
sql

mysql 8.0.35

port 3306 · running

description /var/log/mysql/error.log
rds

redis 7.2.4

port 6379 · running

dkr

Docker Engine 24.0.7

3 containers

app-worker node:20-alpine
scheduler python:3.12-slim
queue-worker exited

Server → Services → Domains → Logs

Every piece of discovered infrastructure is placed into a strict hierarchy. The server is the root. Services are children of the server. Domains are children of the web server service that hosts them. Log files are associated with their parent service or domain.

Server (root node)

The server is the top-level entity. Every other discovered resource is a child of the server. Server metadata includes hostname, OS, IP addresses, CPU, and memory.

Services

Each detected service (nginx, mysql, redis, etc.) is a direct child of the server. Services carry version numbers, listening ports, and running status. When a service disappears from the process table, HostAtlas creates an incident.

Domains

Domains are children of the web server service that hosts them. Each domain has an associated SSL certificate (if HTTPS is configured), health check status, and log file paths. Domains get their own dedicated page in the HostAtlas dashboard.

Containers

Docker containers are children of the server. Each container tracks its image, tag, status, port mappings, and resource limits. Container state changes (start, stop, restart) are recorded as events.

Log files

Log file paths are associated with the service that generates them. Nginx access/error logs, MySQL slow query logs, Redis server logs, and syslog are all linked to their parent services for easy navigation.

Supported Services

Deep detection for every major service.

The agent knows how to detect, interrogate, and monitor each of these services. For every one, we capture not just the presence of the process but its version, configuration, and the resources it manages.

ngx

nginx

Web server & reverse proxy

The most popular web server in our user base. The agent detects nginx processes, reads the main config and all included files, and extracts every server block and its associated domains.

Process detection nginx: master/worker
Version nginx -v
Config parsing nginx.conf + includes
Domain extraction server_name directives
SSL paths ssl_certificate directives
Log paths access_log, error_log
apa

Apache

HTTP server

Full support for Apache HTTP Server. The agent detects both apache2 and httpd processes, reads configuration files from standard and custom locations, and parses VirtualHost blocks.

Process detection apache2 / httpd
Version apache2 -v / httpd -v
Config parsing sites-enabled/*
Domain extraction ServerName / ServerAlias
SSL paths SSLCertificateFile
Log paths CustomLog, ErrorLog
cdy

Caddy

Web server with automatic HTTPS

Caddy's automatic HTTPS makes certificate detection straightforward. The agent reads the Caddyfile, extracts domain blocks, and identifies the auto-provisioned certificates managed by Caddy.

Process detection caddy
Version caddy version
Config parsing Caddyfile / JSON config
Domain extraction Site address blocks
SSL Auto-HTTPS detection
Log paths log directive / default
sql

MySQL

Relational database

The agent detects mysqld processes and reads the MySQL configuration to determine the listening port, data directory, and log file locations. Version detection runs via the mysqld binary.

Process detection mysqld
Version mysqld --version
Port Default 3306
Config my.cnf / mysqld.cnf
Log paths error.log, slow-query.log
pg

PostgreSQL

Relational database

PostgreSQL detection identifies the postgres process, extracts the version, and locates configuration files including pg_hba.conf. The listening port and log directory are captured automatically.

Process detection postgres
Version postgres --version
Port Default 5432
Config postgresql.conf
Log paths postgresql-*.log
rds

Redis

In-memory data store

Redis detection identifies the redis-server process, extracts the version via the binary, and reads the Redis configuration to determine the listening port and log file location.

Process detection redis-server
Version redis-server --version
Port Default 6379
Config redis.conf
Log paths redis-server.log

Domain Extraction

Every domain, extracted from source configs.

The agent doesn't guess which domains live on your server. It reads the actual web server configuration files and extracts domain names from the directives that define them. This means your inventory is always accurate — it reflects what's actually configured, not what someone remembered to document.

nginx /etc/nginx/sites-enabled/example 
server {
    listen 443 ssl;
    server_name example.com www.example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    access_log /var/log/nginx/example.access.log;
    error_log /var/log/nginx/example.error.log;

    location / {
        proxy_pass http://127.0.0.1:3000;
    }
}

nginx server_name directive

The agent parses the main nginx.conf and follows all include directives to find every server block. Each server_name value becomes a discovered domain. Multiple names on a single directive (like example.com www.example.com) are each tracked individually.

arrow_forward Follows include directives recursively
arrow_forward Handles sites-enabled symlinks
arrow_forward Extracts SSL certificate paths per server block
arrow_forward Identifies log paths per domain
Apache /etc/apache2/sites-enabled/example.conf 
<VirtualHost *:443>
    ServerName  example.com
    ServerAlias www.example.com

    SSLEngine on
    SSLCertificateFile    /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem

    CustomLog /var/log/apache2/example.access.log combined
    ErrorLog  /var/log/apache2/example.error.log

    ProxyPass / http://127.0.0.1:3000/
</VirtualHost>

Apache VirtualHost blocks

Apache virtual host files are parsed from sites-enabled/ (Debian/Ubuntu) and conf.d/ (RHEL/CentOS). Both ServerName and ServerAlias directives are extracted. Each value becomes a discovered domain.

arrow_forward Supports both Debian and RHEL layouts
arrow_forward Extracts ServerName + all ServerAlias values
arrow_forward Reads SSLCertificateFile paths
arrow_forward Maps CustomLog and ErrorLog per VirtualHost
Caddy /etc/caddy/Caddyfile 
example.com {
    reverse_proxy localhost:3000

    log {
        output file /var/log/caddy/example.access.log
    }
}

api.example.com {
    reverse_proxy localhost:8080

    log {
        output file /var/log/caddy/api.access.log
    }
}

*.staging.example.com {
    reverse_proxy localhost:4000
}

Caddyfile site blocks

Caddy uses a clean syntax where the domain name is the site block label. The agent parses the Caddyfile and extracts every site address. Caddy's automatic HTTPS means certificates are provisioned without explicit configuration — the agent detects this and marks the certificate as Caddy-managed.

arrow_forward Extracts domain from site block labels
arrow_forward Detects wildcard domain patterns
arrow_forward Identifies Caddy-managed auto-HTTPS certificates
arrow_forward Reads log output directives for path discovery

Real-Time Updates

Your dashboard updates
the moment something changes.

HostAtlas uses WebSocket connections to push discovery updates to your browser in real time. When the agent discovers a new service, detects a stopped container, or finds an expiring certificate, your dashboard reflects the change immediately — no page refresh, no polling, no delay.

bolt

WebSocket-based delivery

A persistent WebSocket connection between your browser and the HostAtlas platform ensures updates arrive in milliseconds, not minutes. Server lists, service statuses, and domain health all update live.

difference

Change detection

The agent compares each discovery scan to the previous state. Only differences are sent to the API — new services, removed domains, status changes, and certificate renewals are each tracked as individual events.

history

Event timeline

Every discovery change is recorded in a timeline. You can see exactly when a service was first detected, when a domain was added, when a container stopped, and when a certificate was renewed.

notifications_active

Instant alerting on discovery changes

Configure alerts for specific discovery events: a service going offline, a new container appearing, or an SSL certificate nearing expiry. Alerts are delivered via Slack, email, PagerDuty, or webhooks.

Discovery Events
LIVE
add_circle

New service detected

redis 7.2.4 on port 6379 — prod-web-01

2 minutes ago

language

New domain discovered

staging.example.com via nginx — prod-web-01

7 minutes ago

schedule

SSL certificate expiring soon

app.example.com — expires in 8 days — Let's Encrypt

12 minutes ago

stop_circle

Container stopped

queue-worker (node:20-alpine) exited with code 137 — prod-web-01

18 minutes ago

autorenew

SSL certificate renewed

example.com — new expiry in 90 days — Let's Encrypt

1 hour ago

add_circle

New server registered

prod-db-01 — Ubuntu 22.04 — 203.0.113.88

2 hours ago

Stop maintaining spreadsheets.
Let your infrastructure describe itself.

Install the HostAtlas agent on your first server. Within 30 seconds, you'll see every service, domain, container, and certificate mapped in your dashboard. No credit card required.

Start free Talk to sales
$ curl -sSL install.hostatlas.app | bash_
Free tier available No credit card Under 30 seconds to install