Install Grafana on Ubuntu Server
This article is for those looking for a detailed and straightforward guide on installing Grafana on Ubuntu Server.
Grafana is an open-source platform for data visualization, monitoring, and analysis.
In this guide, we will consider the case when you already have a server with the Ubuntu Server 22.04 LTS operating system installed on it.
You can read more about how to install Ubuntu Server 22.04 LTS in my guide “Install Ubuntu Server 22.04 LTS”.
In addition, OpenSSH must be installed on the server, and port 22 must be open in order to be able to connect to the server using the SSH protocol.
To install OpenSSH on a server, you can use the command:
sudo apt install openssh-server
If you plan to connect to the server using the Windows operating system, you can use PuTTY or MobaXterm.
This guide describes how to connect to a server using the iTerm2 terminal emulator installed on the macOS operating system.
In this tutorial, the grafana.heyvaldemar.net subdomain will be used to access the Grafana dashboard.
Please note that you will need to open the following TCP ports to access your server:
- TCP port 80 - to get a free cryptographic certificate through Let’s Encrypt CA.
- TCP port 443 - to access the Grafana web interface.
We connect to the server on which you plan to install Grafana.
This tutorial walks you through obtaining a free cryptographic certificate through the Let’s Encrypt CA. To obtain and subsequently renew a free SSL certificate, we will use the Certbot software client, which is designed to make it as easy as possible to obtain and renew a certificate through the Let’s Encrypt certification authority.
Update the local package index to the latest changes in the repositories using the command:
sudo apt update
Now let’s install the packages required for Grafana to work using the command:
sudo apt install -y apache2 apt-transport-https certbot python3-certbot-apache
Let’s configure Apache for further work with Grafana.
We enable the Apache webserver module called “proxy_http” using the command:
sudo a2enmod proxy_http
Please note that the “proxy_http” module acts like a proxy server for the HTTP and HTTPS protocols.
We enable the Apache webserver module called “rewrite” using the command:
sudo a2enmod rewrite
Note that the “rewrite” module is one of the most commonly used modules in the Apache webserver and provides a flexible and powerful way to manipulate URLs.
Now you need to create two virtual host files (called a block in Nginx), with which Grafana will work in the future.
Two virtual host files are required to provide access to Grafana over HTTPS, and to enable Grafana to be used at https://grafana.heyvaldemar.net, without specifying port 8080 in the browser address bar.
In this tutorial, the grafana.heyvaldemar.net subdomain will be used to access Grafana from the Internet. You will need to specify your domain or subdomain by which your Grafana will be available from the Internet.
Let’s create the first virtual host file using a text editor using the command:
sudo vim /etc/apache2/sites-available/grafana.heyvaldemar.net.conf
Hit the “i” button to go into edit mode, then insert the following configuration for the webserver to work.
In this tutorial, the grafana.heyvaldemar.net subdomain will be used to access Grafana from the Internet. You will need to specify your domain or subdomain by which your Grafana will be available from the Internet.
Now press the “Esc” button to exit edit mode, then type “:x” and press the “Enter” button to save your changes and exit the editor.
Let’s create a second virtual host file using a text editor using the command:
sudo vim /etc/apache2/sites-available/grafana.heyvaldemar.net-ssl.conf
Hit the “i” button to go into edit mode, then insert the following configuration for the webserver to work.
In this tutorial, the grafana.heyvaldemar.net subdomain will be used to access Grafana from the Internet. You will need to specify your domain or subdomain by which your Grafana will be available from the Internet.
Now press the “Esc” button to exit edit mode, then type “:x” and press the “Enter” button to save your changes and exit the editor.
We activate the first virtual host using the command:
sudo a2ensite grafana.heyvaldemar.net.conf
We activate the second virtual host using the command:
sudo a2ensite grafana.heyvaldemar.net-ssl.conf
Deactivate the default virtual host using the command:
sudo a2dissite 000-default.conf
Verify that there are no errors in the syntax of the new Apache config file using the command:
sudo apache2ctl configtest
Restart Apache to apply the changes made using the command:
sudo systemctl restart apache2
Let’s check that Apache has started successfully using the command:
sudo systemctl status apache2
Now, in order to increase the security level of the webserver, you need to obtain a cryptographic certificate for the domain or subdomain, through which the Grafana control panel will be available from the Internet.
To obtain and subsequently renew a free SSL certificate, we will use the Let’s Encrypt certification authority, as well as the Certbot software client, which is designed to make it as easy as possible to obtain and renew a certificate through the Let’s Encrypt certification authority.
In this tutorial, the grafana.heyvaldemar.net subdomain will be used to access Grafana from the Internet. You will need to specify your domain or subdomain by which your Grafana will be available from the Internet.
Request a cryptographic certificate using the command:
sudo certbot --apache -d grafana.heyvaldemar.net
Next, we indicate the email address to which Let’s Encrypt will send notifications about the expiration of the cryptographic certificate and press the “Enter” button.
The next step is to read and accept the terms of use of the services provided.
Press the button “a”, then “Enter”, if you agree with the terms of use of the services provided.
The next step is to choose whether you want to share the above email address with the Electronic Frontier Foundation in order to receive newsletters.
Press the “n” button, then “Enter”.
At the next stage, you need to choose: do you want the parameters to be automatically added to the Apache configuration file for automatically redirecting HTTP traffic to HTTPS.
Press the button “2”, then “Enter”.
Please note that cryptographic certificates obtained through Let’s Encrypt CA are valid for ninety days. Certbot automatically adds a script to renew the certificate to the task scheduler and the script runs twice a day, automatically renewing any cryptographic certificate that expires within thirty days.
You can check the functionality of the cryptographic certificate renewal process using the command:
sudo certbot renew --dry-run
Now let’s add the official Grafana key using the command:
wget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add -
Next, we connect the Grafana repository using the command:
sudo add-apt-repository "deb https://packages.grafana.com/oss/deb stable main"
Now let’s install Grafana using the command:
sudo apt install -y grafana
Restart “systemd” to search for changed or new units using the command:
sudo systemctl daemon-reload
Launch Grafana using the command:
sudo systemctl start grafana-server
Let’s check that Grafana has started successfully using the command:
sudo systemctl status grafana-server
We enable the autostart of the Grafana service when the operating system starts using the command:
sudo systemctl enable grafana-server.service
From the workstation, go to the link https://grafana.heyvaldemar.net, where grafana.heyvaldemar.net is the name of my subdomain to access the Grafana control panel. You will need to specify your domain or subdomain by which your Grafana control panel will be accessible from the Internet.
The default username for the Grafana administrator account is admin
The default password for the Grafana administrator account is admin
Specify the username and password of an account with Grafana administrator rights and click on the “Log in” button.
Next, you need to change the password for the Grafana administrator account.
Specify a new password for the Grafana administrator account and click on the “Submit” button.
Welcome to the Grafana dashboard.
Now you need to make changes to the Grafana configuration file to disable the ability to register users without the knowledge of the Grafana administrator and to log in for anonymous users.
Open the Grafana configuration file in a text editor using the command:
sudo vim /etc/grafana/grafana.ini
Hit the “i” button to switch to edit mode, in the “users” section, find the “allow_sign_up = false” parameter and uncomment it by removing the “;” symbol.
In the “auth.anonymous” section, find the “enabled = false” parameter and uncomment it by removing the “;” symbol.
Now press the “Esc” button to exit edit mode, then type “:x” and press the “Enter” button to save your changes and exit the editor.
Restart Grafana to apply the changes made using the command:
sudo systemctl restart grafana-server
Let’s check that Grafana has started successfully using the command:
sudo systemctl status grafana-server
Everything is ready to use Grafana.