Need answers fast? Your friendly Spider-Dev is live on Discord:
Install Grafana on Ubuntu Server
This article is for those looking for a detailed and straightforward guide on installing Grafana on Ubuntu Server.
Grafana is an open-source platform for data visualization, monitoring, and analysis.
IMPORTANTOpenSSH must be installed on the server, and port 22 must be open in order to be able to connect to the server using the SSH protocol.
To install OpenSSH on a server, you can use the command:
sudo apt install openssh-serverNOTETo connect to the server from a Windows system, you can use tools like PuTTY or MobaXterm.
NOTEThis guide walks you through connecting to a server with the iTerm2 terminal emulator on macOS.
CAUTIONYou will need to open the following TCP ports for access to the services:
- TCP port 80 - to get a free cryptographic certificate through Let’s Encrypt CA.
- TCP port 443 - to access the Grafana web interface.
We connect to the server on which you plan to install Grafana.
This tutorial walks you through obtaining a free cryptographic certificate through the Let’s Encrypt CA. To obtain and subsequently renew a free SSL certificate, we will use the Certbot software client, which is designed to make it as easy as possible to obtain and renew a certificate through the Let’s Encrypt certification authority.
Update the local package index to the latest changes in the repositories using the command:
sudo apt update
Now let’s install the packages required for Grafana to work using the command:
sudo apt install -y apache2 apt-transport-https certbot python3-certbot-apache
Let’s configure Apache for further work with Grafana.
We enable the Apache webserver module called “proxy_http” using the command:
sudo a2enmod proxy_httpNOTEThe “proxy_http” module acts like a proxy server for the HTTP and HTTPS protocols.
We enable the Apache webserver module called “rewrite” using the command:
sudo a2enmod rewriteNOTEThe “rewrite” module is one of the most commonly used modules in the Apache webserver and provides a flexible and powerful way to manipulate URLs.
Now you need to create two virtual host files (called a block in Nginx), with which Grafana will work in the future.
Two virtual host files are required to provide access to Grafana over HTTPS, and to enable Grafana to be used at https://grafana.heyvaldemar.net, without specifying port 3000 in the browser address bar.
NOTEIn this tutorial, the
grafana.heyvaldemar.netsubdomain will be used to access Grafana from the Internet. You will need to specify your domain or subdomain by which your Grafana will be available from the Internet.
Let’s create the first virtual host file using a text editor using the command:
sudo vim /etc/apache2/sites-available/grafana.heyvaldemar.net.conf
Hit the “i” button to go into edit mode, then insert the following configuration for the webserver to work.
NOTEIn this tutorial, the
grafana.heyvaldemar.netsubdomain will be used to access Grafana from the Internet. You will need to specify your domain or subdomain by which your Grafana will be available from the Internet.
Now press the “Esc” button to exit edit mode, then type "
Let’s create a second virtual host file using a text editor using the command:
sudo vim /etc/apache2/sites-available/grafana.heyvaldemar.net-ssl.conf
Hit the “i” button to go into edit mode, then insert the following configuration for the webserver to work.
NOTEIn this tutorial, the
grafana.heyvaldemar.netsubdomain will be used to access Grafana from the Internet. You will need to specify your domain or subdomain by which your Grafana will be available from the Internet.
Now press the “Esc” button to exit edit mode, then type "
We activate the first virtual host using the command:
sudo a2ensite grafana.heyvaldemar.net.conf
We activate the second virtual host using the command:
sudo a2ensite grafana.heyvaldemar.net-ssl.conf
Deactivate the default virtual host using the command:
sudo a2dissite 000-default.conf
Verify that there are no errors in the syntax of the new Apache config file using the command:
sudo apache2ctl configtest
Restart Apache to apply the changes made using the command:
sudo systemctl restart apache2
Let’s check that Apache has started successfully using the command:
sudo systemctl status apache2
Now, in order to increase the security level of the webserver, you need to obtain a cryptographic certificate for the domain or subdomain, through which the Grafana control panel will be available from the Internet.
NOTETo obtain and subsequently renew a free SSL certificate, we will use the Let’s Encrypt certification authority, as well as the Certbot software client, which is designed to make it as easy as possible to obtain and renew a certificate through the Let’s Encrypt certification authority.
NOTEIn this tutorial, the
grafana.heyvaldemar.netsubdomain will be used to access Grafana from the Internet. You will need to specify your domain or subdomain by which your Grafana will be available from the Internet.
Request a cryptographic certificate using the command:
sudo certbot --apache -d grafana.heyvaldemar.net
Next, we indicate the email address to which Let’s Encrypt will send notifications about the expiration of the cryptographic certificate and press the “Enter” button.
The next step is to read and accept the terms of use of the services provided.
Press the button “a”, then “Enter”, if you agree with the terms of use of the services provided.
The next step is to choose whether you want to share the above email address with the Electronic Frontier Foundation in order to receive newsletters.
Press the “n” button, then “Enter”.
At the next stage, you need to choose: do you want the parameters to be automatically added to the Apache configuration file for automatically redirecting HTTP traffic to HTTPS.
Press the button “2”, then “Enter”.
NOTECryptographic certificates obtained through Let’s Encrypt CA are valid for ninety days. Certbot automatically adds a script to renew the certificate to the task scheduler and the script runs twice a day, automatically renewing any cryptographic certificate that expires within thirty days.
You can check the functionality of the cryptographic certificate renewal process using the command:
sudo certbot renew --dry-run
Now let’s add the official Grafana key using the command:
wget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add -
Next, we connect the Grafana repository using the command:
sudo add-apt-repository "deb https://packages.grafana.com/oss/deb stable main"
Now let’s install Grafana using the command:
sudo apt install -y grafana
Restart “systemd” to search for changed or new units using the command:
sudo systemctl daemon-reload
Launch Grafana using the command:
sudo systemctl start grafana-server
Let’s check that Grafana has started successfully using the command:
sudo systemctl status grafana-server
We enable the autostart of the Grafana service when the operating system starts using the command:
sudo systemctl enable grafana-server.service
From the workstation, go to the link https://grafana.heyvaldemar.net, where grafana.heyvaldemar.net is the name of my subdomain to access the Grafana control panel. You will need to specify your domain or subdomain by which your Grafana control panel will be accessible from the Internet.
The default username and password for the Grafana administrator account is “admin”.
Specify the username and password of an account with Grafana administrator rights and click on the “Log in” button.
Next, you need to change the password for the Grafana administrator account.
Specify a new password for the Grafana administrator account and click on the “Submit” button.
Welcome to the Grafana dashboard.
Now you need to make changes to the Grafana configuration file to disable the ability to register users without the knowledge of the Grafana administrator and to log in for anonymous users.
Open the Grafana configuration file in a text editor using the command:
sudo vim /etc/grafana/grafana.ini
Hit the “i” button to switch to edit mode, in the “users” section, find the “allow_sign_up = false” parameter and uncomment it by removing the ”;” symbol.
In the “auth.anonymous” section, find the “enabled = false” parameter and uncomment it by removing the ”;” symbol.
Now press the “Esc” button to exit edit mode, then type "
Restart Grafana to apply the changes made using the command:
sudo systemctl restart grafana-server
Let’s check that Grafana has started successfully using the command:
sudo systemctl status grafana-server
Everything is ready to use Grafana.
Social Channels
- 🎬 YouTube
- 🐦 X (Twitter)
- 🐘 Mastodon
- 🧵 Threads
- 🧊 Bluesky
- 🎥 TikTok
- 📣 daily.dev Squad
- ✈️ Telegram
- 🐈 GitHub
Community of IT Experts
- 👾 Discord
Is this content AI-generated?
No. Every article on this blog is written by me personally, drawing on decades of hands-on IT experience and a genuine passion for technology.
I use AI tools exclusively to help polish grammar and ensure my technical guidance is as clear as possible. However, the core ideas, strategic insights, and step-by-step solutions are entirely my own, born from real-world work.
Because of this human-and-AI partnership, some detection tools might flag this content. You can be confident, though, that the expertise is authentic. My goal is to share road-tested knowledge you can trust.