Install Grafana on Ubuntu Server

This article is for those looking for a detailed and straightforward guide on installing Grafana on Ubuntu Server.

Grafana is an open-source platform for data visualization, monitoring, and analysis.

IMPORTANT

OpenSSH must be installed on the server, and port 22 must be open in order to be able to connect to the server using the SSH protocol.

To install OpenSSH on a server, you can use the command:

1
sudo apt install openssh-server

NOTE

To connect to the server from a Windows system, you can use tools like PuTTY or MobaXterm.

NOTE

This guide walks you through connecting to a server with the iTerm2 terminal emulator on macOS.

CAUTION

You will need to open the following TCP ports for access to the services:

• TCP port 80 - to get a free cryptographic certificate through Let’s Encrypt CA.
• TCP port 443 - to access the Grafana web interface.

We connect to the server on which you plan to install Grafana.

This tutorial walks you through obtaining a free cryptographic certificate through the Let’s Encrypt CA. To obtain and subsequently renew a free SSL certificate, we will use the Certbot software client, which is designed to make it as easy as possible to obtain and renew a certificate through the Let’s Encrypt certification authority.

Update the local package index to the latest changes in the repositories using the command:

1
sudo apt update

Now let’s install the packages required for Grafana to work using the command:

1
sudo apt install -y apache2 apt-transport-https certbot python3-certbot-apache

Let’s configure Apache for further work with Grafana.

We enable the Apache webserver module called “proxy_http” using the command:

1
sudo a2enmod proxy_http

NOTE

The “proxy_http” module acts like a proxy server for the HTTP and HTTPS protocols.

We enable the Apache webserver module called “rewrite” using the command:

1
sudo a2enmod rewrite

NOTE

The “rewrite” module is one of the most commonly used modules in the Apache webserver and provides a flexible and powerful way to manipulate URLs.

Now you need to create two virtual host files (called a block in Nginx), with which Grafana will work in the future.

Two virtual host files are required to provide access to Grafana over HTTPS, and to enable Grafana to be used at https://grafana.heyvaldemar.net, without specifying port 3000 in the browser address bar.

NOTE

In this tutorial, the grafana.heyvaldemar.net subdomain will be used to access Grafana from the Internet. You will need to specify your domain or subdomain by which your Grafana will be available from the Internet.

Let’s create the first virtual host file using a text editor using the command:

1
sudo vim /etc/apache2/sites-available/grafana.heyvaldemar.net.conf

Hit the “i” button to go into edit mode, then insert the following configuration for the webserver to work.

NOTE

In this tutorial, the grafana.heyvaldemar.net subdomain will be used to access Grafana from the Internet. You will need to specify your domain or subdomain by which your Grafana will be available from the Internet.

Now press the “Esc” button to exit edit mode, then type "" and press the “Enter” button to save your changes and exit the editor.

Let’s create a second virtual host file using a text editor using the command:

1
sudo vim /etc/apache2/sites-available/grafana.heyvaldemar.net-ssl.conf

Hit the “i” button to go into edit mode, then insert the following configuration for the webserver to work.

NOTE

In this tutorial, the grafana.heyvaldemar.net subdomain will be used to access Grafana from the Internet. You will need to specify your domain or subdomain by which your Grafana will be available from the Internet.

Now press the “Esc” button to exit edit mode, then type "" and press the “Enter” button to save your changes and exit the editor.

We activate the first virtual host using the command:

1
sudo a2ensite grafana.heyvaldemar.net.conf

We activate the second virtual host using the command:

1
sudo a2ensite grafana.heyvaldemar.net-ssl.conf

Deactivate the default virtual host using the command:

1
sudo a2dissite 000-default.conf

Verify that there are no errors in the syntax of the new Apache config file using the command:

1
sudo apache2ctl configtest

Restart Apache to apply the changes made using the command:

1
sudo systemctl restart apache2

Let’s check that Apache has started successfully using the command:

1
sudo systemctl status apache2

Now, in order to increase the security level of the webserver, you need to obtain a cryptographic certificate for the domain or subdomain, through which the Grafana control panel will be available from the Internet.

NOTE

To obtain and subsequently renew a free SSL certificate, we will use the Let’s Encrypt certification authority, as well as the Certbot software client, which is designed to make it as easy as possible to obtain and renew a certificate through the Let’s Encrypt certification authority.

NOTE

In this tutorial, the grafana.heyvaldemar.net subdomain will be used to access Grafana from the Internet. You will need to specify your domain or subdomain by which your Grafana will be available from the Internet.

Request a cryptographic certificate using the command:

1
sudo certbot --apache -d grafana.heyvaldemar.net

Next, we indicate the email address to which Let’s Encrypt will send notifications about the expiration of the cryptographic certificate and press the “Enter” button.

The next step is to read and accept the terms of use of the services provided.

Press the button “a”, then “Enter”, if you agree with the terms of use of the services provided.

The next step is to choose whether you want to share the above email address with the Electronic Frontier Foundation in order to receive newsletters.

Press the “n” button, then “Enter”.

At the next stage, you need to choose: do you want the parameters to be automatically added to the Apache configuration file for automatically redirecting HTTP traffic to HTTPS.

Press the button “2”, then “Enter”.

NOTE

Cryptographic certificates obtained through Let’s Encrypt CA are valid for ninety days. Certbot automatically adds a script to renew the certificate to the task scheduler and the script runs twice a day, automatically renewing any cryptographic certificate that expires within thirty days.

You can check the functionality of the cryptographic certificate renewal process using the command:

1
sudo certbot renew --dry-run

Now let’s add the official Grafana key using the command:

1
wget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add -

Next, we connect the Grafana repository using the command:

1
sudo add-apt-repository "deb https://packages.grafana.com/oss/deb stable main"

Now let’s install Grafana using the command:

1
sudo apt install -y grafana

Restart “systemd” to search for changed or new units using the command:

1
sudo systemctl daemon-reload

Launch Grafana using the command:

1
sudo systemctl start grafana-server

Let’s check that Grafana has started successfully using the command:

1
sudo systemctl status grafana-server

We enable the autostart of the Grafana service when the operating system starts using the command:

1
sudo systemctl enable grafana-server.service

From the workstation, go to the link https://grafana.heyvaldemar.net, where grafana.heyvaldemar.net is the name of my subdomain to access the Grafana control panel. You will need to specify your domain or subdomain by which your Grafana control panel will be accessible from the Internet.

The default username and password for the Grafana administrator account is “admin”.

Specify the username and password of an account with Grafana administrator rights and click on the “Log in” button.

Next, you need to change the password for the Grafana administrator account.

Specify a new password for the Grafana administrator account and click on the “Submit” button.

Welcome to the Grafana dashboard.

Now you need to make changes to the Grafana configuration file to disable the ability to register users without the knowledge of the Grafana administrator and to log in for anonymous users.

Open the Grafana configuration file in a text editor using the command:

1
sudo vim /etc/grafana/grafana.ini

Hit the “i” button to switch to edit mode, in the “users” section, find the “allow_sign_up = false” parameter and uncomment it by removing the ”;” symbol.

In the “auth.anonymous” section, find the “enabled = false” parameter and uncomment it by removing the ”;” symbol.

Now press the “Esc” button to exit edit mode, then type "" and press the “Enter” button to save your changes and exit the editor.

Restart Grafana to apply the changes made using the command:

1
sudo systemctl restart grafana-server

Let’s check that Grafana has started successfully using the command:

1
sudo systemctl status grafana-server

Everything is ready to use Grafana.