So yesterday we set up Zabbix and today we are installing Grafana so we can visualize our data in a fancy looking dashboard. The installation process for Grafana is very quick and can even be put on the same box as Zabbix or something like Prometheus

Prepare the System

As always we start by doing an update to make sure the latest OS patches are installed.

sudo apt upgrade && sudo apt upgrade && sudo apt autoremove

Installing Grafana

To install Grafana we just need to add the repository do a quick update then install the package and start the service.

# Add the gpg key
curl | sudo apt-key add -
# Add repo
sudo add-apt-repository "deb stable main"
# Update sources list
sudo apt update
# Now we can install
sudo apt install grafana
# Start the service
sudo systemctl start grafana-server
# Enable auto start
sudo systemctl enable grafana-server

Optional Steps

The default port is 3000 but we can change that by editing /etc/grafana/grafana.ini

protocol = http
http_port = 80

For this to work you would need to run the command below so that the grafana user can bind to ports under 1024

sudo setcap 'cap_net_bind_service=+ep' /usr/sbin/grafana-server`

A couple more options on this would be to use iptables to map 80 to 3000 which can be done using

sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3000`

or if you want to get fancy you could set up a reverse proxy and let that handle it although you would probably want to set the root_url value in the grafana.ini so you get the correct URL through on alerts.

If you wanted to configure your instance to use HTTPS your grafana.ini would something like the snippet below assuming you are using a certificate from Lets Encrypt

protocol = https
http_port = 443
domain = grafana.domain.tld
root_url = https://grafana.domain.tld
cert_file = /etc/letsencrypt/live/domain/fullchain.pem
cert_key = /etc/letsencrypt/live/domain/privkey.pem

You will need to make sure the grafana user has access to the cert and key files but other than that it is a fairly painless process. You can of course also take the reverse proxy route to do this so that your certificate is managed in one place which I find easier.

Handy information

Config File: /etc/grafana/grafana.ini
Logs: /var/log/grafana/grafana.log
Service: grafana-server (systemctl restart grafana-server)
Default username: admin
Default password: admin