So yesterday we set up Zabbix and today we are installing Grafana so we can visualize our data in a fancy looking dashboard. The installation process for Grafana is very quick and can even be put on the same box as Zabbix or something like Prometheus
Prepare the System
As always we start by doing an update to make sure the latest OS patches are installed.
sudo apt upgrade && sudo apt upgrade && sudo apt autoremove
To install Grafana we just need to add the repository do a quick update then install the package and start the service.
# Add the gpg key
curl https://packages.grafana.com/gpg.key | sudo apt-key add -
# Add repo
sudo add-apt-repository "deb https://packages.grafana.com/oss/deb stable main"
# Update sources list
sudo apt update
# Now we can install
sudo apt install grafana
# Start the service
sudo systemctl start grafana-server
# Enable auto start
sudo systemctl enable grafana-server
The default port is 3000 but we can change that by editing
protocol = http
http_port = 80
For this to work you would need to run the command below so that the grafana user can bind to ports under 1024
sudo setcap 'cap_net_bind_service=+ep' /usr/sbin/grafana-server`
A couple more options on this would be to use iptables to map 80 to 3000 which can be done using
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3000`
or if you want to get fancy you could set up a reverse proxy and let that handle it although you would probably want to set the
root_url value in the
grafana.ini so you get the correct URL through on alerts.
If you wanted to configure your instance to use HTTPS your
grafana.ini would something like the snippet below assuming you are using a certificate from Lets Encrypt
protocol = https
http_port = 443
domain = grafana.domain.tld
root_url = https://grafana.domain.tld
cert_file = /etc/letsencrypt/live/domain/fullchain.pem
cert_key = /etc/letsencrypt/live/domain/privkey.pem
You will need to make sure the grafana user has access to the cert and key files but other than that it is a fairly painless process. You can of course also take the reverse proxy route to do this so that your certificate is managed in one place which I find easier.
Config File: /etc/grafana/grafana.ini
Service: grafana-server (systemctl restart grafana-server)
Default username: admin
Default password: admin