Table of Contents
Was this article helpful?

1  out of  1 found this helpful

Try Vultr Today with

$50 Free on Us!

Want to contribute?

You could earn up to $600 by adding new articles.

Install Grafana on Ubuntu 16.04 LTS

Last Updated: Fri, Jun 8, 2018
Linux Guides Server Apps Ubuntu
Archived content

This article is outdated and may not work correctly for current operating systems or software.


Grafana is an open-source software that transforms multiple feeds from systems such as Graphite, Telegraf, and InfluxDB into beautiful metrics in a centralized dashboard.

This tutorial will cover the process of installing the Grafana web interface.


  • An Ubuntu 16.04 LTS x64 server instance.

  • A sudo (or root account) user.

  • Optional: A DNS name (for use with Let's Encrypt certificates)

Update the system

Update your system before installing Grafana.

apt-get update && apt-get upgrade 

Preparing the firewall

First let’s harden the image a little bit. Let’s also check if the image that has been provisioned has ufw enabled.

root@vultr:~# ufw status

Status: inactive

By default it's disabled, so we will need to add a few rules:

  • Rule 1: ssh: TCP port 22

  • Rule 2: http: TCP port 3000 (default Grafana port)

Execute the following commands one by one.

ufw allow 22/tcp

ufw allow 3000/tcp

Enable the firewall services.

ufw enable

The firewall will prompt a dialog to accept changes. Just press Y.

Command may disrupt existing ssh connections. Proceed with operation (y|n)?

Installing Grafana

By default, Grafana is not in the repositories. Add the repo key and packages.

curl | sudo apt-key add -

Next, add the "packagecloud" repository to your repositories.

add-apt-repository "deb stretch main"

Update apt to fetch the latest information from our newly added "packagecloud" repo.

apt-get update

Now we can install Grafana.

apt-get install grafana

Once Grafana has been installed, start it with systemctl.

systemctl start grafana-server

This will show a working Grafana service.

systemctl status grafana-server

Start the Grafana service on boot.

systemctl enable grafana-server

Disabling Grafana registrations and anonymous access

Out of the box, Grafana allows visitors to create user accounts and preview dashboards without registering. This means we are exposing Grafana to the public internet. But not to worry, let's find and disable these settings.

First open Grafana's configuration file.

nano /etc/grafana/grafana.ini

Locate the allow_sign_up settings under the [users] heading.


# disable user signup / registration

;allow_sign_up = true

By default it is set to true, so change it to false and uncomment the line.


# disable user signup / registration

allow_sign_up = false

Next, verify that anonymous access is disabled. This can be found under the [auth.anonymous] settings.


# enable anonymous access

;enabled = false

Change it to false and uncomment the line.


enabled = false

Exit nano and save the file.

To activate the changes, restart Grafana.

systemctl restart grafana-server

Now verify that everything is working by checking Grafana's service status.

systemctl status grafana-server

The Grafana daemon listens to port 3000. In order to visit the Grafana Dashboard, point your browser to (replace this IP with your actual server IP), and use the default login credentials below.

Username: admin

Password: admin

Enabling an HTTPS certificate for Grafana (optional)

This is an optional step. If we have a configured DNS name, we can use Let's encrypt to enable HTTPS for our new Grafana installation.

Installation and configuration of Nginx

To achieve this, we will be using Nginx, as this software is capable of using Let's Encrypt certificates.

Start by installing Nginx.

apt-get install nginx

Once installed, edit the default configuration.

nano /etc/nginx/sites-available/default

Replace the default configuration with the following configuration.

server {      


  proxy_request_buffering off;

  proxy_buffering off;

  location / {


     proxy_redirect     off;

     proxy_set_header   Host $host;

     proxy_set_header   X-Real-IP $remote_addr;

     proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;

     proxy_set_header   X-Forwarded-Host $server_name;



This will create a proxy for the website running at port 80. Restart Nginx, and enable it at boot.

systemctl restart nginx

systemctl enable nginx

Ensure everything is working.

systemctl status nginx

Disable the old Grafana port 3000 and allow traffic on port 80.

ufw allow 80/tcp

ufw delete allow 3000/tcp

Installing Let's Encrypt

Before we can use certbot, we need to add the correct PPA to the system containing our certbot packages.

add-apt-repository ppa:certbot/certbot

Press ENTER to accept the configuration change.

Update apt to gather the new packages.

apt-get update

Next install the Nginx module for assigning the certificates.

apt-get -y install python-certbot-nginx

Configuring certificates

Configure the firewall to allow the HTTPS through the firewall.

ufw allow 443/tcp

Before we can request new certificates, we need a DNS name.

nano /etc/nginx/sites-available/default

Add the following server_name setting. This is our DNS name.


Change the configuration to reflect this new setting.

server {



  proxy_request_buffering off;

  proxy_buffering off;

  location / {


     proxy_redirect     off;

     proxy_set_header   Host $host;

     proxy_set_header   X-Real-IP $remote_addr;

     proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;

     proxy_set_header   X-Forwarded-Host $server_name;



Ensure we didn't make any errors and restart Nginx.

nginx -t

systemctl restart nginx

Now request a certificate with certbot.

certbot --nginx -d

Provide your email and agree to questions asked by installer. You can safely say "No" to sharing your email. Certbot will automatically ask what to do with HTTPS. We will be using option 2: redirect to HTTPS.

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.


1: No redirect - Make no further changes to the webserver configuration.

2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for

new sites, or if you're confident your site works on HTTPS. You can undo this

change by editing your web server's configuration.


Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Auto renew certificates

Let's encrypt certificates require renewal. Luckily we can create a cron job for this. Start by editing the crontab.

crontab -e

Add the following line.

05 2 * * * /usr/bin/certbot renew --quiet

This will check at 2:05 AM if any certificates require a renewal and will renew them.

Grafana will be running on HTTPS now. One last thing is to change the admin password. Visit your installation at By default, the credentials for logging in are 'admin/admin'.

To change the admin username, click on the cog icon on the left, go to "Configuration", then "Server Admin" and click the admin username.

Want to contribute?

You could earn up to $600 by adding new articles.