Running Grafana on Ubuntu and Nginx proxy_pass
Table of contents
Prerequisites
- Fundamental understanding How Nginx works.
- Basic setup on Ubuntu image follow LEMP steps, configure only
UFW
andNginx
. - A domain to host Grafana dashboard
Step 1 - Install Grafana
wget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add -
sudo add-apt-repository "deb https://packages.grafana.com/oss/deb stable main"
sudo apt update
apt-cache policy grafana
# outputs the version of Grafana that you are about to install, and where you will retrieve the package from
# Look like this:
# grafana:
# Installed: (none)
# Candidate: 6.3.3
# Version table:
# 6.3.3 500
# 500 https://packages.grafana.com/oss/deb stable/main amd64 Packages
sudo apt install grafana
sudo systemctl start grafana-server
sudo systemctl status grafana-server
sudo systemctl enable grafana-server
Step 2 - Nginx Reverse Proxy
Create nginx.conf
file for the hostname grafana.example.com
.
server {
listen 80;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name grafana.example.com;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $http_host;
# Set header will stop `Origin not allow` error, commonly for version 8.3.5
}
}
Step 3 - Install SSL certificate
sudo certbot --nginx -d grafana.example.com
sudo certbot renew --dry-run
# to auto renew SSL
Step 4 - Login to Grafana dashboard
First time loader, enter admin
for both username and password Change password as needed
Step 5 - Disable Grafana Registrations and Anonymous Access
run sudo vim /etc/grafana/grafana.ini
Look for below lines, remove ;
to activate the configuration.
[users]
# disable user signup / registration
allow_sign_up = false
[auth.anonymous]
# enable anonymous access
enabled = false
Restart the server:
sudo systemctl restart grafana-server
sudo systemctl status grafana-server
Protect Grafana with Cloudflared
tunnel
Close off unnecessary ports to the public internet. Follow steps on How to protect Grafana with Cloudflared
tunnel.