
How to Install and Secure Grafana on Ubuntu 24
Grafana is an open-source analytics and interactive visualization platform that transforms your metrics into meaningful dashboards. With Ubuntu 24’s enhanced security features and improved package management, setting up Grafana becomes more straightforward while maintaining enterprise-grade security. This guide walks you through installing Grafana on Ubuntu 24, implementing proper security measures, and optimizing performance for production environments.
Understanding Grafana Architecture and Requirements
Grafana operates as a web-based application that connects to various data sources like Prometheus, InfluxDB, MySQL, and PostgreSQL. The application consists of several components: the web server, database backend, alerting engine, and plugin system. On Ubuntu 24, Grafana leverages systemd for service management and can utilize either SQLite for development or PostgreSQL/MySQL for production deployments.
Before installation, ensure your Ubuntu 24 system meets these requirements:
- Minimum 1GB RAM (4GB recommended for production)
- 2 CPU cores or more
- At least 10GB available disk space
- Network connectivity for downloading packages
- Non-root user with sudo privileges
Step-by-Step Grafana Installation
The installation process involves adding the official Grafana repository, installing the package, and configuring the service. Start by updating your system and installing required dependencies:
sudo apt update && sudo apt upgrade -y
sudo apt install -y software-properties-common apt-transport-https wget curl
Add the Grafana GPG key and repository to ensure package authenticity:
wget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add -
echo "deb https://packages.grafana.com/oss/deb stable main" | sudo tee /etc/apt/sources.list.d/grafana.list
Install Grafana and enable the service:
sudo apt update
sudo apt install grafana
sudo systemctl enable grafana-server
sudo systemctl start grafana-server
Verify the installation by checking the service status:
sudo systemctl status grafana-server
Grafana should now be accessible at http://your-server-ip:3000
with default credentials (admin/admin).
Essential Security Configuration
Security should be your top priority when deploying Grafana in production. The default configuration lacks several critical security measures that need immediate attention.
Firewall Configuration
Configure UFW to restrict access to Grafana port:
sudo ufw enable
sudo ufw allow ssh
sudo ufw allow from your-trusted-ip to any port 3000
sudo ufw reload
SSL/TLS Implementation
Never run Grafana without HTTPS in production. Generate SSL certificates using Let’s Encrypt or configure a reverse proxy. Here’s a basic Nginx reverse proxy configuration:
sudo apt install nginx certbot python3-certbot-nginx
sudo nano /etc/nginx/sites-available/grafana
Add this configuration:
server {
listen 80;
server_name your-domain.com;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Enable the site and obtain SSL certificate:
sudo ln -s /etc/nginx/sites-available/grafana /etc/nginx/sites-enabled/
sudo certbot --nginx -d your-domain.com
sudo systemctl reload nginx
Grafana Security Settings
Modify the main configuration file for enhanced security:
sudo nano /etc/grafana/grafana.ini
Critical security configurations:
[security]
admin_user = your-admin-username
admin_password = strong-password-here
secret_key = generate-random-32-char-key
disable_gravatar = true
cookie_secure = true
cookie_samesite = strict
[auth]
disable_login_form = false
disable_signout_menu = false
[auth.anonymous]
enabled = false
[server]
protocol = http
http_port = 3000
domain = your-domain.com
root_url = https://your-domain.com
Restart Grafana to apply changes:
sudo systemctl restart grafana-server
Database Backend Configuration
While SQLite works for development, production environments require PostgreSQL or MySQL. Here’s how to configure PostgreSQL as the backend:
sudo apt install postgresql postgresql-contrib
sudo systemctl start postgresql
sudo systemctl enable postgresql
Create a dedicated database and user:
sudo -u postgres psql
CREATE DATABASE grafana;
CREATE USER grafana WITH PASSWORD 'secure-password';
GRANT ALL PRIVILEGES ON DATABASE grafana TO grafana;
\q
Update Grafana configuration:
[database]
type = postgres
host = localhost:5432
name = grafana
user = grafana
password = secure-password
ssl_mode = require
Performance Optimization and Monitoring
Grafana performance depends on several factors including data source response times, dashboard complexity, and system resources. Monitor these key metrics:
Metric | Optimal Range | Impact |
---|---|---|
Memory Usage | < 80% of available RAM | Dashboard loading speed |
CPU Usage | < 70% average | Query processing speed |
Disk I/O | < 80% capacity | Database performance |
Network Latency | < 100ms to data sources | Real-time data updates |
Configure performance settings in grafana.ini:
[log]
level = warn
[analytics]
reporting_enabled = false
check_for_updates = false
[snapshots]
external_enabled = false
[dashboards]
versions_to_keep = 20
[alerting]
enabled = true
execute_alerts = true
Real-World Use Cases and Integration Examples
Grafana excels in various scenarios. Here are practical implementations:
Infrastructure Monitoring
Integrate with Prometheus for comprehensive system monitoring. Install Prometheus first:
wget https://github.com/prometheus/prometheus/releases/download/v2.40.0/prometheus-2.40.0.linux-amd64.tar.gz
tar xvfz prometheus-*.tar.gz
sudo mv prometheus-2.40.0.linux-amd64 /opt/prometheus
Create a systemd service for Prometheus and configure Grafana to use it as a data source through the UI at Data Sources → Add data source → Prometheus with URL http://localhost:9090
.
Application Performance Monitoring
For applications running on VPS or dedicated servers, configure custom metrics collection using StatsD or direct API integration.
Common Issues and Troubleshooting
Several issues commonly occur during Grafana deployment:
- Port 3000 already in use: Check for conflicting services with
sudo netstat -tlnp | grep :3000
- Permission denied errors: Ensure grafana user has proper permissions:
sudo chown -R grafana:grafana /var/lib/grafana
- Database connection failures: Verify database credentials and network connectivity
- Plugin installation issues: Check internet connectivity and proxy settings
- Memory issues: Monitor logs with
sudo journalctl -u grafana-server -f
Debug configuration issues by temporarily increasing log verbosity:
[log]
level = debug
Alternative Monitoring Solutions Comparison
While Grafana is powerful, consider these alternatives based on your needs:
Solution | Best For | Complexity | Cost |
---|---|---|---|
Grafana | Flexible dashboards, multiple data sources | Medium | Free/Enterprise |
Kibana | Log analysis, Elasticsearch integration | High | Free/Commercial |
Datadog | All-in-one monitoring, cloud-native | Low | Subscription |
Prometheus UI | Simple metrics queries | Low | Free |
Best Practices and Production Considerations
Follow these practices for robust Grafana deployments:
- Implement regular backups of Grafana database and configuration files
- Use configuration management tools like Ansible for consistent deployments
- Set up monitoring for Grafana itself using external tools
- Implement proper user management with LDAP or OAuth integration
- Use templating and variables for scalable dashboard design
- Regular security updates and dependency management
- Load balancing for high-availability setups
Configure automated backups:
#!/bin/bash
BACKUP_DIR="/backup/grafana"
DATE=$(date +%Y%m%d_%H%M%S)
mkdir -p $BACKUP_DIR
sudo systemctl stop grafana-server
sudo tar -czf $BACKUP_DIR/grafana_backup_$DATE.tar.gz /etc/grafana /var/lib/grafana
sudo systemctl start grafana-server
For additional security, consider implementing rate limiting, IP whitelisting, and regular security audits. The official Grafana security documentation provides comprehensive guidance for enterprise deployments.
Your Grafana installation on Ubuntu 24 should now be secure, performant, and ready for production workloads. Regular maintenance, monitoring, and security updates will ensure optimal performance and protection against emerging threats.

This article incorporates information and material from various online sources. We acknowledge and appreciate the work of all original authors, publishers, and websites. While every effort has been made to appropriately credit the source material, any unintentional oversight or omission does not constitute a copyright infringement. All trademarks, logos, and images mentioned are the property of their respective owners. If you believe that any content used in this article infringes upon your copyright, please contact us immediately for review and prompt action.
This article is intended for informational and educational purposes only and does not infringe on the rights of the copyright owners. If any copyrighted material has been used without proper credit or in violation of copyright laws, it is unintentional and we will rectify it promptly upon notification. Please note that the republishing, redistribution, or reproduction of part or all of the contents in any form is prohibited without express written permission from the author and website owner. For permissions or further inquiries, please contact us.