How to Deploy Grafana – Metrics Visualization Platform

Deploy Grafana with Docker Compose and Traefik for secure, persistent dashboard visualization

Grafana is an open-source analytics and visualization platform designed for observability and monitoring. It connects to data sources and renders interactive dashboards and graphs, while also generating alerts to help you visualize and analyze metrics, logs, and traces from your infrastructure and applications in real-time.

In this article, you will deploy Grafana using Docker Compose, configure persistent storage for dashboard and plugin data, and set up Traefik as a reverse proxy to securely access your Grafana instance.

Prerequisites

Before you begin, you need to:

Have access to an Ubuntu 24.04-based server as a non-root user with sudo privileges.
Install Docker and Docker Compose.
Configure a domain A record pointing to your server’s IP address (for example, grafana.example.com).

Set Up the Directory Structure and Environment Variables

In this section, you prepare the required directory structure for Grafana and define environment variables in a .env file.

Create the directory structure for Grafana.
console
```
$ mkdir -p ~/grafana-monitoring/grafana-data
```
This directory stores Grafana’s database, dashboards, plugins, and configuration files.
Navigate into the grafana-monitoring directory.
console
```
$ cd ~/grafana-monitoring
```
Set proper ownership for the Grafana data directory. Grafana runs as the grafana user (UID 472) inside the container.
console
```
$ sudo chown -R 472:472 grafana-data
```
Create a .env file.
console
```
$ nano .env
```
Add the following variables:
ini
```
DOMAIN=grafana.example.com
LETSENCRYPT_EMAIL=admin@example.com

GF_ADMIN_PASSWORD=changeme
```
Replace:
- grafana.example.com with your domain.
- admin@example.com with your email.
- changeme with a strong password.
Save and close the file.

Deploy with Docker Compose

In this section, you create and deploy the Docker Compose stack that runs Grafana behind Traefik. Docker Compose manages both containers, applies the environment variables from your .env file, and automatically configures HTTPS routing through Traefik.

Create a new Docker Compose manifest.
console
```
$ nano docker-compose.yaml
```

Add the following content.

yaml

services:
  traefik:
    image: traefik:v3.6
    container_name: traefik
    command:
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    restart: unless-stopped

  grafana:
    image: grafana/grafana:latest
    container_name: grafana
    hostname: grafana
    expose:
      - "3000"
    volumes:
      - "./grafana-data:/var/lib/grafana"
    environment:
      - GF_SERVER_ROOT_URL=https://${DOMAIN}
      - GF_SECURITY_ADMIN_PASSWORD=${GF_ADMIN_PASSWORD}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.grafana.rule=Host(`${DOMAIN}`)"
      - "traefik.http.routers.grafana.entrypoints=websecure"
      - "traefik.http.routers.grafana.tls.certresolver=letsencrypt"
    restart: unless-stopped

volumes:
  letsencrypt:

Save and close the file.

This deployment specification includes:

services: Two containers form the visualization stack:
- traefik: Processes incoming HTTP/HTTPS requests, handles certificate management, and routes connections to Grafana.
- grafana: Hosts the dashboard interface and generates visual representations of data.
image: Specifies the Docker images for each service.
container_name: Persistent naming conventions facilitate operational tasks including log review and service management.
command (Traefik): Configures operational behavior including Docker integration, dual-port listening (80/443), protocol redirection from HTTP to HTTPS, and Let’s Encrypt certificate automation using HTTP challenge mechanisms.
ports (Traefik): Maps host ports 80 and 443 to enable external client connectivity.
expose (Grafana): Provides internal network access on port 3000 for Traefik routing without creating public exposure.
volumes:
- The bind mount (./grafana-data) maintains persistent storage for application databases, dashboard configurations, and installed plugins.
- Certificate data persists in the letsencrypt named volume across service restarts.
- Read-only Docker socket access (/var/run/docker.sock) allows Traefik to dynamically detect running containers.
environment (Grafana): References domain and admin password from the .env file for public-facing URL configuration and initial credentials.
labels (Grafana): Traefik configuration annotations that enable request forwarding, define hostname-based routing, and specify the TLS certificate provider.
restart: unless-stopped: Ensures containers restart automatically following system events unless explicitly stopped by administrators.

Create and start the services.
console
```
$ docker compose up -d
```

Verify that the services are running.

console

$ docker compose ps

Output:

NAME      IMAGE                    COMMAND                  SERVICE   CREATED          STATUS          PORTS
grafana   grafana/grafana:latest   "/run.sh"                grafana   35 seconds ago   Up 34 seconds   3000/tcp
traefik   traefik:v3.6             "/entrypoint.sh --pr…"   traefik   35 seconds ago   Up 34 seconds   0.0.0.0:80->80/tcp, [::]:80->80/tcp, 0.0.0.0:443->443/tcp, [::]:443->443/tcp

Both containers are running successfully. Grafana is ready to render dashboards while Traefik accepts connections on ports 80 and 443.

View the logs of the services.
console
```
$ docker compose logs
```
For more information on managing a Docker Compose stack, see the How To Use Docker Compose article.

Access Grafana

In this section, you access the Grafana web interface and verify your installation by exploring the default interface and available features.

Open the Grafana web interface in your browser.
```
https://grafana.example.com
```
Sign in with the default credentials:
- Username: admin
- Password: The password you set in the .env file
The Grafana home page displays after login. Explore the main interface sections:
- Click Connections > Data sources to access the data source management page, where you can add monitoring backends like Prometheus, Loki, or other data sources.
- Click Dashboards to access the dashboard library where you can create and manage visualizations.
- Click Explore to access the query editor for ad-hoc data exploration.
Verify your Grafana version and build information. Click the question mark icon ? in the top-right corner to open the Help menu. The version and build number appear at the top of the menu (for example, Grafana v12.3.0).

Conclusion

You have successfully deployed Grafana for monitoring visualization with production-ready HTTPS security. The containerized deployment maintains dashboard configurations and application state through persistent volumes, while automated certificate management ensures continuous secure access. With Traefik handling SSL termination and traffic routing, Grafana stands ready to connect with observability backends including Prometheus, Loki, Tempo, and Mimir, transforming raw telemetry into actionable visual insights through customizable dashboards.

Cobra Softwares Blog