Skip to content
Greffon
Tutorial

Self-Host Grafana with Greffon

Grafana turns metrics into dashboards you actually read. Run it on a greffer you own, with the honest notes on data sources, storage, and backups.

GLGreffon Labs5 min read
~/blog/self-host-grafana

Grafana is the dashboard layer most self-hosters end up wanting: a single place to graph metrics, logs, and uptime from the rest of what you run. It does not collect data on its own. It connects to data sources and draws what they hold. Hosted Grafana exists, but if you are already running your own infrastructure, the dashboards that watch it may as well live on hardware you own too. The Greffon catalog ships Grafana, and grafting it takes the reverse-proxy and TLS plumbing off your plate.

Why own your dashboards

Grafana is open-source analytics and visualization: you point it at a data source (Prometheus, a SQL database, Loki for logs, and many more), build panels, and arrange them into dashboards. Running it yourself means the dashboards, the saved queries, and the data-source credentials all sit on a machine you control, not a SaaS account. For a tool whose whole job is to see into your other systems, that is a sensible place for it to live.

Graft it from the catalog

You do not hand-write a compose file or wire a reverse proxy. Pick Grafana from the catalog and graft it onto your greffer. You set the admin password on first start, and Greffon issues the certificate and routes the app, so it comes up reachable over HTTPS without you assembling that plumbing by hand.

The admin password needs at least 12 characters
Grafana's built-in admin user logs in with the password you set at graft time, and the catalog enforces a 12-character minimum. The username is admin. The data-source secret key is generated for you by the platform, so you do not need to invent one.

Reach it over HTTPS

A dashboard is only useful if you can pull it up from wherever you are. On the same network as your greffer, that works the moment Grafana starts. To reach it from anywhere else, you have two honest options.

The simplest is tunnel mode: a greffer connects outbound to the manager's tunnel and serves its apps without opening a single inbound port, which is the answer for a box behind NAT or CGNAT with no public IP. Grafana is a plain HTTP app, so the tunnel carries it cleanly. If you would rather expose the greffer directly, port forwarding plus dynamic DNS still works. Either way the dashboard stays reachable over HTTPS.

Grafana needs data to show

This is the part dashboard walkthroughs tend to skip. Grafana does not store metrics itself. A fresh install shows you an empty dashboard until you add a data source. If you want graphs of your own systems, you need something producing the data first: Prometheus scraping your hosts, a database you already run, or Loki collecting logs. Plan that side before you expect to see anything interesting.

Reaching a data source on the same greffer
Each greffon is isolated, so a Prometheus you also graft is not on Grafana's localhost. Point Grafana at the data source by its routed address rather than localhost, the same way an external client would reach it.

Where the dashboards live

Grafana keeps its state (dashboards, users, data-source definitions, and settings) in a database. By default that is a SQLite file inside the greffon's persistent storage, which is plenty for a single-instance setup and survives restarts and updates. It is light on memory and runs comfortably on a modest greffer. The thing to remember is that this state is the value: the panels you build over months are not regenerated from anywhere if the storage is lost.

Back up the config

Losing Grafana does not lose your metrics (those live in your data sources), but it does lose every dashboard and saved query you built, which can be a lot of work to recreate. Greffon handles TLS and routing today, and native one-click backups are coming in M2. Until then, bring your own backup tool (restic or borgbackup are the usual choices), back up the Grafana data directory on a schedule, and store a copy off the greffer.

A backup you have not restored is not a backup
Dashboards are easy to take for granted until they are gone. Test a restore once before you have built anything you would hate to lose. Five minutes now beats rebuilding a board from memory later.

FAQ

Does Grafana store my metrics?
No. Grafana is a visualization layer. It queries data sources (Prometheus, SQL databases, Loki, and others) and draws what they return. The metrics live in those sources, not in Grafana. Grafana only stores your dashboards, queries, users, and settings.
What do I need running alongside it?
At least one data source. The most common pairing is Prometheus for metrics, which you can also graft and then add as a data source in Grafana by its routed address. Without a data source, Grafana has nothing to chart.
Can I reach it from outside my home network?
Yes. Grafana is a plain HTTP app, so the built-in tunnel can serve it without opening inbound ports, which covers a greffer behind NAT or CGNAT. Port forwarding plus dynamic DNS also works if you prefer to expose the greffer directly. Either way it stays on HTTPS.
How heavy is it to run?
Light for a single instance. Grafana itself uses modest memory and stores its state in a SQLite file by default. The load that matters is on your data sources, not Grafana, so a small greffer is usually fine.
GL
Greffon Labs
We build Greffon, the simplest way to turn any machine into a server you own.

Ready to turn on your greffer?

Install in minutes. Deploy each app in seconds. Your server, your apps.

Read the docs