Skip to content
Greffon
Tutorial

Self-Host Uptime Kuma with Greffon

A monitor tells you when things break, so it has to outlive the things it watches. Here is the honest setup for Uptime Kuma on a greffer, including the one place not to host it.

GLGreffon Labs5 min read
~/blog/self-host-uptime-kuma

Uptime Kuma is a self-hosted watchdog: it pings your sites, services, and ports on a schedule, shows you a clean status page, and pings you when something stops answering. The appeal of running your own is the same as running your own anything. You are not paying a monitoring SaaS per check, and the data about what you run stays on a machine you own. Greffon takes the reverse-proxy and certificate work off your plate so the monitor comes up reachable over HTTPS from the first start.

Why own the monitor

Uptime Kuma covers the checks most people reach a paid tool for: HTTP and HTTPS endpoints, TCP ports, DNS records, ping, and keyword matching on a page. It keeps history, draws uptime percentages, and publishes a public or private status page you can point users at during an incident. It is light enough to sit comfortably on a modest greffer alongside whatever else you run.

The honest pitch is not that self-hosting makes monitoring more accurate. It is that you own the box, the history, and the notification config, instead of renting them. That trade comes with one real catch, covered below: a monitor that runs next to the things it watches cannot tell you when the whole machine goes dark.

Graft it from the catalog

On a greffer you do not hand-write a compose file or wire a reverse proxy. Pick Uptime Kuma from the catalog and graft it onto your greffer. Greffon issues the certificate and routes the app, so it comes up reachable over HTTPS without you assembling that plumbing by hand. On first load you create the admin account directly in the web UI, then start adding monitors.

It watches over HTTP, not just on your LAN
Uptime Kuma reaches its targets as outbound network calls, so it can watch public endpoints and anything it can route to from the greffer. What it cannot see is a target on a private network the greffer has no path to. Put the monitor where it can actually reach what you want watched.

Reach it and get alerts out

The dashboard and status page are plain HTTP apps, which is the easy case for external access. On the same network as your greffer it works the moment it starts. To reach it from anywhere else you have two honest options.

The simplest is tunnel mode: a greffer connects outbound to the manager's tunnel and serves its apps without opening a single inbound port, which is the answer for a box behind NAT or CGNAT with no public IP. If you would rather expose the greffer directly, port forwarding plus dynamic DNS still works. Either way the dashboard and status page stay reachable over HTTPS. Alerts are separate: Uptime Kuma sends notifications outbound to the channels you configure (email, Telegram, Slack, a generic webhook, and many more), so getting alerts out does not require any inbound exposure at all.

Where a watchdog should live

This is the tradeoff specific to a monitor, and it is worth stating plainly: a watchdog cannot report on the machine it is running on. If you host Uptime Kuma on the same greffer as the services it watches and that greffer loses power or its network, the monitor goes down with everything else and you get no alert about the outage that matters most.

Do not monitor a box only from itself
Run the monitor somewhere independent of the most important things it watches. A small separate greffer, a cheap VPS in another location, or a free cloud box is enough. If you only have one machine, pair Uptime Kuma with an external dead-man check so you still hear about a full outage.

Back up the config

All of your monitors, notification settings, status pages, and history live in Uptime Kuma's data directory on the greffer. Losing it means rebuilding every check and alert by hand. Greffon handles TLS and routing today, and native one-click backups are coming in M2. Until then, bring your own backup tool (restic or borgbackup are the usual choices), back up the Uptime Kuma data on a schedule, and store a copy off the greffer. The dataset is small, so this is cheap to do often.

Keep it always-on

A monitor that sleeps misses outages, so it needs to be up around the clock. Run it on an always-on greffer such as a small VPS, a mini-PC, or a free Oracle Cloud box, rather than a laptop that sleeps at night. The Oracle walkthrough is a good place to get an independent greffer running, which doubles as the separate machine a watchdog wants to live on.

FAQ

What can Uptime Kuma actually monitor?
HTTP and HTTPS endpoints, TCP ports, DNS records, ping, and keyword checks on a page, among others. It records history, computes uptime percentages, and can publish a status page. It does not do deep application metrics or log collection. It answers the question 'is this up and responding', which is the question most people want a watchdog for.
Will it alert me if the whole greffer goes down?
Not if the monitor is on that same greffer. A watchdog cannot report on its own machine. Host Uptime Kuma somewhere independent of the things it watches, or pair it with an external dead-man check, so a full outage still reaches you.
Do I need to open inbound ports for alerts to work?
No. Notifications are sent outbound from the greffer to whatever channel you configure, so alerts work even on a box behind NAT with no inbound exposure. You only need external reachability if you want to open the dashboard or status page from outside your network, and the Stem tunnel covers that over HTTPS without opening ports.
Is it heavy to run?
No. Uptime Kuma is light and its dataset is small, so it sits comfortably on a modest greffer. Memory and storage grow slowly with the number of monitors and how much history you keep, not in a way most setups will notice.
GL
Greffon Labs
We build Greffon, the simplest way to turn any machine into a server you own.

Ready to turn on your greffer?

Install in minutes. Deploy each app in seconds. Your server, your apps.

Read the docs