Welcome to Linux Ways

Monitoring DigitalOcean Droplets with Prometheus & Grafana Using Docker

By Atif Ahmed on

Architecture

🧰 Step 1. Prerequisites

On all droplets, install:

sudo apt update -y
sudo apt install docker.io docker-compose ufw -y
sudo systemctl enable docker
sudo systemctl start docker

βš™οΈ Step 2. Setup Node Exporter on Each App Droplet

Run Node Exporter in Docker:

docker run -d --name=node_exporter --restart=always -p 9100:9100 prom/node-exporter

Check:

curl http://localhost:9100/metrics | head

πŸ” Configure UFW on Node Exporter Droplets

We’ll only allow the Monitoring Droplet’s IP to access Node Exporter (port 9100).

sudo ufw allow OpenSSH
sudo ufw allow from <MONITORING_DROPLET_IP> to any port 9100 proto tcp
sudo ufw enable
sudo ufw status

βœ… This ensures only Prometheus can scrape metrics.

🧩 Step 3. Prometheus + Grafana on Monitoring Droplet

mkdir -p ~/monitoring/{prometheus,grafana}
cd ~/monitoring

prometheus/prometheus.yml

global:
  scrape_interval: 15s

scrape_configs:
  - job_name: 'droplets'
    static_configs:
      - targets:
          - "159.89.xx.xx:9100"   # Droplet 1
          - "178.62.xx.xx:9100"   # Droplet 2
          - "165.22.xx.xx:9100"   # Droplet 3

docker-compose.yml

version: "3.8"

services:
  prometheus:
    image: prom/prometheus
    container_name: prometheus
    restart: always
    ports:
      - "9090:9090"
    volumes:
      - ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml

  grafana:
    image: grafana/grafana
    container_name: grafana
    restart: always
    ports:
      - "3000:3000"
    environment:
      - GF_SECURITY_ADMIN_USER=admin
      - GF_SECURITY_ADMIN_PASSWORD=adm

πŸš€ Step 4. Run Stack

docker-compose up -d
docker ps

Check access:

Prometheus: http://monitoring-droplet-ip:9090

Grafana: http://monitoring-droplet-ip:3000

πŸ”’ Step 5. Secure Monitoring Droplet with UFW

We’ll only allow:

SSH

Prometheus (9090)

Grafana (3000)

Internal outbound scraping

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow OpenSSH

# Allow Grafana and Prometheus from your laptop/public IP
sudo ufw allow from <YOUR_PUBLIC_IP> to any port 3000 proto tcp
sudo ufw allow from <YOUR_PUBLIC_IP> to any port 9090 proto tcp

# (optional) allow VPC access if droplets in same network
sudo ufw allow from 10.0.0.0/8 to any port 9090 proto tcp

sudo ufw enable
sudo ufw status numbered

βœ… Now, only your IP can view dashboards; others are blocked.

🧱 Step 6. Configure Grafana

  1. Visit Grafana β†’ http://monitoring-droplet-IP:3000
  2. Login β†’ admin / admin
  3. Add Prometheus Data Source

URL: http://prometheus:9090

Save & Test βœ…

  1. Import Dashboards:

Linux Node Exporter Full β†’ Grafana Dashboard 1860

Docker Container Metrics β†’ Grafana Dashboard 893

πŸ“Š Step 7. Validate Everything

Prometheus Targets:

http://:Monitor-Droplet-IP:9090/targets

βœ… All should show β€œUP”

Grafana Dashboard: βœ… Shows CPU, Memory, Disk, Network live metrics

βœ… Summary

ComponentPortAccessDescription
Prometheus9090Only from your IPCollect and stores metrics
Grafana3000Only from your IPDashboards & Visualization
Node Exporter9100Only from Monitoring DropletExposes system metrics

Leave a Reply

Your email address will not be published. Required fields are marked *