sudo useradd --system --home /var/lib/prometheus --shell /usr/sbin/nologin prometheus
cd /tmp
curl -LO https://github.com/prometheus/prometheus/releases/download/v3.8.1/prometheus-3.8.1.linux-amd64.tar.gz
sudo tar -xzf prometheus-3.8.1.linux-amd64.tar.gz -C /opt
sudo mv /opt/prometheus-3.8.1.linux-amd64 /opt/prometheus
sudo mkdir -p /etc/prometheus /var/lib/prometheus
sudo chown -R prometheus:prometheus /opt/prometheus /etc/prometheus /var/lib/prometheus
Copy default config:
sudo cp /opt/prometheus/prometheus.yml /etc/prometheus/
sudo chown prometheus:prometheus /etc/prometheus/prometheus.yml
sudo tee /etc/systemd/system/prometheus.service >/dev/null <<'SERVICE'
[Unit]
Description=Prometheus Monitoring
After=network.target
[Service]
User=prometheus
Group=prometheus
Type=simple
ExecStart=/opt/prometheus/prometheus \
--config.file=/etc/prometheus/prometheus.yml \
--storage.tsdb.path=/var/lib/prometheus \
--web.listen-address=:9090
Restart=on-failure
[Install]
WantedBy=multi-user.target
SERVICE
Enable and start:
sudo systemctl daemon-reload
sudo systemctl enable --now prometheus
On UFW:
sudo ufw allow 9090/tcp
On firewalld:
sudo firewall-cmd --permanent --add-port=9090/tcp
sudo firewall-cmd --reload
Open http://SERVER_IP:9090.
See Prometheus Hardening.