Skip to main content

17: Netdata - Real-time Performance Monitoring

Netdata is a powerful,distributed, real-time performance monitoring toolsolution thatbuilt showswith youC exactlyand what's happening on your server right now.Node.js. It displaysprovides beautifulsub-second graphsgranularity ofmetrics collection, zero-configuration operation, and comprehensive system monitoring including CPU, memory, disk, network, processes, and Docker containerscontainers. - updating every single second! Think of it as a real-time health dashboard for your entire server.

For advanced features, API documentation, advanced configuration, and customizationdevelopment options,guides, see the official Netdata documentation.

Why Netdata?

  • Real-time monitoring - See updates every second, not every minute
  • Beautiful graphs - Colorful, easy-to-read charts for everything
  • Zero configuration - Works immediately after installation
  • Auto-discovery - Automatically finds and monitors all Docker containers
  • Low resource usage - Uses only ~50MB of RAM
  • Comprehensive metrics - CPU, RAM, disk, network, processes, and more
  • Alert notifications - Get notified when something goes wrong
  • Historical data - See trends over time

Prerequisites

  • Docker runninginstalled (fromChapter 3)
  • Docker Compose (Chapter 3)
  • Optional: Traefik installed (from Chapter 4) for HTTPS access with aLet's domainEncrypt
  • Optional: SubdomainDomain configured (from Chapter 4.5), e.g., monitor.yourdomain.example.com
  • Optional: Apprise installed (from Chapter 5) for alert notifications

Note:

Installation Netdata works great with Traefik and a domain name. Having a friendly URL like monitor.yourdomain.com makes it easy to access your monitoring dashboard.

Step 1: Startvia Infinity Tools

Menu Installation

📱 APPLICATIONS → Netdata → Install

CLI Installation

sudo infinity-toolsbash /opt/InfinityTools/Solutions/setup-netdata.sh --install

StepDeployment 2: Install NetdataModes

    Traefik
  1. GoMode to 📱 APPLICATIONS
  2. Select Netdata
  3. Choose Install Netdata

Using the Infinity Tools GUI(Default)

    Uses

  • Use ↑/↓ to move, Enter to select, Esc to go back
  • LookTraefik for the turquoise cursor indicating the current selection
  • Each screen shows a short description at the top explaining what's needed

Step 2.1: Choose SSL Mode

termination

You'lland seedomain two options. Here's what each means:routing:

  • Traefik (recommended)
    • What it is: Uses your domain name with a trusted HTTPS certificate fromAutomatic Let's Encrypt certificate provisioning
    • WhatDomain-based you need: A subdomain (e.g., monitor.yourdomain.com) pointing to your server (see Chapter 4.5)
    • What you get: Professional URL likeaccess: https://monitor.yourdomain.example.com with trusted SSL
    • PickSecurity thisheaders if:configured
      • You
    • Requires: wantTraefik secure,running, easyDNS A record configured

    Standalone Mode

    Direct access with aHTTP domainor nameHTTPS (recommended)

  • Standalone HTTPself-signed):

    • What it is: Uses HTTP with direct port access (no SSL)
    • What you need: Just a free port (default: 19999)
    • What you get: URL likeHTTP: http://SERVER_IP:19999
    • PickHTTPS: thishttps://SERVER_IP:19999 if:(self-signed You'recert justvia testingnginx orproxy)
      • only
    • Default usingport: it19999 on(configurable)
      • your
    • No localdomain networkrequired

    Architecture

    Container

    • netdata - Main application (netdata/netdata:latest)
    • netdata-ssl-proxy - Nginx SSL proxy (standalone HTTPS mode only)

    Data Persistence

    • Simple rule of thumb:Config: Use/opt/speedbits/netdata-client/netdata/ (configuration files)
    • TraefikLib: if/opt/speedbits/netdata-client/netdata/lib/ you(database, havemetrics)
      • a
    • Cache: domain/opt/speedbits/netdata-client/netdata/cache/ (temporary data)
    • SSL: /opt/speedbits/netdata-client/ssl/ (standalone mode certificates)

    Host Access

    Netdata requires access to host system for monitoring:

    • /proc - Process and wantsystem secureinformation access.(read-only)
      • Use
    • /sys Standalone- HTTPSystem onlyinformation (read-only)
    • /var/run/docker.sock - Docker API (read-only, for testingcontainer ormonitoring)
      • private
    • /etc/passwd, use.

      /etc/group - User information (read-only)
    • /etc/os-release - OS information (read-only)

    StepNetworks

    2.2:
      If
    • Traefik Younetwork: ChooseJoins Traefik's proxy network (Traefik mode)
    • netdata-internal: Isolated bridge network (standalone mode)
    • borgmatic-db: Network for Apprise integration (if enabled)

    Installation Process

    Configuration Steps

    1. EnterSSL yourMode subdomain,Selection: e.g.,Choose monitor.yourdomain.comTraefik (default) or Standalone
    2. EnsureIf theTraefik: subdomain'sProvide DNSdomain A record points to your server (see Chapter 4.5)name
    3. InfinityIf Tools will configure HTTPS automatically via Let's Encrypt

    After install:Standalone: Your Netdata will be available at https://monitor.yourdomain.com

    Step 2.3: If You Choose Standalone

    1. Pick aSpecify port (default: 19999) and SSL mode
    2. You'llStreaming: Optional parent-child streaming configuration
    3. Apprise Integration: Optional alert notification setup

    What Gets Created

    • Directory: /opt/speedbits/netdata-client
    • Container: netdata
    • Docker Compose: /opt/speedbits/netdata-client/docker-compose.yml
    • Config Files: Health alerts, streaming config, Apprise integration

    Access Methods

    Traefik Mode

    https://monitor.example.com

    Direct web access Netdataafter viaDNS propagation and SSL certificate generation (30-60 seconds).

    Standalone Mode

    HTTP:

    http://SERVER_IP:19999

    HTTPS:

    https://SERVER_IP:19999

    Accept self-signed certificate warning (Advanced → Proceed).

    Security Configuration

    Access Security

    • ✅ Traefik mode uses Let's Encrypt SSL (production-ready)
    • ✅ Standalone HTTPS uses self-signed certificates (acceptable for internal use)
    • ✅ Security headers configured (X-Frame-Options, CSP, etc.)
    • ⚠️ NO default authentication - Dashboard is publicly accessible

    StepContainer 2.4:Security

    Multi-Server
      Monitoring
    • Runs with SYS_PTRACE and SYS_ADMIN capabilities (Optional)required for monitoring)
    • Security option: apparmor:unconfined
    • Read-only mounts for host filesystem access
    • Docker socket mounted read-only

    Authentication

    You'll⚠️ beCRITICAL: askedNetdata ifhas youNO wantusername/password protection by default!

    • Traefik mode: Add Basic Auth via websiteprotection.sh
    • Standalone mode: Keep on private network or use SSH tunnel
    • VPN: Access via WireGuard VPN for secure remote access
    • SSH Tunnel: ssh -L 19999:localhost:19999 user@server

    Metrics Collection

    System Metrics

    • CPU - Per-core usage, load averages, interrupts
    • Memory - RAM, swap, buffers, cache
    • Disk - I/O, space usage, per-filesystem metrics
    • Network - Per-interface traffic, connections, errors
    • Processes - Per-process CPU, memory, I/O
    • System Load - Load averages, context switches

    Docker Metrics

    • Auto-discovery of all containers
    • Per-container CPU, memory, disk, network
    • Container health status
    • Real-time metrics (1-second granularity)

    Data Retention

    • Configurable retention period
    • Default: 1 hour of 1-second data
    • Can extend for longer historical data
    • Low storage footprint (~50MB RAM)

    Alert Configuration

    Default Alerts

    Pre-configured alerts in health.d/:

    • CPU Usage: Warning > 80%, Critical > 95%
    • RAM Usage: Warning > 80%, Critical > 95%
    • Disk Space: Warning > 80%, Critical > 90%

    Apprise Integration

    If Apprise is enabled:

    • Alerts sent to streamApprise via HTTP POST
    • Apprise forwards to configured channels
    • Supports all Apprise notification providers
    • Config file: health_alarm_notify.conf

    Custom Alerts

    Create custom alerts in health.d/:

    # Example: Custom alert
alarm: custom_metric
    on: system.cpu
  lookup: average -3m unaligned of user,system
   units: %
   every: 1m
    warn: $this > 75
    crit: $this > 90
   delay: down 5m multiplier 1.5 max 1h
    info: Custom CPU alert
      to: sysadmin

    Parent-Child Streaming

    Configuration

    Stream metrics to a Netdata Director (parent server):

    • YesConfigured
        in
      • What it does: Sends all metrics to a central dashboardstream.conf
      • WhatRequires youdirector need:hostname/IP Aand NetdataAPI Director server already set upkey
      • WhatEnables you get: Centralizedcentralized monitoring of multiple servers
      • Pick this if: You have multiple servers and want oneLocal dashboard forremains all
    • No (default)
      • What it does: Standalone monitoring (this server only)
      • Pick this if: You're just monitoring one server
      available

    StepUse 2.5: Apprise Notifications (Optional)Cases

    If you have Apprise installed (Chapter 5), you can enable alert notifications:

    • YesMulti-server monitoring
    • Centralized dashboards
    • Unified alerting
    • Historical data aggregation

    Environment Variables

    Netdata Container

    • WhatNETDATA_CLAIM_TOKEN it- does:Optional SendsNetdata alertsCloud toclaim Apprise when CPU, RAM, or disk usage is hightoken
    • WhatNETDATA_CLAIM_ROOMS you- get:Optional NotificationsNetdata viaCloud Discord, Slack, Email, etc. (all Apprise services)rooms
    • PickNETDATA_CLAIM_URL this- if:Netdata YouCloud wantURL to(default: gethttps://app.netdata.cloud)
      • alerts
    • DOCKER_HOST when- somethingDocker goessocket wrongpath (default: /var/run/docker.sock)

    • Configuration
  • NoFiles

    • Main Configuration

    • Whatnetdata.conf it- does:Main NoNetdata configuration
    • stream.conf - Parent-child streaming configuration
    • health_alarm_notify.conf - Alert notification configuration
    • health.d/*.conf - Individual alert notifications
    • Pick this if: You just want to view metrics, no alerts
    definitions

    What Happens During InstallationCustomization

      # 
    • NetdataEdit containermain isconfig
created
      • nano 
    • Data directories are set up at /opt/speedbits/netdata-client
      • client/netdata/netdata.conf


    • Optional# domain + Traefik HTTPS routing (if using Traefik)
      • 

    • Docker socket access configured (for container monitoring)
      • 

    • CustomEdit alerts
configured (CPU, RAM, disk)
      • 

    • Optional Apprise integration (if enabled)
      • 

    • Service starts and becomes accessible
      •

    Step 3: Access Netdata

    If Using Traefik

    1. Wait 30-60 seconds for SSL certificate generation
    2. Open https://monitor.yourdomain.com in your browser
    3. You'll see the Netdata dashboard immediately!

    If Using Standalone

    1. Open http://SERVER_IP:19999 in your browser
    2. You'll see the Netdata dashboard immediately!

    ⚠️ IMPORTANT SECURITY NOTE: Netdata has NO username/password protection by default! Anyone who can access the URL can see your monitoring data. If using Traefik, strongly consider adding Basic Auth protection. If using standalone mode, keep it on a private network only!

    Step 4: Understanding the Dashboard

    When you first open Netdata, you'll see a beautiful dashboard with lots of graphs. Here's what everything means:

    Main Sections

    • 📊 System Overview - CPU, RAM, disk, network at a glance
    • 🐳 Docker Containers - All your containers with individual metrics
    • 💾 Disk I/O - How fast your disks are reading/writing
    • 🌐 Network - Network traffic and connections
    • ⚙️ System Load - How busy your server is
    • 📈 Processes - Individual programs and their resource usage

    Reading the Graphs

    • Green - Normal, healthy values
    • Yellow - Warning (getting high)
    • Red - Critical (too high!)
    • Time axis - Shows last hour by default (can zoom in/out)
    • Real-time - Updates every second automatically

    Key Metrics to Watch

    • 💻 CPU Usage - Should be under 80% most of the time
    • 🧠 RAM Usage - Should be under 80% most of the time
    • 💾 Disk Usage - Should be under 80% (watch for low disk space!)
    • 🌐 Network Traffic - Shows incoming/outgoing data
    • 🐳 Container Status - All containers should be running

    Step 5: Docker Container Monitoring

    One of Netdata's best features is automatic Docker container discovery and monitoring!

    What You'll See

    • All your Docker containers listed automatically
    • Individual CPU, RAM, disk, and network usage for each container
    • Container health status
    • Real-time graphs for each container

    How to Use It

    1. Click on "Docker" in the left sidebar
    2. You'll see all your containers listed
    3. Click on any container to see its detailed metrics
    4. Watch for containers using too much CPU or RAM

    Step 6: Alert Notifications (If Enabled)

    If you enabled Apprise notifications, Netdata will automatically send alerts when:

    • ⚠️ CPU usage > 80% (warning) or > 95% (critical)
    • ⚠️ RAM usage > 80% (warning) or > 95% (critical)
    • ⚠️ Disk space > 80% (warning) or > 90% (critical)

    How Alerts Work

    1. Netdata detects a problem (e.g., CPU too high)
    2. Sends alert to Apprise
    3. Apprise forwards to your configured channels (Discord, Slack, Email, etc.)
    4. You get notified immediately!

    Customizing Alerts

    You can customize alert thresholds by editing configuration files:

    nano /opt/speedbits/netdata-client/netdata/health.d/cpu_usage.conf

# Edit streaming
nano /opt/speedbits/netdata-client/netdata/stream.conf

    Change the warning/critical thresholds to your preferences.

    Security Recommendations

    • Use Traefik mode - Provides trusted SSL certificates
    • Add Basic Auth - Protect dashboard with username/password (strongly recommended!)
    • Private network only - If using standalone mode, don't expose to internet
    • Use VPN - Access via WireGuard VPN (Chapter 18) for secure remote access
    • SSH tunnel - Use SSH tunnel for secure access: ssh -L 19999:localhost:19999 user@server
    • ⚠️ No default protection - Netdata has NO username/password by default - protect it!

    Adding Basic Auth Protection

    If using Traefik, you can add username/password protection:

    1. Run: sudo bash Infrastructure/websiteprotection.sh
    2. Select "netdata"
    3. Enter username and password
    4. Now your dashboard is protected!

    Troubleshooting

    Can'tContainer AccessNot NetdataStarting

    • Traefik mode: Wait 30-60 seconds after installation for SSL certificate generation
    • Check containers: Run 
      docker logs netdata
docker ps -a | grep netdata to see if container is running
    • Check logs: Run docker logs netdata to see error messages

    NoMissing Docker Containers ShowingMetrics

    • MakeVerify surehost Docker is running:mounts: docker psexec netdata ls /host/proc
    • Check that Docker socket is accessible:socket: docker exec netdata ls /var/run/docker.sock
    • Verify container capabilities

    Docker Containers Not Showing

    • Verify Docker socket access
    • Check Docker daemon is running
    • Restart Netdata:Netdata docker restart netdatacontainer

    Alerts Not Working

    • Check thatVerify Apprise is running:running dockerand ps | grep apprise
    • Verify Apprise network connectivityaccessible
    • Check Netdatahealth_alarm_notify.conf logs: docker logs netdataconfiguration
    • Test alert thresholds
      • (trigger
    • Check aNetdata testlogs alert)for errors

    High

    Production Considerations

    • Access Method: Use Traefik mode for production (trusted SSL)
    • Authentication: Add Basic Auth protection (critical!)
    • Network Security: Restrict access via firewall or VPN
    • Resource UsageUsage: ~50MB RAM, minimal CPU impact
    • Data Retention: Configure appropriate retention period
    • Alerting: Configure multiple notification channels for redundancy
    • Streaming: Use director for multi-server environments

    Integration with Infinity Tools

    Netdata complements Infinity Tools by providing:

    • Real-time monitoring of all Infinity Tools applications
    • Docker container monitoring for infrastructure
    • System resource monitoring
    • Alert integration with Apprise
    • All Infinity Tools application containers
    • System resources (CPU, RAM, disk)
    • Network traffic
    • Docker daemon health

    API & Automation

    REST API

    • Netdata usesprovides ~50MBREST RAMAPI (veryfor low!)metrics access
    • IfAPI seeingdocumentation highavailable CPU,in checkweb how many containers you're monitoringinterface
    • ConsiderUseful reducingfor dataautomation retentionand periodintegration
  • Export

    Wheremetrics to Findexternal Netdata After Install

    • On the finish screen, Infinity Tools prints the access URL
    • You can also see it in 📊 STATUS & HEALTH → STATUS
    • Check the installation directory: /opt/speedbits/netdata-client
    • Configuration files: /opt/speedbits/netdata-client/netdata/

    Useful Features

    Historical Data

    Netdata stores historical data so you can see trends over time:

    • Zoom in/out on graphs to see different time periods
    • Compare current vs. past performance
    • Identify patterns and trendssystems

    Exporting Data

    You

      can export
    • Export graphs andas data:

      • Click on any graph to see export optionsimages
      • Export metrics as image (PNG)JSON/CSV
      • Share graphsIntegrate with others
        • external
      monitoring

      Custom Dashboards

      Netdata allows you to create custom dashboards:

      • Focus on specific metrics
      • Create views for different purposes
      • Save favorite viewssystems

      You'reNext Ready!Steps

      Netdata is now installedoperational. andUse monitoringit your server in real-time! Remember:to:

      • 🔐Monitor Protectall yourInfinity dashboardTools with Basic Auth (strongly recommended!)applications
      • 📊 Check the dashboard regularly to understand your server's health
      • 🔔 Set up alerts to get notified of problems
      • 🐳 UseTrack Docker monitoring to track container health
      • 📈Monitor Usesystem historicalresources datain toreal-time
        • identify
      • Set up alert notifications
      • Analyze performance trends and plan capacity

      NextFor steps:advanced Explorefeatures, API usage, custom collectors, and development guides, refer to the dashboard, check your Docker containers, set up alerts, and useofficial Netdata to keep your server running smoothly!documentation.

    • Back to top