How to Install Prometheus on Ubuntu with systemd

In our last post, we’ve seen How to Install Prometheus on Ubuntu Server. However, this is not how we’d install it in a production environment. Running Prometheus directly from the terminal presents two primary challenges:

Prometheus runs in the foreground, meaning that closing the terminal also terminates the process.
It does not start automatically on boot, requiring manual intervention after each reboot.

In this post, we will demonstrate how to configure Prometheus to run as a background service managed by systemd. Our objective is to set up a systemd unit for Prometheus so you can easily manage it using commands like "systemctl start prometheus" and ensure it launches on system startup.

Step 1: System Preparation & Security

Before downloading any binaries, we need to create a dedicated environment for Prometheus to run safely.
First we’ll create a system user for Prometheus

sudo useradd --no-create-home --shell /bin/false prometheus

We’ll use the --shell /bin/false flag to ensure the prometheus user cannot log into the server. This security best practice follows the Principle of Least Privilege. If the Prometheus service is ever compromised, the attacker won't have shell access to our OS.

Step 2: Creating the Directory Structure

Prometheus needs specific places to store its configuration files and its time-series database (TSDB).

sudo mkdir /etc/prometheus
sudo mkdir /var/lib/prometheus

/etc/prometheus: This is where our .yml configuration files live.
/var/lib/prometheus: This is where the actual data (metrics) will be stored on disk.

After the directories are created, update their ownership to the Prometheus user and group.

sudo chown prometheus:prometheus /etc/prometheus/
sudo chown prometheus:prometheus /var/lib/prometheus/

Step 3: Downloading and Installing Prometheus

Head over to the Prometheus download page. Within the download block, choose the appropriate Prometheus binary version for your operating system. We can download it to our local machine, or more efficiently, grab the link and pull it directly to our ubuntu server using wget.

wget https://github.com/prometheus/prometheus/releases/download/v3.5.1/prometheus-3.5.1.linux-amd64.tar.gz

Next, we’ll extract the downloaded tar file and change directory to the created folder

tar xvf prometheus-3.5.1.linux-amd64.tar.gz
cd prometheus-3.5.1.linux-amd64

A typical output should be similar to:

Step 4: Copy Prometheus Files

Transfer the Prometheus and promtool binaries to /usr/local/bin and adjust their ownership:

sudo mv prometheus /usr/local/bin/
sudo mv promtool /usr/local/bin/
sudo chown prometheus:prometheus /usr/local/bin/prometheus
sudo chown prometheus:prometheus /usr/local/bin/promtool

Next, move the configuration file and adjust the ownership:

sudo mv prometheus.yml /etc/prometheus/prometheus.yml
sudo chown prometheus:prometheus /etc/prometheus/prometheus.yml

Then the console files. Prometheus uses console templates and libraries for its web UI. Copy the consoles and console_libraries directories to /etc/prometheus and update their permissions:

sudo cp -r consoles/ /etc/prometheus/
sudo cp -r console_libraries/ /etc/prometheus/

sudo chown -R prometheus:prometheus /etc/prometheus/consoles/
sudo chown -R prometheus:prometheus /etc/prometheus/console_libraries/

If you are following older tutorials and notice that the consoles and console_libraries folders are missing from your v3.5.1download—don't panic! Your installation isn't broken.

Starting with Prometheus v3.0, the developers officially deprecated and removed the legacy consoles and console_librariesdirectories from the standard distribution. This is why you don't see them in your v3.x.x folder.

What happened? The Prometheus team decided to move away from these built-in Go-template dashboards. In the modern monitoring stack:

Grafana has become the industry standard for visualization.
The Prometheus UI itself has been revamped to be more powerful for ad-hoc debugging, making the old console files redundant.

Step 5: Creating a Systemd Service

We’ll create a Systemd unit file so it starts automatically on boot and restarts if it crashes.

A Service Unit file is a plain-text configuration file that tells Ubuntu how to handle Prometheus. Instead of you manually typing ./prometheus, Systemd acts as a "watchdog" that handles the process for you.

Create the file: sudo vi /etc/systemd/system/prometheus.service
File configuration breakdown:

[Unit]
Description=Prometheus Monitoring System
Wants=network-online.target
After=network-online.target

Description: This is the metadata. When you run systemctl status, this is the text that identifies the service.
Wants/After: These are dependencies. Prometheus requires a network connection to "scrape" data. These lines tell Ubuntu: "Wait until the network is fully online before trying to start this service."

[Service]
User=prometheus
Group=prometheus
Type=simple

User/Group: This is a critical security layer. By specifying prometheus, the service runs with restricted permissions. If an attacker found a vulnerability in Prometheus, they would be trapped in a user account that cannot access root files.
Type=simple: This tells Systemd that the command listed in ExecStart is the main process of the service.

ExecStart=/usr/local/bin/prometheus \
--config.file /etc/prometheus/prometheus.yml \
--storage.tsdb.path /var/lib/prometheus/ \
--web.listen-address=0.0.0.0:9090 \
--web.enable-lifecycle

ExecStart: This is the heart of the file. It defines the exact command used to launch Prometheus.

--config.file: Points to your YAML settings.
--storage.tsdb.path: Tells Prometheus where to save its historical data. (If this folder isn't owned by the prometheus user, the service will crash with an "Exit Code 1").
--web.listen-address: Setting this to 0.0.0.0:9090 ensures the UI is accessible from outside the EC2 instance (assuming our AWS Security Group allows it).
--web.enable-lifecycle: This allows you to reload your configuration without restarting the service. If you change a setting in prometheus.yml, you can simply run curl -X POST http://localhost:9090/-/reload.

[Install]
WantedBy=multi-user.target

WantedBy: This defines the "target" or state in which the service should run. multi-user.target is the standard for servers (a non-graphical, multi-user state). This ensures that when your EC2 instance reboots, Prometheus starts automatically.

The final file:

[Unit]
Description=Prometheus Monitoring System
Wants=network-online.target
After=network-online.target

[Service]
User=prometheus
Group=prometheus
Type=simple
Restart=on-failure
ExecStart=/usr/local/bin/prometheus \
    --config.file /etc/prometheus/prometheus.yml \
    --storage.tsdb.path /var/lib/prometheus/ \
    --web.listen-address=0.0.0.0:9090 \
    --web.enable-lifecycle

[Install]
WantedBy=multi-user.target

Save and exit your editor once you’ve added the above content.

Step 6: Launching the Service

After creating this file, you must run three specific commands:

sudo systemctl daemon-reload: Tells Systemd to scan for the new file you just created.
sudo systemctl enable prometheus: Hooks the service into the boot-up sequence (the [Install] section).
sudo systemctl start prometheus: Actually executes the ExecStart command.

Let’s go one by one. First, reload the system daemon to recognize the new service, then start it.

sudo systemctl daemon-reload
sudo systemctl start prometheus

Verify the status

sudo systemctl status prometheus

The expected output should include details such as:

Finally, enable Prometheus to start automatically on boot:

sudo systemctl enable prometheus

The output should be a message like:

Created symlink /etc/systemd/system/multi-user.target.wants/prometheus.service → /etc/systemd/system/prometheus.service.

Step 7: Accessing the UI

By default, Prometheus listens on port 9090. Open your browser and navigate to:

`http://<your-server-IP>:9090`

You’ll see the Prometheus Expression Browser. From here, you can run queries, check the health of your targets, and start visualizing your infrastructure's heartbeat.