Glances on Ubuntu 24.04 on Azure User Guide
Overview
This image runs Glances 4.5.5, an open source cross platform system monitor, on Ubuntu 24.04 LTS. Glances gives you a live, at a glance view of a server: CPU, memory, load, running processes, network throughput, disk input and output and filesystem usage, all on a single real time web dashboard and through a matching REST API that scripts and other tools can query.
The cloudimg image is secure by default. Glances runs as a dedicated non root service, bound only to the loopback interface, behind an nginx reverse proxy on port 80. The dashboard and the REST API are protected by HTTP Basic authentication with a unique password generated on first boot for each instance and written to a root only file. No credential is baked into the image, and no two deployments share one.
What is included:
- Glances 4.5.5 installed into a pinned, self contained Python virtual environment at
/opt/glances/venv - A dedicated non root
glancesservice (glances-web.service) bound to127.0.0.1:61208 - nginx on port
80reverse proxying the dashboard and REST API, with an unauthenticated/healthzendpoint for Azure Load Balancer probes - A one shot
glances-firstboot.servicethat generates a per instance password on first boot and writes it to/root/glances-info.txt(mode0600) - HTTP Basic authentication protecting both the web dashboard and the
/api/4/REST API - A fully patched Ubuntu 24.04 LTS base with unattended security upgrades enabled
- 24/7 cloudimg support
Glances is published by the Glances project (nicolargo) under the LGPL 3.0 licence. This image is packaged by cloudimg and is not affiliated with or endorsed by the Glances project.
Prerequisites
An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is ample for monitoring a single host. NSG inbound: allow 22/tcp from your management network and 80/tcp for the web dashboard. Glances serves plain HTTP on port 80; for production or shared access, terminate TLS in front of it with your own domain using a reverse proxy or Azure Application Gateway.
Step 1 - Deploy from the Azure Marketplace
Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Glances by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Then Review + create then Create.
Step 2 - Deploy from the Azure CLI
az vm create \
--resource-group <your-rg> \
--name glances \
--image <marketplace-image-urn> \
--size Standard_B2s \
--admin-username azureuser \
--ssh-key-values ~/.ssh/id_ed25519.pub \
--vnet-name <your-vnet> --subnet <your-subnet> \
--public-ip-sku Standard
az vm open-port --resource-group <your-rg> --name glances --port 80 --priority 1010
Step 3 - Connect to your VM
ssh azureuser@<vm-public-ip>
Step 4 - Confirm the services are running
Glances runs as glances-web.service on the loopback interface, fronted by nginx on port 80. A one shot glances-firstboot.service runs once on first boot to generate the per instance password. Confirm all three units are active, and that nginx is listening on port 80 while Glances stays private on 127.0.0.1:61208:
sudo systemctl is-active nginx glances-web glances-firstboot
sudo ss -tlnp | grep -E ':80 |:61208 '
Expected output:
active
active
active
LISTEN 0 2048 127.0.0.1:61208 0.0.0.0:* users:(("glances",pid=29912,fd=6))
LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",...))
LISTEN 0 511 [::]:80 [::]:* users:(("nginx",...))
Glances listens only on 127.0.0.1, so it is never reachable directly from the network; every request goes through nginx on port 80.

Step 5 - Retrieve your per instance credentials
The dashboard is protected by HTTP Basic authentication. The username is glances and the password is generated uniquely for this instance on first boot and stored in a root only file. Read it with:
sudo cat /root/glances-info.txt
You will see the access URL, the username and the per instance password:
glances_url=http://<vm-ip>/
glances_username=glances
glances_password=<your-unique-password>

Keep this password safe. It is unique to this VM; no default password ships in the image.
Step 6 - Confirm the dashboard is secure by default
The /healthz endpoint used by load balancer probes is intentionally open and returns 200. The dashboard and the REST API, however, require the credentials, so an unauthenticated request to the API returns 401:
curl -s -o /dev/null -w '%{http_code}\n' http://127.0.0.1/healthz
curl -s -o /dev/null -w '%{http_code}\n' http://127.0.0.1/api/4/cpu
Expected output:
200
401
Supplying the per instance credentials returns live CPU statistics as JSON. Replace <glances-password> with the password from /root/glances-info.txt:
curl -s -u glances:<glances-password> http://127.0.0.1/api/4/cpu
Expected output (an authenticated request returns the live CPU plugin):
{"total": 0.9, "user": 0.6, "system": 0.3, "idle": 99.0, "iowait": 0.1, "cpucore": 2, ...}

Step 7 - Confirm the version and query a live metric
Confirm the pinned Glances version, the health endpoint, and pull a live memory metric from the REST API:
/opt/glances/venv/bin/glances --version
curl -s -o /dev/null -w 'healthz HTTP %{http_code}\n' http://127.0.0.1/healthz
Expected output:
Glances version: 4.5.5
healthz HTTP 200
From your workstation you can query the same authenticated API over the network using the VM's public IP:
curl -s -u glances:<glances-password> http://<vm-ip>/api/4/mem
curl -s -u glances:<glances-password> http://<vm-ip>/api/4/all
The /api/4/ REST API exposes every metric the dashboard shows (cpu, mem, load, network, diskio, fs, processlist and more), which makes it easy to feed Glances data into your own scripts, dashboards or alerting.

Step 8 - Open the web dashboard
In a browser, open http://<vm-public-ip>/ and sign in as glances with the per instance password. The dashboard shows the host, uptime and processor at the top, live CPU, memory, load, swap, network, disk input and output and filesystem panels, and a sortable list of running processes that refreshes in real time.

The process list sorts automatically by CPU consumption, so the busiest processes rise to the top. When a workload starts, the CPU and load gauges climb and the responsible process appears at the head of the list.

The network and disk panels show live throughput. Read and write rates for each block device and receive and transmit rates for each interface update continuously alongside filesystem usage.

Everything on the dashboard is also available programmatically. Browsing the authenticated REST API returns the full set of live metrics as JSON, ready to consume from your own tools.

Enabling HTTPS for production
Glances serves plain HTTP on port 80 behind nginx. For production or shared access, put your own TLS certificate in front of it. Point a DNS record at the VM's public IP, then terminate TLS with Azure Application Gateway or extend the nginx configuration in /etc/nginx/sites-available/cloudimg-glances with a certbot issued certificate for your domain. Restrict port 80 to your Application Gateway or management network in the NSG once TLS is in place.
Support
Every cloudimg image includes 24/7 support, 365 days a year, by email and live chat with a 24 hour response SLA. Contact support@cloudimg.co.uk with the product name and your Azure region and we will help.