👋 Hey friend! Got questions while reading? Just ask me — I'm your AI buddy here to explain anything that seems confusing! 💬✨
2-Olly
Grafana-Stack
VM-Setup
Loki
Loki HTTPS Nginx

You can secure communication between Loki and Promtail using a self-signed SSL certificate generated with OpenSSL. Here’s how you can do it:

Step 1: Generate a Self-Signed SSL Certificate

Run the following commands to generate the certificate and private key:

mkdir -p /etc/nginx/certs
cd /etc/nginx/certs
 
# Generate a private key
openssl genrsa -out server.key 2048
 
# Generate a certificate signing request (CSR)
openssl req -new -key server.key -out server.csr
 
# Generate a self-signed certificate valid for 1 year
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

When prompted, enter details like country, organization, and domain (use loki.seamlessfintech.com as the Common Name).

Step 2: Configure Nginx for HTTPS

Modify your Nginx configuration to enable SSL:

server {
    listen 80;
    server_name loki.seamlessfintech.com;
 
    # Redirect HTTP to HTTPS
    return 301 https://$host$request_uri;
}
 
server {
    listen 443 ssl;
    server_name loki.x.com;
 
    ssl_certificate /etc/nginx/certs/server.crt;
    ssl_certificate_key /etc/nginx/certs/server.key;
 
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    
    location / {
        proxy_pass http://localhost:3100;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
 
        # Enable Basic Authentication
        auth_basic "Protected Area";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }
}

Step 3: Restart Nginx

sudo systemctl restart nginx

Step 4: Configure Promtail to Trust the Custom Certificate

Since you're using a self-signed certificate, you need to explicitly tell Promtail to trust it.

  1. Copy the certificate to the Promtail server:

    scp /etc/nginx/certs/server.crt user@promtail-server:/etc/promtail/

  2. Update Promtail’s configuration (/etc/promtail/config.yml) to use HTTPS:

    server:
  http_listen_port: 9080
  grpc_listen_port: 0
 
clients:
  - url: "https://loki.x.com/loki/api/v1/push"
    basic_auth:
      username: "your-user"
      password: "your-password"
    tls_config:
      ca_file: "/etc/promtail/server.crt"
      insecure_skip_verify: false

  3. Restart Promtail:

    sudo systemctl restart promtail

Step 5: Verify the Setup

  • Test Nginx SSL: 
    curl -k https://loki.x.com
  • Check Nginx logs for any errors: 
    sudo journalctl -u nginx --no-pager | tail -n 50
  • Validate Promtail logs: 
    sudo journalctl -u promtail --no-pager | tail -n 50

This will ensure secure communication between Promtail and Loki over HTTPS with your self-signed SSL certificate. Let me know if you run into any issues! 🚀

Loki Config.yamlLoki HTTPS Nginx Setup Latestofficial
💬 Need a Quick Summary?

Hey! Don't have time to read everything? I get it. 😊
Click below and I'll give you the main points and what matters most on this page.
Takes about 5 seconds • Uses Perplexity AI