How to enable authentication for Loki

Loki is an open-source, multi-tenant log aggregation system from Grafana Labs. In-order to use the multi-tenant feature, authentication should be enabled for Loki. This article explains the steps to enable basic authentication for Loki.

Step1: Login to the server as root via ssh.

Step2: Install Nginx webserver.

How to install nginx in Centos7

Step3: Create the virtual host configuration file.

#vi /etc/nginx/sites-available/loki

Step4: Update the following lines and save.

upstream loki {
    server 127.0.0.1:3100;
    keepalive 15;
}

server {
    listen 80;

    auth_basic "loki auth";
    auth_basic_user_file /etc/nginx/passwords;

    location / {
        proxy_read_timeout 1800s;
        proxy_connect_timeout 1600s;
        proxy_pass http://loki;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Keep-Alive";
        proxy_set_header Proxy-Connection "Keep-Alive";
        proxy_redirect off;
    }

    location /ready {
        proxy_pass http://loki;
        proxy_http_version 1.1;
        proxy_set_header Connection "Keep-Alive";
        proxy_set_header Proxy-Connection "Keep-Alive";
        proxy_redirect off;
        auth_basic "off";
    }
}

Step5: Setup the login for Loki.

#htpasswd -c /etc/nginx/passwords USER

Where user need to be replaced with the required username and it will prompt for the password as standard input.

Note the username and password as this need to be used in all the integration configurations.

Step6: Reload the Nginx configuration.

#systemctl reload nginx

That's all…