Adding basic auth to loki using Nginx

I am trying to run loki behind Nginx reverse proxy and add basic authentication with the labels, but stuck with wide range of documentation and no particular solution. Anyone can help me with that. Thank you : )

I run Loki behind Nginx with basic auth. I do not use multi tenancy. I run everything in Kubernetes. I use Promtail that needs to authenticate to be able to send logs to Loki but Grafana that is in the same cluster as Loki needs no authentication as connections do not go through the Nginx ingress controller. I can share my config if this is what you also want to do.

I can also possibly help otherwise but need more specific info on how you have setup things to be able to answer any questions.

We are completely on the same page I have configured promtail in different clusters and sending cluster/application logs to a central cluster. Which have loki, ALertmanager and grafana. The problem I am facing is with nginx and missing some thing while seting it up. I followed the following tutorial
Running Loki behind Nginx Reverse Proxy - DEV Community.
Can you please provide the configs of nginx, it will be great help.

Here is my config

The ingress

kind: Ingress
  annotations: letsencrypt cookie Authentication Required basic-auth basic |
      more_set_headers "X-Scope-OrgID: fake"; "300" "300" "300" sha1 route nginx
  name: loki-ingress-with-auth
  - host:
      - backend:
            name: loki-distributed-distributor
              number: 3100
        path: /
        pathType: Prefix
  - hosts:
    secretName: loki-ingress-with-auth-certificate

You need a secret with the basic auth credentials. More info here

My Promtail client config looks like this

  - basic_auth:
      password: ${LOKI_BASIC_AUTH_PW}
      username: ${LOKI_BASIC_AUTH_USER}
      cluster: ${CLUSTER}
    url: ${LOKI_URL}
1 Like

Thanks for the effort it worked for me.