Hi all,
A bit of context : I work for a public school, and we have several different networks internally.
I am installing Loki on a Debian 12 server, which is connected to 4 private lans (10.0.0.0/16, 10.99.0.0/16, 10.100.0.0/16, and 10.255.0.0/16). The server hosts Grafana, Loki, and several other tools used internally. The 10.0.0.0/16 network is a public network (students use it to connect their laptops/phones, etc).
Currently, Loki listens to all addresses, but for security reasons we would like that it can’t be reachable from the public network (10.0.0.0/16).
Is it possible to bind it only 3 addresses ? I can’t find any documentation on that particular topic, except that server::http_listen_address accepts a “string”, which format does not seem to be documented. I’d rather not use a reverse proxy, since it would add RAM and CPU overload for each request.
We use a reverse-proxy to host several SaaS tools, and each vhost can be bound to any address we want. Is it possible to achieve the same with Loki ? Or should I just let it listen to ‘*’ and manage security with nftables ?
Thanks in advance for your insight 