Grafana Loki
-
I also got Promtail which is part of this stack working as well: https://gitlab.com/liscioapps/promtail-cloudron.
Also yes, it's really a service that is used as part of a stack with Grafana and Prometheus.
Similar to the "ELK" stack where logstash (promtail) pushes to Elasticsearch (Loki) but it's all actually visualized in Kibana (Grafana). That's not an exact map but sort of that way.
-
Hi @doodlemania2 ,
Thanks for this package;
Actually, I'm trying to set up this, but the authentication is not working with the default vhost added by cloudron. I'm receiving 301 error. (moved permanently)
On the other hand, I have set up a custom vhost (simple) and it's working correctly. Have you applied any changes to the vhost on your setup? -
Hi @doodlemania2,
Thanks for the package,
I'm trying to set up this, but it's not working for me with the default vhost added by cloudron.
However it's working with a simple vhsot with basic http_auth, in your case did you applied any changes to the reverse proxy conf ?
myvhost : https://privatebin.wpprovider.nl/?4dcc2cf01ed14692#DSVsPUfCmTv2oxE93CyykLw4H4kkDx3BpfzGT5gnhCKP
cloudronvhost : https://privatebin.wpprovider.nl/?ea0a92aeb57d6c8e#Eo4ffmb3qg6VqLbCFktBpqe6ju23DnnHXGeBXXbjsAEB
Thanks. -
@AyoubHabra Apologies for the delay - somehow I missed the alert on this. I've not changed anything to permit/reject traffic - not sure why it works for me but not you That said, I haven't tried to formally package it for the ecosystem due to lack of interest, but will take a peak and see if I can figure out why it's not working for you.
-
@doodlemania2 Hello, do you have any plans to add authentication to this app?
-
@TomsFreitas haven't had the need what's the scenario?
-
@doodlemania2 I have several servers that need to push logs to loki so it must be exposed to the internet and I wanted it to be secure. Protecting it with cloudron auth would make it so that loki could be exposed and not have to worry about someone fetching all my logs using loki's API
-
How do servers send their logs to Loki? With a token? Wouldn't putting basic auth affect the API?
-
@girish Well, the most used setup with Loki is using it with promtail. Promtail resides in your agents and it pushes the logs to loki. Grafana then fetches the logs from loki. It's my understanding that both promtail and grafana support basic auth when interacting with loki
-
@TomsFreitas yeah, i think that's right - I've never done it because it's always just been me pushing to it from a tailscale endpoint but I can see the value there.
@girish - I think the best approach would be to leave it open (but behind SSL) and let Loki handle the auth.
No?
-
@doodlemania2 agree, but apparently loki doesn't have any auth of it's own - https://grafana.com/docs/loki/latest/operations/authentication/ . I guess this is why @TomsFreitas wants Cloudron to provide the auth.
-
rats - I thought it would. Putting CR auth in front of Loki may be problematic - how would a payload or client that is pushing data to loki know that it's cloudron asking and not loki. if loki has no knowledge of auth, the inverse is problematic too.
-
Not sure what the status of https://git.cloudron.io/doodlemania2/loki is . @doodlemania2 any update?
I haven't used Loki myself but is it actually a web app?
-
It's not - it's really just an endpoint. I have used it as is for many moons and is rock solid. That said, it definitely needs an update. One of the challenges I faced is there's a LOT of changes under the covers, so I've stayed with this older version and it serves me well.