Skip to content

add nginx proxy for loki if you want to use it with a dedicated domain #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 20 commits into
base: main
Choose a base branch
from
Open

add nginx proxy for loki if you want to use it with a dedicated domain #38

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
be14dee
feat(loki): add dedicated nginx config for loki for using it with a d…
oliverbeck-dev Feb 6, 2025
9830927
Merge branch 'Mint-System:main' into main
oliverbeck-dev Feb 6, 2025
1a11146
fix(nginx):move loki nginx proxy config to sozialinfo inventory
oliverbeck-dev Feb 12, 2025
d55cac6
fix(docs): update loki readme
oliverbeck-dev Feb 12, 2025
53d11f6
refactor(prometheus): revert uptime kuma host to hostname pattern
oliverbeck-dev Feb 13, 2025
7eab37f
feat: mark deprecated roles
janikvonrotz Feb 10, 2025
22e523b
feat: new logo
janikvonrotz Feb 10, 2025
54ed471
feat: add chat link
janikvonrotz Feb 10, 2025
c899752
feat: readme badget to chat
janikvonrotz Feb 10, 2025
a779427
feat: readme
janikvonrotz Feb 11, 2025
f3d17dd
feat: readme
janikvonrotz Feb 11, 2025
bf168f6
feat(nginx,promtail): nginx and promtail config
janikvonrotz Feb 11, 2025
f07333f
feat: update vuepress
janikvonrotz Feb 12, 2025
795340f
feat(promatil): access to container sockert
janikvonrotz Feb 12, 2025
2913257
feat: update vuepress
janikvonrotz Feb 12, 2025
86bea92
feat: task decrypt secret
janikvonrotz Feb 12, 2025
e3bb45c
feat: css for toc
janikvonrotz Feb 12, 2025
9134c42
fix(matomo): correct frequency
oliverbeck-dev May 5, 2025
c372d09
feat(prometheus): add additional host variable to prometheus blackbox…
oliverbeck-dev May 7, 2025
369cb1e
feat(n8n): add special volume to fix n8n deployment
oliverbeck-dev Sep 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions roles/loki/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,15 @@ nginx_proxies:
options: |
include /etc/nginx/conf.d/proxies/loki.nginx;
```
or if loki runs on a dedicated domain

```yml
nginx_proxies:
- src_hostname: server.example.com
ssl: true
options: |
include /etc/nginx/conf.d/proxies/loki-dedicated-domain.nginx;
```

And include it in your playbook.

Expand Down
1 change: 1 addition & 0 deletions roles/loki/tasks/loki.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
volumes:
- "{{ loki_data_dir }}:/etc/loki"
command: -config.file=/etc/loki/local-config.yml -config.expand-env=true
network_mode: bridge
networks:
- name: "{{ docker_network_name }}"
log_driver: "{{ docker_log_driver }}"
Expand Down
5 changes: 5 additions & 0 deletions roles/loki/tasks/loki_nginx_config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,8 @@
ansible.builtin.template:
src: loki.nginx
dest: "{{ loki_nginx_data_dir }}/loki.nginx"

- name: Copy nginx {{ role_name }} conf if loki runs on dedicated domain
ansible.builtin.template:
src: loki-dedicated-domain.nginx
dest: "{{ loki_nginx_data_dir }}/loki-dedicated-domain.nginx"
6 changes: 6 additions & 0 deletions roles/loki/templates/loki-dedicated-domain.nginx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@

location / {
auth_basic "{{ loki_proxy_basic_auth_username }}";
auth_basic_user_file /etc/nginx/conf.d/proxies/loki.htpasswd;
proxy_pass http://{{ loki_hostname }}:3100;
}
2 changes: 1 addition & 1 deletion roles/prometheus/templates/prometheus.yml
View file
Open in desktop
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would like to keep the pattern with the exporter attribute, even though it looks very complicated for defining one hostname.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had real issues with that, the cert_bot failed while deploying

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@janikvonrotz I've fixed the other issues above by moving everything in vars/inventory

I still would like to recommend the change below, because the certbot failed with that. maybe you can reproduce it

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@oliverbeck-dev Not sure how certbot is involved here.

The exporter: uptime-kuma proxyies entry does not have any functionality. It is just a label for the proxy entry.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok I wasn't able to reproduce it with ansible-play prometheus.yml. I just remember that when I used the ansible-play certbot (for the new subdomain), it crashed because of that.

let's remove it for now

Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@ scrape_configs:
username: {{ prometheus_uptime_kuma_exporter_basic_auth_username }}
password: {{ prometheus_uptime_kuma_exporter_basic_auth_password }}
static_configs:
- targets: {{ prometheus_hosts | map('extract', hostvars) | json_query('[*].nginx_proxies[?exporter!=null && contains(exporter, `uptime-kuma`)].src_hostname') | flatten }}
- targets: ['{{ uptime_kuma_hostname }}']
{% endif %}
{% if prometheus_meilisearch_exporter_api_key is defined %}
- job_name: meilisearch https
Expand Down