Menu
Open source
Authentication
Grafana Loki does not come with any included authentication layer. Operators are expected to run an authenticating reverse proxy in front of your services. A helpful list of open-source reverse proxies to use:
- Pomerium, which has a guide for securing Grafana
- NGINX using their guide on restricting access with HTTP basic authentication
- OAuth2 proxy
- HAProxy
Note that when using Loki in multi-tenant mode, Loki requires the HTTP header
X-Scope-OrgID to be set to a string identifying the tenant; the responsibility
of populating this value should be handled by the authenticating reverse proxy.
Read the multi-tenancy documentation for more information.
For information on authenticating Promtail, please see the docs for how to configure Promtail.
Was this page helpful?
Related resources from Grafana Labs
Getting started with logging and Grafana Loki
See a demo of the updated features in Loki, and how to create metrics from logs and alert on your logs with powerful Prometheus-style alerting rules.
Essential Grafana Loki configuration settings
This webinar focuses on Grafana Loki configuration including agents Promtail and Docker; the Loki server; and Loki storage for popular backends.
Scaling and securing your logs with Grafana Loki
This webinar covers the challenges of scaling and securing logs, and how Grafana Enterprise Logs powered by Grafana Loki can help, cost-effectively.