Skip to content

Instantly share code, notes, and snippets.

@diegofcornejo

diegofcornejo/README.md

Last active September 15, 2024 05:54
Show Gist options
  • Save diegofcornejo/629535c20d906a450576e61897d4089b to your computer and use it in GitHub Desktop.
Save diegofcornejo/629535c20d906a450576e61897d4089b to your computer and use it in GitHub Desktop.
Download ZIP
Install Prometheus, Loki and Promtail on Ubuntu 24.04 with Basic Auth
Raw
README.md

Install Prometheus, Loki and Promtail on Ubuntu 24.04 with Basic Auth

Prometheus Installation Guide

Install Prometheus and Node Exporter

apt -y install prometheus prometheus-node-exporter

Add Labels to Prometheus (optional)

nano /etc/prometheus/prometheus.yml
# add the following lines
	external_labels:
      monitor: 'your-monitor'

Enable Prometheus and Node Exporter

systemctl enable prometheus prometheus-node-exporter
systemctl status prometheus prometheus-node-exporter

Add Basic Auth to Prometheus

Create a Password File

For easy password generation, you can use the following website: https://bcrypt-generator.com

nano /etc/prometheus/web.yml
# add the following lines
basic_auth_users:
	admin: $2a$12$g.S1Ge35P2fMyi7wrQGTxeE3v.RhdDAtCr3BEeOTcc.a/CnrZSLG6 # admin:admin

Check the password file

promtool check web-config /etc/prometheus/web.yml
# you should see the following output
/etc/prometheus/web.yml SUCCESS

Update Prometheus Configuration

nano /etc/default/prometheus
# add the following line
ARGS="--web.config.file=/etc/prometheus/web.yml"

Restart Prometheus and Node Exporter

systemctl restart prometheus prometheus-node-exporter

Verify Basic Auth

curl --head http://localhost:9090/graph
# you should see the following output
HTTP/1.1 401 Unauthorized
curl -u admin:admin --head http://localhost:9090/graph
# you should see the following output
HTTP/1.1 200 OK

Check Prometheus Logs

journalctl -u prometheus

Loki and Promtail Installation Guide

Download the Loki binary

wget -qO loki-linux-amd64.zip https://github.com/grafana/loki/releases/download/v3.1.1/loki-linux-amd64.zip

Download the Loki config file

wget -qO loki-config.yaml https://raw.githubusercontent.com/grafana/loki/v3.1.1/cmd/loki/loki-local-config.yaml

Download the Promtail binary

wget -qO promtail-linux-amd64.zip https://github.com/grafana/loki/releases/download/v3.1.1/promtail-linux-amd64.zip

Download the Promtail config file

wget -qO promtail-config.yaml https://raw.githubusercontent.com/grafana/loki/v3.1.1/clients/cmd/promtail/promtail-local-config.yaml

Unzip the binaries

unzip -o loki-linux-amd64.zip
unzip -o promtail-linux-amd64.zip

Rename the binaries to friendly names

mv loki-linux-amd64 loki
mv promtail-linux-amd64 promtail

Remove the zip files

rm -f loki-linux-amd64.zip promtail-linux-amd64.zip

Make the binaries executable

chmod a+x loki promtail

Create symbolic links to the binaries

ln -s /opt/loki/loki /usr/local/bin/loki
ln -s /opt/loki/promtail /usr/local/bin/promtail

Create loki service

cat <<EOF > /etc/systemd/system/loki.service
[Unit]
Description=Loki service
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/loki -config.file=/opt/loki/loki-config.yaml
Restart=always

[Install]
WantedBy=multi-user.target
EOF

Create promtail service

cat <<EOF > /etc/systemd/system/promtail.service
[Unit]
Description=Promtail service
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/promtail -config.file=/opt/loki/promtail-config.yaml
Restart=always

[Install]
WantedBy=multi-user.target
EOF

Start the services

systemctl daemon-reload
systemctl enable loki
systemctl enable promtail
systemctl start loki
systemctl start promtail

View the logs

journalctl -u loki -f
journalctl -u promtail -f

Verify the services are running

systemctl status loki
systemctl status promtail

Uninstall Loki and Promtail

systemctl stop loki
systemctl stop promtail
systemctl disable loki
systemctl disable promtail
rm -f /etc/systemd/system/loki.service
rm -f /etc/systemd/system/promtail.service
rm -f /usr/local/bin/loki
rm -f /usr/local/bin/promtail
rm -rf /opt/loki

Add Basic Auth to Loki with Nginx

Install Nginx

apt update
apt install -y nginx apache2-utils

Create a password file

htpasswd -c /etc/nginx/.htpasswd admin

Add a grafana reader user (optional)

htpasswd /etc/nginx/.htpasswd grafana-reader

Create an Nginx config file

cat <<EOF > /etc/nginx/sites-available/loki
server {
		listen 80;
		server_name loki.monitoring.diegocornejo.com;

		location / {
				proxy_pass http://localhost:3100;
				proxy_set_header Host \$host;
				proxy_set_header X-Real-IP \$remote_addr;
				proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
				proxy_set_header X-Forwarded-Proto \$scheme;
				auth_basic "Restricted Content";
				auth_basic_user_file /etc/nginx/.htpasswd;
		}
}
EOF

Enable the Nginx site

ln -s /etc/nginx/sites-available/loki /etc/nginx/sites-enabled/loki

Restart Nginx

systemctl restart nginx

Verify Nginx is running

systemctl status nginx

Push test logs to Loki with Basic Auth

curl -u admin:password -X POST "http://loki.monitoring.diegocornejo.com/loki/api/v1/push" \
    -H "Content-Type: application/json" \
    -d '{
          "streams": [
            {
              "stream": {
                "job": "test-job",
                "host": "localhost"
              },
              "values": [
                ["1725558605429055936", "log line for testing"],
                ["1725558605429055936", "another log line for testing"]
              ]
            }
          ]
        }'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment