Reverse proxy for Loki API with proper Grafana API token authentication.
Under the hood it use Grafana /api/auth/keys API to validate the token and then dispatch the request to Loki.
Caution
When succesfully authenticated, by default tokens are cached for 5 minutes
$ git clone https://github.com/MyUnisoft/loki-reverse-proxy.git
$ cd loki-reverse-proxy
$ npm ci
$ npm run buildTo configure the project you have to register (set) environment variables on your system. These variables can be set in a .env file (that file must be created at the root of the project).
GRAFANA_URL=""
LOKI_URL=""
SERVER_HOST=xxx.domain.com
SERVER_PORT=4000
# SSL/TLS Configuration
SERVER_SSL_ENABLED=false
SERVER_SSL_CERT=/absolute/path/to/file.crt
SERVER_SSL_KEY=/absolute/path/to/file.key
# Enable if behind a proxy like NGINX or Haproxy
TRUST_PROXY=false
# Automatically forward pino (logger) logs to LOKI_URL
SELF_MONITORING=false$ npm startHere is the full Zod schema for envs:
const envSchema = z.object({
GRAFANA_URL: z.string().url().trim(),
LOKI_URL: z.string().url().trim(),
TOKEN_CACHE_MS: z.coerce.number().optional().default(1_000 * 60 * 5),
SERVER_PORT: z.coerce.number().optional().default(0),
SERVER_HOST: z.string().optional(),
SERVER_SSL_ENABLED: zBoolean("false"),
SERVER_SSL_CERT: z.string().optional(),
SERVER_SSL_KEY: z.string().optional(),
SERVER_SSL_CA: z.string().optional(),
TRUST_PROXY: zBoolean("false"),
SELF_MONITORING: zBoolean("false")
});Where zBoolean is defined as
function zBoolean(defaultValue?: "false" | "true") {
const zEnum = z.enum(["true", "false"]).transform((value) => value === "true");
return defaultValue ? zEnum.optional().default(defaultValue) : zEnum;
}Return proxy uptime
{
"uptime": 10
}- Find a way to also proxy Grafana API (currently that's not possible with the same root prefix).
Thanks goes to these wonderful people (emoji key):
 Thomas.G 💻 🐛 🛡️ 📖 |
 PierreDemailly 👀 |
MIT