@@ -147,11 +147,6 @@ gateway:
147147 mountPath : /etc/nginx/secrets
148148 readOnly : true
149149
150- # Custom nginx config:
151- # - Push paths (distributor): no auth -- agents use X-Scope-OrgID directly
152- # - Read paths (query-frontend): BasicAuth required
153- # Grafana's data proxy sends the per-tenant credentials stored in Grafana DB.
154- # Non-members get 401 even if they can see the datasource name in the UI.
155150 nginxConfig :
156151 file : |
157152 worker_processes 5;
@@ -168,22 +163,18 @@ gateway:
168163 uwsgi_temp_path /tmp/uwsgi_temp;
169164 scgi_temp_path /tmp/scgi_temp;
170165 default_type application/octet-stream;
171- log_format main '$$ remote_addr - $$ remote_user [$$ time_local] "$$ request" $$ status';
172- access_log /dev/stderr main;
166+ log_format main '{{ print "$" }} remote_addr - {{ print "$" }} remote_user [{{ print "$" }} time_local] "{{ print "$" }} request" {{ print "$" }} status';
167+ access_log /dev/stderr main;
173168 server {
174169 listen 8080;
175-
176- # -- Write path (no auth -- agents push directly with X-Scope-OrgID) --
177170 location ~ ^/(loki/api/v1/push|loki/api/v1/tail|ready|log) {
178- proxy_pass http://monitoring-loki-distributor.observability.svc.cluster.local:3100;
171+ proxy_pass http://monitoring-loki-distributor.observability.svc.cluster.local:3100;
179172 proxy_http_version 1.1;
180173 }
181-
182- # -- Read path (BasicAuth required -- only valid tenant credentials pass) --
183174 location / {
184- auth_basic "Loki Tenant Authentication";
175+ auth_basic "Loki Tenant Authentication";
185176 auth_basic_user_file /etc/nginx/secrets/.htpasswd;
186- proxy_pass http://monitoring-loki-query-frontend.observability.svc.cluster.local:3100;
177+ proxy_pass http://monitoring-loki-query-frontend.observability.svc.cluster.local:3100;
187178 proxy_http_version 1.1;
188179 }
189180 }
0 commit comments