Skip TLS verify For Loki endpoint #3067
Labels
proposal
A proposal for new functionality.
Comments
|
Hi! I'm not sure which endpoint you're referring to. Is it an endpoint created by an Alloy component? Which Alloy components are you using? |
|
Loki's endpoint config. let's say i expose loki with HTTPS but I'm using
self signed certificate, how can i properly skip its tls verification?
…On Mon, Mar 24, 2025, 11:35 PM Paulin Todev ***@***.***> wrote:
Hi! I'm not sure which endpoint you're referring to. Is it an endpoint
created by an Alloy component?
—
Reply to this email directly, view it on GitHub
<#3067 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHO22TXR6ESL647VG5A2IZL2WAX63AVCNFSM6AAAAABZSBBXYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDONBYG42DGMJYGI>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
[image: ptodev]*ptodev* left a comment (grafana/alloy#3067)
<#3067 (comment)>
Hi! I'm not sure which endpoint you're referring to. Is it an endpoint
created by an Alloy component?
—
Reply to this email directly, view it on GitHub
<#3067 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHO22TXR6ESL647VG5A2IZL2WAX63AVCNFSM6AAAAABZSBBXYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDONBYG42DGMJYGI>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
This doesn't seem like an Alloy issue? Apologies but I don't know - maybe you can open a discussion in the Loki repo or in the Loki community slack? |
|
I'm sorry, I might get this wrong, but Alloy is an observability agent,
right? one of the use case is to replace promtail as the log aggregator?
Alloy will ingest the log to loki, therefore it needs to connect to loki,
right?
well, loki is not the only component that alloy can send data into. but
it's one of them, no?
…On Tue, Mar 25, 2025, 12:22 AM Paulin Todev ***@***.***> wrote:
This doesn't seem like an Alloy issue? Apologies but I don't know - maybe
you can open a discussion in the Loki repo or in the Loki community slack?
—
Reply to this email directly, view it on GitHub
<#3067 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHO22TTZEZDVXXLDRIKZIZD2WA5O3AVCNFSM6AAAAABZSBBXYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDONBYHA3TMMBXGA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
[image: ptodev]*ptodev* left a comment (grafana/alloy#3067)
<#3067 (comment)>
This doesn't seem like an Alloy issue? Apologies but I don't know - maybe
you can open a discussion in the Loki repo or in the Loki community slack?
—
Reply to this email directly, view it on GitHub
<#3067 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHO22TTZEZDVXXLDRIKZIZD2WA5O3AVCNFSM6AAAAABZSBBXYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDONBYHA3TMMBXGA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
Isn't TLS verification normally done on the server side? That's why I assumed that it's a server side Loki question. |
|
I don't think so.
The TLS configuration is indeed on the server side (loki).
But what i meant is not how do we configure the TLS for loki.
let's say i have Loki setup with HTTPS, but the HTTPS use self-signed
certificate and because of that we need to skip the TLS verification on the
client side. think of it like when we open a website that use HTTPS
self-signed certificate, it will throw us an error, but that is bypassable
by clicking accept on the advanced button on browser.
another clear example is when we use curl, we need o pass -k flag to skip tls
verification if the site use HTTPS self-signed certificate.
…On Tue, Mar 25, 2025, 12:38 AM Paulin Todev ***@***.***> wrote:
Isn't TLS verification normally done on the server side? That's why I
assumed that it's a server side Loki question.
—
Reply to this email directly, view it on GitHub
<#3067 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHO22TSTXU4NOVUX3QDCGXT2WA7LHAVCNFSM6AAAAABZSBBXYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDONBYHEZDMOJQGU>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
[image: ptodev]*ptodev* left a comment (grafana/alloy#3067)
<#3067 (comment)>
Isn't TLS verification normally done on the server side? That's why I
assumed that it's a server side Loki question.
—
Reply to this email directly, view it on GitHub
<#3067 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHO22TSTXU4NOVUX3QDCGXT2WA7LHAVCNFSM6AAAAABZSBBXYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDONBYHEZDMOJQGU>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
I think you just need to set |
|
I've tried that actually, and it doesn't work.
I'll try it again and let you know
…On Tue, Mar 25, 2025, 1:33 AM Paulin Todev ***@***.***> wrote:
I think you just need to set insecure_skip_verify to true in the tls_config
block
<https://grafana.com/docs/alloy/latest/reference/components/loki/loki.write/#tls_config>
.
—
Reply to this email directly, view it on GitHub
<#3067 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHO22TS4XZEWSNP35JFQMUT2WBFV5AVCNFSM6AAAAABZSBBXYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDONBZGA3DKMZZGU>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
[image: ptodev]*ptodev* left a comment (grafana/alloy#3067)
<#3067 (comment)>
I think you just need to set insecure_skip_verify to true in the tls_config
block
<https://grafana.com/docs/alloy/latest/reference/components/loki/loki.write/#tls_config>
.
—
Reply to this email directly, view it on GitHub
<#3067 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHO22TS4XZEWSNP35JFQMUT2WBFV5AVCNFSM6AAAAABZSBBXYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDONBZGA3DKMZZGU>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Background
I couldn't find any reference on how to skip tls verify for loki endpoint.
Proposal
It would be nice to have skip tls verify for Loki endpoint for development purpose.
The text was updated successfully, but these errors were encountered: