Authentication with Loki

Loki does not come with any included authentication layer. Operators areexpected to run an authenticating reverse proxy in front of your services, suchas NGINX using basic auth or an OAuth2 proxy.

Note that when using Loki in multi-tenant mode, Loki requires the HTTP headerX-Scope-OrgID to be set to a string identifying the user; the responsibilityof populating this value should be handled by the authenticating reverse proxy.For more information on multi-tenancy please read itsdocumentation.

For information on authenticating Promtail, please see the docs for how toconfigure Promtail.