Loki is an open-source log aggregation system from Grafana Labs that indexes only metadata labels instead of full log content, making it cost-efficient at scale. It pairs natively with Grafana and Promtail for log shipping and querying. This guide deploys Loki using Docker Compose with Traefik handling automatic HTTPS, and verifies the backend through its API endpoints. By the end, you'll have Loki ingesting and serving logs over HTTPS at your domain.
Set Up the Directory Structure
1. Create the project directory structure:
$ mkdir -p ~/loki-logging/{loki-data,loki-config}
$ cd ~/loki-logging
2. Set ownership for the Loki data directory:
$ sudo chown -R 10001:10001 loki-data
3. Create the environment file:
$ nano .env
DOMAIN=loki.example.com
LETSENCRYPT_EMAIL=admin@example.com
4. Create the Loki configuration file:
$ nano loki-config/loki-config.yaml
auth_enabled: false
server:
http_listen_port: 3100
common:
path_prefix: /loki
storage:
filesystem:
chunks_directory: /loki/chunks
rules_directory: /loki/rules
replication_factor: 1
ring:
kvstore:
store: inmemory
schema_config:
configs:
- from: 2020-10-24
store: tsdb
object_store: filesystem
schema: v13
index:
prefix: index_
period: 24h
Deploy with Docker Compose
1. Create the Docker Compose manifest:
$ nano docker-compose.yaml
services:
traefik:
image: traefik:v3.6
container_name: traefik
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
volumes:
- "letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
restart: unless-stopped
loki:
image: grafana/loki:latest
container_name: loki
hostname: loki
expose:
- "3100"
volumes:
- "./loki-config/loki-config.yaml:/etc/loki/loki-config.yaml"
- "./loki-data:/loki"
command: -config.file=/etc/loki/loki-config.yaml
labels:
- "traefik.enable=true"
- "traefik.http.routers.loki.rule=Host(`${DOMAIN}`)"
- "traefik.http.routers.loki.entrypoints=websecure"
- "traefik.http.routers.loki.tls.certresolver=letsencrypt"
restart: unless-stopped
volumes:
letsencrypt:
2. Start the services:
$ docker compose up -d
3. Verify the services are running:
$ docker compose ps
4. View the logs:
$ docker compose logs
Access Loki
1. Check the readiness endpoint:
$ curl https://loki.example.com/ready
2. List the active labels:
$ curl https://loki.example.com/loki/api/v1/labels
3. Check the build information:
$ curl https://loki.example.com/loki/api/v1/status/buildinfo
Next Steps
Loki is running and serving logs over HTTPS. From here you can:
- Add Loki as a data source in Grafana for log exploration with LogQL
- Ship logs from your servers using Promtail, Grafana Alloy, or Fluent Bit
- Move chunk storage to S3-compatible object storage for long-term retention
For the full guide with additional tips, visit the original article on Vultr Docs.
Top comments (0)