--- tags: instance, hetzner, infra, p0xeidon.systems --- # log.p0xeidon.systems ## system init ```shell= # as root hostnamectl set-hostname log.p0xeidon.systems getent passwd mobula &> /dev/null || useradd --create-home --shell /bin/bash --comment 'manta ops' --user-group --groups sudo,systemd-journal mobula test -d /home/mobula/.ssh || sudo -H -u mobula mkdir /home/mobula/.ssh chmod 700 /home/mobula/.ssh sudo -H -u mobula bash -c 'curl -Lo /home/mobula/.ssh/authorized_keys https://github.com/garandor.keys' sudo -H -u mobula bash -c 'echo ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJIBSdR9Wy3S4L+Zdcu8waYe5vW2VzMoi+QafgV3IIFj >> /home/mobula/.ssh/authorized_keys' chmod 644 /home/mobula/.ssh/authorized_keys echo "mobula ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/mobula chmod 0440 /etc/sudoers.d/mobula ``` ## loki install ```shell= # as mobula sudo apt-get update sudo apt-get install -y certbot nginx unzip curl -Lo /tmp/loki-linux-amd64.zip https://github.com/grafana/loki/releases/download/v2.6.1/loki-linux-amd64.zip sudo unzip /tmp/loki-linux-amd64.zip -d /usr/local/bin sudo useradd --system --create-home --home-dir /var/lib/loki --user-group loki sudo mkdir /etc/loki sudo curl -Lo /etc/loki/local-config.yml https://raw.githubusercontent.com/grafana/loki/v2.6.1/cmd/loki/loki-local-config.yaml sudo sed -i 's#/tmp/loki#/var/lib/loki#g' /etc/loki/local-config.yml ``` `/etc/loki/local-config.yml` ```yaml= auth_enabled: false server: http_listen_port: 3100 grpc_listen_port: 9096 common: path_prefix: /var/lib/loki storage: filesystem: chunks_directory: /var/lib/loki/chunks rules_directory: /var/lib/loki/rules replication_factor: 1 ring: instance_addr: 127.0.0.1 kvstore: store: inmemory schema_config: configs: - from: 2020-10-24 store: boltdb-shipper object_store: filesystem schema: v11 index: prefix: index_ period: 24h ruler: alertmanager_url: http://localhost:9093 ``` `/etc/systemd/system/loki.service` ```ini= [Unit] Description=loki After=network.target [Service] Type=simple User=loki Group=loki ExecStart=/usr/local/bin/loki-linux-amd64 -config.file /etc/loki/local-config.yml Restart=always RestartSec=10 [Install] WantedBy=multi-user.target ``` ```shell= # as mobula sudo systemctl enable --now loki.service #journalctl -u loki.service -f sudo certbot certonly --noninteractive --cert-name $(hostname -f) --expand --allow-subset-of-names -m ops@manta.network --agree-tos --no-eff-email --preferred-challenges http --webroot --webroot-path /var/www/html -d $(hostname -f) sudo curl -Lo /etc/letsencrypt/options-ssl-nginx.conf https://gist.githubusercontent.com/grenade/ad1a4772c47a0977204edee78691fde1/raw/options-ssl-nginx.conf sudo curl -Lo /etc/letsencrypt/ssl-dhparams.pem https://gist.githubusercontent.com/grenade/ad1a4772c47a0977204edee78691fde1/raw/ssl-dhparams.pem ``` `/etc/nginx/sites-available/log.p0xeidon.systems.conf` ```nginx= server { server_name log.p0xeidon.systems; listen 443 ssl; listen [::]:443 ssl ipv6only=on; # certbot challenges location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; root /var/www/html; } # loki reverse proxy location /loki { proxy_read_timeout 1800s; proxy_connect_timeout 1600s; proxy_pass http://127.0.0.1:3100; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Connection "Keep-Alive"; proxy_set_header Proxy-Connection "Keep-Alive"; proxy_redirect off; } location /ready { proxy_pass http://127.0.0.1:3100; proxy_http_version 1.1; proxy_set_header Connection "Keep-Alive"; proxy_set_header Proxy-Connection "Keep-Alive"; proxy_redirect off; } ssl_certificate /etc/letsencrypt/live/log.p0xeidon.systems/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/log.p0xeidon.systems/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; } server { server_name log.p0xeidon.systems; listen 80; listen [::]:80; # certbot challenges location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; root /var/www/html; } # tls redirect if ($host = log.p0xeidon.systems) { return 301 https://$host$request_uri; } return 404; } ``` ```shell= # as mobula sudo ln -sfr /etc/nginx/sites-available/log.p0xeidon.systems.conf /etc/nginx/sites-enabled/log.p0xeidon.systems.conf sudo rm /etc/nginx/sites-enabled/default sudo systemctl restart nginx.service ```