events {
    worker_connections 1024;
}

http {
    upstream loki {
        server loki:3100;
    }

    server {
        listen 80;

        # Require authentication for all requests
        auth_basic "Loki Authentication";
        auth_basic_user_file /etc/nginx/.htpasswd;

        # Proxy all requests to Loki
        location / {
            proxy_pass http://loki;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

            # Important for Loki push endpoint
            client_max_body_size 100M;
            client_body_buffer_size 10M;
        }
    }
}