Explore documentation
  1. Welcome to Telemetry 👋
  2. Quick start guide
  3. Wide events vs. metrics
  4. Ingesting data
    1. Better Stack collector
    2. Vector
    3. OpenTelemetry
    4. Ingesting via HTTP API
    5. Ingesting metrics
    6. Ingesting logs
    7. Migrating to Better Stack
  5. Using the product
    1. AI SRE ↗
    2. MCP server ↗
    3. Transforming ingested data
    4. Querying data
    5. Tracing
    6. Alerts
  6. Telemetry API
    1. Getting an API token
    2. Sources API
    3. Source groups API
    4. Metrics API
    5. Dashboards API
    6. Explorations API
    7. Exploration groups API
    8. Alerts API
    9. Connections API
    10. Collectors API
    11. Query API ↗
  7. Alternative to
    1. Lightstep

Install and use collector as egress proxy

Run collector as fowarding proxy for logs, traces, and metrics to save on egress costs.

This is an advanced feature

Collector will always batch the sent data. We recommend you install it via one of the options above. Install collector as egress proxy to batch data you're already sending to Better Stack.

Set the PROXY_PORT variable before installing and updating collector. Make sure the chosen port is free on the host system.

Install using Docker Compose
curl -sSL https://raw.githubusercontent.com/BetterStackHQ/collector/main/install.sh | \
  COLLECTOR_SECRET="$COLLECTOR_SECRET" PROXY_PORT=80 bash


Send logs to /v1/logs, metrics to /v1/metrics, and traces to /v1/traces. Use any format you'd otherwise send to Better Stack directly.

Optionally, secure the proxy with HTTP Basic authentication:

Proxy HTTP Basic Auth.png

Generate an SSL certificate with Let's Encrypt

Secure the proxy with SSL certificates from Let’s Encrypt.

Set PROXY_PORT and USE_TLS before installing or upgrading collector:

Install using Docker Compose
curl -sSL https://raw.githubusercontent.com/BetterStackHQ/collector/main/install.sh | \
  COLLECTOR_SECRET="$COLLECTOR_SECRET" PROXY_PORT=443 USE_TLS=true bash


When USE_TLS is set, collector will also bind port 80 to handle Let’s Encrypt HTTP-01 challenges. If port 80 is already in use, collector will fail to start. We recommend using 443 as PROXY_PORT with SSL.

Enable SSL in the collector configuration:

Screenshot 2025-09-18 at 13.22.14.png

The configured domain name is updated automatically as part of the remote configuration. Collector will try to obtain a certificate from Let’s Encrypt every 10 minutes until successful. Once issued, the certificate is automatically renewed every 6 hours.

Send a sample log line

Test the egress proxy by sending a sample log line.

Send a sample log line
curl -X POST \
     -H 'Content-Type: application/json' \
     -d '{"dt":"'"$(date -u +'%Y-%m-%d %T UTC')"'","message":"Hello world via egress proxy!"}' \
     --insecure \
     https://$TLS_DOMAIN:$PROXY_PORT/