events { }

http {
  server {
    error_log stderr info;

    listen 10090;

    location / {

      # Removes any Access-Control-Allow-Origin from Prometheus itself. When accessing from browser, having * or
      # multiple values is not allowed in some cases
      proxy_hide_header Access-Control-Allow-Origin;

      # Allow the origin access. This is kinda wildcard but for browser it seems more strict and is needed for
      # withCredentials requests.
      add_header Access-Control-Allow-Origin $http_origin;

      # When using withCredentials requests this must be true.
      add_header Access-Control-Allow-Credentials true;

      # Ask for basic auth except for pre flight OPTIONS request.
      limit_except OPTIONS {
        ################################################################
        # The htpasswd file contains user:
        # prom: test
        ################################################################
        auth_basic "prom";
        auth_basic_user_file /etc/nginx/htpasswd;
      }

      proxy_pass http://prometheus:9090/;
    }
  }
}