Here is a minimal example for exposing Promehteus with auth. No swarm, no TLS:
docker-compose.yaml
version: "3.3"
services:
traefik:
image: "traefik:v2.0.4"
container_name: "traefik"
ports:
- "80:80"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./traefik.toml:/traefik.toml"
labels:
- "traefik.enable=true"
- "traefik.http.routers.metrics.entrypoints=http"
- "traefik.http.routers.metrics.rule=Path(`/metrics`)"
- "traefik.http.routers.metrics.service=metrics"
- "traefik.http.routers.metrics.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
- "traefik.http.services.metrics.loadbalancer.server.port=5443"
traefik.toml
[entryPoints.http]
address = ":80"
[entryPoints.metrics]
address = ":5443"
[api]
insecure = true
[log]
level = "debug"
[accessLog]
[metrics.prometheus]
addEntryPointsLabels = true
addServicesLabels = true
entryPoint = "metrics"
[providers.docker]
exposedByDefault = false
Here you expose /metrics on 5443, then you create a service to point to that port, a router to point to that service, and then you can access it at http://yourhost/metrics. You will have provide credentials such as test:test.
Hope this helps.