Prometheus CORS workaround: Use Nginx proxy behind and set CORS header with it

prometheus.conf

# See https://github.com/prometheus/exporter-toolkit/issues/71
# Make prometheus working on localhost only and to set properly Access-Control-Allow-Origin
# Edit /etc/default/prometheus and 
#  add --web.listen-address=127.0.0.1:9090   
#  add --web.cors.origin=\"https.*\"
# The regexp looks ugly because just simple .* will result in Access-Control-Allow-Origin: *
# Then install the Nginx
#  sudo apt install nginx
# put the file into /etc/nginx/sites-available/prometheus 
#  sudo rm /etc/nginx/sites-enabled/default
#  sudo ln -s /etc/nginx/sites-available/prometheus /etc/nginx/sites-enabled/
#  sudo systemctl restart nginx

server {
    server_name example.com;
    listen example:9090 ssl http2;
    ssl_certificate  /etc/ssl/private/example.com.fullchain.pem;
    ssl_certificate_key  /etc/ssl/private/example.com.privkey.pem;
    root /var/www/html;
    access_log off;

    location / {
        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' $http_origin;
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'Authorization,If-Modified-Since,Cache-Control,Content-Type';
            add_header 'Access-Control-Max-Age' 7200;
            return 204;
        }
        proxy_pass http://127.0.0.1:9090;
        proxy_http_version 1.1;
        # remove "Connection: close" to keep connection between Nginx and Prometheus
        proxy_set_header Connection "";
        auth_basic 'Prometheus';
        auth_basic_user_file /etc/nginx/.htpasswd;
        # Prometheus doesn't set the header but it's needed for AJAX withCredentials
        add_header 'Access-Control-Allow-Credentials' 'true';
    }
}