Prometheus metrics routing issue


what I try to do is to expose the prometheus metrics on a custom endpoint protected by a basic auth middleware. So the result should look like this:

What I've done so far:

    buckets: [0.1, 0.3, 1.2, 5.0]
    manualRouting: true

At this point, metrics should be enabled in general but I should not be able to access the endpoint on any route, right? I will need to define a dedicated router first because I've set manualRouting: true. At least, that was my understanding, but here comes the first question: At this point I'm already able to access the metrics at http:///metrics. Why is this possible?

To get working I've added the following labels to my traefik container:

--label traefik.enable=true \
  --label \
  --label traefik.http.routers.metrics.rule="Host(``) && Path(`/my_metrics`)" \
  --label traefik.http.routers.metrics.service=prometheus@internal \
  --label traefik.http.routers.metrics.entrypoints=https \
  --label traefik.http.routers.metrics.tls=true \
  --label traefik.http.routers.metrics.middlewares=auth@file,https@file,secure@file \
  --label traefik.http.routers.metrics-insecure.rule="Host(``) && Path(`/my_metrics`)" \
  --label traefik.http.routers.metrics-insecure.service=prometheus@internal \
  --label traefik.http.routers.metrics-insecure.entrypoints=http \
  --label traefik.http.routers.metrics-insecure.middlewares=auth@file,https@file,secure@file

Perfect, at this point works and this endpoint is basic auth protected. But http:///metrics is still working even without auth...