diff --git a/devenv/docker/blocks/nginx_proxy_mac/nginx_login_only.conf b/devenv/docker/blocks/nginx_proxy_mac/nginx_login_only.conf
new file mode 100644
index 00000000000..4d40cbfb6d9
--- /dev/null
+++ b/devenv/docker/blocks/nginx_proxy_mac/nginx_login_only.conf
@@ -0,0 +1,42 @@
+events { worker_connections 1024; }
+
+http {
+  sendfile on;
+
+  proxy_redirect     off;
+  proxy_set_header   Host $host;
+  proxy_set_header   X-Real-IP $remote_addr;
+  proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+  proxy_set_header   X-Forwarded-Host $server_name;
+
+  server {
+    listen 10080;
+
+    location /grafana/ {
+      ################################################################
+      # Enable these settings to test with basic auth and an auth proxy header
+      # the htpasswd file contains an admin user with password admin and
+      # user1: grafana and user2: grafana
+      ################################################################
+
+
+      ################################################################
+      # To use the auth proxy header, set the following in custom.ini:
+      # [auth.proxy]
+      # enabled = true
+      # header_name = X-WEBAUTH-USER
+      # header_property = username
+      ################################################################
+
+      location /grafana/login {
+        auth_basic "Restricted Content";
+        auth_basic_user_file /etc/nginx/htpasswd;
+        proxy_set_header X-WEBAUTH-USER $remote_user;
+        proxy_pass http://host.docker.internal:3000/login;
+      }
+
+      proxy_set_header Authorization "";
+      proxy_pass http://host.docker.internal:3000/;
+    }
+  }
+}