diff --git a/docker/kratos/oathkeeper/access-rules.yml b/docker/kratos/oathkeeper/access-rules.yml
index e7abc6a5..5e0e03fe 100644
--- a/docker/kratos/oathkeeper/access-rules.yml
+++ b/docker/kratos/oathkeeper/access-rules.yml
@@ -57,7 +57,7 @@
     preserve_host: true
     url: "http://accounts:3000"
   match:
-    url: "http://oathkeeper:4455/<{user,user/**}>"
+    url: "http://oathkeeper<{,:4455}>/<{user,user/**}>"
     methods:
       - GET
   authenticators:
diff --git a/docker/nginx/conf.d/secure.conf b/docker/nginx/conf.d/secure.conf
index 4656e91e..d8e996ef 100644
--- a/docker/nginx/conf.d/secure.conf
+++ b/docker/nginx/conf.d/secure.conf
@@ -7,4 +7,27 @@ server {
 		proxy_redirect http://127.0.0.1/ https://$host/;
 		proxy_pass http://oathkeeper:4455;
 	}
+
+	location /.ory/kratos/public/self-service/login/methods/password {
+		proxy_redirect http://127.0.0.1/ https://$host/;
+		proxy_pass http://oathkeeper:4455;
+
+		header_filter_by_lua_block {
+			if ngx.status >= ngx.HTTP_OK and ngx.status < ngx.HTTP_BAD_REQUEST then
+				local http = require("socket.http")
+				local sessionCookie = ""
+				local responseCookies = {}
+				for k, cookie in ipairs(ngx.header["set-cookie"]) do 
+					local sessionCookieMatch = string.match(cookie, "(ory_kratos_session=[^;]+);")
+					if sessionCookieMatch then sessionCookie = sessionCookieMatch end
+					table.insert(responseCookies, cookie)
+				end
+				local ok, status, headers = http.request { url = "http://oathkeeper:4455/user", headers = { Cookie = sessionCookie } }
+				if headers["set-cookie"] then
+					table.insert(responseCookies, headers["set-cookie"])
+					ngx.header["set-cookie"] = responseCookies
+				end
+			end
+		}
+	}
 }