diff --git a/docker/kratos/oathkeeper/access-rules.yml b/docker/kratos/oathkeeper/access-rules.yml
index e6c5d395..f326e424 100644
--- a/docker/kratos/oathkeeper/access-rules.yml
+++ b/docker/kratos/oathkeeper/access-rules.yml
@@ -1,5 +1,4 @@
--
-  id: "ory:kratos:public"
+- id: "ory:kratos:public"
   upstream:
     preserve_host: true
     url: "http://kratos:4433"
@@ -13,15 +12,13 @@
       - DELETE
       - PATCH
   authenticators:
-    -
-      handler: noop
+    - handler: noop
   authorizer:
     handler: allow
   mutators:
     - handler: noop
 
--
-  id: "ory:kratos-selfservice-ui-node:anonymous"
+- id: "ory:kratos-selfservice-ui-node:anonymous"
   upstream:
     preserve_host: true
     url: "http://kratos-selfservice-ui-node:4435"
@@ -30,16 +27,13 @@
     methods:
       - GET
   authenticators:
-    -
-      handler: anonymous
+    - handler: anonymous
   authorizer:
     handler: allow
   mutators:
-    -
-      handler: noop
+    - handler: noop
 
--
-  id: "ory:kratos-selfservice-ui-node:protected"
+- id: "ory:kratos-selfservice-ui-node:protected"
   upstream:
     preserve_host: true
     url: "http://kratos-selfservice-ui-node:4435"
@@ -48,8 +42,7 @@
     methods:
       - GET
   authenticators:
-    -
-      handler: cookie_session
+    - handler: cookie_session
   authorizer:
     handler: allow
   mutators:
@@ -60,3 +53,19 @@
         #to: http://oathkeeper:4455/auth/login
         to: https://siasky.xyz/secure/auth/login
 
+- id: "accounts"
+  upstream:
+    preserve_host: true
+    url: "http://accounts:3000"
+  match:
+    url: "http://oathkeeper:4455/<{user}>"
+  methods:
+    - GET
+  authenticators:
+    - handler: cookie_session
+  authorizer:
+    handler: allow
+  mutators:
+    - handler: id_token
+  errors:
+    - handler: json
diff --git a/docker/nginx/conf.d/client.conf b/docker/nginx/conf.d/client.conf
index 84157da3..66e348fe 100644
--- a/docker/nginx/conf.d/client.conf
+++ b/docker/nginx/conf.d/client.conf
@@ -352,16 +352,6 @@ server {
 		proxy_pass http://oathkeeper:4455;
 	}
 
-	#location /secure/self-service {
-	#	rewrite /secure/self-service/(.*) /$1 break;
-	#	proxy_pass http://oathkeeper:4455;
-	#}
-
-	location /accounts {
-		rewrite /accounts/(.*) /$1 break;
-		proxy_pass http://accounts:3000;
-	}
-
 	# include custom locations, specific to the server
 	include /etc/nginx/conf.d/server-override/*;
 }