server {
	listen 80;
	listen [::]:80;
	server_name secure.*;

	location / {
		proxy_redirect http://127.0.0.1/ https://$host/;
		proxy_pass http://oathkeeper:4455;
	}

	location /.ory/kratos/public/self-service/login/methods/password {
		proxy_redirect http://127.0.0.1/ https://$host/;
		proxy_pass http://oathkeeper:4455;

		header_filter_by_lua_block {
			if ngx.status >= ngx.HTTP_OK and ngx.status < ngx.HTTP_BAD_REQUEST then
				local http = require("socket.http")
				local sessionCookie = ""
				local responseCookies = {}
				for k, cookie in ipairs(ngx.header["set-cookie"]) do 
					local sessionCookieMatch = string.match(cookie, "(ory_kratos_session=[^;]+);")
					if sessionCookieMatch then sessionCookie = sessionCookieMatch end
					table.insert(responseCookies, cookie)
				end
				local ok, status, headers = http.request { url = "http://oathkeeper:4455/user", headers = { Cookie = sessionCookie } }
				if headers["set-cookie"] then
					table.insert(responseCookies, headers["set-cookie"])
					ngx.header["set-cookie"] = responseCookies
				end
			end
		}
	}
}