server { listen 80; listen [::]:80; server_name secure.*; location / { proxy_redirect http://127.0.0.1/ https://$host/; proxy_pass http://oathkeeper:4455; } location /.ory/kratos/public/self-service/login/methods/password { proxy_redirect http://127.0.0.1/ https://$host/; proxy_pass http://oathkeeper:4455; header_filter_by_lua_block { if ngx.status >= ngx.HTTP_OK and ngx.status < ngx.HTTP_BAD_REQUEST then local http = require("socket.http") local sessionCookie = "" local responseCookies = {} for k, cookie in ipairs(ngx.header["set-cookie"]) do local sessionCookieMatch = string.match(cookie, "(ory_kratos_session=[^;]+);") if sessionCookieMatch then sessionCookie = sessionCookieMatch end table.insert(responseCookies, cookie) end local ok, status, headers = http.request { url = "http://oathkeeper:4455/user", headers = { Cookie = sessionCookie } } if headers["set-cookie"] then table.insert(responseCookies, headers["set-cookie"]) ngx.header["set-cookie"] = responseCookies end end } } }