I’m making laravel-santum(with vue3) and nginx reverse proxy server on Docker enviroment.

I found something is worg when I send get request “/sanctum/csrf-cookie”,

there is no response ‘Set-Cookie’ header and no way to get headers from backend.

without nginx, everyting goes well. I can get Set-Cookie header by curl or POSTMAN program,

and my frontend works well too.

I have searched and tried so many things but

cannot know how to work well “/sanctum/csrf-cookie” by ‘Set-Cookie’ header and

how to send other backend headers through nginx reverse proxy server.

here is my nginx default.conf file ( included in nginx.conf http scope)

default.conf

server {
    listen 80;
    listen [::]:80;
#    return 301 https://$host$request_uri;
#}
#
#server {
#    listen 443 ssl;
#    listen [::]:443 ssl;
#
#    ssl_certificate /var/www/.mkcert/cert.pem;
#    ssl_certificate_key /var/www/.mkcert/key.pem;
#    ssl_protocols TLSv1.2;
#    ssl_ciphers HIGH:!aNULL:!MD5;
#    ssl_prefer_server_ciphers on;

    index index.php index.html;
    server_name _;
    error_log /var/log/nginx/error.log debug;
    access_log /var/log/nginx/access.log;
    # access_log off;
    root /var/www/public;

    # nginx server version
    server_tokens off;
    
    # allow header
    ignore_invalid_headers off;
    underscores_in_headers on; # when off, get info msg at log

    # add headaer
#    add_header author 'oscar';
#    add_header aristo_1 $uri;


    # frontend http proxy server
    location / {
        try_files $uri $uri/ /index.php?$query_string; # upstream
#        proxy_connect_timeout 3600;
#        proxy_send_timeout 3600;
#        proxy_read_timeout 3600;
#        send_timeout 3600;

    # ~* ignore upscales, "location =" is not a regx
        location ~* /favicons/ {
            return 204;
            access_log     off;
            log_not_found  off;
        }

        # frontend http proxy pass and header settings
        proxy_pass http://localhost:9000; # default localhost
#        proxy_ssl_verify     off;
#        proxy_set_header Upgrade           $http_upgrade;
#        proxy_set_header Connection        "upgrade";
        proxy_set_header Host              $http_host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
#        proxy_set_header X-Forwarded-Host  $host;
#        proxy_set_header X-Forwarded-Port  $server_port;
#        proxy_set_header Cookie $http_cookie;
#        proxy_set_header X-XSRF-TOKEN $http_x_xsrf_token;
#        proxy_set_header X-TOKEN $http_xsrf_token;
#
    }

    # backend
    location ~ .php$ {
        try_files $uri =403;
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        fastcgi_pass php83:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
        fastcgi_param  PATH_INFO         $fastcgi_path_info;
        fastcgi_param  HTTP_HOST          $host;
        fastcgi_param  HTTP_USER_AGENT    $http_user_agent;
        fastcgi_param  HTTP_ACCEPT        $http_accept;
        fastcgi_param  HTTP_ACCEPT_LANGUAGE $http_accept_language;
        fastcgi_param  HTTP_ACCEPT_ENCODING $http_accept_encoding;
        fastcgi_param  HTTP_COOKIE        $http_cookie;
        fastcgi_param  HTTP_CONNECTION    $http_connection;
        fastcgi_param  HTTP_UPGRADE       $http_upgrade;

#        fastcgi_read_timeout 3600;
#        add_header aristo4_ $uri; # ignore add_header of server scope
#
#        # fastcgi_pass_header Set-Cookie;
#        # fastcgi_pass_header Cookie;
#        # fastcgi_pass_header Authorization;
#        # fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
#
#        add_header X-Cache $upstream_cache_status;
#        add_header XSRF-TOKEN $http_xsrf_token;
#        add_header end ____________;
    }

    # deny exceptions
    location ~ /.(?!well-known).* {
        deny all;
    }
}

Https setting is work well when I develop frontend vue3 stuffs.

Without reverse proxy server, (vue3 <-> laravel) everything is done well.

But If I manage revserse proxy server (vue3 <-> nginx <-> laravel),

nothing is returned on my headers from backend server.

I tried so many nginx settings above default.conf file,

but there is no answer for headers pass through nginx proxy server.

So, I’ve got a conclusion.

1. maybe the nginx proxy server cannot send backend api server’s headers.

2. I cannot solve this problem by documents and web sources alone.

then, can you tell me how to send ‘Set-Cookie’ header through nginx server?