NGINX as Proxy: Rewrite Set-Cookie to Secure and HttpOnly
As I have to deal with nginx lately (Which is quite a nice piece of software, but not easy to configure), I was faced with the problem of securing a backend application. One of this goals was to add the Cookie attributes "secure" and "HttpOnly".
My solution assumes that the path of the cookie equals "/". So if it does not in your case, you might want to adapt it. Put this just next to your proxy configuration.
proxy_cookie_path / "/; secure; HttpOnly";