diff --git a/ansible/files/envoy_config/lds.yaml b/ansible/files/envoy_config/lds.yaml
index 60a38f65d..f2c719d20 100644
--- a/ansible/files/envoy_config/lds.yaml
+++ b/ansible/files/envoy_config/lds.yaml
@@ -254,8 +254,10 @@ resources:
                               type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBACPerRoute
                       - match:
                           safe_regex:
+                            google_re2:
+                              max_program_size: 150
                             regex: >-
-                              /auth/v1/(verify|callback|authorize|sso/saml/(acs|metadata|slo))
+                              /auth/v1/(verify|callback|authorize|sso/saml/(acs|metadata|slo)|\.well-known/(openid-configuration|jwks\.json))
                         route:
                           cluster: gotrue
                           regex_rewrite:
diff --git a/docker/all-in-one/etc/kong/kong.yml b/docker/all-in-one/etc/kong/kong.yml
index 53ad4baef..9952f9861 100644
--- a/docker/all-in-one/etc/kong/kong.yml
+++ b/docker/all-in-one/etc/kong/kong.yml
@@ -27,6 +27,12 @@ services:
       routes: [{ name: auth-v1-open-saml, strip_path: true, paths: [/auth/v1/sso/saml/] }],
       plugins: [{ name: cors }],
     }
+  - {
+      name: auth-v1-open-well-known,
+      url: 'http://localhost:9999/.well-known/',
+      routes: [{ name: auth-v1-open-well-known, strip_path: true, paths: [/auth/v1/.well-known/] }],
+      plugins: [{ name: cors }],
+    }
   - {
       name: auth-v1,
       url: 'http://localhost:9999/',