diff --git a/InvenTree/InvenTree/urls.py b/InvenTree/InvenTree/urls.py
index bf0838c26c..0108418517 100644
--- a/InvenTree/InvenTree/urls.py
+++ b/InvenTree/InvenTree/urls.py
@@ -37,6 +37,7 @@ from django.conf.urls.static import static
 from django.views.generic.base import RedirectView
 from rest_framework.documentation import include_docs_urls
 
+from .views import auth_request
 from .views import IndexView, SearchView, DatabaseStatsView
 from .views import SettingsView, EditUserView, SetPasswordView
 from .views import CurrencySettingsView, CurrencyRefreshView
@@ -155,6 +156,8 @@ urlpatterns = [
     url(r'^search/', SearchView.as_view(), name='search'),
     url(r'^stats/', DatabaseStatsView.as_view(), name='stats'),
 
+    url(r'^auth/?', auth_request),
+
     url(r'^api/', include(apipatterns)),
     url(r'^api-doc/', include_docs_urls(title='InvenTree API')),
 
diff --git a/InvenTree/InvenTree/views.py b/InvenTree/InvenTree/views.py
index 108908c571..06aec54c18 100644
--- a/InvenTree/InvenTree/views.py
+++ b/InvenTree/InvenTree/views.py
@@ -10,7 +10,7 @@ from __future__ import unicode_literals
 
 from django.utils.translation import gettext_lazy as _
 from django.template.loader import render_to_string
-from django.http import JsonResponse, HttpResponseRedirect
+from django.http import HttpResponse, JsonResponse, HttpResponseRedirect
 from django.urls import reverse_lazy
 from django.conf import settings
 
@@ -36,6 +36,19 @@ from .helpers import str2bool
 from rest_framework import views
 
 
+def auth_request(request):
+    """
+    Simple 'auth' endpoint used to determine if the user is authenticated.
+    Useful for (for example) redirecting authentication requests through
+    django's permission framework.
+    """
+
+    if request.user.is_authenticated:
+        return HttpResponse(status=200)
+    else:
+        return HttpResponse(status=403)
+
+
 class TreeSerializer(views.APIView):
     """ JSON View for serializing a Tree object.
 
diff --git a/docker/nginx.conf b/docker/nginx.conf
index fb1906f0fa..270378735e 100644
--- a/docker/nginx.conf
+++ b/docker/nginx.conf
@@ -1,3 +1,4 @@
+
 server {
 
     # Listen for connection on (internal) port 80
@@ -37,12 +38,20 @@ server {
     # Redirect any requests for media files
     location /media/ {
         alias /var/www/media/;
-        autoindex on;
 
-        # Caching settings
-        expires 30d;
-        add_header Pragma public;
-        add_header Cache-Control "public";
+        # Media files require user authentication
+        auth_request /auth;
+    }
+
+    # Use the 'user' API endpoint for auth
+    location /auth {
+        internal;
+
+        proxy_pass http://inventree-server:8000/auth/;
+
+        proxy_pass_request_body off;
+        proxy_set_header Content-Length "";
+        proxy_set_header X-Original-URI $request_uri;
     }
 
 }
\ No newline at end of file