diff --git a/backend/nginx.conf b/backend/nginx.conf
index 18d410e..dabdfb9 100644
--- a/backend/nginx.conf
+++ b/backend/nginx.conf
@@ -43,6 +43,8 @@ http {
 
         # Separate location for PDFs under /protectedMedia/
         location ~* ^/protectedMedia/.*\.pdf$ {
+            internal;
+            alias /code/media/;
             add_header Content-Security-Policy "default-src 'self'; script-src 'none'; object-src 'none'; base-uri 'none'" always;
             add_header X-Content-Type-Options nosniff always;
             add_header X-Frame-Options SAMEORIGIN always;