diff --git a/docker/nginx/conf.d/include/location-skylink b/docker/nginx/conf.d/include/location-skylink
index 91284d7d..9b13ab0f 100644
--- a/docker/nginx/conf.d/include/location-skylink
+++ b/docker/nginx/conf.d/include/location-skylink
@@ -24,6 +24,46 @@ set $skynet_proof '';
 set $limit_rate 0;
 
 access_by_lua_block {
+    -- the block below only makes sense if we are using nginx cache
+    if not ngx.var.skyd_disk_cache_enabled then
+        local httpc = require("resty.http").new()
+
+        -- detect whether requested skylink is v2
+        local isBase32v2 = string.len(ngx.var.skylink) == 55 and string.sub(ngx.var.skylink, 0, 2) == "04"
+        local isBase64v2 = string.len(ngx.var.skylink) == 46 and string.sub(ngx.var.skylink, 0, 2) == "AQ"
+        
+        if isBase32v2 or isBase64v2 then
+            -- 10.10.10.10 points to sia service (alias not available when using resty-http)
+            local res, err = httpc:request_uri("http://10.10.10.10:9980/skynet/resolve/" .. ngx.var.skylink_v2, {
+                headers = { ["User-Agent"] = "Sia-Agent" }
+            })
+
+            -- print error and exit with 500 or exit with response if status is not 200
+            if err or (res and res.status ~= ngx.HTTP_OK) then
+                ngx.status = (err and ngx.HTTP_INTERNAL_SERVER_ERROR) or res.status
+                ngx.header["content-type"] = "text/plain"
+                ngx.say(err or res.body)
+                return ngx.exit(ngx.status)
+            end
+
+            local json = require('cjson')
+            local resolve = json.decode(res.body)
+            ngx.var.skylink_v1 = resolve.skylink
+            ngx.var.skynet_proof = res.headers["Skynet-Proof"]
+        end
+
+        -- check if skylink v1 is present on blocklist (compare hashes)
+        if require("skynet.blocklist").is_blocked(ngx.var.skylink_v1) then
+            return require("skynet.blocklist").exit_illegal()
+        end
+
+        -- if skylink is found on nocache list then set internal nocache variable
+        -- to tell nginx that it should not try and cache this file (too large)
+        if ngx.shared.nocache:get(ngx.var.skylink_v1) then
+            ngx.var.nocache = "1"
+        end
+    end
+
     if require("skynet.account").accounts_enabled() then
         -- check if portal is in authenticated only mode
         if require("skynet.account").is_access_unauthorized() then
@@ -46,6 +86,23 @@ access_by_lua_block {
 header_filter_by_lua_block {
     ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain
     ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain
+
+    -- the block below only makes sense if we are using nginx cache
+    if not ngx.var.skyd_disk_cache_enabled then
+        -- not empty skynet_proof means this is a skylink v2 request
+        -- so we should replace the Skynet-Proof header with the one
+        -- we got from /skynet/resolve/ endpoint, otherwise we would
+        -- be serving cached empty v1 skylink Skynet-Proof header
+        if ngx.var.skynet_proof and ngx.var.skynet_proof ~= "" then
+            ngx.header["Skynet-Proof"] = ngx.var.skynet_proof
+        end
+
+        -- add skylink to nocache list if it exceeds 1GB (1e+9 bytes) threshold
+        -- (content length can be nil for already cached files - we can ignore them)
+        if ngx.header["Content-Length"] and tonumber(ngx.header["Content-Length"]) > 1e+9 then
+            ngx.shared.nocache:set(ngx.var.skylink_v1, ngx.header["Content-Length"])
+        end
+    end
 }
 
 limit_rate_after 512k;