diff --git a/auth-middleware.js b/auth-middleware.js
index e782a34..fab4d6a 100644
--- a/auth-middleware.js
+++ b/auth-middleware.js
@@ -71,10 +71,21 @@ function initAuth(app) {
     res.redirect('/login');
   });
   
+  // Authentication check endpoint for Nginx auth_request
+  app.get('/auth/check', (req, res) => {
+    if (req.session.authenticated) {
+      return res.status(200).send('OK');
+    }
+    return res.status(401).send('Unauthorized');
+  });
+  
   // Authentication middleware for all other routes
   app.use((req, res, next) => {
-    // Skip auth for login-related routes
-    if (req.path === '/login' || req.path === '/auth/login') {
+    // Skip auth for login-related routes and static assets
+    if (req.path === '/login' || 
+        req.path === '/auth/login' || 
+        req.path === '/auth/check' ||
+        req.path.match(/\.(css|js|png|jpg|jpeg|gif|ico|svg)$/)) {
       return next();
     }
     
diff --git a/data-api.js b/data-api.js
index 5dcc4e5..0021a37 100644
--- a/data-api.js
+++ b/data-api.js
@@ -25,6 +25,20 @@ app.use(bodyParser.json({ limit: '5mb' }));
 app.use(bodyParser.urlencoded({ extended: true })); // For parsing form data
 app.use(express.static('public')); // Serve static files
 
+// Copy login.html to the correct location for serving
+const loginHtmlPath = path.join(__dirname, 'login.html');
+if (fs.existsSync(loginHtmlPath)) {
+  // Ensure public directory exists
+  const publicDir = path.join(__dirname, 'public');
+  if (!fs.existsSync(publicDir)) {
+    fs.mkdirSync(publicDir, { recursive: true });
+  }
+  
+  // Copy login.html to public directory
+  fs.copyFileSync(loginHtmlPath, path.join(publicDir, 'login.html'));
+  console.log('Login page copied to public directory');
+}
+
 // Initialize authentication middleware
 initAuth(app);
 
diff --git a/nginx.conf b/nginx.conf
index 77f8cac..f904a72 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -8,15 +8,22 @@ server {
     gzip on;
     gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
 
-    # Serve static files directly
-    location / {
+    # Authentication check - redirect to login if not authenticated
+    location = / {
+        # First try to use the API to check authentication
+        auth_request /auth/check;
+        
+        # If auth passes, serve the main page
         try_files $uri $uri/ /index.html;
         
-        # CORS headers for main location
+        # CORS headers
         add_header 'Access-Control-Allow-Origin' '*' always;
         add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
         add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization' always;
         
+        # Error indicates not authenticated, redirect to login
+        error_page 401 = @error401;
+        
         # Handle preflight requests
         if ($request_method = 'OPTIONS') {
             add_header 'Access-Control-Allow-Origin' '*';
@@ -28,6 +35,21 @@ server {
             return 204;
         }
     }
+    
+    # Serve static files directly
+    location / {
+        try_files $uri $uri/ /index.html;
+        
+        # CORS headers
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+        add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization' always;
+    }
+    
+    # Handle 401 unauthorized by redirecting to login
+    location @error401 {
+        return 302 /login;
+    }
 
     # Proxy requests to the data API
     location /data/ {