diff --git a/config/nginx.sample.conf b/config/nginx.sample.conf
index fa29fe8c8..35cbd520d 100644
--- a/config/nginx.sample.conf
+++ b/config/nginx.sample.conf
@@ -173,7 +173,7 @@ server {
     # This big block is needed so we can selectively enable
     # acceleration for backups and avatars
     # see note about repetition above
-    location ~ ^/(letter_avatar|user_avatar|highlight-js|stylesheets|favicon/proxied) {
+    location ~ ^/(letter_avatar/|user_avatar|highlight-js|stylesheets|favicon/proxied) {
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -192,9 +192,23 @@ server {
       break;
     }
 
-    location /letter_avatar_proxy {
-      rewrite /letter_avatar_proxy/(.*)$ /$1 break;
-      proxy_pass https://avatars.discourse.org;
+    location /letter_avatar_proxy/ {
+      # Don't send any client headers to the avatars service
+      proxy_method GET;
+      proxy_pass_request_headers off;
+      proxy_pass_request_body off;
+
+      # Don't let cookies interrupt caching, and don't pass them to the
+      # client
+      proxy_ignore_headers "Set-Cookie";
+      proxy_hide_header "Set-Cookie";
+
+      proxy_cache one;
+      proxy_cache_key $uri;
+      proxy_cache_valid 200 7d;
+      proxy_cache_valid 404 1m;
+
+      proxy_pass https://avatars.discourse.org/;
     }
 
     # this means every file in public is tried first