diff --git a/.env.example b/.env.example
index 6e0231b9ee..f182b9ee9d 100644
--- a/.env.example
+++ b/.env.example
@@ -262,9 +262,6 @@ OPENAI_API_KEY=sk-xxxxxxxxx
 # Bucket request endpoint
 # S3_ENDPOINT=https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.r2.cloudflarestorage.com
 
-# Public access domain for the bucket
-# S3_PUBLIC_DOMAIN=https://s3-for-lobechat.your-domain.com
-
 # Bucket region, such as us-west-1, generally not needed to add
 # but some service providers may require configuration
 # S3_REGION=us-west-1
diff --git a/.env.example.development b/.env.example.development
index a34832aad8..0f980072bf 100644
--- a/.env.example.development
+++ b/.env.example.development
@@ -85,9 +85,6 @@ S3_ENDPOINT=http://localhost:${MINIO_PORT}
 # S3 bucket name for storing files
 S3_BUCKET=${MINIO_LOBE_BUCKET}
 
-# Public domain for S3 file access
-S3_PUBLIC_DOMAIN=http://localhost:${MINIO_PORT}
-
 # Enable path-style S3 requests (required for MinIO)
 S3_ENABLE_PATH_STYLE=1
 
diff --git a/docker-compose/deploy/.env.example b/docker-compose/deploy/.env.example
index 7f61fbc772..8dfdc5d4ef 100644
--- a/docker-compose/deploy/.env.example
+++ b/docker-compose/deploy/.env.example
@@ -7,6 +7,9 @@
 # Leave empty to allow all users to register
 # AUTH_ALLOWED_EMAILS=user1@example.com,user2@example.com
 
+# Disable user registration (SSO-only mode)
+# When set to 1, users cannot register via email/password, only SSO login is allowed
+# AUTH_DISABLE_EMAIL_PASSWORD=1
 
 # ===========================
 # ====== Preset config ======
@@ -28,7 +31,6 @@ RUSTFS_ACCESS_KEY=admin
 RUSTFS_SECRET_KEY=YOUR_RUSTFS_PASSWORD
 
 # Configure the bucket information of RUSTFS
-S3_PUBLIC_DOMAIN=http://localhost:9000
 S3_ENDPOINT=http://localhost:9000
 RUSTFS_LOBE_BUCKET=lobe
 
diff --git a/docker-compose/deploy/.env.zh-CN.example b/docker-compose/deploy/.env.zh-CN.example
index 77bb0d0343..e9c8034923 100644
--- a/docker-compose/deploy/.env.zh-CN.example
+++ b/docker-compose/deploy/.env.zh-CN.example
@@ -7,6 +7,10 @@
 # 留空则允许所有用户注册登录
 # AUTH_ALLOWED_EMAILS=user1@example.com,user2@example.com
 
+# 禁用用户注册（仅允许 SSO 登录）
+# 设置为 1 后，用户无法通过邮箱密码注册，只能通过 SSO 登录
+# AUTH_DISABLE_EMAIL_PASSWORD=1
+
 # ===================
 # ===== 预设配置 =====
 # ===================
@@ -24,7 +28,6 @@ RUSTFS_ACCESS_KEY=admin
 RUSTFS_SECRET_KEY=YOUR_RUSTFS_PASSWORD
 
 # 在下方配置 rustfs 中添加的桶
-S3_PUBLIC_DOMAIN=http://localhost:9000
 S3_ENDPOINT=http://localhost:9000
 RUSTFS_LOBE_BUCKET=lobe
 
diff --git a/docker-compose/local/.env.example b/docker-compose/local/.env.example
index be99e9eae6..4371008ebd 100644
--- a/docker-compose/local/.env.example
+++ b/docker-compose/local/.env.example
@@ -37,7 +37,6 @@ RUSTFS_ACCESS_KEY=admin
 RUSTFS_SECRET_KEY=YOUR_RUSTFS_PASSWORD
 
 # Configure the bucket information of RUSTFS
-S3_PUBLIC_DOMAIN=http://localhost:9000
 S3_ENDPOINT=http://localhost:9000
 RUSTFS_LOBE_BUCKET=lobe
 
diff --git a/docker-compose/local/.env.zh-CN.example b/docker-compose/local/.env.zh-CN.example
index a369fceadd..d96818a0b0 100644
--- a/docker-compose/local/.env.zh-CN.example
+++ b/docker-compose/local/.env.zh-CN.example
@@ -34,7 +34,6 @@ RUSTFS_ACCESS_KEY=admin
 RUSTFS_SECRET_KEY=YOUR_RUSTFS_PASSWORD
 
 # 在下方配置 rustfs 中添加的桶
-S3_PUBLIC_DOMAIN=http://localhost:9000
 S3_ENDPOINT=http://localhost:9000
 RUSTFS_LOBE_BUCKET=lobe
 
diff --git a/docker-compose/local/grafana/.env.example b/docker-compose/local/grafana/.env.example
index 21f2ad3dd5..e9c22ccc87 100644
--- a/docker-compose/local/grafana/.env.example
+++ b/docker-compose/local/grafana/.env.example
@@ -34,7 +34,6 @@ MINIO_ROOT_USER=admin
 MINIO_ROOT_PASSWORD=YOUR_MINIO_PASSWORD
 
 # Configure the bucket information of MinIO
-S3_PUBLIC_DOMAIN=http://localhost:9000
 S3_ENDPOINT=http://localhost:9000
 MINIO_LOBE_BUCKET=lobe
 
diff --git a/docker-compose/local/grafana/.env.zh-CN.example b/docker-compose/local/grafana/.env.zh-CN.example
index a6b9a46d60..a144db373f 100644
--- a/docker-compose/local/grafana/.env.zh-CN.example
+++ b/docker-compose/local/grafana/.env.zh-CN.example
@@ -34,7 +34,6 @@ MINIO_ROOT_USER=admin
 MINIO_ROOT_PASSWORD=YOUR_MINIO_PASSWORD
 
 # 在下方配置 minio 中添加的桶
-S3_PUBLIC_DOMAIN=http://localhost:9000
 S3_ENDPOINT=http://localhost:9000
 MINIO_LOBE_BUCKET=lobe
 
diff --git a/docker-compose/local/logto/docker-compose.yml b/docker-compose/local/logto/docker-compose.yml
index 40296318c1..ba1e96d063 100644
--- a/docker-compose/local/logto/docker-compose.yml
+++ b/docker-compose/local/logto/docker-compose.yml
@@ -103,7 +103,6 @@ services:
       - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}'
       - 'S3_ENDPOINT=http://localhost:${MINIO_PORT}'
       - 'S3_BUCKET=${MINIO_LOBE_BUCKET}'
-      - 'S3_PUBLIC_DOMAIN=http://localhost:${MINIO_PORT}'
       - 'S3_ENABLE_PATH_STYLE=1'
       - 'REDIS_URL=redis://redis:6379'
       - 'REDIS_PREFIX=lobechat'
diff --git a/docker-compose/local/zitadel/.env.example b/docker-compose/local/zitadel/.env.example
index b34ff6efb9..2491d5288e 100644
--- a/docker-compose/local/zitadel/.env.example
+++ b/docker-compose/local/zitadel/.env.example
@@ -21,8 +21,7 @@ AUTH_ZITADEL_ISSUER=http://localhost:8080
 S3_ACCESS_KEY_ID=        
 S3_SECRET_ACCESS_KEY=
 S3_ENDPOINT=http://localhost:9000
-S3_BUCKET=lobe 
-S3_PUBLIC_DOMAIN=http://localhost:9000
+S3_BUCKET=lobe
 S3_ENABLE_PATH_STYLE=1
 LLM_VISION_IMAGE_USE_BASE64=1
 
diff --git a/docker-compose/local/zitadel/.env.zh-CN.example b/docker-compose/local/zitadel/.env.zh-CN.example
index 5078bf968d..ceb061132d 100644
--- a/docker-compose/local/zitadel/.env.zh-CN.example
+++ b/docker-compose/local/zitadel/.env.zh-CN.example
@@ -20,8 +20,7 @@ AUTH_ZITADEL_ISSUER=http://localhost:8080
 S3_ACCESS_KEY_ID=        
 S3_SECRET_ACCESS_KEY=
 S3_ENDPOINT=http://localhost:9000
-S3_BUCKET=lobe 
-S3_PUBLIC_DOMAIN=http://localhost:9000
+S3_BUCKET=lobe
 S3_ENABLE_PATH_STYLE=1
 LLM_VISION_IMAGE_USE_BASE64=1
 
diff --git a/docker-compose/production/grafana/.env.example b/docker-compose/production/grafana/.env.example
index bec1ada737..8c8905e85d 100644
--- a/docker-compose/production/grafana/.env.example
+++ b/docker-compose/production/grafana/.env.example
@@ -34,7 +34,6 @@ MINIO_ROOT_USER=admin
 MINIO_ROOT_PASSWORD=YOUR_MINIO_PASSWORD
 
 # Configure the bucket information of MinIO
-S3_PUBLIC_DOMAIN=http://localhost:9000
 S3_ENDPOINT=http://localhost:9000
 MINIO_LOBE_BUCKET=lobe
 
diff --git a/docker-compose/production/grafana/.env.zh-CN.example b/docker-compose/production/grafana/.env.zh-CN.example
index a6b9a46d60..a144db373f 100644
--- a/docker-compose/production/grafana/.env.zh-CN.example
+++ b/docker-compose/production/grafana/.env.zh-CN.example
@@ -34,7 +34,6 @@ MINIO_ROOT_USER=admin
 MINIO_ROOT_PASSWORD=YOUR_MINIO_PASSWORD
 
 # 在下方配置 minio 中添加的桶
-S3_PUBLIC_DOMAIN=http://localhost:9000
 S3_ENDPOINT=http://localhost:9000
 MINIO_LOBE_BUCKET=lobe
 
diff --git a/docker-compose/production/logto/.env.example b/docker-compose/production/logto/.env.example
index 81d06cc06f..7507d868bb 100644
--- a/docker-compose/production/logto/.env.example
+++ b/docker-compose/production/logto/.env.example
@@ -38,8 +38,6 @@ S3_SECRET_ACCESS_KEY=YOUR_S3_SECRET_ACCESS_KEY
 S3_ENDPOINT=https://lobe-s3-api.example.com
 # Required: S3 Bucket (invalid until manually created in MinIO UI)
 S3_BUCKET=lobe
-# Required: S3 Public Domain for client access to unstructured data
-S3_PUBLIC_DOMAIN=https://lobe-s3-api.example.com
 # Optional: S3 Enable Path Style
 # Use 0 for mainstream S3 cloud providers; use 1 for self-hosted MinIO
 # See: https://lobehub.com/docs/self-hosting/advanced/s3#s-3-enable-path-style
diff --git a/docker-compose/production/logto/.env.zh-CN.example b/docker-compose/production/logto/.env.zh-CN.example
index e0a1bcf15a..be7aee2738 100644
--- a/docker-compose/production/logto/.env.zh-CN.example
+++ b/docker-compose/production/logto/.env.zh-CN.example
@@ -38,8 +38,6 @@ S3_SECRET_ACCESS_KEY=YOUR_S3_SECRET_ACCESS_KEY
 S3_ENDPOINT=https://lobe-s3-api.example.com
 # 必填，S3 的 Bucket，直到在 MinIO UI 中手动创建之前都是无效的
 S3_BUCKET=lobe
-# 必填，S3 的 Public Domain，用于客户端通过公开连接访问非结构化数据
-S3_PUBLIC_DOMAIN=https://lobe-s3-api.example.com
 # 选填，S3 的 Enable Path Style
 # 对于主流 S3 Cloud 服务商，一般填 0 即可；对于自部署的 MinIO，请填 1
 # 请参考：https://lobehub.com/zh/docs/self-hosting/advanced/s3#s-3-enable-path-style
diff --git a/docker-compose/production/zitadel/.env.example b/docker-compose/production/zitadel/.env.example
index 2ea1f75392..4b11be7fa3 100644
--- a/docker-compose/production/zitadel/.env.example
+++ b/docker-compose/production/zitadel/.env.example
@@ -35,8 +35,6 @@ S3_SECRET_ACCESS_KEY=YOUR_S3_SECRET_ACCESS_KEY
 S3_ENDPOINT=https://lobe-s3-api.example.com
 # Required: S3 Bucket (invalid until manually created in MinIO UI)
 S3_BUCKET=lobe
-# Required: S3 Public Domain for client access to unstructured data
-S3_PUBLIC_DOMAIN=https://lobe-s3-api.example.com
 # Optional: S3 Enable Path Style
 # Use 0 for mainstream S3 cloud providers; use 1 for self-hosted MinIO
 # See: https://lobehub.com/docs/self-hosting/advanced/s3#s-3-enable-path-style
diff --git a/docker-compose/production/zitadel/.env.zh-CN.example b/docker-compose/production/zitadel/.env.zh-CN.example
index c86def3c97..7ced28cef9 100644
--- a/docker-compose/production/zitadel/.env.zh-CN.example
+++ b/docker-compose/production/zitadel/.env.zh-CN.example
@@ -31,8 +31,6 @@ S3_SECRET_ACCESS_KEY=YOUR_S3_SECRET_ACCESS_KEY
 S3_ENDPOINT=https://lobe-s3-api.example.com
 # 必填，S3 的 Bucket，直到在 MinIO UI 中手动创建之前都是无效的
 S3_BUCKET=lobe
-# 必填，S3 的 Public Domain，用于客户端通过公开连接访问非结构化数据
-S3_PUBLIC_DOMAIN=https://lobe-s3-api.example.com
 # 选填，S3 的 Enable Path Style
 # 对于主流 S3 Cloud 服务商，一般填 0 即可；对于自部署的 MinIO，请填 1
 # 请参考：https://lobehub.com/zh/docs/self-hosting/advanced/s3#s-3-enable-path-style
diff --git a/docker-compose/setup.sh b/docker-compose/setup.sh
index 6bf6c8865c..ea8ec4b03a 100644
--- a/docker-compose/setup.sh
+++ b/docker-compose/setup.sh
@@ -230,6 +230,20 @@ show_message() {
                 ;;
             esac
         ;;
+        tips_disable_registration)
+            case $LANGUAGE in
+                zh_CN)
+                    echo "如需限制用户注册，可在 .env 中配置："
+                    echo "  - 使用 SSO 登录时，设置 AUTH_DISABLE_EMAIL_PASSWORD=1 可禁用邮箱密码注册"
+                    echo "  - 使用邮箱密码登录时，设置 AUTH_ALLOWED_EMAILS=user1@example.com,user2@example.com 可限制允许登录的邮箱"
+                ;;
+                *)
+                    echo "To restrict user registration, configure in .env:"
+                    echo "  - For SSO login: set AUTH_DISABLE_EMAIL_PASSWORD=1 to disable email/password registration"
+                    echo "  - For email/password login: set AUTH_ALLOWED_EMAILS=user1@example.com,user2@example.com to allow specific emails"
+                ;;
+            esac
+        ;;
         tips_show_documentation)
             case $LANGUAGE in
                 zh_CN)
@@ -595,7 +609,6 @@ section_configurate_host() {
     # lobe host
     sed "${SED_INPLACE_ARGS[@]}" "s#^APP_URL=.*#APP_URL=$PROTOCOL://$LOBE_HOST#" .env
     # s3 related
-    sed "${SED_INPLACE_ARGS[@]}" "s#^S3_PUBLIC_DOMAIN=.*#S3_PUBLIC_DOMAIN=$PROTOCOL://$RUSTFS_HOST#" .env
     sed "${SED_INPLACE_ARGS[@]}" "s#^S3_ENDPOINT=.*#S3_ENDPOINT=$PROTOCOL://$RUSTFS_HOST#" .env
     
 
@@ -726,7 +739,8 @@ section_display_configurated_report() {
     printf "\n%s\n\n" "$(show_message "tips_run_command")"
     print_centered "docker compose up --no-attach searxng" "green"
     printf "\n%s\n" "$(show_message "tips_if_run_normally")"
-    printf "\n%s\n\n" "$(show_message "tips_regen_jwks")"
+    printf "\n%s\n" "$(show_message "tips_regen_jwks")"
+    printf "\n%s\n\n" "$(show_message "tips_disable_registration")"
     print_centered "docker compose up -d --no-attach searxng" "green"
     printf "\n%s\n" "$(show_message "tips_if_want_searxng_logs")"
     print_centered "docker compose logs -f searxng" "white"
diff --git a/docs/development/basic/work-with-server-side-database.mdx b/docs/development/basic/work-with-server-side-database.mdx
index d6f022d9b7..27eafcd459 100644
--- a/docs/development/basic/work-with-server-side-database.mdx
+++ b/docs/development/basic/work-with-server-side-database.mdx
@@ -101,7 +101,6 @@ S3_ACCESS_KEY_ID=${MINIO_ROOT_USER}
 S3_SECRET_ACCESS_KEY=${MINIO_ROOT_PASSWORD}
 S3_ENDPOINT=http://localhost:${MINIO_PORT}
 S3_BUCKET=${MINIO_LOBE_BUCKET}
-S3_PUBLIC_DOMAIN=http://localhost:${MINIO_PORT}
 S3_ENABLE_PATH_STYLE=1  # Required for MinIO
 S3_SET_ACL=0  # MinIO compatibility
 ```
diff --git a/docs/development/basic/work-with-server-side-database.zh-CN.mdx b/docs/development/basic/work-with-server-side-database.zh-CN.mdx
index 632feaa580..797d33dea5 100644
--- a/docs/development/basic/work-with-server-side-database.zh-CN.mdx
+++ b/docs/development/basic/work-with-server-side-database.zh-CN.mdx
@@ -101,7 +101,6 @@ S3_ACCESS_KEY_ID=${MINIO_ROOT_USER}
 S3_SECRET_ACCESS_KEY=${MINIO_ROOT_PASSWORD}
 S3_ENDPOINT=http://localhost:${MINIO_PORT}
 S3_BUCKET=${MINIO_LOBE_BUCKET}
-S3_PUBLIC_DOMAIN=http://localhost:${MINIO_PORT}
 S3_ENABLE_PATH_STYLE=1  # MinIO 必需
 S3_SET_ACL=0  # MinIO 兼容性
 ```
diff --git a/docs/self-hosting/advanced/s3.mdx b/docs/self-hosting/advanced/s3.mdx
index 12a3735d93..d48ea73354 100644
--- a/docs/self-hosting/advanced/s3.mdx
+++ b/docs/self-hosting/advanced/s3.mdx
@@ -50,15 +50,6 @@ The best practice in this area is to use a file storage service (S3) to store im
 
   Whether to set the ACL to `public-read` when uploading files. This option is enabled by default. If the service provider does not support setting individual ACLs for files (i.e., all files inherit the ACL of the storage bucket), enabling this option may cause request errors. Set `S3_SET_ACL` to `0` to disable it.
 
-  ### `S3_PUBLIC_DOMAIN`
-
-  The public access domain of the storage bucket, used to access files in the storage bucket. This address needs to be **publicly readable**. The reason is that when OpenAI's gpt-4o and other vision models recognize images, OpenAI will try to download this image link on their servers. Therefore, this link must be publicly accessible. If it is a private link, OpenAI will not be able to access the image and thus will not be able to recognize the image content properly.
-
-  <Callout type={'warning'}>
-    Additionally, since this access domain is often a separate URL, it needs to be configured to allow
-    cross-origin access to the site. Otherwise, cross-origin issues will occur in the browser.
-  </Callout>
-
   ### `S3_ENABLE_PATH_STYLE`
 
   Whether to enable the `path-style` access mode of S3. This option is disabled by default. If your S3 service provider uses `path-style`, set `S3_ENABLE_PATH_STYLE` to `1` to enable it.
diff --git a/docs/self-hosting/advanced/s3.zh-CN.mdx b/docs/self-hosting/advanced/s3.zh-CN.mdx
index 49713c2fe5..86bd717e42 100644
--- a/docs/self-hosting/advanced/s3.zh-CN.mdx
+++ b/docs/self-hosting/advanced/s3.zh-CN.mdx
@@ -46,14 +46,6 @@ LobeHub 在 [很早以前](https://x.com/lobehub/status/1724289575672291782) 就
 
   是否在上传文件时设置 ACL 为 `public-read`。该选项默认启用。如果服务商不支持为文件设置单独的 ACL（即所有文件继承存储桶的 ACL），启用此选项可能会导致请求错误，将 `S3_SET_ACL` 设置为 `0` 即可关闭。
 
-  ### `S3_PUBLIC_DOMAIN`
-
-  存储桶对外的访问域名，用于访问存储桶中的文件，这个地址需要**允许互联网可读**。 原因是 OpenAI 的 gpt-4o 等视觉模型识别图片时，OpenAI 会尝试在他们的服务器中下载这个图片链接，因此这个链接必须是公开可访问的，如果是私有的链接，OpenAI 将无法访问到这个图片，进而无法正常识别到图片内容。
-
-  <Callout type={'warning'}>
-    此外，由于该访问域名往往是一个独立的网址，因此需要配置允许站点的跨域访问，否则会在浏览器中出现跨域问题。
-  </Callout>
-
   ### `S3_ENABLE_PATH_STYLE`
 
   是否启用 S3 的 `path-style` 访问模式。此选项默认禁用。如果您的 S3 服务提供商使用 `path-style`，请将 `S3_ENABLE_PATH_STYLE` 设置为 `1` 以启用它。
diff --git a/docs/self-hosting/advanced/s3/cloudflare-r2.mdx b/docs/self-hosting/advanced/s3/cloudflare-r2.mdx
index e5406208e6..9bc8b7f0a2 100644
--- a/docs/self-hosting/advanced/s3/cloudflare-r2.mdx
+++ b/docs/self-hosting/advanced/s3/cloudflare-r2.mdx
@@ -39,8 +39,6 @@ We need to configure an S3 storage service in the server-side database to store
   S3_BUCKET=LobeHub
   # Request endpoint of the bucket (note that the path in this link includes the bucket name, which must be removed, or use the link provided on the page for applying S3 API token)
   S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com
-  # Access domain of the bucket
-  S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com
   ```
 
   <Callout type={'warning'}>
@@ -118,9 +116,6 @@ S3_SECRET_ACCESS_KEY=55af75d8eb6b99f189f6a35f855336ea62cd9c4751a5cf4337c53c1d3f4
 S3_BUCKET=LobeHub
 # Bucket Request Endpoint
 S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com
-# Public Access Domain for the Bucket
-S3_PUBLIC_DOMAIN=https://s3-dev.your-domain.com
-
 # Bucket Region, such as us-west-1. Generally not required, but some service providers may need it.
 # S3_REGION=us-west-1
 ```
diff --git a/docs/self-hosting/advanced/s3/cloudflare-r2.zh-CN.mdx b/docs/self-hosting/advanced/s3/cloudflare-r2.zh-CN.mdx
index d2bd7bc1d7..4795d6b28c 100644
--- a/docs/self-hosting/advanced/s3/cloudflare-r2.zh-CN.mdx
+++ b/docs/self-hosting/advanced/s3/cloudflare-r2.zh-CN.mdx
@@ -40,8 +40,6 @@ tags:
   S3_BUCKET=LobeHub
   # 存储桶的请求端点(注意此处链接的路径带存储桶名称，必须删除该路径，或使用申请 S3 API token 页面所提供的链接)
   S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com
-  # 存储桶对外的访问域名
-  S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com
   ```
 
   <Callout type={'warning'}>`S3_ENDPOINT`必须删除其路径，否则会无法访问所上传文件</Callout>
@@ -115,9 +113,6 @@ S3_SECRET_ACCESS_KEY=55af75d8eb6b99f189f6a35f855336ea62cd9c4751a5cf4337c53c1d3f4
 S3_BUCKET=LobeHub
 # 存储桶的请求端点
 S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com
-# 存储桶对外的访问域名
-S3_PUBLIC_DOMAIN=https://s3-dev.your-domain.com
-
 # 桶的区域，如 us-west-1，一般来说不需要添加，但某些服务商则需要配置
 # S3_REGION=us-west-1
 ```
diff --git a/docs/self-hosting/advanced/s3/rustfs.mdx b/docs/self-hosting/advanced/s3/rustfs.mdx
index b3fb9e8c43..5ae10fdc41 100644
--- a/docs/self-hosting/advanced/s3/rustfs.mdx
+++ b/docs/self-hosting/advanced/s3/rustfs.mdx
@@ -135,8 +135,6 @@ We need to configure an S3-compatible storage service in the server-side databas
   S3_ENDPOINT=https://lobe-s3-api.example.com
   # Bucket name
   S3_BUCKET=lobe
-  # Public domain for accessing the bucket
-  S3_PUBLIC_DOMAIN=https://lobe-s3-api.example.com
   S3_ENABLE_PATH_STYLE=1
   ```
 </Steps>
diff --git a/docs/self-hosting/advanced/s3/rustfs.zh-CN.mdx b/docs/self-hosting/advanced/s3/rustfs.zh-CN.mdx
index 7ca4725943..074d45afa1 100644
--- a/docs/self-hosting/advanced/s3/rustfs.zh-CN.mdx
+++ b/docs/self-hosting/advanced/s3/rustfs.zh-CN.mdx
@@ -135,8 +135,6 @@ tags:
   S3_ENDPOINT=https://lobe-s3-api.example.com
   # 存储桶的名称
   S3_BUCKET=lobe
-  # 存储桶对外的访问域名
-  S3_PUBLIC_DOMAIN=https://lobe-s3-api.example.com
   S3_ENABLE_PATH_STYLE=1
   ```
 </Steps>
diff --git a/docs/self-hosting/advanced/s3/tencent-cloud.mdx b/docs/self-hosting/advanced/s3/tencent-cloud.mdx
index a18f069792..05760d596d 100644
--- a/docs/self-hosting/advanced/s3/tencent-cloud.mdx
+++ b/docs/self-hosting/advanced/s3/tencent-cloud.mdx
@@ -39,7 +39,6 @@ We need to configure S3 storage service for file storage in the server-side data
   S3_BUCKET=lobe-130xxxxxx2
   S3_ENDPOINT=https://cos.ap-chengdu.myqcloud.com
   S3_REGION=ap-chengdu
-  S3_PUBLIC_DOMAIN=https://lobe-1251234567.cos.ap-chengdu.myqcloud.com
   ```
 
   <Callout type={'warning'}>
diff --git a/docs/self-hosting/advanced/s3/tencent-cloud.zh-CN.mdx b/docs/self-hosting/advanced/s3/tencent-cloud.zh-CN.mdx
index 274baa03bf..3164ec4aa4 100644
--- a/docs/self-hosting/advanced/s3/tencent-cloud.zh-CN.mdx
+++ b/docs/self-hosting/advanced/s3/tencent-cloud.zh-CN.mdx
@@ -40,8 +40,6 @@ tags:
   S3_ENDPOINT=https://cos.ap-chengdu.myqcloud.com
   # 桶的区域
   S3_REGION=ap-chengdu
-  # 存储桶对外的访问域名
-  S3_PUBLIC_DOMAIN=https://lobe-1251234567.cos.ap-chengdu.myqcloud.com
   ```
 
   <Callout type={'warning'}>
diff --git a/docs/self-hosting/environment-variables/s3.mdx b/docs/self-hosting/environment-variables/s3.mdx
index f39800edc9..8c1eb9cd85 100644
--- a/docs/self-hosting/environment-variables/s3.mdx
+++ b/docs/self-hosting/environment-variables/s3.mdx
@@ -58,13 +58,6 @@ LobeHub supports multimodal AI sessions, including the ability to upload unstruc
 - Default: `1`
 - Example: `0`
 
-### `S3_PUBLIC_DOMAIN`
-
-- Type: Required
-- Description: Public access domain for the bucket, used to access files in the bucket
-- Default: -
-- Example: `https://files.example.com`
-
 ### `S3_ENABLE_PATH_STYLE`
 
 - Type: Optional
diff --git a/docs/self-hosting/environment-variables/s3.zh-CN.mdx b/docs/self-hosting/environment-variables/s3.zh-CN.mdx
index 2bf68f84e5..9c44e6a807 100644
--- a/docs/self-hosting/environment-variables/s3.zh-CN.mdx
+++ b/docs/self-hosting/environment-variables/s3.zh-CN.mdx
@@ -56,13 +56,6 @@ LobeHub 支持多模态的 AI 会话，包括将图片、文件等非结构化
 - 默认值：`1`
 - 示例：`0`
 
-### `S3_PUBLIC_DOMAIN`
-
-- 类型：必填
-- 描述：存储桶对外的访问域名，用于访问存储桶中的文件
-- 默认值：-
-- 示例：`https://files.example.com`
-
 ### `S3_ENABLE_PATH_STYLE`
 
 - 类型：可选
diff --git a/docs/self-hosting/platform/docker-compose.mdx b/docs/self-hosting/platform/docker-compose.mdx
index 7e5157390e..4cfa302869 100644
--- a/docs/self-hosting/platform/docker-compose.mdx
+++ b/docs/self-hosting/platform/docker-compose.mdx
@@ -281,7 +281,6 @@ Now, we will introduce the necessary configurations for running these services:
 LobeHub needs to provide a public access URL for object files for the LLM service provider, so you need to configure the S3 Endpoint:
 
 ```env
-S3_PUBLIC_DOMAIN=https://s3.example.com
 S3_ENDPOINT=https://s3.example.com
 ```
 
diff --git a/docs/self-hosting/platform/docker-compose.zh-CN.mdx b/docs/self-hosting/platform/docker-compose.zh-CN.mdx
index cf456829f0..4e80474993 100644
--- a/docs/self-hosting/platform/docker-compose.zh-CN.mdx
+++ b/docs/self-hosting/platform/docker-compose.zh-CN.mdx
@@ -277,7 +277,6 @@ mv .env.zh-CN.example .env
 LobeHub 需要为 LLM 服务提供商提供文件对象的公网访问地址，因此你需要配置 S3 的 Endpoint：
 
 ```env
-S3_PUBLIC_DOMAIN=https://s3.example.com
 S3_ENDPOINT=https://s3.example.com
 ```
 
diff --git a/docs/self-hosting/platform/docker.mdx b/docs/self-hosting/platform/docker.mdx
index 9c561fa650..3c217cb304 100644
--- a/docs/self-hosting/platform/docker.mdx
+++ b/docs/self-hosting/platform/docker.mdx
@@ -64,6 +64,10 @@ Here is the process for deploying the LobeHub server database version on a Linux
 
   <GenerateSecret envName="AUTH_SECRET" />
 
+  Click the button below to generate `JWKS_KEY` (for signing and verifying JWTs):
+
+  <GenerateJWKSKey />
+
   ```shell
   # Website domain
   APP_URL=https://your-prod-domain.com
@@ -77,7 +81,7 @@ Here is the process for deploying the LobeHub server database version on a Linux
   # Authentication (Better Auth)
   # Session encryption key (generate with: openssl rand -base64 32)
   AUTH_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk=
-  # JWKS key for signing and verifying JWTs (generate at: https://lobehub.com/docs/self-hosting/environment-variables/auth#jwks_key)
+  # JWKS key for signing and verifying JWTs
   JWKS_KEY='{"keys":[...]}'
 
   # S3 related
@@ -85,7 +89,6 @@ Here is the process for deploying the LobeHub server database version on a Linux
   S3_SECRET_ACCESS_KEY=xxxxxxxxxx
   S3_ENDPOINT=https://xxxxxxxxxx.r2.cloudflarestorage.com
   S3_BUCKET=LobeHub
-  S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com
 
   ```
 
@@ -142,7 +145,6 @@ $ docker run -it -d --name lobehub -p 3210:3210 \
   -e S3_SECRET_ACCESS_KEY=xxxxxxxxxx \
   -e S3_ENDPOINT=https://xxxxxxxxxx.r2.cloudflarestorage.com \
   -e S3_BUCKET=LobeHub \
-  -e S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com \
   lobehub/lobehub
 ```
 
diff --git a/docs/self-hosting/platform/docker.zh-CN.mdx b/docs/self-hosting/platform/docker.zh-CN.mdx
index 1258bac7e5..b21b33b57f 100644
--- a/docs/self-hosting/platform/docker.zh-CN.mdx
+++ b/docs/self-hosting/platform/docker.zh-CN.mdx
@@ -60,6 +60,10 @@ tags:
 
   <GenerateSecret envName="AUTH_SECRET" />
 
+  点击下方按钮一键生成 `JWKS_KEY`（用于签名和验证 JWT）：
+
+  <GenerateJWKSKey />
+
   ```shell
   # 网站域名
   APP_URL=https://your-prod-domain.com
@@ -74,7 +78,7 @@ tags:
   # 身份验证（Better Auth）
   # 会话加密密钥（使用以下命令生成：openssl rand -base64 32）
   AUTH_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk=
-  # JWKS 密钥，用于签名和验证 JWT（在此生成：https://lobehub.com/zh/docs/self-hosting/environment-variables/auth#jwks_key）
+  # JWKS 密钥，用于签名和验证 JWT
   JWKS_KEY='{"keys":[...]}'
 
   # S3 相关
@@ -83,8 +87,6 @@ tags:
   # 用于 S3 API 访问的域名
   S3_ENDPOINT=https://xxxxxxxxxx.r2.cloudflarestorage.com
   S3_BUCKET=LobeHub
-  # 用于外网访问 S3 的公共域名，需配置 CORS
-  S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com
   # S3_REGION=ap-chengdu # 如果需要指定地域
 
   ```
@@ -142,7 +144,6 @@ $ docker run -it -d --name lobehub -p 3210:3210 \
   -e S3_SECRET_ACCESS_KEY=xxxxxxxxxx \
   -e S3_ENDPOINT=https://xxxxxxxxxx.r2.cloudflarestorage.com \
   -e S3_BUCKET=LobeHub \
-  -e S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com \
   lobehub/lobehub
 ```
 
diff --git a/docs/self-hosting/platform/dokploy.mdx b/docs/self-hosting/platform/dokploy.mdx
index 581ca9ce51..c9e4a21532 100644
--- a/docs/self-hosting/platform/dokploy.mdx
+++ b/docs/self-hosting/platform/dokploy.mdx
@@ -39,7 +39,6 @@ S3_ACCESS_KEY_ID=
 S3_SECRET_ACCESS_KEY=
 S3_ENDPOINT=
 S3_BUCKET=
-S3_PUBLIC_DOMAIN=
 S3_ENABLE_PATH_STYLE=
 ```
 
@@ -118,7 +117,6 @@ S3_ACCESS_KEY_ID=
 S3_SECRET_ACCESS_KEY=
 S3_ENDPOINT=
 S3_BUCKET=
-S3_PUBLIC_DOMAIN=
 S3_ENABLE_PATH_STYLE=
 
 ```
diff --git a/docs/self-hosting/platform/dokploy.zh-CN.mdx b/docs/self-hosting/platform/dokploy.zh-CN.mdx
index 01380ff2ae..e12da6611d 100644
--- a/docs/self-hosting/platform/dokploy.zh-CN.mdx
+++ b/docs/self-hosting/platform/dokploy.zh-CN.mdx
@@ -40,7 +40,6 @@ S3_ACCESS_KEY_ID=
 S3_SECRET_ACCESS_KEY=
 S3_ENDPOINT=
 S3_BUCKET=
-S3_PUBLIC_DOMAIN=
 S3_ENABLE_PATH_STYLE=
 ```
 
@@ -119,7 +118,6 @@ S3_ACCESS_KEY_ID=
 S3_SECRET_ACCESS_KEY=
 S3_ENDPOINT=
 S3_BUCKET=
-S3_PUBLIC_DOMAIN=
 S3_ENABLE_PATH_STYLE=
 
 ```
diff --git a/docs/self-hosting/platform/vercel.mdx b/docs/self-hosting/platform/vercel.mdx
index ffd2a8b9f6..e5b36cb1ed 100644
--- a/docs/self-hosting/platform/vercel.mdx
+++ b/docs/self-hosting/platform/vercel.mdx
@@ -154,8 +154,6 @@ In the server-side database, we need to configure the S3 storage service to stor
   S3_BUCKET=LobeHub
   # Storage bucket request endpoint (note that the path in this link includes the bucket name, which must be removed, or use the link provided on the S3 API token application page)
   S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com
-  # Public access domain for the storage bucket
-  S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com
   ```
 
   <Callout type={'warning'}>
@@ -204,9 +202,6 @@ In the server-side database, we need to configure the S3 storage service to stor
   S3_BUCKET=LobeHub
   # Bucket request endpoint
   S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com
-  # Public domain for bucket access
-  S3_PUBLIC_DOMAIN=https://s3-dev.your-domain.com
-
   # Bucket region, such as us-west-1, generally not required, but some providers may need to configure
   # S3_REGION=us-west-1
   ```
@@ -288,8 +283,6 @@ S3_SECRET_ACCESS_KEY=55af75d8eb6b99f189f6a35f855336ea62cd9c4751a5cf4337c53c1d3f4
 S3_BUCKET=LobeHub
 # Bucket request endpoint
 S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com
-# Public access domain for the bucket
-S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com
 # Bucket region, such as us-west-1, generally not needed to add, but some service providers may require configuration
 # S3_REGION=us-west-1
 ```
diff --git a/docs/self-hosting/platform/vercel.zh-CN.mdx b/docs/self-hosting/platform/vercel.zh-CN.mdx
index cf7f0eecec..e620d48767 100644
--- a/docs/self-hosting/platform/vercel.zh-CN.mdx
+++ b/docs/self-hosting/platform/vercel.zh-CN.mdx
@@ -153,8 +153,6 @@ tags:
   S3_BUCKET=LobeHub
   # 存储桶的请求端点(注意此处链接的路径带存储桶名称，必须删除该路径，或使用申请 S3 API token 页面所提供的链接)
   S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com
-  # 存储桶对外的访问域名
-  S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com
   ```
 
   <Callout type={'warning'}>`S3_ENDPOINT`必须删除其路径，否则会无法访问所上传文件</Callout>
@@ -199,9 +197,6 @@ tags:
   S3_BUCKET=LobeHub
   # 存储桶的请求端点
   S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com
-  # 存储桶对外的访问域名
-  S3_PUBLIC_DOMAIN=https://s3-dev.your-domain.com
-
   # 桶的区域，如 us-west-1，一般来说不需要添加，但某些服务商则需要配置
   # S3_REGION=us-west-1
   ```
@@ -283,8 +278,6 @@ S3_SECRET_ACCESS_KEY=55af75d8eb6b99f189f6a35f855336ea62cd9c4751a5cf4337c53c1d3f4
 S3_BUCKET=LobeHub
 # 存储桶的请求端点
 S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com
-# 存储桶对外的访问域名
-S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com
 # 桶的区域，如 us-west-1，一般来说不需要添加，但某些服务商则需要配置
 # S3_REGION=us-west-1
 ```