@lobehub/lobehub 2.1.2 → 2.1.4

package/docs/self-hosting/advanced/s3/cloudflare-r2.mdx

@@ -39,8 +39,6 @@ We need to configure an S3 storage service in the server-side database to store
   S3_BUCKET=LobeHub
   # Request endpoint of the bucket (note that the path in this link includes the bucket name, which must be removed, or use the link provided on the page for applying S3 API token)
   S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com
-  # Access domain of the bucket
-  S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com
   ```
 
   <Callout type={'warning'}>
@@ -118,9 +116,6 @@ S3_SECRET_ACCESS_KEY=55af75d8eb6b99f189f6a35f855336ea62cd9c4751a5cf4337c53c1d3f4
 S3_BUCKET=LobeHub
 # Bucket Request Endpoint
 S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com
-# Public Access Domain for the Bucket
-S3_PUBLIC_DOMAIN=https://s3-dev.your-domain.com
-
 # Bucket Region, such as us-west-1. Generally not required, but some service providers may need it.
 # S3_REGION=us-west-1
 ```

package/docs/self-hosting/advanced/s3/cloudflare-r2.zh-CN.mdx

@@ -40,8 +40,6 @@ tags:
   S3_BUCKET=LobeHub
   # 存储桶的请求端点(注意此处链接的路径带存储桶名称，必须删除该路径，或使用申请 S3 API token 页面所提供的链接)
   S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com
-  # 存储桶对外的访问域名
-  S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com
   ```
 
   <Callout type={'warning'}>`S3_ENDPOINT`必须删除其路径，否则会无法访问所上传文件</Callout>
@@ -115,9 +113,6 @@ S3_SECRET_ACCESS_KEY=55af75d8eb6b99f189f6a35f855336ea62cd9c4751a5cf4337c53c1d3f4
 S3_BUCKET=LobeHub
 # 存储桶的请求端点
 S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com
-# 存储桶对外的访问域名
-S3_PUBLIC_DOMAIN=https://s3-dev.your-domain.com
-
 # 桶的区域，如 us-west-1，一般来说不需要添加，但某些服务商则需要配置
 # S3_REGION=us-west-1
 ```

package/docs/self-hosting/advanced/s3/rustfs.mdx

@@ -135,8 +135,6 @@ We need to configure an S3-compatible storage service in the server-side databas
   S3_ENDPOINT=https://lobe-s3-api.example.com
   # Bucket name
   S3_BUCKET=lobe
-  # Public domain for accessing the bucket
-  S3_PUBLIC_DOMAIN=https://lobe-s3-api.example.com
   S3_ENABLE_PATH_STYLE=1
   ```
 </Steps>

package/docs/self-hosting/advanced/s3/rustfs.zh-CN.mdx

@@ -135,8 +135,6 @@ tags:
   S3_ENDPOINT=https://lobe-s3-api.example.com
   # 存储桶的名称
   S3_BUCKET=lobe
-  # 存储桶对外的访问域名
-  S3_PUBLIC_DOMAIN=https://lobe-s3-api.example.com
   S3_ENABLE_PATH_STYLE=1
   ```
 </Steps>

package/docs/self-hosting/advanced/s3/tencent-cloud.mdx

@@ -39,7 +39,6 @@ We need to configure S3 storage service for file storage in the server-side data
   S3_BUCKET=lobe-130xxxxxx2
   S3_ENDPOINT=https://cos.ap-chengdu.myqcloud.com
   S3_REGION=ap-chengdu
-  S3_PUBLIC_DOMAIN=https://lobe-1251234567.cos.ap-chengdu.myqcloud.com
   ```
 
   <Callout type={'warning'}>

package/docs/self-hosting/advanced/s3/tencent-cloud.zh-CN.mdx

@@ -40,8 +40,6 @@ tags:
   S3_ENDPOINT=https://cos.ap-chengdu.myqcloud.com
   # 桶的区域
   S3_REGION=ap-chengdu
-  # 存储桶对外的访问域名
-  S3_PUBLIC_DOMAIN=https://lobe-1251234567.cos.ap-chengdu.myqcloud.com
   ```
 
   <Callout type={'warning'}>

package/docs/self-hosting/advanced/s3.mdx

@@ -50,15 +50,6 @@ The best practice in this area is to use a file storage service (S3) to store im
 
   Whether to set the ACL to `public-read` when uploading files. This option is enabled by default. If the service provider does not support setting individual ACLs for files (i.e., all files inherit the ACL of the storage bucket), enabling this option may cause request errors. Set `S3_SET_ACL` to `0` to disable it.
 
-  ### `S3_PUBLIC_DOMAIN`
-
-  The public access domain of the storage bucket, used to access files in the storage bucket. This address needs to be **publicly readable**. The reason is that when OpenAI's gpt-4o and other vision models recognize images, OpenAI will try to download this image link on their servers. Therefore, this link must be publicly accessible. If it is a private link, OpenAI will not be able to access the image and thus will not be able to recognize the image content properly.
-
-  <Callout type={'warning'}>
-    Additionally, since this access domain is often a separate URL, it needs to be configured to allow
-    cross-origin access to the site. Otherwise, cross-origin issues will occur in the browser.
-  </Callout>
-
   ### `S3_ENABLE_PATH_STYLE`
 
   Whether to enable the `path-style` access mode of S3. This option is disabled by default. If your S3 service provider uses `path-style`, set `S3_ENABLE_PATH_STYLE` to `1` to enable it.

package/docs/self-hosting/advanced/s3.zh-CN.mdx

@@ -46,14 +46,6 @@ LobeHub 在 [很早以前](https://x.com/lobehub/status/1724289575672291782) 就
 
   是否在上传文件时设置 ACL 为 `public-read`。该选项默认启用。如果服务商不支持为文件设置单独的 ACL（即所有文件继承存储桶的 ACL），启用此选项可能会导致请求错误，将 `S3_SET_ACL` 设置为 `0` 即可关闭。
 
-  ### `S3_PUBLIC_DOMAIN`
-
-  存储桶对外的访问域名，用于访问存储桶中的文件，这个地址需要**允许互联网可读**。 原因是 OpenAI 的 gpt-4o 等视觉模型识别图片时，OpenAI 会尝试在他们的服务器中下载这个图片链接，因此这个链接必须是公开可访问的，如果是私有的链接，OpenAI 将无法访问到这个图片，进而无法正常识别到图片内容。
-
-  <Callout type={'warning'}>
-    此外，由于该访问域名往往是一个独立的网址，因此需要配置允许站点的跨域访问，否则会在浏览器中出现跨域问题。
-  </Callout>
-
   ### `S3_ENABLE_PATH_STYLE`
 
   是否启用 S3 的 `path-style` 访问模式。此选项默认禁用。如果您的 S3 服务提供商使用 `path-style`，请将 `S3_ENABLE_PATH_STYLE` 设置为 `1` 以启用它。

package/docs/self-hosting/auth/providers/password.mdx

@@ -0,0 +1,112 @@
+---
+title: Configuring Email/Password Authentication for LobeHub
+description: >-
+  Learn how to configure email and password authentication for LobeHub,
+  including enabling/disabling options and SSO-only mode.
+tags:
+  - Email
+  - Password
+  - Authentication
+  - LobeHub
+---
+
+# Configuring Email/Password Authentication
+
+LobeHub supports traditional email and password authentication out of the box.
+This guide covers the available configuration options.
+
+## Default Behavior
+
+By default, email/password authentication is enabled.
+Users can register with their email address and set a password.
+
+## Configuration Options
+
+### Disable Email/Password Authentication (SSO-Only Mode)
+
+If you want to force users to authenticate via SSO providers only,
+set the following environment variable:
+
+| Environment Variable          | Type     | Description                                |
+| ----------------------------- | -------- | ------------------------------------------ |
+| `AUTH_DISABLE_EMAIL_PASSWORD` | Optional | Set to `1` to disable email/password login |
+
+When enabled:
+
+- The email input field is hidden on the login page
+- Only SSO provider buttons are displayed
+- The signup page redirects to the login page
+- Users must authenticate through configured SSO providers
+
+<Callout type={'warning'}>
+  Before enabling SSO-only mode, ensure you have configured at least one SSO
+  provider via `AUTH_SSO_PROVIDERS`. Otherwise, users will have no way to log
+  in.
+</Callout>
+
+### Enable Email Verification
+
+To require users to verify their email address before signing in:
+
+| Environment Variable      | Type     | Description                              |
+| ------------------------- | -------- | ---------------------------------------- |
+| `AUTH_EMAIL_VERIFICATION` | Optional | Set to `1` to require email verification |
+
+This requires configuring an email service (SMTP).
+See [Email Service Configuration](/docs/self-hosting/auth/email) for details.
+
+### Enable Magic Link Login
+
+To allow passwordless login via email magic links:
+
+| Environment Variable     | Type     | Description                           |
+| ------------------------ | -------- | ------------------------------------- |
+| `AUTH_ENABLE_MAGIC_LINK` | Optional | Set to `1` to enable magic link login |
+
+This also requires configuring an email service (SMTP).
+
+## Change Password
+
+Users can change their password in two ways:
+
+1. **Profile Settings**: Go to Settings > Profile to change password
+2. **Forgot Password**: On the login page, enter email, proceed to the password step, then click "Forgot Password" below the password input
+
+<Callout type={'info'}>
+  Both methods require email service (SMTP) to be configured for sending
+  password reset emails.
+</Callout>
+
+## Example Configurations
+
+### SSO-Only (Disable Email/Password)
+
+```bash
+AUTH_DISABLE_EMAIL_PASSWORD=1
+AUTH_SSO_PROVIDERS=google,github
+```
+
+### Email/Password with Verification
+
+```bash
+AUTH_EMAIL_VERIFICATION=1
+SMTP_HOST=smtp.example.com
+SMTP_PORT=587
+SMTP_USER=noreply@example.com
+SMTP_PASS=your-password
+```
+
+### Email/Password with Magic Link
+
+```bash
+AUTH_ENABLE_MAGIC_LINK=1
+SMTP_HOST=smtp.example.com
+SMTP_PORT=587
+SMTP_USER=noreply@example.com
+SMTP_PASS=your-password
+```
+
+<Callout type={'tip'}>
+  Go to [Environment Variables](/docs/self-hosting/environment-variables/auth)
+  for detailed information on all authentication variables.
+</Callout>

package/docs/self-hosting/auth/providers/password.zh-CN.mdx

@@ -0,0 +1,103 @@
+---
+title: 配置 LobeHub 邮箱密码登录
+description: 了解如何配置 LobeHub 的邮箱密码登录，包括启用/禁用选项和仅 SSO 模式。
+tags:
+  - 邮箱
+  - 密码
+  - 身份验证
+  - LobeHub
+---
+
+# 配置邮箱密码登录
+
+LobeHub 默认支持传统的邮箱密码登录方式。本指南介绍可用的配置选项。
+
+## 默认行为
+
+默认情况下，邮箱密码登录已启用。用户可以使用邮箱地址注册并设置密码。
+
+## 配置选项
+
+### 禁用邮箱密码登录（仅 SSO 模式）
+
+如果你希望强制用户只能通过 SSO 提供商登录，请设置以下环境变量：
+
+| 环境变量                          | 类型 | 描述               |
+| ----------------------------- | -- | ---------------- |
+| `AUTH_DISABLE_EMAIL_PASSWORD` | 可选 | 设置为 `1` 禁用邮箱密码登录 |
+
+启用后：
+
+- 登录页面隐藏邮箱输入框
+- 仅显示 SSO 提供商登录按钮
+- 注册页面重定向到登录页面
+- 用户必须通过配置的 SSO 提供商进行身份验证
+
+<Callout type={'warning'}>
+  启用仅 SSO 模式前，请确保已通过 `AUTH_SSO_PROVIDERS` 配置了至少一个 SSO
+  提供商。否则用户将无法登录。
+</Callout>
+
+### 启用邮箱验证
+
+要求用户在登录前验证邮箱地址：
+
+| 环境变量                      | 类型 | 描述             |
+| ------------------------- | -- | -------------- |
+| `AUTH_EMAIL_VERIFICATION` | 可选 | 设置为 `1` 启用邮箱验证 |
+
+这需要配置邮件服务（SMTP）。详情请参阅[邮件服务配置](/zh/docs/self-hosting/auth/email)。
+
+### 启用魔法链接登录
+
+允许通过邮件魔法链接实现无密码登录：
+
+| 环境变量                     | 类型 | 描述               |
+| ------------------------ | -- | ---------------- |
+| `AUTH_ENABLE_MAGIC_LINK` | 可选 | 设置为 `1` 启用魔法链接登录 |
+
+这也需要配置邮件服务（SMTP）。
+
+## 修改密码
+
+用户可以通过以下两种方式修改密码：
+
+1. **个人设置**：前往 设置 > 个人资料 修改密码
+2. **忘记密码**：在登录页面输入邮箱后，进入密码输入步骤，点击密码框下方的「忘记密码」
+
+<Callout type={'info'}>
+  以上两种方式都需要配置邮件服务（SMTP）以发送密码重置邮件。
+</Callout>
+
+## 配置示例
+
+### 仅 SSO（禁用邮箱密码）
+
+```bash
+AUTH_DISABLE_EMAIL_PASSWORD=1
+AUTH_SSO_PROVIDERS=google,github
+```
+
+### 邮箱密码 + 邮箱验证
+
+```bash
+AUTH_EMAIL_VERIFICATION=1
+SMTP_HOST=smtp.example.com
+SMTP_PORT=587
+SMTP_USER=noreply@example.com
+SMTP_PASS=your-password
+```
+
+### 邮箱密码 + 魔法链接
+
+```bash
+AUTH_ENABLE_MAGIC_LINK=1
+SMTP_HOST=smtp.example.com
+SMTP_PORT=587
+SMTP_USER=noreply@example.com
+SMTP_PASS=your-password
+```
+
+<Callout type={'tip'}>
+  前往[环境变量](/zh/docs/self-hosting/environment-variables/auth)查看所有身份验证相关变量的详细信息。
+</Callout>

package/docs/self-hosting/auth.mdx

@@ -61,6 +61,8 @@ To enable Better Auth in LobeHub, set the following environment variables:
 Click on a provider below for detailed configuration guides:
 
 <Cards>
+  <Card href={'/docs/self-hosting/advanced/auth/providers/password'} title={'Email/Password'} />
+
   <Card href={'/docs/self-hosting/advanced/auth/providers/github'} title={'GitHub'} />
 
   <Card href={'/docs/self-hosting/advanced/auth/providers/google'} title={'Google'} />
@@ -149,6 +151,16 @@ The current authentication system requires email. Please configure a valid email
 
 This applies to all authentication methods, including SSO providers like Casdoor. Always ensure users have valid email addresses configured.
 
+### How do I enable SSO-only mode (disable email/password login)?
+
+Set `AUTH_DISABLE_EMAIL_PASSWORD=1` to disable email/password authentication. When enabled:
+
+- The email input will be hidden on the login page, only SSO buttons are displayed
+- The signup page will redirect to the login page
+- Users can only log in via configured SSO providers
+
+Make sure you have at least one SSO provider configured via `AUTH_SSO_PROVIDERS` before enabling this option.
+
 ### How do I restrict registration to specific emails or domains?
 
 Set the `AUTH_ALLOWED_EMAILS` environment variable with a comma-separated list of allowed emails or domains. For example:

package/docs/self-hosting/auth.zh-CN.mdx

@@ -61,6 +61,8 @@ LobeHub 支持使用 Better Auth 配置外部身份验证服务，供企业 /
 点击下方提供商查看详细配置指南：
 
 <Cards>
+  <Card href={'/zh/docs/self-hosting/advanced/auth/providers/password'} title={'邮箱密码'} />
+
   <Card href={'/zh/docs/self-hosting/advanced/auth/providers/github'} title={'GitHub'} />
 
   <Card href={'/zh/docs/self-hosting/advanced/auth/providers/google'} title={'Google'} />
@@ -150,6 +152,16 @@ Better Auth 支持内置提供商（Google、GitHub、Microsoft、Apple、AWS Co
 
 这适用于所有身份验证方式，包括 Casdoor 等 SSO 提供商。请确保用户配置了有效的邮箱地址。
 
+### 如何启用仅 SSO 模式（禁用邮箱密码登录）？
+
+设置 `AUTH_DISABLE_EMAIL_PASSWORD=1` 可禁用邮箱密码登录。启用后：
+
+- 登录页面将隐藏邮箱输入框，仅显示 SSO 登录按钮
+- 注册页面将重定向到登录页面
+- 用户只能通过配置的 SSO 提供商登录
+
+启用此选项前，请确保已通过 `AUTH_SSO_PROVIDERS` 配置了至少一个 SSO 提供商。
+
 ### 如何限制只允许特定邮箱或域名注册？
 
 设置 `AUTH_ALLOWED_EMAILS` 环境变量，支持完整邮箱地址或域名，以逗号分隔。例如：

package/docs/self-hosting/environment-variables/auth.mdx

@@ -46,6 +46,13 @@ LobeHub provides a complete authentication service capability when deployed. The
 - Default: `-`
 - Example: `example.com,admin@other.com`
 
+#### `AUTH_DISABLE_EMAIL_PASSWORD`
+
+- Type: Optional
+- Description: Set to `1` to disable email/password authentication, forcing users to use SSO login only. When enabled, the email input will be hidden on the login page and the signup page will redirect to login.
+- Default: `0`
+- Example: `1`
+
 #### `JWKS_KEY`
 
 - Type: Required

package/docs/self-hosting/environment-variables/auth.zh-CN.mdx

@@ -44,6 +44,13 @@ LobeHub 在部署时提供了完善的身份验证服务能力，以下是相关
 - 默认值：`-`
 - 示例：`example.com,admin@other.com`
 
+#### `AUTH_DISABLE_EMAIL_PASSWORD`
+
+- 类型：可选
+- 描述：设置为 `1` 以禁用邮箱密码登录，强制用户使用 SSO 登录。启用后，登录页面将隐藏邮箱输入框，注册页面将重定向到登录页。
+- 默认值：`0`
+- 示例：`1`
+
 #### `JWKS_KEY`
 
 - 类型：必选

package/docs/self-hosting/environment-variables/basic.mdx

@@ -190,13 +190,6 @@ SSRF_ALLOW_IP_ADDRESS_LIST=192.168.1.100,10.0.0.50
 - Allow access to internal API gateway: `10.0.0.50`
 - Allow access to internal documentation server: `172.16.0.10`
 
-### `ENABLE_AUTH_PROTECTION`
-
-- Type: Optional
-- Description: Controls whether to enable route protection. When set to `1`, all routes except public routes (like `/api/auth`, `/login`, `/signup`) will require authentication. When set to `0` or not set, only specific protected routes (like `/settings`, `/files`) will require authentication.
-- Default: `0`
-- Example: `1` or `0`
-
 ### `NEXT_PUBLIC_ASSET_PREFIX`
 
 - Type: Optional

package/docs/self-hosting/environment-variables/basic.zh-CN.mdx

@@ -185,13 +185,6 @@ SSRF_ALLOW_IP_ADDRESS_LIST=192.168.1.100,10.0.0.50
 - 允许访问内网 API 网关：`10.0.0.50`
 - 允许访问内网文档服务器：`172.16.0.10`
 
-### `ENABLE_AUTH_PROTECTION`
-
-- 类型：可选
-- 说明：控制是否启用路由保护。当设置为 `1` 时，除了公共路由（如 `/api/auth`、`/login`、`/signup`）外，所有路由都需要认证。当设置为 `0` 或未设置时，只有特定的受保护路由（如 `/settings`、`/files` 等）需要认证。
-- 默认值：`0`
-- 示例：`1` 或 `0`
-
 ### `NEXT_PUBLIC_ASSET_PREFIX`
 
 - 类型：可选

package/docs/self-hosting/environment-variables/s3.mdx

@@ -58,13 +58,6 @@ LobeHub supports multimodal AI sessions, including the ability to upload unstruc
 - Default: `1`
 - Example: `0`
 
-### `S3_PUBLIC_DOMAIN`
-
-- Type: Required
-- Description: Public access domain for the bucket, used to access files in the bucket
-- Default: -
-- Example: `https://files.example.com`
-
 ### `S3_ENABLE_PATH_STYLE`
 
 - Type: Optional

package/docs/self-hosting/environment-variables/s3.zh-CN.mdx

@@ -56,13 +56,6 @@ LobeHub 支持多模态的 AI 会话，包括将图片、文件等非结构化
 - 默认值：`1`
 - 示例：`0`
 
-### `S3_PUBLIC_DOMAIN`
-
-- 类型：必填
-- 描述：存储桶对外的访问域名，用于访问存储桶中的文件
-- 默认值：-
-- 示例：`https://files.example.com`
-
 ### `S3_ENABLE_PATH_STYLE`
 
 - 类型：可选

package/docs/self-hosting/examples/azure-openai.mdx

@@ -40,4 +40,3 @@ If you want the deployed version to be pre-configured with Azure OpenAI for end
 | `AZURE_ENDPOINT`     | Required | Azure API address, can be found in the "Keys and Endpoints" section when checking resources in the Azure portal                                                                                                                                                      | -                  | `https://docs-test-001.openai.azure.com`                                                                         |
 | `AZURE_API_VERSION`  | Required | Azure API version, following the format YYYY-MM-DD                                                                                                                                                                                                                   | 2023-08-01-preview | `-`, see [latest version](https://learn.microsoft.com/en-us/azure/ai-services/openai/reference#chat-completions) |
 | `AZURE_MODEL_LIST`   | Required | Used to control the model list, use `+` to add a model, use `-` to hide a model, use `id->deplymentName=displayName` to customize the display name of a model, separated by commas. Definition syntax rules see [Model List](/docs/self-hosting/advanced/model-list) | -                  | `gpt-35-turbo->my-deploy=GPT 3.5 Turbo` or `gpt-4-turbo->my-gpt4=GPT 4 Turbo<128000:vision:fc>`                  |
-| `ACCESS_CODE`        | Optional | Add a password to access LobeHub. You can set a long password to prevent brute force attacks. When this value is separated by commas, it becomes an array of passwords                                                                                               | -                  | `awCT74` or `e3@09!` or `code1,code2,code3`                                                                      |

package/docs/self-hosting/examples/azure-openai.zh-CN.mdx

@@ -42,4 +42,3 @@ LobeHub 支持使用 [Azure OpenAI](https://learn.microsoft.com/zh-cn/azure/ai-s
 | `AZURE_ENDPOINT`    | 必选 | Azure API 地址，从 Azure 门户检查资源时，可在 “密钥和终结点” 部分中找到此值                                                                | -                  | `https://docs-test-001.openai.azure.com`                                                            |
 | `AZURE_API_VERSION` | 必选 | Azure 的 API 版本，遵循 YYYY-MM-DD 格式                                                                                 | 2023-08-01-preview | `-`，查阅[最新版本](https://learn.microsoft.com/zh-cn/azure/ai-services/openai/reference#chat-completions) |
 | `AZURE_MODEL_LIST`  | 必选 | 用来控制模型列表，使用 `模型名->部署名=展示名` 来自定义模型的展示名，用英文逗号隔开。支持扩展能力，其余语法规则详见 [模型列表](/zh/docs/self-hosting/advanced/model-list) | -                  | `gpt-35-turbo->my-deploy=GPT 3.5 Turbo` 或 `gpt-4-turbo->my-gpt4=GPT 4 Turbo<128000:vision:fc>`      |
-| `ACCESS_CODE`       | 可选 | 添加访问 LobeHub 的密码，你可以设置一个长密码以防被爆破，该值用逗号分隔时为密码数组                                                                  | -                  | `awCT74` 或 `e3@09!` or `code1,code2,code3`                                                          |

package/docs/self-hosting/platform/docker-compose.mdx

@@ -281,7 +281,6 @@ Now, we will introduce the necessary configurations for running these services:
 LobeHub needs to provide a public access URL for object files for the LLM service provider, so you need to configure the S3 Endpoint:
 
 ```env
-S3_PUBLIC_DOMAIN=https://s3.example.com
 S3_ENDPOINT=https://s3.example.com
 ```
 

package/docs/self-hosting/platform/docker-compose.zh-CN.mdx

@@ -277,7 +277,6 @@ mv .env.zh-CN.example .env
 LobeHub 需要为 LLM 服务提供商提供文件对象的公网访问地址，因此你需要配置 S3 的 Endpoint：
 
 ```env
-S3_PUBLIC_DOMAIN=https://s3.example.com
 S3_ENDPOINT=https://s3.example.com
 ```
 

package/docs/self-hosting/platform/docker.mdx

@@ -64,6 +64,10 @@ Here is the process for deploying the LobeHub server database version on a Linux
 
   <GenerateSecret envName="AUTH_SECRET" />
 
+  Click the button below to generate `JWKS_KEY` (for signing and verifying JWTs):
+
+  <GenerateJWKSKey />
+
   ```shell
   # Website domain
   APP_URL=https://your-prod-domain.com
@@ -77,7 +81,7 @@ Here is the process for deploying the LobeHub server database version on a Linux
   # Authentication (Better Auth)
   # Session encryption key (generate with: openssl rand -base64 32)
   AUTH_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk=
-  # JWKS key for signing and verifying JWTs (generate at: https://lobehub.com/docs/self-hosting/environment-variables/auth#jwks_key)
+  # JWKS key for signing and verifying JWTs
   JWKS_KEY='{"keys":[...]}'
 
   # S3 related
@@ -85,7 +89,6 @@ Here is the process for deploying the LobeHub server database version on a Linux
   S3_SECRET_ACCESS_KEY=xxxxxxxxxx
   S3_ENDPOINT=https://xxxxxxxxxx.r2.cloudflarestorage.com
   S3_BUCKET=LobeHub
-  S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com
 
   ```
 
@@ -142,7 +145,6 @@ $ docker run -it -d --name lobehub -p 3210:3210 \
   -e S3_SECRET_ACCESS_KEY=xxxxxxxxxx \
   -e S3_ENDPOINT=https://xxxxxxxxxx.r2.cloudflarestorage.com \
   -e S3_BUCKET=LobeHub \
-  -e S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com \
   lobehub/lobehub
 ```
 

package/docs/self-hosting/platform/docker.zh-CN.mdx

@@ -60,6 +60,10 @@ tags:
 
   <GenerateSecret envName="AUTH_SECRET" />
 
+  点击下方按钮一键生成 `JWKS_KEY`（用于签名和验证 JWT）：
+
+  <GenerateJWKSKey />
+
   ```shell
   # 网站域名
   APP_URL=https://your-prod-domain.com
@@ -74,7 +78,7 @@ tags:
   # 身份验证（Better Auth）
   # 会话加密密钥（使用以下命令生成：openssl rand -base64 32）
   AUTH_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk=
-  # JWKS 密钥，用于签名和验证 JWT（在此生成：https://lobehub.com/zh/docs/self-hosting/environment-variables/auth#jwks_key）
+  # JWKS 密钥，用于签名和验证 JWT
   JWKS_KEY='{"keys":[...]}'
 
   # S3 相关
@@ -83,8 +87,6 @@ tags:
   # 用于 S3 API 访问的域名
   S3_ENDPOINT=https://xxxxxxxxxx.r2.cloudflarestorage.com
   S3_BUCKET=LobeHub
-  # 用于外网访问 S3 的公共域名，需配置 CORS
-  S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com
   # S3_REGION=ap-chengdu # 如果需要指定地域
 
   ```
@@ -142,7 +144,6 @@ $ docker run -it -d --name lobehub -p 3210:3210 \
   -e S3_SECRET_ACCESS_KEY=xxxxxxxxxx \
   -e S3_ENDPOINT=https://xxxxxxxxxx.r2.cloudflarestorage.com \
   -e S3_BUCKET=LobeHub \
-  -e S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com \
   lobehub/lobehub
 ```
 

package/docs/self-hosting/platform/dokploy.mdx

@@ -39,7 +39,6 @@ S3_ACCESS_KEY_ID=
 S3_SECRET_ACCESS_KEY=
 S3_ENDPOINT=
 S3_BUCKET=
-S3_PUBLIC_DOMAIN=
 S3_ENABLE_PATH_STYLE=
 ```
 
@@ -118,7 +117,6 @@ S3_ACCESS_KEY_ID=
 S3_SECRET_ACCESS_KEY=
 S3_ENDPOINT=
 S3_BUCKET=
-S3_PUBLIC_DOMAIN=
 S3_ENABLE_PATH_STYLE=
 
 ```

package/docs/self-hosting/platform/dokploy.zh-CN.mdx

@@ -40,7 +40,6 @@ S3_ACCESS_KEY_ID=
 S3_SECRET_ACCESS_KEY=
 S3_ENDPOINT=
 S3_BUCKET=
-S3_PUBLIC_DOMAIN=
 S3_ENABLE_PATH_STYLE=
 ```
 
@@ -119,7 +118,6 @@ S3_ACCESS_KEY_ID=
 S3_SECRET_ACCESS_KEY=
 S3_ENDPOINT=
 S3_BUCKET=
-S3_PUBLIC_DOMAIN=
 S3_ENABLE_PATH_STYLE=
 
 ```

package/docs/self-hosting/platform/vercel.mdx

@@ -154,8 +154,6 @@ In the server-side database, we need to configure the S3 storage service to stor
   S3_BUCKET=LobeHub
   # Storage bucket request endpoint (note that the path in this link includes the bucket name, which must be removed, or use the link provided on the S3 API token application page)
   S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com
-  # Public access domain for the storage bucket
-  S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com
   ```
 
   <Callout type={'warning'}>
@@ -204,9 +202,6 @@ In the server-side database, we need to configure the S3 storage service to stor
   S3_BUCKET=LobeHub
   # Bucket request endpoint
   S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com
-  # Public domain for bucket access
-  S3_PUBLIC_DOMAIN=https://s3-dev.your-domain.com
-
   # Bucket region, such as us-west-1, generally not required, but some providers may need to configure
   # S3_REGION=us-west-1
   ```
@@ -288,8 +283,6 @@ S3_SECRET_ACCESS_KEY=55af75d8eb6b99f189f6a35f855336ea62cd9c4751a5cf4337c53c1d3f4
 S3_BUCKET=LobeHub
 # Bucket request endpoint
 S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com
-# Public access domain for the bucket
-S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com
 # Bucket region, such as us-west-1, generally not needed to add, but some service providers may require configuration
 # S3_REGION=us-west-1
 ```