diff --git a/frontend/lib/auth.ts b/frontend/lib/auth.ts
index bb89353..d0efdde 100644
--- a/frontend/lib/auth.ts
+++ b/frontend/lib/auth.ts
@@ -11,7 +11,7 @@ const loginSchema = z.object({
   password: z.string().min(1),
 });
 
-const baseUrl = process.env.NEXT_PUBLIC_API_URL || "http://localhost:3001/api";
+const baseUrl = (typeof window === "undefined" ? process.env.INTERNAL_API_URL : null) || process.env.NEXT_PUBLIC_API_URL || "http://localhost:3001/api";
 
 // Helper to parse JWT expiry
 function getJwtExpiry(token: string): number {
diff --git a/specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-app.yml b/specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-app.yml
index d4289b2..9d3a75f 100644
--- a/specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-app.yml
+++ b/specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-app.yml
@@ -119,6 +119,8 @@ services:
       # --- NextAuth ---
       AUTH_SECRET: 'eebc122aa65adde8c76c6a0847d9649b2b67a06db1504693e6c912e51499b76e'
       AUTH_URL: 'https://lcbp3.np-dms.work'
+      AUTH_TRUST_HOST: 'true'
+      INTERNAL_API_URL: 'http://backend:3000/api'
     networks:
       - lcbp3
     healthcheck: