diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml
index c9c97a4..cf743df 100644
--- a/docker/docker-compose.yaml
+++ b/docker/docker-compose.yaml
@@ -1,8 +1,8 @@
 services:
   # --- 1. Spring API Service (Backend) ---
-  battlbuilder_api:
-    container_name: battlbuilder_api
-    hostname: battlbuilder_api
+  battlbuilder-api:
+    container_name: battlbuilder-api
+    hostname: battlbuilder-api
     image: gitea.gofwd.group/forward_group/ballistic-builder-spring/spring-api:latest
     ports:
       - "8080:8080" # Map host port 8080 to container port 8080
@@ -11,31 +11,35 @@ services:
       - SPRING_DATASOURCE_URL=jdbc:postgresql://ash.gofwd.group:5433/ss_builder
       - SPRING_DATASOURCE_USERNAME=dba
       - SPRING_DATASOURCE_PASSWORD=!@#Qwerty
-      - SPRING_PROFILES_ACTIVE=openai,prod
+      - SPRING_PROFILES_ACTIVE=openai
       - AI_ENRICHMENT_PROVIDER=openai
     networks:
       - app-network
 
   # --- 2. Next.js App Service (Frontend) ---
-  bb_web_app:
-    hostname: bb_web_app
-    container_name:  bb_web_app
+  bb-web-app:
+    hostname: bb-web-app
+    container_name:  bb-web-app
     image: gitea.gofwd.group/sean/shadow-gunbuilder-ai-proto/webui:latest
     ports:
-      - "3000:3000" # Map host port 3000 to container port 3000
+      - "3001:3000" # Map host port 3000 to container port 3000
     environment:
       # This variable is crucial: Next.js needs the URL for the Spring API
       # Use the Docker internal service name 'spring-api' and its port 8080
-      - NEXT_PUBLIC_API_URL=http://ss_builder-api:8080
+      - NEXT_PUBLIC_API_BASE_URL=https://battl.builders
+      - API_INTERNAL_BASE_URL=http://battlbuilder-api:8080   # optional, for server-side-only calls
       # For local testing, you might need the host IP for Next.js to call back
       # - NEXT_PUBLIC_API_URL_LOCAL=http://localhost:8080
     depends_on:
-      - battlbuilder_api
+      - battlbuilder-api
     networks:
       - app-network
+      - nginx_nginx
 
 
 # --- Docker Network for Inter-Container Communication ---
 networks:
   app-network:
-    driver: bridge
\ No newline at end of file
+    external: false
+  nginx_nginx:
+    external: true
diff --git a/src/main/java/group/goforward/battlbuilder/config/CorsConfig.java b/src/main/java/group/goforward/battlbuilder/config/CorsConfig.java
index 9879d8c..5932963 100644
--- a/src/main/java/group/goforward/battlbuilder/config/CorsConfig.java
+++ b/src/main/java/group/goforward/battlbuilder/config/CorsConfig.java
@@ -22,20 +22,13 @@ public class CorsConfig {
 
         // Allow Angular development server
         config.setAllowedOrigins(Arrays.asList(
-                "http://localhost:4200",
-                "http://localhost:4201",
-                "http://localhost:8070",
-                "https://localhost:8070",
-                "http://localhost:8080",
-                "https://localhost:8080",
-                "http://localhost:3000",
-                "https://localhost:3000",
-                "https://localhost:3000/gunbuilder",
-                "http://localhost:3000/gunbuilder",
-                "https://localhost:3000/builder",
-                "http://localhost:3000/builder",
-                "https://battl.builders"
-      ));
+                "http://localhost:3000",   // local dev
+                "https://localhost:3000",  // local https dev (if used)
+                "https://battl.builders",
+                "http://bb-web-app:3001",
+                "http://bb-web-app:3000"
+                ));   // production frontend));
+
 
         // Allow all headers
         config.addAllowedHeader("*");
diff --git a/src/main/java/group/goforward/battlbuilder/config/SecurityConfig.java b/src/main/java/group/goforward/battlbuilder/config/SecurityConfig.java
index f019eb4..a50919c 100644
--- a/src/main/java/group/goforward/battlbuilder/config/SecurityConfig.java
+++ b/src/main/java/group/goforward/battlbuilder/config/SecurityConfig.java
@@ -18,6 +18,7 @@ import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
+import java.util.Arrays;
 import java.util.List;
 
 @Configuration
@@ -77,7 +78,12 @@ public class SecurityConfig {
     @Bean
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration cfg = new CorsConfiguration();
-        cfg.setAllowedOrigins(List.of("http://localhost:3000", "https://battl.builders"));
+        cfg.setAllowedOrigins(Arrays.asList(
+                "http://localhost:3000",   // local dev
+                "https://localhost:3000",  // local https dev (if used)
+                "https://battl.builders",
+                "http://bb-web-app:3001",
+                "http://bb-web-app:3000"));   // production frontend));
         cfg.setAllowedMethods(List.of("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
         cfg.setAllowedHeaders(List.of("Authorization", "Content-Type"));
         cfg.setExposedHeaders(List.of("Authorization"));