diff --git a/Dockerfile b/Dockerfile
index d148f2f..73e6abd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -33,11 +33,9 @@ WORKDIR /app/calcpad-web
 # Build-time env vars for Vite (inlined at build time)
 ARG VITE_SUPABASE_URL
 ARG VITE_SUPABASE_ANON_KEY
-ARG VITE_AUTH_URL
 ARG VITE_COLLAB_WS_URL
 ENV VITE_SUPABASE_URL=$VITE_SUPABASE_URL
 ENV VITE_SUPABASE_ANON_KEY=$VITE_SUPABASE_ANON_KEY
-ENV VITE_AUTH_URL=$VITE_AUTH_URL
 ENV VITE_COLLAB_WS_URL=$VITE_COLLAB_WS_URL
 
 # Install dependencies first (layer caching)
diff --git a/calcpad-web/src/auth/supabase.ts b/calcpad-web/src/auth/supabase.ts
index 59a5299..6917d00 100644
--- a/calcpad-web/src/auth/supabase.ts
+++ b/calcpad-web/src/auth/supabase.ts
@@ -2,11 +2,14 @@ import { createClient } from '@supabase/supabase-js'
 
 const supabaseUrl = import.meta.env.VITE_SUPABASE_URL as string
 const supabaseAnonKey = import.meta.env.VITE_SUPABASE_ANON_KEY as string
-const authUrl = import.meta.env.VITE_AUTH_URL as string | undefined
 
 /**
  * Supabase client singleton.
  * Returns null if env vars are not configured (local-only mode).
+ *
+ * The client auto-derives API paths from the base URL:
+ *   - REST: ${supabaseUrl}/rest/v1/
+ *   - Auth: ${supabaseUrl}/auth/v1/
  */
 export const supabase =
   supabaseUrl && supabaseAnonKey
@@ -15,7 +18,6 @@ export const supabase =
           persistSession: true,
           autoRefreshToken: true,
           detectSessionInUrl: true,
-          ...(authUrl ? { url: authUrl } : {}),
         },
       })
     : null
diff --git a/docker-compose.yml b/docker-compose.yml
index 717ce3a..49cb5e2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -69,9 +69,8 @@ services:
     build:
       context: .
       args:
-        VITE_SUPABASE_URL: ${SITE_URL:-http://localhost:8080}/rest
+        VITE_SUPABASE_URL: ${SITE_URL:-http://localhost:8080}
         VITE_SUPABASE_ANON_KEY: ${ANON_KEY}
-        VITE_AUTH_URL: ${SITE_URL:-http://localhost:8080}/auth
         VITE_COLLAB_WS_URL: ${COLLAB_WS_URL:-ws://localhost:8080/ws}
     restart: unless-stopped
     ports:
diff --git a/nginx.conf b/nginx.conf
index 67883db..6688520 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -10,8 +10,8 @@ server {
         try_files $uri $uri/ /index.html;
     }
 
-    # Reverse proxy: PostgREST (database REST API)
-    location /rest/ {
+    # Reverse proxy: PostgREST (Supabase client hits /rest/v1/*)
+    location /rest/v1/ {
         proxy_pass http://rest:3000/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
@@ -19,8 +19,8 @@ server {
         proxy_set_header X-Forwarded-Proto $scheme;
     }
 
-    # Reverse proxy: GoTrue (auth)
-    location /auth/ {
+    # Reverse proxy: GoTrue auth (Supabase client hits /auth/v1/*)
+    location /auth/v1/ {
         proxy_pass http://auth:9999/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;