diff --git a/Makefile b/Makefile
index eed9d952..868b65fe 100644
--- a/Makefile
+++ b/Makefile
@@ -174,13 +174,17 @@ up-vllm-guardrails: enable-guardrails config-guardrails-vllm up-vllm
 
 .PHONY: disable-atls
 disable-atls:
-	@echo "Disabling attested TLS for local development..."
-	@sed -i 's|^UV_CUBE_AGENT_CLIENT_CERT=.*|UV_CUBE_AGENT_CLIENT_CERT=|' docker/.env
-	@sed -i 's|^UV_CUBE_AGENT_CLIENT_KEY=.*|UV_CUBE_AGENT_CLIENT_KEY=|' docker/.env
-	@sed -i 's|^UV_CUBE_AGENT_SERVER_CA_CERTS=.*|UV_CUBE_AGENT_SERVER_CA_CERTS=|' docker/.env
-	@sed -i 's|^UV_CUBE_AGENT_ATTESTED_TLS=.*|UV_CUBE_AGENT_ATTESTED_TLS=false|' docker/.env
-	@sed -i 's|^UV_CUBE_AGENT_ATTESTATION_POLICY=.*|UV_CUBE_AGENT_ATTESTATION_POLICY=|' docker/.env
-	@echo "✓ Attested TLS disabled"
+	@if grep -q '^UV_CUBE_AGENT_ATTESTED_TLS=true' docker/.env; then \
+		echo "Disabling attested TLS for local development..."; \
+		sed -i 's|^UV_CUBE_AGENT_CLIENT_CERT=.*|UV_CUBE_AGENT_CLIENT_CERT=|' docker/.env; \
+		sed -i 's|^UV_CUBE_AGENT_CLIENT_KEY=.*|UV_CUBE_AGENT_CLIENT_KEY=|' docker/.env; \
+		sed -i 's|^UV_CUBE_AGENT_SERVER_CA_CERTS=.*|UV_CUBE_AGENT_SERVER_CA_CERTS=|' docker/.env; \
+		sed -i 's|^UV_CUBE_AGENT_ATTESTED_TLS=.*|UV_CUBE_AGENT_ATTESTED_TLS=false|' docker/.env; \
+		sed -i 's|^UV_CUBE_AGENT_ATTESTATION_POLICY=.*|UV_CUBE_AGENT_ATTESTATION_POLICY=|' docker/.env; \
+		echo "✓ Attested TLS disabled"; \
+	else \
+		echo "✓ Attested TLS already configured, skipping"; \
+	fi
 
 .PHONY: up
 up: config-local enable-guardrails config-backend disable-atls
@@ -201,7 +205,6 @@ endif
 .PHONY: config-local
 config-local:
 	@echo "Configuring for local development..."
-	@git checkout -- docker/.env docker/traefik/dynamic.toml docker/config.json 2>/dev/null || true
 	@sed -i 's|__SMQ_EMAIL_HOST__|localhost|g' docker/.env
 	@sed -i 's|__SMQ_EMAIL_PORT__|1025|g' docker/.env
 	@sed -i 's|__SMQ_EMAIL_USERNAME__|test|g' docker/.env
@@ -217,9 +220,9 @@ config-local:
 	@sed -i 's|__MG_MAILCHIMP_SERVER_PREFIX__||g' docker/.env
 	@sed -i 's|__MG_MAILCHIMP_AUDIENCE_ID__||g' docker/.env
 	@sed -i 's|__CUBE_PUBLIC_URL__|localhost|g' docker/.env
-	@sed -i 's|^TRAEFIK_HTTP_PORT=.*|TRAEFIK_HTTP_PORT=80|g' docker/.env
-	@sed -i 's|^TRAEFIK_HTTPS_PORT=.*|TRAEFIK_HTTPS_PORT=443|g' docker/.env
-	@sed -i 's|^TRAEFIK_DASHBOARD_PORT=.*|TRAEFIK_DASHBOARD_PORT=8080|g' docker/.env
+	@sed -i 's|__TRAEFIK_HTTP_PORT__|80|g' docker/.env
+	@sed -i 's|__TRAEFIK_HTTPS_PORT__|443|g' docker/.env
+	@sed -i 's|__TRAEFIK_DASHBOARD_PORT__|8080|g' docker/.env
 	@sed -i 's|__TUNNEL_TOKEN__||g' docker/.env
 	@sed -i 's|__CUBE_AGENT_CERTS_TOKEN__|localdevtoken12we12we12we12we12we|g' docker/.env
 	@echo "✓ Configured with local defaults"
@@ -231,12 +234,12 @@ restore-config:
 		echo "✓ Restored from git" || echo "⚠ git restore failed, files may not be tracked"
 
 .PHONY: down
-down: config-local
+down:
 	@echo "Stopping all Cube services..."
 	docker compose -f docker/compose.yaml down
 
 .PHONY: down-volumes
-down-volumes: config-local
+down-volumes:
 	@echo "Stopping all Cube services and removing volumes..."
 	docker compose -f docker/compose.yaml down -v
 
diff --git a/README.md b/README.md
index 8fcf296f..77431e17 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,6 @@ Confidential computing framework for GPT-based applications.
 OpenAI-compatible API, multiple LLM backends, and TEE-backed isolation for data and model privacy.
 
 [![CI](https://github.com/ultravioletrs/cube/actions/workflows/main.yaml/badge.svg)](https://github.com/ultravioletrs/cube/actions/workflows/main.yaml)
-[![UI CI](https://github.com/ultravioletrs/cube/actions/workflows/ui-ci.yaml/badge.svg)](https://github.com/ultravioletrs/cube/actions/workflows/ui-ci.yaml)
 [![Check License](https://github.com/ultravioletrs/cube/actions/workflows/check-license.yaml/badge.svg)](https://github.com/ultravioletrs/cube/actions/workflows/check-license.yaml)
 [![Go Report Card](https://goreportcard.com/badge/github.com/ultravioletrs/cube)](https://goreportcard.com/report/github.com/ultravioletrs/cube)
 [![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](LICENSE)
diff --git a/docker/.env b/docker/.env
index 55c669f4..374ee090 100644
--- a/docker/.env
+++ b/docker/.env
@@ -349,7 +349,7 @@ MG_BACKEND_OBJECT_STORAGE_REGION=fra1
 MG_BACKEND_OBJECT_STORAGE_BUCKET=mg-ui-images
 MG_BACKEND_OBJECT_STORAGE_ENDPOINT=http://magistrala-seaweedfs-s3:8333
 MG_BACKEND_OBJECT_STORAGE_USE_PATH_STYLE=true
-MG_BACKEND_OBJECT_STORAGE_REWRITE_URL=localhost
+MG_BACKEND_OBJECT_STORAGE_PRESIGN_ENDPOINT=https://__CUBE_PUBLIC_URL__
 MG_BACKEND_OBJECT_STORAGE_ACCESS_KEY=localKey
 MG_BACKEND_OBJECT_STORAGE_SECRET_KEY=localSecret
 MG_BACKEND_OBJECT_STORAGE_WRITE_TTL=1m
diff --git a/docker/cube-compose.yaml b/docker/cube-compose.yaml
index 8e1e90b6..30f1131f 100644
--- a/docker/cube-compose.yaml
+++ b/docker/cube-compose.yaml
@@ -420,7 +420,7 @@ services:
       MG_BACKEND_OBJECT_STORAGE_BUCKET: ${MG_BACKEND_OBJECT_STORAGE_BUCKET}
       MG_BACKEND_OBJECT_STORAGE_ENDPOINT: ${MG_BACKEND_OBJECT_STORAGE_ENDPOINT}
       MG_BACKEND_OBJECT_STORAGE_USE_PATH_STYLE: ${MG_BACKEND_OBJECT_STORAGE_USE_PATH_STYLE}
-      MG_BACKEND_OBJECT_STORAGE_REWRITE_URL: ${MG_BACKEND_OBJECT_STORAGE_REWRITE_URL}
+      MG_BACKEND_OBJECT_STORAGE_PRESIGN_ENDPOINT: ${MG_BACKEND_OBJECT_STORAGE_PRESIGN_ENDPOINT}
       MG_BACKEND_OBJECT_STORAGE_ACCESS_KEY: ${MG_BACKEND_OBJECT_STORAGE_ACCESS_KEY}
       MG_BACKEND_OBJECT_STORAGE_SECRET_KEY: ${MG_BACKEND_OBJECT_STORAGE_SECRET_KEY}
       MG_BACKEND_OBJECT_STORAGE_WRITE_TTL: ${MG_BACKEND_OBJECT_STORAGE_WRITE_TTL}
diff --git a/docker/traefik/dynamic.toml b/docker/traefik/dynamic.toml
index a5553b29..5bf9d09e 100644
--- a/docker/traefik/dynamic.toml
+++ b/docker/traefik/dynamic.toml
@@ -25,6 +25,10 @@
   prefixes = ["/domains"]
 
 # HTTP Services
+[http.services.seaweedfs.loadBalancer]
+  [[http.services.seaweedfs.loadBalancer.servers]]
+    url = "http://magistrala-seaweedfs-s3:8333"
+
 [http.services.users.loadBalancer]
   [[http.services.users.loadBalancer.servers]]
     url = "http://supermq-users:9002"
@@ -134,6 +138,13 @@
   middlewares = ["retry-middleware", "headers-middleware"]
   priority = 8
 
+[http.routers.seaweedfs]
+  rule = "PathPrefix(`/mg-ui-images`)"
+  entryPoints = ["websecure"]
+  service = "seaweedfs"
+  middlewares = ["retry-middleware"]
+  priority = 10
+
 [http.routers.ui]
   rule = "PathPrefix(`/`) || PathPrefix(`/api`)"
   entryPoints = ["websecure"]