diff --git a/backend/handlers/handle_message_upload.go b/backend/handlers/handle_message_upload.go
index 8b05648..bec2fcd 100644
--- a/backend/handlers/handle_message_upload.go
+++ b/backend/handlers/handle_message_upload.go
@@ -66,26 +66,11 @@ func (store *Store) UploadMessageFile(ctx *gin.Context) {
 	}
 	filename := hex.EncodeToString(b) + ext
 
-	uploadDir := "/backend/uploads"
-	if err := os.MkdirAll(uploadDir, 0755); err != nil {
-		ctx.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create upload directory"})
-		return
-	}
-	// Ensure directory is world-readable so nginx can serve files
-	if err := os.Chmod(uploadDir, 0755); err != nil {
-		ctx.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create upload directory"})
-		return
-	}
-
 	dest := filepath.Join(uploadDir, filename)
 	if err := ctx.SaveUploadedFile(file, dest); err != nil {
 		ctx.JSON(http.StatusInternalServerError, gin.H{"error": "failed to save file"})
 		return
 	}
-	if err := os.Chmod(dest, 0644); err != nil {
-		ctx.JSON(http.StatusInternalServerError, gin.H{"error": "failed to set file permissions"})
-		return
-	}
 
 	ctx.JSON(http.StatusOK, gin.H{"url": "/uploads/" + filename})
 }
diff --git a/nginx/entrypoint.sh b/nginx/entrypoint.sh
index 872ed1c..38981b1 100755
--- a/nginx/entrypoint.sh
+++ b/nginx/entrypoint.sh
@@ -3,23 +3,19 @@ set -e
 
 # Check if dev mode, certificate exists, or setup mode
 if [ "$DEV_MODE" = "true" ]; then
-    echo "Dev mode. Using HTTP-only nginx config."
-    envsubst '${DOMAIN} ${BACKEND_HOST} ${BACKEND_PORT} ${BACKEND_ENDPOINT} ${ICECAST_HOST} ${ICECAST_PORT} ${GITEA_HOST} ${GITEA_PORT}' \
-        < /etc/nginx/nginx_dev.conf.template \
-        > /etc/nginx/nginx.conf
+  echo "Dev mode. Using HTTP-only nginx config."
+  envsubst '${DOMAIN} ${BACKEND_HOST} ${BACKEND_PORT} ${BACKEND_ENDPOINT} ${ICECAST_HOST} ${ICECAST_PORT} ${GITEA_HOST} ${GITEA_PORT}' \
+    </etc/nginx/nginx_dev.conf.template \
+    >/etc/nginx/nginx.conf
 elif [ -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ] && [ -f "/etc/letsencrypt/live/$DOMAIN/privkey.pem" ]; then
-    echo "Certificates found. Using production nginx config."
-    envsubst '${DOMAIN} ${BACKEND_HOST} ${BACKEND_PORT} ${BACKEND_ENDPOINT} ${ICECAST_HOST} ${ICECAST_PORT} ${GITEA_HOST} ${GITEA_PORT}' \
-        < /etc/nginx/nginx.conf.template \
-        > /etc/nginx/nginx.conf
+  echo "Certificates found. Using production nginx config."
+  envsubst '${DOMAIN} ${BACKEND_HOST} ${BACKEND_PORT} ${BACKEND_ENDPOINT} ${ICECAST_HOST} ${ICECAST_PORT} ${GITEA_HOST} ${GITEA_PORT}' \
+    </etc/nginx/nginx.conf.template \
+    >/etc/nginx/nginx.conf
 else
-    echo "Certificates NOT found. Using setup nginx config."
-    envsubst '${DOMAIN}' < /etc/nginx/nginx_setup.conf.template > /etc/nginx/nginx.conf
+  echo "Certificates NOT found. Using setup nginx config."
+  envsubst '${DOMAIN}' </etc/nginx/nginx_setup.conf.template >/etc/nginx/nginx.conf
 fi
 
-# Ensure uploads directory and files are readable by nginx worker processes
-chmod 755 /uploads 2>/dev/null || true
-chmod -R a+rX /uploads 2>/dev/null || true
-
 # Start nginx
 nginx -g 'daemon off;'