diff --git a/backend/docker-compose.yml b/backend/docker-compose.yml
index cb62bde..215d534 100644
--- a/backend/docker-compose.yml
+++ b/backend/docker-compose.yml
@@ -89,51 +89,9 @@ services:
     networks:
       - genex-network
 
-  # MinIO Object Storage (S3-compatible, multi-region replication support)
-  minio:
-    image: minio/minio:latest
-    container_name: genex-minio
-    environment:
-      MINIO_ROOT_USER: genex-admin
-      MINIO_ROOT_PASSWORD: genex-minio-secret
-    ports:
-      - "127.0.0.1:49000:9000"     # S3 API
-      - "127.0.0.1:49001:9001"     # Console UI
-    volumes:
-      - minio_data:/data
-    command: server /data --console-address ":9001"
-    healthcheck:
-      test: ["CMD", "mc", "ready", "local"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    restart: unless-stopped
-    networks:
-      - genex-network
-
-  # MinIO bucket initialization
-  minio-init:
-    image: minio/mc:latest
-    container_name: genex-minio-init
-    depends_on:
-      minio:
-        condition: service_healthy
-    entrypoint: >
-      /bin/sh -c "
-      mc alias set genex http://minio:9000 genex-admin genex-minio-secret;
-      mc mb --ignore-existing genex/kyc-documents;
-      mc mb --ignore-existing genex/coupon-images;
-      mc mb --ignore-existing genex/issuer-documents;
-      mc mb --ignore-existing genex/sar-reports;
-      mc mb --ignore-existing genex/avatars;
-      mc mb --ignore-existing genex/exports;
-      mc mb --ignore-existing genex/app-releases;
-      mc anonymous set download genex/coupon-images;
-      mc anonymous set download genex/avatars;
-      echo 'MinIO buckets initialized';
-      "
-    networks:
-      - genex-network
+  # MinIO has been migrated to the gateway server (192.168.1.200).
+  # Deployment: infrastructure/minio/deploy.sh
+  # API endpoint: 192.168.1.200:9100  Console: 192.168.1.200:9101
 
   # Debezium Kafka Connect (CDC - Change Data Capture)
   # 版本说明: 必须使用 2.5.1+ (修复 DBZ-7316: searchWalPosition 不推进 confirmed_flush_lsn, 导致 WAL 无限积压)
@@ -395,8 +353,8 @@ services:
       - DB_USERNAME=genex
       - DB_PASSWORD=${DB_PASSWORD}
       - DB_NAME=genex
-      - MINIO_ENDPOINT=minio
-      - MINIO_PORT=9000
+      - MINIO_ENDPOINT=192.168.1.200   # Gateway server — MinIO runs on 192.168.1.200:9100
+      - MINIO_PORT=9100
       - MINIO_ACCESS_KEY=genex-admin
       - MINIO_SECRET_KEY=genex-minio-secret
       - MINIO_BUCKET=app-releases
@@ -404,8 +362,6 @@ services:
     depends_on:
       postgres:
         condition: service_healthy
-      minio:
-        condition: service_healthy
     networks:
       - genex-network
 
@@ -601,7 +557,6 @@ volumes:
   postgres_data:
   redis_data:
   kafka_data:
-  minio_data:
 
 networks:
   genex-network:
diff --git a/infrastructure/minio/deploy.sh b/infrastructure/minio/deploy.sh
new file mode 100644
index 0000000..41c5291
--- /dev/null
+++ b/infrastructure/minio/deploy.sh
@@ -0,0 +1,72 @@
+#!/bin/bash
+# MinIO deployment script
+# Target server: gateway server (192.168.1.200 / 14.215.128.96)
+# API port  : 9100 (S3-compatible)
+# Console   : 9101
+#
+# Usage: ./deploy.sh [up|down|status|init|logs]
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+# All buckets used by backend microservices
+BUCKETS=(
+  app-releases       # admin-service  — APK/IPA packages
+  kyc-documents      # compliance-service — KYC verification files
+  coupon-images      # issuer-service — coupon artwork
+  issuer-documents   # issuer-service — prospectus / legal docs
+  sar-reports        # compliance-service — SAR export files
+  avatars            # user-service — profile pictures
+  exports            # clearing-service — finance report exports
+)
+
+# Buckets that should be publicly readable (no auth needed for download)
+PUBLIC_BUCKETS=(coupon-images avatars)
+
+_init_buckets() {
+  local user="${MINIO_ROOT_USER:-genex-admin}"
+  local pass="${MINIO_ROOT_PASSWORD:-genex-minio-secret}"
+
+  docker exec genex-minio mc alias set local http://localhost:9000 "$user" "$pass"
+
+  for bucket in "${BUCKETS[@]}"; do
+    docker exec genex-minio mc mb --ignore-existing "local/${bucket}"
+    echo "  bucket ready: ${bucket}"
+  done
+
+  for bucket in "${PUBLIC_BUCKETS[@]}"; do
+    docker exec genex-minio mc anonymous set download "local/${bucket}"
+    echo "  public download enabled: ${bucket}"
+  done
+}
+
+case "${1:-up}" in
+  up)
+    docker compose -f "$SCRIPT_DIR/docker-compose.yml" up -d
+    echo "Waiting for MinIO to be ready..."
+    sleep 4
+    _init_buckets
+    echo ""
+    echo "MinIO is running:"
+    echo "  S3 API  : http://192.168.1.200:9100"
+    echo "  Console : http://192.168.1.200:9101"
+    ;;
+  down)
+    docker compose -f "$SCRIPT_DIR/docker-compose.yml" down
+    ;;
+  status)
+    docker compose -f "$SCRIPT_DIR/docker-compose.yml" ps
+    ;;
+  init)
+    # Re-create buckets without restarting the container
+    _init_buckets
+    ;;
+  logs)
+    docker compose -f "$SCRIPT_DIR/docker-compose.yml" logs -f
+    ;;
+  *)
+    echo "Usage: $0 [up|down|status|init|logs]"
+    exit 1
+    ;;
+esac
diff --git a/infrastructure/minio/docker-compose.yml b/infrastructure/minio/docker-compose.yml
new file mode 100644
index 0000000..d843877
--- /dev/null
+++ b/infrastructure/minio/docker-compose.yml
@@ -0,0 +1,19 @@
+services:
+  minio:
+    image: minio/minio
+    container_name: genex-minio
+    restart: unless-stopped
+    ports:
+      - "9100:9000"   # S3 API
+      - "9101:9001"   # Console
+    volumes:
+      - /data/minio:/data
+    environment:
+      MINIO_ROOT_USER: ${MINIO_ROOT_USER:-genex-admin}
+      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:-genex-minio-secret}
+    command: server /data --console-address ':9001'
+    healthcheck:
+      test: ["CMD", "mc", "ready", "local"]
+      interval: 30s
+      timeout: 10s
+      retries: 3