diff --git a/user-service/src/main/java/com/kt/event/user/config/SecurityConfig.java b/user-service/src/main/java/com/kt/event/user/config/SecurityConfig.java
index 064c938..0c8e6ca 100644
--- a/user-service/src/main/java/com/kt/event/user/config/SecurityConfig.java
+++ b/user-service/src/main/java/com/kt/event/user/config/SecurityConfig.java
@@ -38,6 +38,18 @@ public class SecurityConfig {
     @Value("${cors.allowed-origins:http://localhost:*}")
     private String allowedOrigins;
 
+    @Value("${cors.allowed-methods:GET,POST,PUT,DELETE,OPTIONS,PATCH}")
+    private String allowedMethods;
+
+    @Value("${cors.allowed-headers:*}")
+    private String allowedHeaders;
+
+    @Value("${cors.allow-credentials:true}")
+    private boolean allowCredentials;
+
+    @Value("${cors.max-age:3600}")
+    private long maxAge;
+
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         return http
@@ -45,8 +57,8 @@ public class SecurityConfig {
                 .cors(cors -> cors.configurationSource(corsConfigurationSource()))
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(auth -> auth
-                        // Public endpoints
-                        .requestMatchers("/api/v1/users/register", "/api/v1/users/login").permitAll()
+                        // Public endpoints (context-path가 /api/v1/users이므로 상대 경로 사용)
+                        .requestMatchers("/register", "/login").permitAll()
                         // Actuator endpoints
                         .requestMatchers("/actuator/**").permitAll()
                         // Swagger UI endpoints
@@ -65,23 +77,23 @@ public class SecurityConfig {
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
 
-        // 모든 Origin 허용
-        configuration.setAllowedOriginPatterns(Arrays.asList("*"));
+        // application.yml에서 설정한 Origin 목록 사용
+        configuration.setAllowedOrigins(Arrays.asList(allowedOrigins.split(",")));
 
         // 허용할 HTTP 메소드
-        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
+        configuration.setAllowedMethods(Arrays.asList(allowedMethods.split(",")));
 
         // 허용할 헤더
-        configuration.setAllowedHeaders(Arrays.asList("*"));
+        configuration.setAllowedHeaders(Arrays.asList(allowedHeaders.split(",")));
 
         // 자격 증명 허용
-        configuration.setAllowCredentials(true);
+        configuration.setAllowCredentials(allowCredentials);
 
         // Pre-flight 요청 캐시 시간
-        configuration.setMaxAge(3600L);
+        configuration.setMaxAge(maxAge);
 
         // Exposed Headers 추가
-        configuration.setExposedHeaders(Arrays.asList("Authorization", "Content-Type"));
+        configuration.setExposedHeaders(Arrays.asList("Authorization", "Content-Type", "X-Total-Count"));
 
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/**", configuration);
diff --git a/user-service/src/main/java/com/kt/event/user/config/SwaggerConfig.java b/user-service/src/main/java/com/kt/event/user/config/SwaggerConfig.java
index 60ab414..589718f 100644
--- a/user-service/src/main/java/com/kt/event/user/config/SwaggerConfig.java
+++ b/user-service/src/main/java/com/kt/event/user/config/SwaggerConfig.java
@@ -26,10 +26,13 @@ public class SwaggerConfig {
         return new OpenAPI()
                 .info(apiInfo())
                 .addServersItem(new Server()
-                        .url("http://localhost:8081")
+                        .url("http://kt-event-marketing-api.20.214.196.128.nip.io/api/v1/users")
+                        .description("Production Server (AKS Ingress)"))
+                .addServersItem(new Server()
+                        .url("http://localhost:8081/api/v1/users")
                         .description("Local Development"))
                 .addServersItem(new Server()
-                        .url("{protocol}://{host}:{port}")
+                        .url("{protocol}://{host}:{port}/api/v1/users")
                         .description("Custom Server")
                         .variables(new io.swagger.v3.oas.models.servers.ServerVariables()
                                 .addServerVariable("protocol", new io.swagger.v3.oas.models.servers.ServerVariable()
diff --git a/user-service/src/main/java/com/kt/event/user/controller/UserController.java b/user-service/src/main/java/com/kt/event/user/controller/UserController.java
index f8469d8..3cb54ad 100644
--- a/user-service/src/main/java/com/kt/event/user/controller/UserController.java
+++ b/user-service/src/main/java/com/kt/event/user/controller/UserController.java
@@ -33,7 +33,7 @@ import java.util.UUID;
  */
 @Slf4j
 @RestController
-@RequestMapping("/api/v1/users")
+@RequestMapping("")  // context-path가 /api/v1/users이므로 빈 문자열 사용
 @RequiredArgsConstructor
 @Tag(name = "User", description = "사용자 인증 및 프로필 관리 API")
 public class UserController {