diff --git a/apache/enable-modules.sh b/apache/enable-modules.sh
new file mode 100644
index 0000000..504cbfa
--- /dev/null
+++ b/apache/enable-modules.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+# Active les modules Apache nécessaires pour Nextcloud derrière Traefik
+
+a2enmod remoteip   # Pour récupérer les vraies IPs clients
+a2enmod env        # Pour SetEnvIf (détection HTTPS)
+
+# Redémarre Apache
+apache2ctl graceful
diff --git a/apache/nextcloud.conf b/apache/nextcloud.conf
index 29752a9..04bc45c 100644
--- a/apache/nextcloud.conf
+++ b/apache/nextcloud.conf
@@ -1,5 +1,37 @@
+# Configuration pour reverse proxy Traefik
+# Récupération de l'IP réelle du client via X-Forwarded-For
+RemoteIPHeader X-Forwarded-For
+RemoteIPTrustedProxy 172.16.0.0/12
+RemoteIPTrustedProxy 10.0.0.0/8
+RemoteIPTrustedProxy 192.168.0.0/16
+
+# Activer la confiance des en-têtes X-Forwarded-Proto
+SetEnvIf X-Forwarded-Proto "https" HTTPS=on
+
 <Directory /var/www/html/>
-    Options FollowSymLinks
+    Options +FollowSymLinks
     AllowOverride All
     Require all granted
+
+    <IfModule mod_dav.c>
+        Dav off
+    </IfModule>
 </Directory>
+
+# Headers de sécurité (si non gérés par Traefik)
+<IfModule mod_headers.c>
+    # HSTS sera géré par Traefik
+    # Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
+
+    # Autres headers de sécurité
+    Header always set Referrer-Policy "no-referrer-when-downgrade"
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set X-Frame-Options "SAMEORIGIN"
+    Header always set X-XSS-Protection "1; mode=block"
+    Header always set X-Robots-Tag "noindex, nofollow"
+</IfModule>
+
+# Logs avec IP réelle (pas l'IP de Traefik)
+<IfModule mod_remoteip.c>
+    LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+</IfModule>
diff --git a/docker-compose.yml b/docker-compose.yml
index e6b1a58..fc2df61 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -28,6 +28,10 @@ services:
       - PHP_POST_MAX_SIZE=2G
       - PHP_MAX_EXECUTION_TIME=1800
       - PHP_MAX_INPUT_TIME=1800
+      # - PHP_UPLOAD_MAX_FILESIZE=1024G
+      # - PHP_POST_MAX_SIZE=1024G
+      # - PHP_MAX_EXECUTION_TIME=86400
+      # - PHP_MAX_INPUT_TIME=86400
       # Apache
       - APACHE_BODY_LIMIT=2147483648
     healthcheck: