diff --git a/docker-compose.yml b/docker-compose.yml
index cf9015e..734be2a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,14 +5,13 @@ services:
     image: mariadb:10.11
     restart: unless-stopped
     environment:
-      # --- CHANGE THESE SECRETS ---
+      # --- REPLACE THESE SECRETS ---
       MYSQL_ROOT_PASSWORD: your_very_strong_root_password
       MYSQL_DATABASE: filerun
       MYSQL_USER: filerun
       MYSQL_PASSWORD: your_very_strong_filerun_password
       # ----------------------------
     volumes:
-      # Maps the 'db_data' folder on your host machine to the MariaDB data directory.
       - ./db_data:/var/lib/mysql
     networks:
       - internal
@@ -26,16 +25,14 @@ services:
       FR_DB_PORT: 3306
       FR_DB_NAME: filerun
       FR_DB_USER: filerun
-      # --- CHANGE THIS SECRET ---
+      # --- REPLACE THIS SECRET ---
       FR_DB_PASS: your_very_strong_filerun_password
       # --------------------------
       APACHE_RUN_USER: www-data
       APACHE_RUN_GROUP: www-data
     volumes:
-      # Maps the 'filerun_html' folder on your host machine for the application files.
       - ./filerun_html:/var/www/html
-      # Maps the 'user_data' folder on your host machine for actual user files.
-      - ./user_data:/user-files               
+      - ./user_data:/user-files
     networks:
       - internal
       - traefik_default                       # Connect to your existing Traefik network
@@ -44,21 +41,26 @@ services:
     labels:
       - "traefik.enable=true"
 
-      # HTTP → HTTPS redirect
+      # --- CRITICAL: FILE-RUN HTTPS MIDDLEWARE ---
+      # This middleware is vital for FileRun to correctly detect HTTPS when behind Traefik.
+      - "traefik.http.middlewares.filerun-headers.headers.customresponseheaders.X-Forwarded-Proto=https"
+
+      # --- HTTP (Port 80) Router: Redirect to HTTPS ---
       - "traefik.http.routers.filerun-http.entrypoints=web"
       - "traefik.http.routers.filerun-http.rule=Host(`filerun.rozic-dev.com`)"
-      - "traefik.http.routers.filerun-http.middlewares=redirect-to-https"
-      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      - "traefik.http.routers.filerun-http.middlewares=redirect-to-https@docker" # Assumes a global Traefik redirect middleware
 
-      # HTTPS router
+      # --- HTTPS (Port 443) Router ---
       - "traefik.http.routers.filerun-https.entrypoints=websecure"
       - "traefik.http.routers.filerun-https.rule=Host(`filerun.rozic-dev.com`)"
       - "traefik.http.routers.filerun-https.tls=true"
       - "traefik.http.routers.filerun-https.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.filerun-https.middlewares=filerun-headers@docker" # Apply the X-Forwarded-Proto header
       - "traefik.http.routers.filerun-https.priority=100" # Optional: higher priority
 
-      # Service definition
+      # --- Service Definition ---
       - "traefik.http.services.filerun.loadbalancer.server.port=80"
+    # IMPORTANT: Since Traefik is handling traffic, DO NOT include a 'ports' section here.
 
 networks:
   internal: