diff --git a/docker-compose.yml b/docker-compose.yml
index 63c3114..f4d353b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,18 +3,16 @@ services:
     image: mariadb:10.11
     restart: unless-stopped
     environment:
-     # --- REPLACE THESE NOW ---
       MYSQL_ROOT_PASSWORD: SuperSecretRoot123!
       MYSQL_DATABASE: filerun
       MYSQL_USER: filerun
       MYSQL_PASSWORD: SuperSecretFileRun456!
-      # ------------------------
     volumes:
       - ./db_data:/var/lib/mysql
     networks:
       - internal
 
-  ffilerun:
+  filerun:
     image: filerun/filerun:8.1.arm64v8
     restart: unless-stopped
     environment:
@@ -23,35 +21,53 @@ services:
       FR_DB_NAME: filerun
       FR_DB_USER: filerun
       FR_DB_PASS: SuperSecretFileRun456!
+
       APACHE_RUN_USER: www-data
+      APACHE_RUN_USER_ID: 33
       APACHE_RUN_GROUP: www-data
+      APACHE_RUN_GROUP_ID: 33
+
+      # Critical: enable proxy support in FileRun!
+      FR_USE_PROXY: "true"
+
     volumes:
       - ./filerun_html:/var/www/html
       - ./user_data:/user-files
-    expose:
-      - "80"                                # TO MORA BITI TUKAJ!
     networks:
       - internal
       - traefik_default
     depends_on:
       - db
+
     labels:
       - "traefik.enable=true"
-      - "traefik.http.middlewares.filerun-headers.headers.customresponseheaders.X-Forwarded-Proto=https"
+      - "traefik.docker.network=traefik_default"
+
+      # Create redirect middleware to HTTPS
+      - "traefik.http.middlewares.filerun-redirect.redirectscheme.scheme=https"
+      - "traefik.http.middlewares.filerun-redirect.redirectscheme.permanent=true"
+
+      # FileRun headers (required behind proxy)
+      - "traefik.http.middlewares.filerun-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
+      - "traefik.http.middlewares.filerun-headers.headers.customrequestheaders.X-Forwarded-Host=filerun.rozic-dev.com"
+
+      # HTTP Router → redirect to HTTPS
       - "traefik.http.routers.filerun-http.entrypoints=web"
       - "traefik.http.routers.filerun-http.rule=Host(`filerun.rozic-dev.com`)"
-      - "traefik.http.routers.filerun-http.middlewares=redirectscheme"
-      - "traefik.http.middlewares.redirectscheme.redirectscheme.scheme=https"
+      - "traefik.http.routers.filerun-http.middlewares=filerun-redirect@docker"
+
+      # HTTPS Router
       - "traefik.http.routers.filerun-https.entrypoints=websecure"
       - "traefik.http.routers.filerun-https.rule=Host(`filerun.rozic-dev.com`)"
       - "traefik.http.routers.filerun-https.tls=true"
       - "traefik.http.routers.filerun-https.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.filerun-https.middlewares=filerun-headers"
-      - "traefik.http.routers.filerun-https.priority=100"
+      - "traefik.http.routers.filerun-https.middlewares=filerun-headers@docker"
+
+      # Backend service
       - "traefik.http.services.filerun.loadbalancer.server.port=80"
 
 networks:
   internal:
     driver: bridge
   traefik_default:
-    external: true   # This connects to your existing Traefik network
\ No newline at end of file
+    external: true