diff --git a/Dockerfile b/Dockerfile
index 0247f8a..6910398 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,19 +1,19 @@
-FROM golang:1.24
-
-WORKDIR /app
-
-# Copie les fichiers de dépendances Go
+# ----- build -----
+FROM golang:1.22 AS builder
+WORKDIR /src
 COPY go.mod go.sum ./
 RUN go mod download
 
-# Copie tout le reste (code + web + assets)
 COPY . .
+# Si ton main est à la racine (main.go), garde ./ ; sinon mets le chemin du main
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o /out/shelfy .
 
-# Build de ton binaire
-RUN go build -o shelfy .
-
-# Expose les ports nécessaires
-EXPOSE 8080 2121
-
-# Commande de lancement
-CMD ["./shelfy"]
+# ----- runtime -----
+FROM alpine:3.20
+# sh est présent (utile pour le "tee")
+RUN adduser -D -u 10001 appuser
+WORKDIR /app
+COPY --from=builder /out/shelfy /app/shelfy
+RUN chmod +x /app/shelfy && mkdir -p /app/data /app/upload /var/log/shelfy && chown -R appuser:appuser /app
+USER appuser
+ENTRYPOINT ["/bin/sh","-c","/app/shelfy 2>&1 | tee -a /var/log/shelfy/shelfy.log"]
diff --git a/main.go b/main.go
index 4598ca3..47c35a3 100644
--- a/main.go
+++ b/main.go
@@ -253,30 +253,25 @@ func startHTTP() {
 	_ = app.Run(":8080")
 }
 
-// ---------- Main ----------
-
 func main() {
+	// SFTP sur 2222 (root = ./upload)
+	go startSFTPServer(SFTPBaseDir)
 
-		go startSFTPServer(SFTPBaseDir)
-
-
-	// Serveur HTTP Gin
-	bd := db.InitDB()
-	app := gin.Default()
-
-	api := app.Group("/api/v1")
-	routes.AddRoutes(api, bd)
-	utils.CreateDefaultFolder(bd)
-
-	app.Static("/static", "./web")
-	app.NoRoute(func(c *gin.Context) {
-		if strings.HasPrefix(c.Request.URL.Path, "/api/") {
-			c.JSON(404, gin.H{"error": "Not found"})
-			return
-		}
-		c.File("./web/index.html")
-	})
-
-	log.Println("[HTTP] Serveur Gin sur http://localhost:8080")
-	app.Run(":8080")
+	// HTTP normal
+	startHTTP()
 }
+func loadOrCreateRSAHostKey(path string) (ssh.Signer, error) {
+    if _, err := os.Stat(path); err == nil {
+        b, err := os.ReadFile(path)
+        if err != nil { return nil, err }
+        return ssh.ParsePrivateKey(b)
+    }
+    // Génère une clé RSA 2048
+    priv, err := rsa.GenerateKey(rand.Reader, 2048)
+    if err != nil { return nil, err }
+    // Encode en PEM "RSA PRIVATE KEY" (PKCS#1)
+    pkcs1 := x509.MarshalPKCS1PrivateKey(priv)
+    pemBytes := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: pkcs1})
+    if err := os.WriteFile(path, pemBytes, 0o600); err != nil { return nil, err }
+    return ssh.ParsePrivateKey(pemBytes)
+}
\ No newline at end of file