diff --git a/.woodpecker.yml b/.woodpecker.yml
index 07576f9..442b2ba 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -104,11 +104,42 @@ steps:
         echo "Consul: prestashop -> $CONTAINER_IP:80 urlprefix-$DOMAIN/"
 
         # --- Routes Fabio KV (HTTP + HTTPS) ---
-        ROUTES=$(printf 'route add prestashop %s/ http://%s:80/\nroute add prestashop %s:443/ http://%s:80/' "$DOMAIN" "$CONTAINER_IP" "$DOMAIN" "$CONTAINER_IP")
+        # /* requis avec le glob matcher de Fabio : sans *, seul / exact matche (les sous-chemins tombent sur le catch-all nginx)
+        ROUTES=$(printf 'route add prestashop %s/* http://%s:80/\nroute add prestashop %s:443/* http://%s:80/' "$DOMAIN" "$CONTAINER_IP" "$DOMAIN" "$CONTAINER_IP")
         docker exec sonic-consul env CONSUL_HTTP_TOKEN="$CTOK" consul kv put fabio/config "$ROUTES"
         echo "Fabio KV: routes HTTP+HTTPS $DOMAIN -> $CONTAINER_IP:80"
 
-  # Etape 4 : Healthcheck post-deploiement
+  # Etape 4 : Configuration post-deploiement (SSL, cache)
+  # Attend la fin de l'installation PrestaShop (ps_configuration initialisee),
+  # puis active SSL dans la DB (PrestaShop genere des URLs https:// grace a X-Forwarded-Proto:https de Fabio)
+  - name: configure
+    image: docker:27-cli
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+      - |
+        DB_PASS=$(grep '^DB_PASSWORD=' .env.deploy | cut -d= -f2)
+        echo "Attente fin installation PrestaShop (ps_configuration)..."
+        MAX=60
+        i=0
+        until [ $i -ge $MAX ]; do
+          READY=$(docker exec prestashop-db mysql -uprestashop -p"$DB_PASS" -se \
+            "SELECT COUNT(*) FROM prestashop.ps_configuration WHERE name='PS_SSL_ENABLED';" 2>/dev/null || echo 0)
+          if [ "$READY" -gt "0" ] 2>/dev/null; then
+            echo "Base prete, activation SSL..."
+            docker exec prestashop-db mysql -uprestashop -p"$DB_PASS" prestashop -e \
+              "UPDATE ps_configuration SET value='1' WHERE name IN ('PS_SSL_ENABLED','PS_SSL_ENABLED_EVERYWHERE');"
+            docker exec prestashop rm -rf /var/www/html/var/cache/prod/ 2>/dev/null || true
+            echo "SSL active dans DB, cache efface"
+            break
+          fi
+          i=$((i+1))
+          echo "Tentative $i/$MAX - installation en cours..."
+          sleep 10
+        done
+        [ $i -ge $MAX ] && echo "AVERTISSEMENT: timeout configure SSL" || true
+
+  # Etape 5 : Healthcheck post-deploiement
   - name: healthcheck
     image: alpine:3.20
     commands:
diff --git a/docker-compose.yml b/docker-compose.yml
index 03ed4d6..9ed938c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -17,9 +17,9 @@ services:
       ADMIN_PASSWD: ${PRESTASHOP_ADMIN_PASSWORD}
       PS_INSTALL_AUTO: "1"
       PS_ERASE_DB: "0"
-      # SSL desactive cote PrestaShop : Fabio gere le TLS en terminaison
-      # Cela evite les boucles de redirection HTTPS
-      PS_ENABLE_SSL: "0"
+      # SSL active : Fabio termine TLS et passe X-Forwarded-Proto:https
+      # PrestaShop honore ce header -> genere des URLs https:// sans boucle de redirection
+      PS_ENABLE_SSL: "1"
     volumes:
       - ps_data:/var/www/html
     labels: