diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 00117af..f32afa5 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -35,6 +35,7 @@ services:
       MYSQL_USER: ${DB_USERNAME:-laravel}
     volumes:
       - mysql_data:/var/lib/mysql
+      - ./ckb.sql:/docker-entrypoint-initdb.d/01-init.sql:ro
       - ./docker/mysql.cnf:/etc/mysql/conf.d/mysql.cnf:ro
     expose:
       - "3306"
@@ -59,8 +60,8 @@ services:
     container_name: ckb-nginx-proxy
     restart: unless-stopped
     ports:
-      - "8081:80"
-      - "443:443"
+      - "8082:80"
+      - "8444:443"
     volumes:
       - ./docker/nginx-proxy.conf:/etc/nginx/nginx.conf:ro
       - ssl_certificates:/etc/nginx/ssl:ro
diff --git a/docker/nginx-proxy.conf b/docker/nginx-proxy.conf
index 193eafa..782b5c7 100644
--- a/docker/nginx-proxy.conf
+++ b/docker/nginx-proxy.conf
@@ -46,26 +46,69 @@ http {
         server app:80;
     }
 
-    # HTTP to HTTPS redirect
+    # HTTP server configuration
     server {
         listen 80;
-        server_name bengkel.digitaloasis.xyz www.bengkel.digitaloasis.xyz;
+        server_name bengkel.digitaloasis.xyz www.bengkel.digitaloasis.xyz _;
         
         # Let's Encrypt challenge
         location /.well-known/acme-challenge/ {
             root /var/www/certbot;
         }
         
-        # Redirect all other traffic to HTTPS
+        # Main application for HTTP
         location / {
-            return 301 https://$server_name$request_uri;
+            proxy_pass http://app;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-Host $server_name;
+            proxy_set_header X-Forwarded-Port $server_port;
+            proxy_read_timeout 300;
+            proxy_connect_timeout 300;
+            proxy_send_timeout 300;
+        }
+
+        # Handle static files
+        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+            proxy_pass http://app;
+            expires 1y;
+            add_header Cache-Control "public, immutable";
+        }
+
+        # Rate limiting for login endpoints
+        location ~ ^/(login|register|password) {
+            limit_req zone=login burst=5 nodelay;
+            proxy_pass http://app;
+        }
+
+        # Rate limiting for API endpoints
+        location /api/ {
+            limit_req zone=api burst=20 nodelay;
+            proxy_pass http://app;
+        }
+
+        # Health check endpoint
+        location /health {
+            access_log off;
+            proxy_pass http://app;
+        }
+
+        # Block access to sensitive files
+        location ~ /\. {
+            deny all;
+        }
+
+        location ~ ^/(storage|bootstrap/cache) {
+            deny all;
         }
     }
 
     # HTTPS server configuration
     server {
         listen 443 ssl http2;
-        server_name bengkel.digitaloasis.xyz www.bengkel.digitaloasis.xyz;
+        server_name bengkel.digitaloasis.xyz www.bengkel.digitaloasis.xyz _;
 
         # SSL configuration
         ssl_certificate /etc/nginx/ssl/fullchain.pem;
@@ -85,10 +128,6 @@ http {
         add_header X-XSS-Protection "1; mode=block" always;
         add_header Referrer-Policy "strict-origin-when-cross-origin" always;
 
-        # Root directory
-        root /var/www/html/public;
-        index index.php index.html;
-
         # Proxy settings
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;