diff --git a/Dockerfile b/Dockerfile
index ccc06a934..436d04882 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -63,7 +63,7 @@ FROM --platform=$TARGETOS/$TARGETARCH localhost:5000/base-php:$TARGETARCH AS fin
 WORKDIR /var/www/html
 
 # Install additional required libraries
-RUN apk update && apk add --no-cache \
+RUN apk add --no-cache \
     caddy ca-certificates supervisor supercronic
 
 COPY --chown=root:www-data --chmod=640 --from=composerbuild /build .
@@ -93,10 +93,11 @@ COPY docker/Caddyfile /etc/caddy/Caddyfile
 # Add Laravel scheduler to crontab
 COPY docker/crontab /etc/supercronic/crontab
 
-COPY docker/entrypoint.sh ./docker/entrypoint.sh
+COPY docker/entrypoint.sh /entrypoint.sh
+COPY docker/healthcheck.sh /healthcheck.sh
 
 HEALTHCHECK --interval=5m --timeout=10s --start-period=5s --retries=3 \
-  CMD curl -f http://localhost/up || exit 1
+  CMD /bin/ash /healthcheck.sh
 
 EXPOSE 80 443
 
@@ -104,5 +105,5 @@ VOLUME /pelican-data
 
 USER www-data
 
-ENTRYPOINT [ "/bin/ash", "docker/entrypoint.sh" ]
+ENTRYPOINT [ "/bin/ash", "/entrypoint.sh" ]
 CMD [ "supervisord", "-n", "-c", "/etc/supervisord.conf" ]
diff --git a/Dockerfile.dev b/Dockerfile.dev
index 797576e25..0872e7ab4 100644
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@@ -67,8 +67,8 @@ FROM --platform=$TARGETOS/$TARGETARCH base AS final
 WORKDIR /var/www/html
 
 # Install additional required libraries
-RUN apk update && apk add --no-cache \
-    caddy ca-certificates supervisor supercronic
+RUN apk add --no-cache \
+    caddy ca-certificates supervisor supercronic coreutils
 
 COPY --chown=root:www-data --chmod=640 --from=composerbuild /build .
 COPY --chown=root:www-data --chmod=640 --from=yarnbuild /build/public ./public
@@ -97,10 +97,11 @@ COPY docker/Caddyfile /etc/caddy/Caddyfile
 # Add Laravel scheduler to crontab
 COPY docker/crontab /etc/supercronic/crontab
 
-COPY docker/entrypoint.sh ./docker/entrypoint.sh
+COPY docker/entrypoint.sh /entrypoint.sh
+COPY docker/healthcheck.sh /healthcheck.sh
 
 HEALTHCHECK --interval=5m --timeout=10s --start-period=5s --retries=3 \
-  CMD curl -f http://localhost/up || exit 1
+  CMD /bin/ash /healthcheck.sh
 
 EXPOSE 80 443
 
@@ -108,5 +109,5 @@ VOLUME /pelican-data
 
 USER www-data
 
-ENTRYPOINT [ "/bin/ash", "docker/entrypoint.sh" ]
+ENTRYPOINT [ "/bin/ash", "/entrypoint.sh" ]
 CMD [ "supervisord", "-n", "-c", "/etc/supervisord.conf" ]
diff --git a/compose.yml b/compose.yml
index becbab503..24aea6832 100644
--- a/compose.yml
+++ b/compose.yml
@@ -45,6 +45,7 @@ services:
       <<: [*panel-environment, *mail-environment]
       XDG_DATA_HOME: /pelican-data
       # SKIP_CADDY: true # enable when not using caddy.
+      TRUSTED_PROXIES:
 
 volumes:
   pelican-data:
diff --git a/docker/Caddyfile b/docker/Caddyfile
index e30760959..96559e477 100644
--- a/docker/Caddyfile
+++ b/docker/Caddyfile
@@ -1,12 +1,17 @@
 {
-    admin off
-    email {$ADMIN_EMAIL}
+	servers {
+		## docs https://caddyserver.com/docs/caddyfile/options#trusted-proxies
+		{$CADDY_TRUSTED_PROXIES} 
+		{$CADDY_STRICT_PROXIES}
+	}
+	admin off
+	auto_https off
+	email {$ADMIN_EMAIL}
 }
 
 {$APP_URL} {
-    root * /var/www/html/public
-    encode gzip
+	root * /var/www/html/public
+	encode gzip
 
-    php_fastcgi 127.0.0.1:9000
-    file_server
+	php_fastcgi 127.0.0.1:9000
 }
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index 1089ea539..9734223c4 100644
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -1,5 +1,4 @@
 #!/bin/ash -e
-
 ## check for .env file or symlink and generate app keys if missing
 if [ -f /var/www/html/.env ]; then
   echo "external vars exist."
@@ -23,6 +22,8 @@ else
   echo -e "APP_INSTALLED=false" >> /pelican-data/.env
 fi
 
+sed -i "s/upload_max_filesize = 2M/upload_max_filesize = ${UPLOAD_LIMIT}M/" /usr/local/etc/php/php.ini-production
+
 mkdir -p /pelican-data/database /pelican-data/storage/avatars /pelican-data/storage/fonts /var/www/html/storage/logs/supervisord 2>/dev/null
 
 if ! grep -q "APP_KEY=" .env || grep -q "APP_KEY=$" .env; then
@@ -39,6 +40,7 @@ php artisan migrate --force
 echo -e "Optimizing Filament"
 php artisan filament:optimize
 
+# default to caddy not starting
 export SUPERVISORD_CADDY=false
 
 ## disable caddy if SKIP_CADDY is set
@@ -46,7 +48,14 @@ if [[ "${SKIP_CADDY:-}" == "true" ]]; then
   echo "Starting PHP-FPM only"
 else
   echo "Starting PHP-FPM and Caddy"
+  # enable caddy
   export SUPERVISORD_CADDY=true
+
+  # handle trusted proxies for caddy
+  if [[ ! -z ${TRUSTED_PROXIES} ]]; then
+    export CADDY_TRUSTED_PROXIES=$(echo "trusted_proxies static ${TRUSTED_PROXIES}" | sed 's/,/ /g')
+    export CADDY_STRICT_PROXIES="trusted_proxies_strict"
+  fi
 fi
 
 echo "Starting Supervisord"
diff --git a/docker/healthcheck.sh b/docker/healthcheck.sh
new file mode 100644
index 000000000..8eef81989
--- /dev/null
+++ b/docker/healthcheck.sh
@@ -0,0 +1,9 @@
+#!/bin/ash -e
+
+if [ ${SKIP_CADDY} ! "true" ]; then
+    curl -f http://localhost/up || exit 1
+fi
+
+cgi-fcgi -bind -connect 127.0.0.1:9000 || exit 2
+
+exit 0
\ No newline at end of file