diff --git a/admin/.env.example b/admin/.env.example
index 92331fe..4c4187a 100644
--- a/admin/.env.example
+++ b/admin/.env.example
@@ -1,6 +1,6 @@
SECRET_KEY=changez-moi-avec-une-valeur-aleatoire-longue
-ALPID_CLIENT_ID=alpinux-admin
+ALPID_CLIENT_ID=admin-alpinux
ALPID_CLIENT_SECRET=
ALPID_DISCOVERY_URL=https://alpid.alpinux.org/realms/alpinux/.well-known/openid-configuration
diff --git a/admin/app.py b/admin/app.py
index 947ccec..83d0d1d 100644
--- a/admin/app.py
+++ b/admin/app.py
@@ -8,8 +8,8 @@ import builds
app = Flask(__name__)
app.secret_key = os.environ["SECRET_KEY"]
-# Gère X-Forwarded-Proto et X-Script-Name envoyés par Apache
-app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_prefix=1)
+# Gère X-Forwarded-Proto envoyé par Apache
+app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1)
# ── OIDC AlpID ────────────────────────────────────────────────────
oauth = OAuth(app)
diff --git a/scripts/admin.alpinux.org.vhost.conf b/scripts/admin.alpinux.org.vhost.conf
new file mode 100644
index 0000000..f9102a5
--- /dev/null
+++ b/scripts/admin.alpinux.org.vhost.conf
@@ -0,0 +1,36 @@
+# Apache vhost pour admin.alpinux.org
+# À créer via ISPConfig : Sites > Ajouter un site web
+# Domaine : admin.alpinux.org
+# Activer SSL Let's Encrypt dans ISPConfig
+#
+# L'app admin Flask tourne derrière Gunicorn sur 127.0.0.1:5002
+
+
+ ServerName admin.alpinux.org
+ Redirect permanent / https://admin.alpinux.org/
+
+
+
+ ServerName admin.alpinux.org
+
+ # ── Proxy vers Gunicorn ──────────────────────────────────────
+ ProxyPreserveHost On
+ ProxyPass / http://127.0.0.1:5002/
+ ProxyPassReverse / http://127.0.0.1:5002/
+
+ RequestHeader set X-Forwarded-Proto "https"
+ RequestHeader set X-Forwarded-For "%{REMOTE_ADDR}s"
+
+ # ── Sécurité ─────────────────────────────────────────────────
+ Header always set X-Content-Type-Options "nosniff"
+ Header always set X-Frame-Options "DENY"
+ Header always set Referrer-Policy "strict-origin-when-cross-origin"
+
+ # ── Logs ─────────────────────────────────────────────────────
+ ErrorLog /var/log/apache2/admin.alpinux.org-error.log
+ CustomLog /var/log/apache2/admin.alpinux.org-access.log combined
+
+ SSLEngine on
+ SSLCertificateFile /etc/letsencrypt/live/admin.alpinux.org/fullchain.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/admin.alpinux.org/privkey.pem
+
diff --git a/scripts/alpinux-admin.service b/scripts/alpinux-admin.service
index dc0a1ed..16a92ac 100644
--- a/scripts/alpinux-admin.service
+++ b/scripts/alpinux-admin.service
@@ -3,7 +3,7 @@
# puis : sudo systemctl enable --now alpinux-admin
[Unit]
-Description=Alpinux Admin — interface de déploiement (Flask + Gunicorn)
+Description=Alpinux Admin — admin.alpinux.org (Flask + Gunicorn)
After=network.target
[Service]
diff --git a/scripts/portail.alpinux.org.admin.conf b/scripts/portail.alpinux.org.admin.conf
deleted file mode 100644
index cb0214d..0000000
--- a/scripts/portail.alpinux.org.admin.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-# Bloc à ajouter dans le VirtualHost HTTPS de portail.alpinux.org
-# (dans ISPConfig : Sites > portail.alpinux.org > Directives Apache personnalisées)
-#
-# L'app admin Flask tourne sur Gunicorn à 127.0.0.1:5002
-
- # ── Admin Alpinux : /admin/ → Gunicorn port 5002 ────────────────
- ProxyPass /admin/ http://127.0.0.1:5002/
- ProxyPassReverse /admin/ http://127.0.0.1:5002/
- RequestHeader set X-Forwarded-Proto "https"
- RequestHeader set X-Script-Name "/admin"