diff --git a/.gitignore b/.gitignore
index fa09eb8..6b897af 100755
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,4 @@
 target/
-pkg/
 Cargo.lock
 node_modules/
 dist/
diff --git a/Dockerfile b/Dockerfile
index 1ec5b32..80f905c 100755
--- a/Dockerfile
+++ b/Dockerfile
@@ -25,7 +25,7 @@ COPY . .
 # Préparation des dépendances wasm (pkg/sdk_client)
 ARG SDK_CLIENT_PKG_URL=""
 ARG SDK_CLIENT_PKG_TARBALL=""
-ARG SDK_CLIENT_PKG_BASE=""
+ARG SDK_CLIENT_PKG_BASE="https://git.4nkweb.com/4nk/ihm_client/raw/branch/docker-support/pkg"
 ENV SDK_CLIENT_PKG_URL=${SDK_CLIENT_PKG_URL}
 ENV SDK_CLIENT_PKG_TARBALL=${SDK_CLIENT_PKG_TARBALL}
 ENV SDK_CLIENT_PKG_BASE=${SDK_CLIENT_PKG_BASE}
@@ -44,6 +44,9 @@ RUN apk update && apk add --no-cache nodejs npm wget
 COPY --from=builder /app/dist /usr/share/nginx/html
 COPY --from=builder /app/package*.json /app/
 
+# Index HTML minimal chargeant le bundle
+RUN printf '<!doctype html>\n<html lang="fr">\n<head>\n  <meta charset="UTF-8" />\n  <meta name="viewport" content="width=device-width, initial-scale=1.0" />\n  <title>4NK UI</title>\n</head>\n<body>\n  <div id="app"></div>\n  <script type="module" src="/index.js"></script>\n</body>\n</html>\n' > /usr/share/nginx/html/index.html
+
 # Copie de la configuration nginx optimisée pour 4NK_node
 COPY nginx.conf /etc/nginx/conf.d/default.conf
 
diff --git a/docs/INTEGRATION_IFRAME.md b/docs/INTEGRATION_IFRAME.md
index 9e2d665..32fc05b 100644
--- a/docs/INTEGRATION_IFRAME.md
+++ b/docs/INTEGRATION_IFRAME.md
@@ -39,7 +39,7 @@ Référence: `src/models/process.model.ts` (enum `MessageType`).
 ### RENEW_TOKEN (Requête)
 - Objet: obtenir un nouveau `accessToken` depuis un `refreshToken`.
 - Requête: `type`, `refreshToken`, `messageId`
-- Réponses: 
+- Réponses:
   - Succès: `type`: `RENEW_TOKEN`, `accessToken`, `refreshToken`, `messageId`
   - Erreur: `ERROR`
 
@@ -92,8 +92,8 @@ Référence: `src/models/process.model.ts` (enum `MessageType`).
 ### CREATE_PROCESS (Requête)
 - Objet: créer un nouveau processus.
 - Pré-requis: appairé + `accessToken` valide.
-- Requête: 
-  - `type` 
+- Requête:
+  - `type`
   - `processData`: Record<string, any> (données brutes à répartir en public/privé)
   - `privateFields`: string[] (liste des nouveaux champs à forcer en privé)
   - `roles`: Record<string, RoleDefinition>
diff --git a/ngnix.conf b/ngnix.conf
new file mode 100644
index 0000000..bab2899
--- /dev/null
+++ b/ngnix.conf
@@ -0,0 +1,103 @@
+server {
+    listen 80;
+    server_name localhost;
+    root /usr/share/nginx/html;
+    index index.html;
+
+    # Types MIME explicites pour ES Modules et WASM
+    types {
+        application/javascript  js mjs;
+        text/css               css;
+        application/wasm       wasm;
+    }
+
+    # Gestion des fichiers statiques
+    location / {
+        try_files $uri $uri/ /index.html;
+
+        # Headers de sécurité
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+    }
+
+    # Proxy vers sdk_relay WebSocket
+    location /ws/ {
+        proxy_pass http://sdk_relay_1:8090;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_read_timeout 86400;
+        proxy_send_timeout 86400;
+    }
+
+    # Proxy vers sdk_relay HTTP API
+    location /api/ {
+        proxy_pass http://sdk_relay_1:8091/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # CORS headers
+        add_header Access-Control-Allow-Origin "*" always;
+        add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" always;
+        add_header Access-Control-Allow-Headers "Authorization,Content-Type,Accept,X-Requested-With" always;
+
+        # Gestion des requêtes OPTIONS
+        if ($request_method = 'OPTIONS') {
+            add_header Access-Control-Allow-Origin "*";
+            add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE";
+            add_header Access-Control-Allow-Headers "Authorization,Content-Type,Accept,X-Requested-With";
+            add_header Content-Length 0;
+            add_header Content-Type text/plain;
+            return 204;
+        }
+    }
+
+    # Proxy vers Bitcoin Core RPC (si nécessaire)
+    location /bitcoin/ {
+        proxy_pass http://bitcoin:18443/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # Authentification basique pour Bitcoin RPC
+        auth_basic "Bitcoin RPC";
+        auth_basic_user_file /etc/nginx/.htpasswd;
+    }
+
+    # Proxy vers Blindbit (si nécessaire)
+    location /blindbit/ {
+        proxy_pass http://blindbit:8000/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # Cache pour les assets statiques
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+        try_files $uri =404;
+    }
+
+    # Gestion des erreurs
+    error_page 404 /index.html;
+    error_page 500 502 503 504 /50x.html;
+
+    location = /50x.html {
+        root /usr/share/nginx/html;
+    }
+
+    # Logs
+    access_log /var/log/nginx/ihm_client_access.log;
+    error_log /var/log/nginx/ihm_client_error.log;
+}