diff --git a/harbor/docker-compose.yml b/harbor/docker-compose.yml
index 894525d..aaa5db9 100644
--- a/harbor/docker-compose.yml
+++ b/harbor/docker-compose.yml
@@ -1,6 +1,8 @@
+version: "3.9"
+
 services:
   # ---------------------------------------------------------
-  # 1. Init-Container: erzeugt harbor.yml + Self-Signed TLS
+  # 1. Init-Container: erzeugt harbor.yml (OHNE HTTPS!)
   # ---------------------------------------------------------
   harbor-config:
     image: alpine:${ALPINE_VERSION:-3.19}
@@ -9,30 +11,14 @@ services:
     command: |
       set -e
 
-      # TLS-Verzeichnis erstellen
-      mkdir -p ${HARBOR_DATA_PATH:-/data/harbor}/tls
+      mkdir -p ${HARBOR_DATA_PATH:-/data/harbor}/config
 
-      # Self-Signed Zertifikat erzeugen, falls nicht vorhanden
-      if [ ! -f "${HARBOR_DATA_PATH:-/data/harbor}/tls/harbor.crt" ]; then
-        echo "Generating self-signed certificate..."
-        openssl req -x509 -nodes -newkey rsa:2048 \
-          -keyout ${HARBOR_DATA_PATH:-/data/harbor}/tls/harbor.key \
-          -out ${HARBOR_DATA_PATH:-/data/harbor}/tls/harbor.crt \
-          -subj "/CN=${HARBOR_HOSTNAME:-harbor.local}"
-      fi
-
-      # Harbor-Konfiguration erzeugen
       cat <<EOF > /config/harbor.yml
       hostname: ${HARBOR_HOSTNAME:-harbor.local}
 
       http:
         port: ${HARBOR_HTTP_PORT:-8080}
 
-      https:
-        port: ${HARBOR_HTTPS_PORT:-8443}
-        certificate: /etc/harbor/tls/harbor.crt
-        private_key: /etc/harbor/tls/harbor.key
-
       harbor_admin_password: ${HARBOR_ADMIN_PASSWORD:-Harbor12345}
 
       data_volume: ${HARBOR_DATA_PATH:-/data/harbor}
@@ -42,7 +28,6 @@ services:
       EOF
     volumes:
       - "${HARBOR_DATA_PATH:-/data/harbor}/config:/config"
-      - "${HARBOR_DATA_PATH:-/data/harbor}/tls:/etc/harbor/tls:ro"
     restart: "no"
     networks:
       - harbor
@@ -103,8 +88,10 @@ services:
       - "traefik.http.routers.harbor.entrypoints=websecure"
       - "traefik.http.routers.harbor.rule=Host(`${HARBOR_HOSTNAME:-harbor.local}`)"
       - "traefik.http.routers.harbor.tls=true"
-      - "traefik.http.routers.harbor.tls.passthrough=true"
-      - "traefik.http.services.harbor.loadbalancer.server.port=${HARBOR_HTTPS_PORT:-8443}"
+      - "traefik.http.routers.harbor.tls.passthrough=false"
+      # Falls du Let's Encrypt nutzt:
+      # - "traefik.http.routers.harbor.tls.certresolver=myresolver"
+      - "traefik.http.services.harbor.loadbalancer.server.port=${HARBOR_HTTP_PORT:-8080}"
 
   jobservice:
     image: goharbor/harbor-jobservice:${HARBOR_VERSION:-v2.11.0}