diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..bdbf495
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,9 @@
+Dockerfile
+.dockerignore
+node_modules
+.next
+.git
+.env
+yarn.lock
+tasks/
+*.md
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..ccff3d9
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,52 @@
+# ─── Étape 1 : dépendances ───────────────────────────────────────────────────
+FROM node:22-alpine AS deps
+
+RUN apk add --no-cache libc6-compat
+WORKDIR /app
+
+COPY package.json package-lock.json ./
+RUN npm ci
+
+# ─── Étape 2 : build de production ───────────────────────────────────────────
+FROM node:22-alpine AS builder
+
+WORKDIR /app
+COPY --from=deps /app/node_modules ./node_modules
+COPY . .
+
+# Variables nécessaires au build (publiques uniquement — pas de secrets)
+ARG NEXT_PUBLIC_DIRECTUS_API_URL
+ARG NEXT_PUBLIC_DIRECTUS_API_WS_URL
+ARG NEXT_PUBLIC_SENTRY_DSN
+ARG SENTRY_AUTH_TOKEN
+
+ENV NEXT_PUBLIC_DIRECTUS_API_URL=$NEXT_PUBLIC_DIRECTUS_API_URL
+ENV NEXT_PUBLIC_DIRECTUS_API_WS_URL=$NEXT_PUBLIC_DIRECTUS_API_WS_URL
+ENV NEXT_PUBLIC_SENTRY_DSN=$NEXT_PUBLIC_SENTRY_DSN
+ENV SENTRY_AUTH_TOKEN=$SENTRY_AUTH_TOKEN
+
+RUN npm run build
+
+# ─── Étape 3 : image de production minimale ──────────────────────────────────
+FROM node:22-alpine AS runner
+
+WORKDIR /app
+
+ENV NODE_ENV=production
+ENV PORT=3000
+ENV HOSTNAME=0.0.0.0
+
+# Utilisateur non-root pour la sécurité
+RUN addgroup --system --gid 1001 nodejs && \
+    adduser --system --uid 1001 nextjs
+
+# Le mode standalone copie uniquement ce qui est nécessaire à l'exécution
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+
+USER nextjs
+
+EXPOSE 3000
+
+# server.js généré par output: 'standalone'
+CMD ["node", "server.js"]
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..0a150a2
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,13 @@
+services:
+  frontend:
+    build:
+      context: .
+      args:
+        NEXT_PUBLIC_DIRECTUS_API_URL: ${NEXT_PUBLIC_DIRECTUS_API_URL}
+        NEXT_PUBLIC_DIRECTUS_API_WS_URL: ${NEXT_PUBLIC_DIRECTUS_API_WS_URL}
+        NEXT_PUBLIC_SENTRY_DSN: ${NEXT_PUBLIC_SENTRY_DSN}
+        # SENTRY_AUTH_TOKEN: ${SENTRY_AUTH_TOKEN}  # décommenter pour uploader les source maps
+    ports:
+      - "3000:3000"
+    env_file: .env
+    restart: unless-stopped
diff --git a/next.config.mjs b/next.config.mjs
index 64defd9..6847a0d 100644
--- a/next.config.mjs
+++ b/next.config.mjs
@@ -53,6 +53,8 @@ const securityHeaders = [
 ]
 
 const nextConfig = {
+  // Active le mode standalone : bundle minimal autonome pour Docker
+  output: 'standalone',
   experimental: {
     // Optimiser les imports pour réduire la mémoire
     optimizePackageImports: ['@mui/material', '@mui/icons-material', '@emotion/react', '@emotion/styled'],
diff --git a/tasks/todo.md b/tasks/todo.md
index 29de9b5..5ad32ca 100644
--- a/tasks/todo.md
+++ b/tasks/todo.md
@@ -20,7 +20,7 @@
 ## Améliorations moyennes (P3)
 
 - [x] ISR page d'accueil (`revalidate`)
-- [ ] Dockerisation frontend (`output: standalone`)
+- [x] Dockerisation frontend (`output: standalone`)
 - [ ] Audit accessibilité WCAG 2.1
 - [ ] Responsive mobile dashboard
 - [ ] Lazy loading jsPDF + md-editor