diff --git a/stacks/nextcloud/chart_values.yaml b/stacks/nextcloud/chart_values.yaml
index 49f04ac6..d39fda29 100644
--- a/stacks/nextcloud/chart_values.yaml
+++ b/stacks/nextcloud/chart_values.yaml
@@ -18,10 +18,19 @@ nextcloud:
   extraEnv:
     - name: TRUSTED_PROXIES
       value: "10.0.0.0/8"
+    - name: PHP_MEMORY_LIMIT
+      value: "512M"
+    - name: PHP_UPLOAD_LIMIT
+      value: "16G"
     # - name: mail_smtpdebug
     #   value: "true"
     # - name: loglevel
     #   value: "0"
+  phpConfigs:
+    zzz-custom.ini: |
+      max_execution_time = 300
+      max_input_time = 300
+      default_socket_timeout = 300
 
 # internalDatabase:
 #   enabled: false
@@ -54,6 +63,22 @@ startupProbe:
   failureThreshold: 60
   successThreshold: 1
 
+livenessProbe:
+  enabled: true
+  initialDelaySeconds: 10
+  periodSeconds: 30
+  timeoutSeconds: 10
+  failureThreshold: 6
+  successThreshold: 1
+
+readinessProbe:
+  enabled: true
+  initialDelaySeconds: 10
+  periodSeconds: 30
+  timeoutSeconds: 10
+  failureThreshold: 3
+  successThreshold: 1
+
 podAnnotations:
   diun.enable: "true"
   diun.include_tags: "^[0-9]+(?:.[0-9]+)?(?:.[0-9]+)?.*"
@@ -71,3 +96,14 @@ resources:
 
 cronjob:
   enabled: true
+
+# Mount custom Apache MPM config to limit worker count
+extraVolumes:
+  - name: apache-tuning
+    configMap:
+      name: nextcloud-apache-tuning
+
+extraVolumeMounts:
+  - name: apache-tuning
+    mountPath: /etc/apache2/mods-enabled/mpm_prefork.conf
+    subPath: mpm_prefork.conf
diff --git a/stacks/nextcloud/main.tf b/stacks/nextcloud/main.tf
index 7ed18495..41d773f0 100644
--- a/stacks/nextcloud/main.tf
+++ b/stacks/nextcloud/main.tf
@@ -86,6 +86,26 @@ resource "helm_release" "nextcloud" {
   timeout = 6000
 }
 
+resource "kubernetes_config_map" "apache_tuning" {
+  metadata {
+    name      = "nextcloud-apache-tuning"
+    namespace = kubernetes_namespace.nextcloud.metadata[0].name
+  }
+  data = {
+    "mpm_prefork.conf" = <<-EOF
+      # Tuned for container with 6Gi memory limit
+      # Each worker uses ~220MB RSS, so 25 workers ≈ 5.5GB
+      <IfModule mpm_prefork_module>
+        StartServers            3
+        MinSpareServers         2
+        MaxSpareServers         5
+        MaxRequestWorkers       25
+        MaxConnectionsPerChild  200
+      </IfModule>
+    EOF
+  }
+}
+
 # resource "kubernetes_config_map" "config" {
 #   metadata {
 #     name      = "config"