diff --git a/README.md b/README.md
index de0f432..dd9a2ae 100644
--- a/README.md
+++ b/README.md
@@ -91,7 +91,53 @@ Your data is persisted in the mounted `data` and `uploads` volumes.
For production, put NOMAD behind a reverse proxy with HTTPS (e.g. Nginx, Caddy, Traefik).
-Example with **Caddy**:
+> **Important:** NOMAD uses WebSockets for real-time sync. Your reverse proxy must support WebSocket upgrades on the `/ws` path.
+
+
+Nginx
+
+```nginx
+server {
+ listen 80;
+ server_name nomad.yourdomain.com;
+ return 301 https://$host$request_uri;
+}
+
+server {
+ listen 443 ssl http2;
+ server_name nomad.yourdomain.com;
+
+ ssl_certificate /path/to/fullchain.pem;
+ ssl_certificate_key /path/to/privkey.pem;
+
+ location /ws {
+ proxy_pass http://localhost:3000;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_read_timeout 86400;
+ }
+
+ location / {
+ proxy_pass http://localhost:3000;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
+}
+```
+
+
+
+
+Caddy
+
+Caddy handles WebSocket upgrades automatically:
```
nomad.yourdomain.com {
@@ -99,6 +145,8 @@ nomad.yourdomain.com {
}
```
+
+
## Optional API Keys
API keys are configured in the **Admin Panel** after login. Keys set by the admin are automatically shared with all users — no per-user configuration needed.
diff --git a/server/package.json b/server/package.json
index 6c55cf4..235c059 100644
--- a/server/package.json
+++ b/server/package.json
@@ -1,6 +1,6 @@
{
"name": "nomad-server",
- "version": "2.2.6",
+ "version": "2.2.7",
"main": "src/index.js",
"scripts": {
"start": "node --experimental-sqlite src/index.js",