diff --git a/public/app.js b/public/app.js
index d8e1faf..9618aa0 100644
--- a/public/app.js
+++ b/public/app.js
@@ -6,7 +6,11 @@ async function api(path, options = {}) {
   })
   const data = await response.json().catch(() => ({}))
   if (!response.ok) {
-    const err = new Error(data.error || `Fehler ${response.status}`)
+    const fallback =
+      response.status === 502
+        ? 'Server nicht erreichbar (502). Bitte kurz warten und Seite neu laden – ggf. läuft ein Update auf project.webklar.com.'
+        : `Fehler ${response.status}`
+    const err = new Error(data.error || fallback)
     err.status = response.status
     if (data.retryAfterSeconds) err.retryAfterSeconds = data.retryAfterSeconds
     throw err
@@ -181,7 +185,7 @@ async function initDashboardPage() {
     }
   } catch (err) {
     loading.classList.add('hidden')
-    if (err.message.includes('401') || err.message.includes('Nicht angemeldet')) {
+    if (err.status === 401 || err.message.includes('Nicht angemeldet')) {
       window.location.href = '/login.html'
       return
     }
diff --git a/server/index.js b/server/index.js
index 9bcf4b4..ebd49db 100644
--- a/server/index.js
+++ b/server/index.js
@@ -15,6 +15,7 @@ const publicDir = path.join(__dirname, '..', 'public')
 assertServerConfig()
 
 const app = express()
+app.set('trust proxy', 1)
 app.use(sessionMiddleware())
 app.use(express.json({ limit: '2mb' }))
 
@@ -48,7 +49,14 @@ app.get('/', (_req, res) => {
   res.redirect('/login.html')
 })
 
-const server = app.listen(config.port, () => {
+app.use((err, _req, res, _next) => {
+  console.error('[server] Unbehandelter Fehler:', err)
+  if (!res.headersSent) {
+    res.status(500).json({ error: err.message || 'Interner Serverfehler' })
+  }
+})
+
+const server = app.listen(config.port, '0.0.0.0', () => {
   console.log(`Webklar Kundenbereich läuft auf Port ${config.port}`)
   verifyDatabaseAccess().then((result) => {
     if (result.ok) return
diff --git a/server/services/appwriteAdmin.js b/server/services/appwriteAdmin.js
index f09005e..e892989 100644
--- a/server/services/appwriteAdmin.js
+++ b/server/services/appwriteAdmin.js
@@ -60,22 +60,6 @@ async function adminFetch(path, { method = 'GET', body, queries = [] } = {}) {
     error.status = response.status >= 500 ? 500 : response.status
     error.code = data?.code
     error.type = data?.type
-    if (response.status === 401 && data?.type === 'user_unauthorized') {
-      // #region agent log
-      fetch('http://127.0.0.1:7281/ingest/30e8e71c-b377-4e72-84f9-593826c6d234', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json', 'X-Debug-Session-Id': '80bbfc' },
-        body: JSON.stringify({
-          sessionId: '80bbfc',
-          location: 'appwriteAdmin.js:adminFetch',
-          message: 'API key unauthorized',
-          data: { path, status: response.status, type: data?.type, code: data?.code },
-          hypothesisId: 'H9',
-          timestamp: Date.now(),
-        }),
-      }).catch(() => {})
-      // #endregion
-    }
     throw error
   }