diff --git a/nginx.conf b/nginx.conf
index 95a0886..5179924 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -3,10 +3,15 @@ events {}
 http {
     include       /etc/nginx/mime.types;
     default_type  application/octet-stream;
-    upstream backend5000 { server server1:5000; }
-    upstream backend5001 { server server2:5001; }
-    upstream backend5002 { server server3:5002; }
 
+    # ------------------ upstreams (one line to edit per container) ----------
+    upstream backend5000 { server server1:5000; }   # auth & free
+    upstream backend5001 { server server2:5001; }   # onet, distance, etc.
+    upstream backend5002 { server server3:5002; }   # premium
+
+    # -----------------------------------------------------------------------
+    #  1.  HTTP → HTTPS redirect
+    # -----------------------------------------------------------------------
     server {
         listen 80;
         listen [::]:80;
@@ -14,58 +19,64 @@ http {
         return 301 https://$host$request_uri;
     }
 
+    # -----------------------------------------------------------------------
+    #  2.  Main virtual host on :443
+    # -----------------------------------------------------------------------
     server {
-        listen 443 ssl;
+        listen 443 ssl http2;
         server_name dev1.aptivaai.com;
-        root /usr/share/nginx/html;
-	index index.html;
 
+        # ---------- TLS -----------------------------------------------------
         ssl_certificate     /etc/letsencrypt/live/dev1.aptivaai.com/fullchain.pem;
         ssl_certificate_key /etc/letsencrypt/live/dev1.aptivaai.com/privkey.pem;
         ssl_protocols       TLSv1.2 TLSv1.3;
 
-        # ---- server1 (port 5000) ----
-        location /api/register         { proxy_pass http://server1:5000/api/register; }
-        location /api/check-username   { proxy_pass http://server1:5000/api/check-username; }
-        location /api/signin           { proxy_pass http://server1:5000/api/signin; }
-        location /api/login            { proxy_pass http://server1:5000/api/login; }
-        location /api/user-profile     { proxy_pass http://server1:5000/api/user-profile; }
-        location /api/areas            { proxy_pass http://server1:5000/api/areas; }
-        location /api/activate-premium { proxy_pass http://server1:5000/api/activate-premium; }
-
-        # ---- server2 (port 5001) ----
-        location /api/onet/                     { proxy_pass http://server2:5001; }
-        location /api/onet/career-description/  { proxy_pass http://server2:5001; }
-        location /api/job-zones                 { proxy_pass http://server2:5001/api/job-zones; }
-        location /api/salary                    { proxy_pass http://server2:5001/api/salary; }
-        location /api/cip/                      { proxy_pass http://server2:5001/api/cip/; }
-        location /api/tuition/                  { proxy_pass http://server2:5001/api/tuition/; }
-        location /api/projections/              { proxy_pass http://server2:5001/api/projections/; }
-        location /api/skills/                   { proxy_pass http://server2:5001/api/skills/; }
-        location = /api/ai-risk                 { proxy_pass http://server2:5001/api/ai-risk; }
-        location /api/ai-risk/                  { proxy_pass http://server2:5001/api/ai-risk/; }
-        location /api/chat/ {
-            proxy_pass http://server2:5001;
-            proxy_http_version 1.1;
-            proxy_buffering off;
-        }
-        location ^~ /api/maps/distance          { proxy_pass http://server2:5001; }
-        location /api/schools                   { proxy_pass http://server2:5001/api/schools; }
-
-        # ---- server3 (port 5002) ----
-        location ^~ /api/premium/               { proxy_pass http://server3:5002; }
-        location /api/public/                   { proxy_pass http://server3:5002/api/public/; }
-
-        # ---- static React build ----
+        # ---------- React static assets -------------------------------------
+        root /usr/share/nginx/html;
+        index index.html;
         location / {
-        index  index.html;
-        try_files $uri $uri/ /index.html;
+            try_files $uri $uri/ /index.html;
         }
         location ~* \.(?:ico|css|js|gif|jpe?g|png|woff2?|eot|ttf|svg)$ {
             expires 6M;
             access_log off;
         }
 
+        # -------------------------------------------------------------------
+        #  3.  API reverse‑proxy rules  (three prefixes = three back‑ends)
+        # -------------------------------------------------------------------
+
+        ## 3A  server2 – career, maps, onet, salary, etc.
+        ##     Anything that *starts* with /api/onet/ OR any one of the paths
+        ##     you previously enumerated now lives here.
+        location ^~ /api/onet/          { proxy_pass http://backend5001; }
+        location ^~ /api/chat/          { proxy_pass http://backend5001; proxy_http_version 1.1; proxy_buffering off; }
+        location ^~ /api/job-zones      { proxy_pass http://backend5001; }
+        location ^~ /api/salary         { proxy_pass http://backend5001; }
+        location ^~ /api/cip/           { proxy_pass http://backend5001; }
+        location ^~ /api/tuition/       { proxy_pass http://backend5001; }
+        location ^~ /api/projections/   { proxy_pass http://backend5001; }
+        location ^~ /api/skills/        { proxy_pass http://backend5001; }
+        location ^~ /api/ai-risk        { proxy_pass http://backend5001; }
+        location ^~ /api/maps/distance  { proxy_pass http://backend5001; }
+        location ^~ /api/schools        { proxy_pass http://backend5001; }
+
+        ## 3B  server3 – premium & public assets handled by server3
+        location ^~ /api/premium/       { proxy_pass http://backend5002; }
+        location ^~ /api/public/        { proxy_pass http://backend5002; }
+
+        ## 3C  server1 – everything else beginning with /api/
+        ##     (register, signin, user‑profile, areas, activate‑premium, …)
+        location ^~ /api/               { proxy_pass http://backend5000; }
+
+        # ---------- shared proxy settings -----------------------------------
+        ## Add the headers *once*; they apply to every proxy_pass above.
+        proxy_set_header Host            $host;
+        proxy_set_header X-Real-IP       $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # ---------- error pages ---------------------------------------------
         error_page 502 503 504 /50x.html;
         location = /50x.html { root /usr/share/nginx/html; }
     }
diff --git a/src/App.js b/src/App.js
index 6b065c3..cb7bafe 100644
--- a/src/App.js
+++ b/src/App.js
@@ -131,7 +131,7 @@ const uiToolHandlers = useMemo(() => {
     }
 
     // If we have a token, validate it by fetching user
-    fetch('https://`${apiUrl}/user-profile', {
+    fetch(`${apiUrl}/user-profile`, {
       headers: { Authorization: `Bearer ${token}` },
     })
       .then((res) => {
diff --git a/src/components/SignIn.js b/src/components/SignIn.js
index 3f9f9f8..51b5494 100644
--- a/src/components/SignIn.js
+++ b/src/components/SignIn.js
@@ -46,7 +46,7 @@ function SignIn({ setIsAuthenticated, setUser }) {
           const resp = await fetch(`${apiUrl}/signin`, {
             method : 'POST',
             headers: { 'Content-Type': 'application/json' },
-            body   : JSON.stringify(username, password),
+            body   : JSON.stringify({username, password}),
           });
 
           const data = await resp.json();            // ← read ONCE