Document public reverse proxy deployment

- Add README instructions for deploying the full report system through local Docker port 4002, frpc, Nginx Proxy Manager, and sstwbg.example.com.

- Document required HTTPS, WebSocket, request-size, timeout, health-check, login, AI, video-frame, and speech verification steps.

- Add TRUST_PROXY support so secure session cookies work behind public HTTPS reverse proxies.

- Preserve upstream X-Forwarded-Proto through the container Nginx API proxy.

- Allow Docker Compose session and trust-proxy variables to be overridden for public deployments.

- Update deployment and Docker docs with the same public reverse-proxy guidance.

nginx.conf

@@ -3,6 +3,12 @@ map $http_upgrade $connection_upgrade {
     '' close;
 }
 
+# XXX Preserve the public HTTPS scheme when an outer reverse proxy terminates TLS.
+map $http_x_forwarded_proto $proxy_x_forwarded_proto {
+    default $http_x_forwarded_proto;
+    '' $scheme;
+}
+
 server {
     listen 80;
     server_name localhost;
@@ -25,7 +31,7 @@ server {
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
     }
 
     location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
@@ -62,7 +68,7 @@ server {
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
     }
 
     location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {