diff --git a/server.py b/server.py
index 58549df..218ad6f 100644
--- a/server.py
+++ b/server.py
@@ -49,6 +49,7 @@ file_lock = threading.Lock()
 
 app = Flask(__name__, static_folder="static")
 app.secret_key = os.environ.get("SECRET_KEY", "hm-ems-secret-key-change-in-production")
+app.config['APPLICATION_ROOT'] = '/hm-ems-report'
 
 # Configure for running behind Apache proxy
 app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_prefix=1)
@@ -66,7 +67,7 @@ def login_required(f):
             # For AJAX/API requests, return 401 JSON instead of redirect
             if request.path.startswith('/api/') or request.is_json or request.headers.get('X-Requested-With') == 'XMLHttpRequest':
                 return jsonify({"error": "Unauthorized"}), 401
-            return redirect('/login')
+            return redirect(app.config['APPLICATION_ROOT'] + '/login')
         return f(*args, **kwargs)
     return decorated_function
 
@@ -196,7 +197,7 @@ def login():
 
         if username == USERNAME and password == PASSWORD:
             session['logged_in'] = True
-            return redirect('/')
+            return redirect(app.config['APPLICATION_ROOT'] + '/')
         else:
             error = "Invalid username or password"
 
@@ -206,7 +207,7 @@ def login():
 @app.route("/logout")
 def logout():
     session.pop('logged_in', None)
-    return redirect('/login')
+    return redirect(app.config['APPLICATION_ROOT'] + '/login')
 
 
 # ========== Static UI ==========