diff --git a/ansible/inventory/group_vars/all/vars.yml b/ansible/inventory/group_vars/all/vars.yml
index 869a5eb..eb82a62 100644
--- a/ansible/inventory/group_vars/all/vars.yml
+++ b/ansible/inventory/group_vars/all/vars.yml
@@ -54,7 +54,7 @@ huggingface_mcp_token: "{{ vault_huggingface_mcp_token }}"
 neo4j_mcp_url: http://circe.helu.ca:22034/mcp
 nike_mcp_url: http://puck.incus:22031/mcp
 korax_mcp_url: http://korax.helu.ca:22021/mcp
-rommie_mcp_url: http://caliban.incus:22031/mcp
+rommie_mcp_url: https://rommie.ouranos.helu.ca/mcp
 freecad_mcp_url: http://caliban.incus:22032/mcp
 
 # Monitoring and Logging (internal endpoints on Prospero)
diff --git a/ansible/inventory/host_vars/caliban.incus.yml b/ansible/inventory/host_vars/caliban.incus.yml
index 8ea8914..1d7c426 100644
--- a/ansible/inventory/host_vars/caliban.incus.yml
+++ b/ansible/inventory/host_vars/caliban.incus.yml
@@ -22,7 +22,7 @@ alloy_log_level: "warn"
 rommie_port: 22031
 rommie_host: "0.0.0.0"
 rommie_display: ":10"
-rommie_allowed_hosts: "caliban.incus"
+rommie_allowed_hosts: "caliban.incus,rommie.ouranos.helu.ca"
 rommie_model: "Qwen3-VL-30B-A3B-Instruct-UD-Q5_K_XL.gguf"
 rommie_model_url: "http://nyx.helu.ca:22078"
 rommie_provider: "openai"
diff --git a/ansible/inventory/host_vars/titania.incus.yml b/ansible/inventory/host_vars/titania.incus.yml
index d17dd4c..75308f2 100644
--- a/ansible/inventory/host_vars/titania.incus.yml
+++ b/ansible/inventory/host_vars/titania.incus.yml
@@ -188,6 +188,12 @@ haproxy_backends:
     health_path: "/api/"
     timeout_server: 300s  # WebSocket support for HA frontend
 
+  - subdomain: "rommie"
+    backend_host: "caliban.incus"
+    backend_port: 22031
+    health_path: "/mcp"
+    timeout_server: 300s  # SSE streaming support for MCP
+
   - subdomain: "smtp4dev"
     backend_host: "oberon.incus"
     backend_port: 22085
diff --git a/docs/rommie.md b/docs/rommie.md
index c87e721..2717fdb 100644
--- a/docs/rommie.md
+++ b/docs/rommie.md
@@ -59,8 +59,11 @@ Read-only tools (`get_screenshot`, `get_agent_status`) remain available while a
 ## Architecture
 
 ```
-External Agent (e.g., Claude / MCP Switchboard)
-        │  MCP Protocol (Streamable HTTP)
+External Agent (e.g., Claude Desktop / MCP Switchboard)
+        │  MCP Protocol (Streamable HTTP, TLS)
+        │  https://rommie.ouranos.helu.ca/mcp
+        ▼
+  Titania HAProxy (TLS termination, wildcard cert)
         │  http://caliban.incus:22031/mcp
         ▼
   Rommie MCP Server
@@ -98,10 +101,12 @@ All host-specific variables are set in `ansible/inventory/host_vars/caliban.incu
 The MCP URL for Rommie is registered in `group_vars/all/vars.yml`:
 
 ```yaml
-rommie_mcp_url: http://caliban.incus:22031/mcp
+rommie_mcp_url: https://rommie.ouranos.helu.ca/mcp
 ```
 
-Consumers (e.g., MCP Switchboard, Open WebUI) reference `{{ rommie_mcp_url }}`.
+Consumers (e.g., MCP Switchboard, Open WebUI, Claude Desktop) reference `{{ rommie_mcp_url }}`.
+
+The route is served via Titania's HAProxy using the existing `*.ouranos.helu.ca` Let's Encrypt wildcard certificate. No additional certificate provisioning is required.
 
 ## Service Management