Glad you managed to get the node agent running, this always needs to be started first of all. You need to ensure the deployment manager is runnign first, then the node agents and you can configure the node agents to manage the application servers (STProxyServer and STConsoleServer).
If you only have one IP address then you shouldn't need to add to the trusted IPs though you can check by finding the sametime.log on the Community server and checking for errors mentioning "rejecting" to see if it rejects an IP it doesn't trust.
Check out the SystemOut.log under the STProxy apps server profile for the time when you try to authenticate via the web client. If you can authenticate via the client then you should be able to via the web client since authentication is handled by the Community server for both. The SystemOut.log may provide you with further insight you can share here.
Also, run through the steps for SSO (single sign on) by exporting the WebSphere LtpaToken and adding it to the Domino web sso config doc or internet sites doc. This sounds like an SSO problem tbh so make sure that is working first of all http://www.ibm.com/support/knowledgecenter/SSKTXQ_9.0.1/admin/config/config_security_sso.html