diff --git a/apps/backend/app.ts b/apps/backend/app.ts
index e06f510..a77ea5a 100644
--- a/apps/backend/app.ts
+++ b/apps/backend/app.ts
@@ -18,6 +18,8 @@ import { requirePermissions } from '@wxyc/authentication';
 const port = process.env.PORT || 8080;
 const app = express();
 
+app.set('trust proxy', true);
+
 //Interpret parse json into js objects
 app.use(express.json());
 
diff --git a/tests/unit/config/trust-proxy.test.ts b/tests/unit/config/trust-proxy.test.ts
new file mode 100644
index 0000000..32acdc1
--- /dev/null
+++ b/tests/unit/config/trust-proxy.test.ts
@@ -0,0 +1,10 @@
+import { readFileSync } from 'fs';
+import { resolve } from 'path';
+
+describe('Express trust proxy configuration', () => {
+  const appSource = readFileSync(resolve(__dirname, '../../../apps/backend/app.ts'), 'utf-8');
+
+  it('should enable trust proxy so req.ip reflects the real client IP behind a reverse proxy', () => {
+    expect(appSource).toMatch(/app\.set\(\s*['"]trust proxy['"]/);
+  });
+});