diff --git a/.env.example b/.env.example
index 102fdfd..8039a6b 100644
--- a/.env.example
+++ b/.env.example
@@ -37,6 +37,11 @@ SMTP_FROM=noreply@example.com
 # App URL (used for verification links, auto-detected if not set)
 # APP_URL=https://your-domain.com
 
+# Reverse Proxy trust depth (express 'trust proxy' setting)
+# loopback = trust only 127.0.0.1 / ::1 (default)
+# Use a number for proxy hops (e.g. 1), or a specific IP/CIDR.
+# TRUST_PROXY=loopback
+
 # Federation (inter-instance meeting invitations)
 # Set both values to enable federation between Redlight instances
 # FEDERATION_DOMAIN=redlight.example.com
diff --git a/server/index.js b/server/index.js
index 3e70521..c5c8f15 100644
--- a/server/index.js
+++ b/server/index.js
@@ -18,8 +18,11 @@ const __dirname = path.dirname(__filename);
 const app = express();
 const PORT = process.env.PORT || 3001;
 
-// Trust proxy for correct req.protocol behind reverse proxy
-app.set('trust proxy', true);
+// Trust proxy – configurable via TRUST_PROXY env var (default: 1 = one local reverse proxy)
+// Use a number to trust that many hops, or a string like 'loopback' / an IP/CIDR.
+const rawTrustProxy = process.env.TRUST_PROXY ?? 'loopback';
+const trustProxy = /^\d+$/.test(rawTrustProxy) ? parseInt(rawTrustProxy, 10) : rawTrustProxy;
+app.set('trust proxy', trustProxy);
 
 // Middleware
 app.use(cors());