diff --git a/bin/web.js b/bin/web.js
index 26964150..fbfe6ef5 100644
--- a/bin/web.js
+++ b/bin/web.js
@@ -77,6 +77,10 @@ myNuts.after('download', function(download, next) {
     next();
 });
 
+if (process.env.TRUST_PROXY) {
+  app.set('trust proxy', process.env.TRUST_PROXY);
+}
+
 app.use(myNuts.router);
 
 // Error handling
diff --git a/docs/deploy.md b/docs/deploy.md
index da151a56..ff669aea 100644
--- a/docs/deploy.md
+++ b/docs/deploy.md
@@ -41,6 +41,11 @@ $ export GITHUB_REPO=Username/MyApp
 # Authentication for the private API
 $ export API_USERNAME=hello
 $ export API_PASSWORD=world
+
+# Express's "trust proxy" setting for trusting X-Forwarded-* headers when
+# behind a reverse proxy like nginx
+# http://expressjs.com/en/guide/behind-proxies.html
+$ export TRUST_PROXY=loopback
 ```
 
 Then start the application using: