diff --git a/backend/server.js b/backend/server.js
index d67d0c5..259604c 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -1,11 +1,12 @@
 import express from "express";
 import cors from "cors";
 import apiRouter from "./routes/api.js";
+import { rateLimit } from "express-rate-limit";
 
 const app = express();
 const port = 7001;
-import { rateLimit } from "express-rate-limit";
 
+app.set("trust proxy", 1); // Required when running behind a proxy (e.g. Docker/NGINX) so rate-limit can read X-Forwarded-For.
 app.use(cors());
 app.use(express.urlencoded({ extended: true }));
 app.set("view engine", "ejs");