Fixes
Login failure behind Caddy/nginx in Docker (#46)
Root cause: The default TRUST_PROXY setting was 'loopback', which means Express only trusted X-Forwarded-Proto headers from 127.0.0.1/::1. When running in Docker with Caddy or nginx as a reverse proxy, those proxies operate on the Docker bridge network (e.g. 172.x.x.x) — not loopback. Express therefore ignored the X-Forwarded-Proto: https header, req.secure stayed false, and express-session silently dropped the session cookie on every login response. The browser never received a session cookie → every subsequent request returned 401.
Fix: Default changed to 1 (trust one proxy hop). This covers all standard single-proxy Docker setups (Caddy, nginx, Traefik) automatically, with no configuration required.
Also updated:
docker-compose.yml: clearer inline comments for reverse-proxy vs. direct-access setupsdocs/docker-compose.portainer.yml: explicitTRUST_PROXYvariable with default1
Upgrade notes
No migration needed. If you previously set TRUST_PROXY=loopback to match the old default, you can remove that override — the new default of 1 is correct for Docker+reverse-proxy deployments.