express behind the proxies guide中对此进行了详细说明
通过app.enable（'trust proxy'）启用“信任代理”设置，Express将知道它位于代理之后，并且X-Forwarded-* 头字段可能是可信的，否则很容易被欺骗。
启用此设置有几个微妙的影响。第一个影响是反向代理可以设置X-Forwarded-Proto，以告知应用程序它是https或简单的http。此值由req. protocol反映。
第二个更改是req.ip和req.ips值将使用X-Forwarded-For的地址列表填充。

解释信任代理使用的注解代码

var express = require('express');

    var app = express();

    // Set the ip-address of your trusted reverse proxy server such as 
    // haproxy or Apache mod proxy or nginx configured as proxy or others.
    // The proxy server should insert the ip address of the remote client
    // through request header 'X-Forwarded-For' as
    // 'X-Forwarded-For: some.client.ip.address'
    // Insertion of the forward header is an option on most proxy software
    app.set('trust proxy', '127.0.0.1');

    app.get('/test', function(req, res){
      var ip = req.ip; // trust proxy sets ip to the remote client (not to the ip of the last reverse proxy server)
      if (ip.substr(0,7) == '::ffff:') { // fix for if you have both ipv4 and ipv6
        ip = ip.substr(7);
      }
      // req.ip and req.protocol are now set to ip and protocol of the client, not the ip and protocol of the reverse proxy server
      // req.headers['x-forwarded-for'] is not changed
      // req.headers['x-forwarded-for'] contains more than 1 forwarder when
      // there are more forwarders between the client and nodejs.
      // Forwarders can also be spoofed by the client, but 
      // app.set('trust proxy') selects the correct client ip from the list
      // if the nodejs server is called directly, bypassing the trusted proxies,
      // then 'trust proxy' ignores x-forwarded-for headers and
      // sets req.ip to the remote client ip address

      res.json({"ip": ip, "protocol": req.protocol, "headers": req.headers['x-forwarded-for']});
    });

// in this example the reverse proxy is expected to forward to port 3110
var port = 3110;
app.listen(port);
// test through proxy: http://yourproxyserver/test, req.ip should be your client ip
// test direct connection: http://yournodeserver:3110/test, req.ip should be your client ip even if you insert bogus x-forwarded-for request headers
console.log('Listening at http://localhost:' + port);

• • TLDR**：应用程序设置trust proxy仅用于Express应用程序位于代理之后的情况。在存在代理时启用此设置有助于通过众所周知的标头（主要是X-Forwarded-For、X-Forwarded-Proto）解析以下属性
• • • 所需IPS**
• • • 请求主机名**
• • • 请求协议**
• • 更多详细信息**

我在搜索trust proxy对express-session的真正作用时，最终来到了这里。没有一个答案对我有帮助。
默认值-false（禁用）
IMO最好的文档在应用程序设置中

• • 信托代理**

指示应用位于前端代理的后面，并使用X-Forwarded-* 标头确定客户端的连接和IP地址。注意：X-Forwarded-* 报头很容易被欺骗，并且检测到的IP地址不可靠。
启用后，Express将尝试确定通过前端代理或一系列代理连接的客户端的IP地址。req.ips属性将包含客户端通过其连接的IP地址数组。若要启用该属性，请使用信任代理选项表中描述的值。
trust proxy设置是使用proxy-addr包实现的。有关详细信息，请参阅其文档。
注：子应用程序将继承此设置的值，即使它具有默认值。
p. s-如果您试图了解这对express-session有何帮助，则需要启用信任代理才能获得req. secure的正确值

由于问题中提到了nginx，请注意，在nginx配置文件（例如/etc/nginx/sites-enabled/default）中，您还需要显式设置头变量，以便传递它来表示：

proxy_set_header X-Forwarded-For $remote_addr;
  location /api/ {
    proxy_pass               "http://127.0.0.1:8000";
  }

这是所需的最低要求，然而，通过使用持久连接到上游服务器的区域，下面这样的操作会更快：

upstream backendAPI {
    zone       upstreamZone     64K;
    server     127.0.0.1:8000   weight=1  max_fails=2 fail_timeout=4s;
    keepalive  2;
}

proxy_set_header X-Forwarded-For $remote_addr;
location /api/ {
    proxy_pass           http://backendAPI;
    proxy_http_version   1.1;
    proxy_set_header     "Connection" "";
}

然后，您可以通过打开“trust proxy”在Express服务器的请求对象中启用用户的（假定的）IP地址：

const app = express();
app.set("trust proxy", true); // populate req.ip
// you can also name the proxy servers ips for increased security:
//   app.set("trust proxy", "127.0.0.1"); 
//   app.set("trust proxy", "192.168.3.3"); 

app.get("/api/myIP", (req, res) => {
    const ip = req.ip;
    return res.json({ ip });
});
app.listen(8000);