Configure/make persistent Trusted_Proxies on packaged releases

I have an external reverse proxy (nginx) pointing to my Zammad server (deb package, self hosted).

One of the minor problems is that client sessions are always being seen as my proxy server’s IP address.

This can be fixed by alterations to /opt/zammad/config/environments/production.rb, adding my proxy server’s IP address to the Trusted Proxy array.

  # overwrite default Rails TRUSTED_PROXIES
  # because otherwise IPs from private ranges will be
  # ignored for Session logging and fall back to localhost
  # see
  config.action_dispatch.trusted_proxies = ['', '::1', '<proxy.ip.addr.ess>] is the original (closed) ticket referring this.

However, the problem is that every packaged release/update then overrides changes made to this file. Is there any way that we can make this persistent?

Docker-Compose version has this:

GitLab (which is referenced as the source of the Issue 742 fix here: has the following:

gitlab_trusted_proxies = Array(Gitlab.config.gitlab.trusted_proxies).map do |proxy|
  rescue IPAddr::InvalidAddressError

Rails.application.config.action_dispatch.trusted_proxies = (
  ['', '::1'] + gitlab_trusted_proxies)

Would it be possible to add a zammad_trusted_proxies somewhere that would be configurable and persistent? (in /etc/zammad/, perhaps?)