diff --git a/docker-compose.yml b/docker-compose.yml
index 053dbbbe..22371182 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -81,12 +81,18 @@ services:
       # - OLOSTEP_API_KEY=your_olostep_api_key
       #
       # Uncomment the necessary lines below to make your instance publicly accessible.
-      # Replace the KHOJ_DOMAIN with either your domain or IP address (no http/https prefix).
       # Proceed with caution, especially if you are using anonymous mode.
       # ---
       # - KHOJ_NO_HTTPS=True
+      # Replace the KHOJ_DOMAIN with the server's externally accessible domain or I.P address from a remote machie (no http/https prefix).
+      # Ensure this is set correctly to avoid CSRF trusted origin or unset cookie issue when trying to access the admin panel.
       # - KHOJ_DOMAIN=192.168.0.104
       # - KHOJ_DOMAIN=khoj.example.com
+      # Replace the KHOJ_ALLOWED_DOMAIN with the server's internally accessible domain or I.P address on the host machine (no http/https prefix).
+      # Only set if using a load balancer/reverse_proxy in front of your Khoj server. If unset, it defaults to KHOJ_DOMAIN.
+      # For example, if the load balancer service is added to the khoj docker network, set KHOJ_ALLOWED_DOMAIN to khoj's docker service name: `server'.
+      # - KHOJ_ALLOWED_DOMAIN=server
+      # - KHOJ_ALLOWED_DOMAIN=127.0.0.1
       # Uncomment the line below to disable telemetry.
       # Telemetry helps us prioritize feature development and understand how people are using Khoj
       # Read more at https://docs.khoj.dev/miscellaneous/telemetry
diff --git a/documentation/docs/get-started/setup.mdx b/documentation/docs/get-started/setup.mdx
index cf71b441..c6cdec42 100644
--- a/documentation/docs/get-started/setup.mdx
+++ b/documentation/docs/get-started/setup.mdx
@@ -283,9 +283,14 @@ Go to http://localhost:42110/server/admin and login with the admin credentials y
 Ensure you are using **localhost, not 127.0.0.1**, to access the admin panel to avoid the CSRF error.
 :::
 
+:::info[CSRF Trusted Origin or Unset Cookie Error]
+If using a load balancer/reverse_proxy in front of your Khoj server: Set the environment variable KHOJ_ALLOWED_DOMAIN=your-internal-ip-or-domain to avoid this error.
+If unset, it defaults to KHOJ_DOMAIN.
+:::
+
 :::info[DISALLOWED HOST or Bad Request (400) Error]
 You may hit this if you try access Khoj exposed on a custom domain (e.g. 192.168.12.3 or example.com) or over HTTP.
-Set the environment variables KHOJ_DOMAIN=your-domain and KHOJ_NO_HTTPS=True if required to avoid this error.
+Set the environment variables KHOJ_DOMAIN=your-external-ip-or-domain and KHOJ_NO_HTTPS=True if required to avoid this error.
 :::
 
 :::tip[Note]
diff --git a/src/khoj/app/settings.py b/src/khoj/app/settings.py
index 708e11d0..48879f60 100644
--- a/src/khoj/app/settings.py
+++ b/src/khoj/app/settings.py
@@ -32,7 +32,8 @@ DEBUG = in_debug_mode()
 
 # All Subdomains of KHOJ_DOMAIN are trusted
 KHOJ_DOMAIN = os.getenv("KHOJ_DOMAIN", "khoj.dev")
-ALLOWED_HOSTS = [f".{KHOJ_DOMAIN}", "localhost", "127.0.0.1", "[::1]", f"{KHOJ_DOMAIN}"]
+KHOJ_ALLOWED_DOMAIN = os.getenv("KHOJ_ALLOWED_DOMAIN", KHOJ_DOMAIN)
+ALLOWED_HOSTS = [f".{KHOJ_ALLOWED_DOMAIN}", "localhost", "127.0.0.1", "[::1]", f"{KHOJ_ALLOWED_DOMAIN}"]
 
 CSRF_TRUSTED_ORIGINS = [
     f"https://*.{KHOJ_DOMAIN}",
@@ -45,7 +46,7 @@ CSRF_TRUSTED_ORIGINS = [
 DISABLE_HTTPS = is_env_var_true("KHOJ_NO_HTTPS")
 
 COOKIE_SAMESITE = "None"
-if DEBUG or os.getenv("KHOJ_DOMAIN") == None:
+if DEBUG and os.getenv("KHOJ_DOMAIN") == None:
     SESSION_COOKIE_DOMAIN = "localhost"
     CSRF_COOKIE_DOMAIN = "localhost"
 else: