Skip to main content

Monica CRM – Fix mixed content (HTTP assets on HTTPS)

Installation context

Monica CRM was installed using the official Proxmox VE Community Script.

This means:

  • Monica runs inside a Proxmox LXC container
  • PHP, Apache2, and the directory structure follow the community script defaults
  • Configuration changes (such as .env) are made inside the LXC
  • HTTPS is typically terminated outside the container via a reverse proxy (e.g. Nginx Proxy Manager)

Because of this setup, trusted proxy headers and HTTPS detection are mandatory, otherwise Monica/Laravel will incorrectly assume HTTP and generate mixed-content URLs.

Problem

When accessing Monica via HTTPS, the browser may show warnings like:

  • CSS or images are loaded via http://
  • Assets are blocked or only partially loaded
  • DevTools shows “mixed content” warnings

Example:

The page at https://monica.example.net requested insecure content from http://monica.example.net/…

Cause

Monica (Laravel-based) still thinks it is running on HTTP, even though it is accessed via HTTPS through a reverse proxy.

Typical reasons:

  • APP_URL is still set to http://
  • Reverse proxy headers are not trusted
  • Laravel configuration cache was not cleared

Solution (recommended order)

Follow steps in order and test. Best done after a fresh new install.

It could be enough to just set the APP_URL and the APP_ENV. But maybe it doesn't, then you can also try steps 2++.

1. Set correct APP_URL

Edit Monica’s .env file:

APP_URL=https://monica.example.net

Important notes:

  • Use the final public URL
  • No trailing slash
  • Must match the reverse proxy domain

2. Set APP_ENV to production

Edit Monica's .env file and change from local to production:

# Two choices: local|production. Use local if you want to install Monica as a
# development version. Use production otherwise.
APP_ENV=production

3. Trust reverse proxy headers (very important)

If the above does not work, add this to .env:

TRUSTED_PROXIES=*

Why this matters:

  • Monica is behind a reverse proxy
  • HTTPS is terminated at the proxy
  • Apache receives HTTP internally
  • Without trusted headers, Laravel assumes HTTP

4. Clear and rebuild all caches (mandatory)

From the Monica installation directory:

php artisan optimize:clear
php artisan config:clear
php artisan cache:clear
php artisan route:clear
php artisan view:clear
php artisan config:cache

Do not skip this step. Laravel caches URLs aggressively.

5. Restart services

LXC / bare metal (Apache2)

systemctl restart apache2

Docker / Docker Compose

docker compose restart

Nginx Proxy Manager (common setup)

  • Enabled by default
  • Do not override Host headers
  • Do not force HTTP upstream
  • Remove custom proxy headers if unsure

Apache does not need special configuration for this as long as the headers are passed correctly.

7. Verify in the browser

  • Open the site with HTTPS
  • Hard refresh (Cmd + Shift + R)
  • Open DevTools → Network
  • All assets must load via https://

Test directly:

https://monica.example.net/css/app-ltr.css

No redirects to http:// should occur.

Summary

To fix mixed content issues in Monica behind a reverse proxy (Apache2 setup):

  • Set APP_URL to HTTPS
  • Set APP_ENV to production
  • Trust proxy headers
  • Clear all Laravel caches
  • Restart Apache and or reboot.

Once done, Monica will correctly serve all assets over HTTPS.

No comments to display

Back to top