Monica CRM – Fix mixed content (HTTP assets on HTTPS)

Installation context

Monica CRM was installed using the official Proxmox VE Community Script.

This means:

• Monica runs inside a Proxmox LXC container
• PHP, Apache2, and the directory structure follow the community script defaults
• Configuration changes (such as .env) are made inside the LXC
• HTTPS is typically terminated outside the container via a reverse proxy (e.g. Nginx Proxy Manager)

Because of this setup, trusted proxy headers and HTTPS detection are mandatory, otherwise Monica/Laravel will incorrectly assume HTTP and generate mixed-content URLs.

Problem

When accessing Monica via HTTPS, the browser may show warnings like:

• CSS or images are loaded via http://
• Assets are blocked or only partially loaded
• DevTools shows “mixed content” warnings

Example:

The page at https://monica.example.net requested insecure content from http://monica.example.net/…

Cause

Monica (Laravel-based) still thinks it is running on HTTP, even though it is accessed via HTTPS through a reverse proxy.

Typical reasons:

• APP_URL is still set to http://
• Reverse proxy headers are not trusted
• Laravel configuration cache was not cleared

Solution (recommended order)

Follow steps in order and test. Best done after a fresh new install.

It could be enough to just set the APP_URL and the APP_ENV. But maybe it doesn't, then you can also try steps 2++.

1. Set correct APP_URL

Edit Monica’s .env file:

APP_URL=https://monica.example.net

Important notes:

• Use the final public URL
• No trailing slash
• Must match the reverse proxy domain

2. Set APP_ENV to production

Edit Monica's .env file and change from local to production:

# Two choices: local|production. Use local if you want to install Monica as a
# development version. Use production otherwise.
APP_ENV=production

3. Trust reverse proxy headers (very important)

If the above does not work, add this to .env:

TRUSTED_PROXIES=*

Why this matters:

• Monica is behind a reverse proxy
• HTTPS is terminated at the proxy
• Apache receives HTTP internally
• Without trusted headers, Laravel assumes HTTP

4. Clear and rebuild all caches (mandatory)

From the Monica installation directory:

php artisan optimize:clear
php artisan config:clear
php artisan cache:clear
php artisan route:clear
php artisan view:clear
php artisan config:cache

Do not skip this step. Laravel caches URLs aggressively.

5. Restart services

LXC / bare metal (Apache2)

systemctl restart apache2

Docker / Docker Compose

docker compose restart

Nginx Proxy Manager (common setup)

• Enabled by default
• Do not override Host headers
• Do not force HTTP upstream
• Remove custom proxy headers if unsure

Apache does not need special configuration for this as long as the headers are passed correctly.

7. Verify in the browser

• Open the site with HTTPS
• Hard refresh (Cmd + Shift + R)
• Open DevTools → Network
• All assets must load via https://

Test directly:

https://monica.example.net/css/app-ltr.css

No redirects to http:// should occur.

Summary

To fix mixed content issues in Monica behind a reverse proxy (Apache2 setup):

• Set APP_URL to HTTPS
• Set APP_ENV to production
• Trust proxy headers
• Clear all Laravel caches
• Restart Apache and or reboot.

Once done, Monica will correctly serve all assets over HTTPS.