Skip to main content

# Monica CRM – Fix mixed content (HTTP assets on HTTPS)

Installation context

Monica CRM was installed using the official Proxmox VE Community Script.

This means:

  • Monica runs inside a Proxmox LXC container
  • PHP, Nginx, and the directory structure follow the community script defaults
  • Configuration changes (such as .env) are made inside the LXC
  • HTTPS is typically terminated outside the container via a reverse proxy (e.g. Nginx Proxy Manager)

Because of this setup, trusted proxy headers and HTTPS detection are mandatory, otherwise Monica/Laravel will incorrectly assume HTTP and generate mixed-content URLs.

Problem

When accessing Monica via HTTPS, the browser shows warnings like:

  • CSS or images are loaded via http://
  • Assets are blocked or only partially loaded
  • DevTools shows “mixed content” warnings

Example:

The page at https://monica.example.net requested insecure content from http://monica.example.net/…

Cause

Monica (Laravel-based) still thinks it is running on HTTP, even though it is accessed via HTTPS through a reverse proxy.

Typical reasons:

  • APP_URL is still set to http://
  • Reverse proxy headers are not trusted
  • Laravel configuration cache was not cleared

Solution (recommended order)

Follow all steps in this order.

1. Set correct APP_URL

Edit Monica’s .env file:

APP_URL=https://monica.example.net

Important notes:

  • Use the final public URL
  • No trailing slash
  • Must match the reverse proxy domain

2. Force HTTPS inside Monica

Still in .env, add (or update):

FORCE_HTTPS=true

This ensures Monica always generates HTTPS URLs.

3. Trust reverse proxy headers (very important)

Add this to .env:

TRUSTED_PROXIES=*

Why this matters:

  • Monica is behind a reverse proxy
  • HTTPS is terminated at the proxy
  • Without trusted headers, Laravel assumes HTTP

4. Clear and rebuild all caches (mandatory)

From the Monica installation directory:

php artisan optimize:clear
php artisan config:clear
php artisan cache:clear
php artisan route:clear
php artisan view:clear
php artisan config:cache

Do not skip this step. Laravel caches URLs aggressively.

5. Restart services

LXC / bare metal

systemctl restart php8.2-fpm
systemctl restart nginx

(Adjust PHP version if needed.)

Docker / Docker Compose

docker compose restart

6. Verify reverse proxy configuration

Your reverse proxy must send this header:

X-Forwarded-Proto: https

Nginx Proxy Manager

  • Enabled by default
  • Do not override Host headers
  • Do not force HTTP upstream
  • Remove custom proxy headers if unsure

7. Verify in the browser

  • Open the site with HTTPS
  • Hard refresh (Cmd + Shift + R)
  • Open DevTools → Network
  • All assets must load via https://

Test directly:

https://monica.example.net/css/app-ltr.css

No redirects to http:// should occur.

Optional: Final sanity check (CLI)

php artisan tinker

Then:

config('app.url')
request()->secure()

Expected result:

https://monica.example.net
true

Summary

To fix mixed content issues in Monica behind a reverse proxy:

  • Set APP_URL to HTTPS
  • Enable FORCE_HTTPS
  • Trust proxy headers
  • Clear all Laravel caches
  • Restart services

Once done, Monica will correctly serve all assets over HTTPS.

If you want, this entry can be extended with:

  • a Monica + Nginx Proxy Manager reference config
  • a Proxmox LXC–specific checklist
  • or a general Laravel behind reverse proxy guide

Just say the word.

Back to top