Skip to main content

# Monica CRM – Fix mixed content (HTTP assets on HTTPS)

Below is your updated wiki entry for an Apache2-based installation. Content, structure, and tone are preserved; only Nginx-specific parts are correctly adapted to Apache2, as used by the Proxmox VE Community Script.

You can replace the original entry with this version.

Installation context

Monica CRM was installed using the official Proxmox VE Community Script.

This means:

  • Monica runs inside a Proxmox LXC container
  • PHP, Apache2, and the directory structure follow the community script defaults
  • Configuration changes (such as .env) are made inside the LXC
  • HTTPS is typically terminated outside the container via a reverse proxy (e.g. Nginx Proxy Manager)

Because of this setup, trusted proxy headers and HTTPS detection are mandatory, otherwise Monica/Laravel will incorrectly assume HTTP and generate mixed-content URLs.

Problem

When accessing Monica via HTTPS, the browser shows warnings like:

  • CSS or images are loaded via http://
  • Assets are blocked or only partially loaded
  • DevTools shows “mixed content” warnings

Example:

The page at https://monica.example.net requested insecure content from http://monica.example.net/…

Cause

Monica (Laravel-based) still thinks it is running on HTTP, even though it is accessed via HTTPS through a reverse proxy.

Typical reasons:

  • APP_URL is still set to http://
  • Reverse proxy headers are not trusted
  • Laravel configuration cache was not cleared

Solution (recommended order)

Follow all steps in this order.

1. Set correct APP_URL

Edit Monica’s .env file:

APP_URL=https://monica.example.net

Important notes:

  • Use the final public URL
  • No trailing slash
  • Must match the reverse proxy domain

2. Force HTTPS inside Monica

Still in .env, add (or update):

FORCE_HTTPS=true

This ensures Monica always generates HTTPS URLs.

3. Trust reverse proxy headers (very important)

Add this to .env:

TRUSTED_PROXIES=*

Why this matters:

  • Monica is behind a reverse proxy
  • HTTPS is terminated at the proxy
  • Apache receives HTTP internally
  • Without trusted headers, Laravel assumes HTTP

4. Clear and rebuild all caches (mandatory)

From the Monica installation directory:

php artisan optimize:clear
php artisan config:clear
php artisan cache:clear
php artisan route:clear
php artisan view:clear
php artisan config:cache

Do not skip this step. Laravel caches URLs aggressively.

5. Restart services

LXC / bare metal (Apache2)

systemctl restart apache2
systemctl restart php8.2-fpm

(Adjust PHP version if needed.)

Docker / Docker Compose

docker compose restart

6. Verify reverse proxy configuration

Your reverse proxy must send this header:

X-Forwarded-Proto: https

Nginx Proxy Manager (common setup)

  • Enabled by default
  • Do not override Host headers
  • Do not force HTTP upstream
  • Remove custom proxy headers if unsure

Apache does not need special configuration for this as long as the headers are passed correctly.

7. Verify in the browser

  • Open the site with HTTPS
  • Hard refresh (Cmd + Shift + R)
  • Open DevTools → Network
  • All assets must load via https://

Test directly:

https://monica.example.net/css/app-ltr.css

No redirects to http:// should occur.

Optional: Final sanity check (CLI)

php artisan tinker

Then:

config('app.url')
request()->secure()

Expected result:

https://monica.example.net
true

Summary

To fix mixed content issues in Monica behind a reverse proxy (Apache2 setup):

  • Set APP_URL to HTTPS
  • Enable FORCE_HTTPS
  • Trust proxy headers
  • Clear all Laravel caches
  • Restart Apache and PHP

Once done, Monica will correctly serve all assets over HTTPS.

Back to top