Laravel behind Coolify: fixing HTTPS and trusted proxies
When Laravel sits behind a reverse proxy that terminates SSL (Coolify, Traefik, Nginx, Cloudflare), it generates HTTP URLs and breaks in production. Here's the one-line fix and why it matters.
Work in progress — outline to expand.
When you deploy a Laravel app behind Coolify (or any reverse proxy that terminates SSL — Traefik, Nginx proxy, Cloudflare), you’ll hit mixed-content warnings: assets loaded over HTTP inside an HTTPS page.
The fix
In bootstrap/app.php:
->withMiddleware(function (Middleware $middleware): void {
$middleware->trustProxies(at: '*');
// ...
})Why
The proxy forwards requests to your Laravel app over HTTP internally. Without trustProxies, Laravel ignores the X-Forwarded-Proto and X-Forwarded-For headers and generates all URLs (assets, redirects, routes) in HTTP. Trust the proxy and Laravel will honor the original scheme.
When to apply
Always, on any Laravel project deployed behind a proxy. Add it as a standard step in your production setup.
A short call to understand your context, constraints, and what we'd be building. No slide deck, no sales script — just a technical conversation. If we're a fit, we move forward. If not, I'll point you to someone who is.
Get in touch