Laravel's trusted proxies with Coolify

Recently at work, I was setting up Coolify in the Axelerant infrastructure. Part of the process was getting a Laravel application to run smoothly behind it.

I am inherently lazy, so I thought it would just work out of the box. But it turns out, when running Laravel behind Coolify’s reverse proxy (like Traefik), you absolutely must configure Laravel’s trusted proxies middleware to allow the proxy.

Without this configuration, Laravel thinks it is serving on an HTTP port (since Traefik proxies it internally over HTTP) but the external request is HTTPS. This causes Laravel to write all static asset URLs as HTTP, resulting in mixed content errors and a broken site.

The simplest fix is to trust all proxies in your middleware:

->withMiddleware(function (Middleware $middleware): void {
    $middleware->trustProxies(at: '*');
})

It’s a very human thing to overlook this when setting up a new infrastructure, but that one line saves hours of debugging. That’s about it.