Fix mixed content by trusting proxy HTTPS

app/Providers/AppServiceProvider.php

@@ -66,22 +66,9 @@ class AppServiceProvider extends ServiceProvider
             return env('FRONTEND_URL') . '/reset-password?token=' . $token . '&email=' . $user->email;
         });
 
-        // Trust proxies when running behind a reverse proxy (e.g., Docker, nginx)
-        // This allows Laravel to correctly detect HTTPS when behind a proxy
-        if (config('app.env') !== 'local' || request()->hasHeader('X-Forwarded-Proto')) {
-            request()->setTrustedProxies(
-                ['*'],
-                \Illuminate\Http\Request::HEADER_X_FORWARDED_FOR |
-                    \Illuminate\Http\Request::HEADER_X_FORWARDED_HOST |
-                    \Illuminate\Http\Request::HEADER_X_FORWARDED_PORT |
-                    \Illuminate\Http\Request::HEADER_X_FORWARDED_PROTO |
-                    \Illuminate\Http\Request::HEADER_X_FORWARDED_PREFIX
-            );
-        }
-
-        // Force HTTPS scheme for URLs when accessed via HTTPS
-        // This ensures assets load with the correct protocol
-        if (request()->header('X-Forwarded-Proto') === 'https' || request()->secure()) {
+        // Force HTTPS URLs in non-local envs to avoid mixed-content issues when TLS is terminated
+        // in front of the app container (e.g. Dokploy/Traefik).
+        if (!$this->app->runningInConsole() && !$this->app->environment('local')) {
             URL::forceScheme('https');
         }
     }

bootstrap/app.php

@@ -44,6 +44,10 @@ return Application::configure(basePath: dirname(__DIR__))
             \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
         ]);
 
+        // Trust reverse proxy headers (X-Forwarded-Proto, etc.) so Laravel generates HTTPS URLs
+        // correctly when TLS is terminated in front of the container (e.g. Dokploy/Traefik).
+        $middleware->trustProxies(at: '*');
+
         $middleware->encryptCookies(except: ['appearance']);
 
         $middleware->web(append: [