[Bug]: Bugsink CSRF / HTTPS Proxy issue when deployed behind Coolify #6668
Description
Error Message and Logs
When deploying Bugsink on Coolify, login and POST requests fail due to CSRF validation errors.
After a lot of debugging ,i found that the real issue is that Bugsink does not detect HTTPS correctly behind Coolify's reverse proxy
Root cause
Bugsink (Django-based) relies on X-Forwarded-Proto headers to determine if a request is secure.
Behind Coolify’s reverse proxy, these headers are set, but Bugsink ignores them unless you explicitly configure behind proxy env :
BEHIND_HTTPS_PROXY=True
Without this, CSRF protection fails because Django assumes requests are insecure.
Solution / Fix
Update documentation or defaults for Bugsink deployments on Coolify to include:
web:
image: bugsink/bugsink
restart: unless-stopped
environment:
...
- BEHIND_HTTPS_PROXY=TrueExpected behavior
Bugsink should automatically respect X-Forwarded-Proto behind Coolify’s reverse proxy, or at least document the need for BEHIND_HTTPS_PROXY=True.
Steps to Reproduce
-
Deploy Bugsink on Coolify with HTTPS enabled.
-
Set the following env in Coolify:
environment:
- DEBUG_CSRF=True(this enables the CSRF debug tool at /debug/csrf/)
-
Try to log in → CSRF check fails.
-
Open /debug/csrf/ to inspect headers:
X-Forwarded-Proto: https is present
request.is_secure() is still False
CSRF protection rejects the request
Example Repository URL
No response
Coolify Version
v4.0.0-beta.420.6
Are you using Coolify Cloud?
No (self-hosted)
Operating System and Version (self-hosted)
Ubuntu 24.04.3 LTS
Additional Information
No response