Forem: Taki Elias

Stop Fighting SSL in Coolify Behind Cloudflare

Taki Elias — Wed, 18 Mar 2026 11:19:31 +0000

If you're using Coolify with Cloudflare, SSL can feel confusing.

You deploy your app, connect the domain, and expect HTTPS to just work.

But instead, you end up:

changing SSL modes in Cloudflare
trying different configs in your server
not really sure what’s broken

Everything looks fine, but something is off.

What’s going on

When Cloudflare proxy is enabled, there are two connections:

User → Cloudflare
Cloudflare → Your server

The second one is the important part.

If your server doesn’t have a proper certificate, Cloudflare can’t securely connect to it — especially in Full (Strict) mode.

That’s where most setups fail.

The right way to handle it

Cloudflare provides Origin CA certificates.

These are meant for your server (not browsers), and they:

work with Cloudflare proxy enabled
last up to 15 years
don’t require validation like Let’s Encrypt

So instead of fighting SSL, you just need to set this up correctly.

The problem

Setting this up manually takes time:

generate key and certificate
upload to server
configure Traefik or Caddy
update DNS
switch SSL mode

It’s easy to make a mistake in one of these steps.

A simpler way

I built a small CLI tool called CertGun to handle this.

It automates the full setup for Coolify servers using Cloudflare.

How to use it

First, run:

certgun init

Then:

certgun add 103.21.44.10 example.com

Done.

What it handles for you

CertGun takes care of:

generating the certificate
installing it on your server
configuring Traefik or Caddy
updating DNS in Cloudflare
setting SSL mode to Full (Strict)

You don’t need to do these manually.

Wildcard support

You can also use wildcard domains:

certgun add 103.21.44.10 *.example.com

When this helps

This is useful if you:

use Coolify
keep Cloudflare proxy enabled
want Full (Strict) SSL without extra steps

Why use this instead of Let’s Encrypt?

Let’s Encrypt works well, but with Cloudflare it often adds extra steps.

Origin certificates are simpler in this case:

no validation issues
no renewal every 90 days
no need to disable proxy

Try it

GitHub: https://github.com/takielias/certgun
Docs: https://docs.ebuz.xyz/certgun

If you’ve been adjusting settings just to make SSL work, this removes that hassle.

I Got Tired of AI Files Messing Up My Repos — So I Built This CLI

Taki Elias — Tue, 17 Mar 2026 11:02:40 +0000

If you're using AI while coding, you’ve probably seen this:

notes.md  
final-notes.md  
prompt-final-final.md  
temp.md

Every project slowly turns into a mess.

Some of these files are useful.
But you don’t really want them in your repo.

The Problem

I kept running into the same situation:

I need these files
But I don’t want to commit them
Ignoring them makes things hard to manage

So I ended up with either messy repos…
or losing useful notes.

Neither felt right.

What I Built

I ended up building a small CLI to fix this.

ccv (Claude Code Vault)

https://github.com/takielias/claude-code-vault

It keeps all your private files in one place
and links them into your project when needed.

How It Works

All your files live in a single vault:

~/.ccv/

Inside your project, they appear like this:

.project-docs/notes.md → ~/.ccv/projects/my-project/notes.md

So:

You can open and use them normally
Claude (or any AI tool) can read them
They are not inside your repo

Quick Usage

ccv init
ccv add notes.md
ccv push

That’s basically it.

What I Use It For

Prompt collections
AI-generated notes
Debugging experiments
Architecture drafts

Anything I don’t want to commit but don’t want to lose either.

Why It Helped Me

Keeps repos clean
Works across multiple projects
Everything stays local
Still version controlled (Git)

It removed a small but constant annoyance from my workflow.

Why I Made This

I was hitting the same problem again and again across projects.

AI is useful, but it leaves a lot of noise behind.

I just wanted a clean separation between:

actual code
everything else

Try It

If you’re dealing with the same issue, you can check it out here:

https://github.com/takielias/claude-code-vault

If It Helps You

It’s completely free.

If it ends up saving you time or making your workflow easier,
you can support me here:

https://buymeacoffee.com/takielias

That’s it.

Nothing fancy. Just something that made my daily workflow cleaner.

PHP Requests Don’t Look Like Browsers — So I Built One

Taki Elias — Thu, 12 Mar 2026 15:29:50 +0000

Modern websites detect bots using TLS fingerprints, not just HTTP headers.

Most PHP HTTP clients rely on curl, which means their TLS fingerprint always looks the same.

So I built a PHP extension that makes requests look like real browsers.

I tried scraping a website using PHP.

The first request worked.

The second request failed.

The third request got blocked.

At first I assumed the usual things were wrong. Maybe the User-Agent header. So I changed it to Chrome.

Still blocked.

Then I copied every header Chrome sends.

Still blocked.

That’s when I realized something interesting.

The server wasn’t detecting my script using HTTP headers.

It was detecting it before the HTTP request even arrived.

The Layer Most Developers Don’t See

Most developers think HTTP requests look like this:

Headers
Cookies
User-Agent
Body

But modern bot protection systems look deeper.

Before your HTTP request reaches the server, your client performs a TLS handshake.

That handshake contains details like:

cipher suites
TLS extensions
ALPN negotiation
HTTP/2 settings

Together these create a TLS fingerprint.

Different clients produce different fingerprints.

Example:

Chrome → Chrome TLS fingerprint
Firefox → Firefox TLS fingerprint
curl → curl TLS fingerprint

Even if you perfectly copy Chrome headers, the TLS fingerprint still reveals the truth.

The PHP Problem

Most PHP HTTP clients rely on libcurl.

Examples:

curl extension
Guzzle
Symfony HTTP client

Which means most PHP requests share the same fingerprint:

curl

To modern bot protection systems, that’s easy to detect.

Changing headers doesn’t help because the TLS handshake still exposes the client.

The Idea

I wanted PHP requests to behave like real browsers, not curl.

But implementing a custom TLS stack in PHP is not realistic. That kind of work requires a systems language.

That’s where Rust comes in.

I discovered a Rust networking library called wreq, and on top of it a project called rnet that can impersonate real browsers at the TLS and HTTP/2 level.

It supports profiles like:

Chrome
Firefox
Safari
Edge
OkHttp

Meaning the request genuinely behaves like those browsers.

The problem was that Rust libraries can’t be used directly from PHP.

Unless you build a PHP extension.

Bridging Rust and PHP

I used a project called ext-php-rs, which allows writing PHP extensions in Rust.

The idea became:

Rust networking stack
+
PHP extension
=
Browser-like HTTP requests from PHP

After a lot of experimentation (and fighting with build tools, BoringSSL, and PHP ABI differences), it finally worked.

Traditional PHP Request

PHP Script
     ↓
libcurl
     ↓
TLS fingerprint: curl
     ↓
Server detects bot

Using php-rnet

PHP Script
     ↓
php-rnet
     ↓
TLS fingerprint: Chrome
     ↓
Server sees a browser

Introducing php-rnet

The result is php-rnet — a PHP extension that allows PHP to send HTTP requests that look like real browsers.

Example:

$resp = RNet\get("https://httpbin.org/get");
echo $resp->text();

Or using a reusable client:

$b = new RNet\ClientBuilder();
$b->timeout(30);
$client = $b->build();

$resp = $client->get("https://httpbin.org/get");

But the interesting part is browser impersonation.

$b = new RNet\ClientBuilder();
$b->impersonate(RNet\Emulation::CHROME_136);
$client = $b->build();

$resp = $client->get("https://tls.browserleaks.com/json");

To the server, this request looks like it came from Chrome 136.

Even though it came from a PHP script.

Why This Matters

Modern bot protection systems analyze more than just HTTP headers.

They examine how clients behave at the TLS and HTTP/2 level.

Tools like php-rnet make it possible to reproduce real browser traffic from backend code.

Some possible use cases include:

automation
scraping
testing bot detection systems
research

Final Thoughts

PHP is usually seen as a high-level web language.

But combining it with Rust opens up interesting possibilities.

In this case, it allowed PHP to speak the same network language as modern browsers.

If you're curious about the project, you can find it here:

Blog post explaining the project:
https://docs.ebuz.xyz/blog/posts/php-requests-dont-look-like-browsers

https://github.com/takielias/php-rnet

🚀 Contract Resolver: Auto-Bind Repositories & Services in Laravel

Taki Elias — Sat, 05 Jul 2025 09:52:53 +0000

Are you tired of manually binding interfaces to implementations in Laravel? Or creating the same service and repository boilerplate over and over?

Meet Contract Resolver, a Laravel package that handles this for you — cleanly and automatically.

🎯 What Is It?

Contract Resolver helps you follow Laravel's Repository + Service pattern by:

Auto-binding interfaces to implementations
Generating services/repositories/interfaces using artisan commands
Supporting nested namespaces
Requiring zero dependencies

🔧 Installation

composer require takielias/contract-resolver

Optionally publish the config file:

php artisan vendor:publish --provider="TakiElias\ContractResolver\ContractResolverServiceProvider" --tag="contract-resolver.config"

✨ Artisan Commands

You can generate everything interactively:

php artisan cr:make

Or individually:

php artisan cr:make-repo Product
php artisan cr:make-service Product

It also supports nested paths:

php artisan cr:make-repo Admin\\User

📁 Convention-Based Binding

Just follow this structure:

app/
├── Contracts/
│   └── Repositories/
│       └── UserRepositoryInterface.php
├── Repositories/
│   └── UserRepository.php

And the binding happens automatically! You can inject interfaces like:

public function __construct(UserRepositoryInterface $userRepo) {
    $this->userRepo = $userRepo;
}

🧪 Testing

Run tests:

composer test

With coverage:

composer test-coverage

🛠 Why Use It?

✅ Clean, testable Laravel apps
✅ Focus more on business logic
✅ No need to manually bind contracts
✅ Fully customizable

🔗 Links

🔸 GitHub: https://github.com/takielias/contract-resolver
🔸 Packagist: takielias/contract-resolver

If you find this useful, give it a ⭐ on GitHub. I'd love your feedback or contributions!

Laravel Tablar Admin Dashboard

Taki Elias — Sun, 23 Oct 2022 14:58:27 +0000

It's been 2 weeks that I have been working on a New Laravel Admin Dashboard Template.

jeroennoten/laravel-adminlte is a well-known admin dashboard laravel package. I used it in different projects. It's highly customizable & feature-rich. The dynamic menu generator with auth guard is the most fantastic feature of this laravel package.

Tabler is one of the most popular modern HTML dashboard templates. I used this template a few years ago. There is no laravel package like jeroennoten/laravel-adminlte for Tabler HTML template. So, I decided to build a new laravel admin dashboard package using the eye-catching design of Tabler HTML template. It's based on Bootstrap 5.0. You would get most of the Bootstrap features in this template.

Vite js Next Generation Frontend Tooling. It's super fast & faster than Webpack. I generally use laravel mix to build assets but In some cases, it performs slowly. Vite js is the default assets builder of the latest laravel. So, my plan was to use Vite & add a dynamic menu generator with auth guard.

Here it is.

Tabler + Laravel = TabLar

Laravel 9.0+ Tabler Dashboard Preset built for Fast Development with Dark Mode. It also contains a dynamic menu generator that helps to maintain navigation permission easily.

Light Mode

Light Mode

Dark Mode

Dark Mode

The installation process is pretty straightforward.

Prerequisites

PHP 8.0+
Fresh Laravel Framework (10.* +)
Composer
Node js >= 18.0

composer require takielias/tablar

First Install the preset

php artisan tablar:install

Now

npm install

Finally, export the config, assets & auth scaffolding.

php artisan tablar:export-all

N.B: You may export individual components. For assets.

php artisan tablar:export-asset

For config.

php artisan tablar:export-config

For auth scaffolding.

php artisan tablar:export-auth

For auth views.

php artisan tablar:export-views

Before starting the server don't forget to run migrate

php artisan migrate

Now run

npm run dev

Now visit your login route

N.B: If you use a virtual host for your laravel application, don't forget to change the APP_URL

APP_URL=http://your virtual host

Usage

To use the blade template provided by this package, just create a new blade file and extend the layout with @extends('tablar::page'). You may use the following code snippet:

@extends('tablar::page')

@section('content')
    <!-- Page header -->
    <div class="page-header d-print-none">
        <div class="container-xl">
            <div class="row g-2 align-items-center">
                <div class="col">
                    <h2 class="page-title">
                        Empty page
                    </h2>
                </div>
            </div>
        </div>
    </div>
    <!-- Page body -->
    <div class="page-body">
        <div class="container-xl">
            @if(config('tablar','display_alert'))
                @include('tablar::common.alert')
            @endif

            <!-- Page Content goes here -->

        </div>
    </div>
@endsection

Enable Display Alert

Make display_alert to true from tablar.php config file

Use Tabler Pagination

{!! $modelName->links('tablar::pagination') !!}

Customization

View : Use the below artisan command to export the views

php artisan tablar:export-views

All view files would be exported to resources/views/vendor/tablar directory. You can customize it to your requirements.

Menu: Use the below artisan command to export the config file.