This is more of a self note, but I think it might prove useful to someone else (even my future self).
The conventional way of configuring gitlab to be behind an ssl-proxy is to have the
external_url option with an
https url and the
nginx['listen_https'] option set to
false. However, gitlab’s nginx will still listen on the 443 port. Don’t forget to redirect to the right port…
It might take you some time and lengthy debugging to find out…
Et voilà !
Edit It seems that when doing that, forms don’t work anymore due to the CSRF token being tied to HTTP/HTTPS protocol, and the switch disorient it. I’ve forced the
X-Forwarded-Proto line to
https in the embedded nginx configuration, but its a ugly hack that need to be redone by hand in the docker container each reboot. Irk.