Hey again. Thanks a ton for your answer - I can see you put a lot of effort into it and it cleared up many things I was unsure about. 
I’m fine having only HTTP on GitLab (internally) if that works at least, as my structure here is as such:
Cloudflare <==HTTPS==> Nginx <==HTTP==> Host
As per the suggestion I have left bundled nginx enabled, GitLab ports remain the same: 7380 (http) + 7343 (https)
With the nginx sections and external_url commented out in gitlab.rb the external nginx can connect just fine to GitLab, but the only (major!) issue I have is that clicking Tasks goes to an invalid IP as per my original post.
Now, with external_url set and the remaining setup as prescribed, it still produces a 502 Bad Gateway error. Note, this is both with and without the previously mentioned location/{} block added to the external nginx.
# nginx
git.mydomain.org => http://192.168.178.20:7380
# below same config as all other hosts
'mydomain.org' Origin Certificate
> Force SSL
> HTTP/2 Support
> HSTS
# gitlab.rb
external_url 'http://git.mydomain.org:7380'
nginx['listen_port'] = 7380
nginx['proxy_protocol'] = true
letsencrypt['enable'] = false #nil
web_server['external_users'] = ['www-data']
nginx['proxy_set_headers'] = {
"Host" => "$http_host_with_default",
"X-Real-IP" => "$remote_addr",
"X-Forwarded-For" => "$proxy_add_x_forwarded_for",
"X-Forwarded-Proto" => "http",
# "X-Forwarded-Ssl" => "on",
# "Upgrade" => "$http_upgrade",
# "Connection" => "$connection_upgrade"
}
Other things I’ve tried:
- disabling HSTS / ForceSSL etc on the ext. nginx config (shouldn’t be necessary but I tried anyway)
- This topic although here, too, no luck
Do you happen to have any more pointers or where I could look for more info that may be emitted by gitlab?