Container registry behind reverse proxy with http or https?

Please execuse my mention of the earlier post. There was an existing discussion on this topic. @Fraeco @wei @xak2000

However, I am still confused on how the reverse proxy for registry can be set up.
In my system, I have Gitlab served in docker container using http. Https is made possible by apache2 reverse proxy.

I’ve read that the registry service has better to be on https service to avoid a bunch of configuration issues.

Does that mean I have to reverse proxy https for my registry service container (https->https)? Can I use the way I set up with Gitlab to serve my registry container as well (https->http)?

My configuration:
Apache2 frontend:

<Location "/">
     RequestHeader set X-Forwarded-Proto https
     RequestHeader set X-Forwarded-Ssl on
     RequestHeader set X-Url-Scheme https
ProxyPass / http://localhost:5000/
ProxyPassReverse / http://localhost:5000/
Include        /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/

Docker container backend (docker-compose.yml):

   image: 'gitlab/gitlab-ce:latest'
   restart: always
       external_url ''
       nginx['proxy_set_headers'] = {"X-Forwarded-Proto" => "http", "CUSTOM_HEADER" => "VALUE"}
       nginx['real_ip_trusted_addresses'] = [ '' ]
       nginx['real_ip_header'] = 'X-Forwarded-For'
       nginx['real_ip_recursive'] = 'on'
       nginx['listen_port'] = 1081
       nginx['listen_https'] = false
       registry_external_url ''
       registry_nginx['listen_port'] = 5050
       registry_nginx['listen_https'] = false
       registry_nginx['proxy_set_headers'] = {
         "X-Forwarded-Proto" => "https",
         "X-Forwarded-Ssl" => "on"
       # Add any other gitlab.rb configuration here, each on its own line
     - '5000:5050'
     - '1081:1081'
     - '1022:22'
     - '/home/gitlab/config:/etc/gitlab'
     - '/home/gitlab/logs:/var/log/gitlab'
     - '/home/gitlab/data:/var/opt/gitlab'

I only got a blank page when accessing the “”.

Thank you for any help.

Visiting the registry doesn’t appear to be a valid test. It isn’t expected to serve any valid web page - it only answers valid API calls made to it. Did you also test the external URL configured through docker login, and docker push or docker pull?

The docker registry documentation section about TLS configuration does note that you can set it up this way (https -> http).