Gitlab CE behind non-bundled reverse proxy (nginx, SSL)


I was following the guide for reverse proxy setups but cannot get a connection (with or without SSL).


  • OS: Ubuntu 18.04
  • SSL certs: Let’sencrypt
  • Reverse proxy: nginx

Important gitlab.rb vars

  • external_url = https://<domain>
  • nginx['enable'] = false
  • puma['enable'] = false
  • web_server['external_users'] = ['nginx']
  • gitlab_rails['trusted_proxies'] = ['', '', '2001:0db8::/32'] (not sure about this one, just went with the defaults?)

In addition I configured the example nginx-ssl .conf file in nginx.

nginx is running ok on port 80, forwarding to port 443 with SSL config.
gitlab-workhorse is running on -> is this ok?
In the nginx profile there is proxy_pass http://gitlab-workhorse;, I am wondering if this correct? Or do I need to pass port 9229 through?

Feels like I am close but I do not see what I should try anymore.
Any pointers would be highly appreciated.
I am happy to add any missing information.

Cheers, Patrick