Gitlab gives Error 404 not found

So I’ve tried installing gitlab multiple ways and I always seem to have the same problems.
nginx gives me error 404 not found even though I’ve followed well the tutorial but it still gives error.
It is a basic installation with no ldap or whatsoever activated but with ssl I’m running nextcloud on the nginx server with ssl and it’s working fine, only gitlab is giving me a hard time

Result of env info
System information
System:		Ubuntu 16.04
Current User:	git
Using RVM:	no
Ruby Version:	2.3.7p456
Gem Version:	2.5.2.3
Bundler Version:1.16.1
Rake Version:	12.3.0
Redis Version:	4.0.9
Git Version:	2.9.5
Sidekiq Version:5.0.5
Go Version:	go1.8.3 linux/amd64

GitLab information
Version:	10.7.1
Revision:	d4fcc8a
Directory:	/home/git/gitlab
DB Adapter:	postgresql
URL:		https://redval.sytes.net/gitlab/
HTTP Clone URL:	https://redval.sytes.net/gitlab/some-group/some-project.git
SSH Clone URL:	git@redval.sytes.net:some-group/some-project.git
Using LDAP:	no
Using Omniauth:	no

GitLab Shell
Version:	7.1.2
Repository storage paths:
- default: 	/home/git/repositories
Hooks:		/home/git/gitlab-shell/hooks
Git:		/usr/local/bin/git

Result of check
Checking GitLab Shell ...

GitLab Shell version >= 7.1.2 ? ... OK (7.1.2)
Repo base directory exists?
default... yes
Repo storage directories are symlinks?
default... no
Repo paths owned by git:root, or git:git?
default... yes
Repo paths access is drwxrws---?
default... yes
hooks directories in repos are links: ... can't check, you have no projects
Running /home/git/gitlab-shell/bin/check
Check GitLab API access: FAILED: Failed to connect to internal API
gitlab-shell self-check failed
  Try fixing it:
  Make sure GitLab is running;
  Check the gitlab-shell configuration file:
  sudo -u git -H editor /home/git/gitlab-shell/config.yml
  Please fix the error above and rerun the checks.

Checking GitLab Shell ... Finished

Checking Sidekiq ...

Running? ... yes
Number of Sidekiq processes ... 1

Checking Sidekiq ... Finished

Reply by email is disabled in config/gitlab.yml
Checking LDAP ...

LDAP is disabled in config/gitlab.yml

Checking LDAP ... Finished

Checking GitLab ...

Git configured correctly? ... yes
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config up to date? ... yes
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory exists? ... yes
Uploads directory has correct permissions? ... yes
Uploads directory tmp has correct permissions? ... skipped (no tmp uploads folder yet)
Init script exists? ... yes
Init script up-to-date? ... yes
Projects have namespace: ... can't check, you have no projects
Redis version >= 2.8.0? ... yes
Ruby version >= 2.3.5 ? ... yes (2.3.7)
Git version >= 2.9.5 ? ... yes (2.9.5)
Git user has default SSH configuration? ... yes
Active users: ... 1

Checking GitLab ... Finished


config/gitlab.yml
production: &base
    host: redval.sytes.net
    port: 443 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
    https: true # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
    relative_url_root: /gitlab/
    trusted_proxies:
      # Examples:
      192.168.1.2/24
      127.0.0.1
      192.168.1.2
    # Uncomment and set to false if you need to disable email sending from GitLab (default: true)
    email_enabled: false
    # Email address used in the "From" field in mails sent by GitLab
    email_from: reda.drissi@yahoo.fr
    email_display_name: GitLab
    email_reply_to: drissi.reda4@gmail.com
    email_subject_suffix: ''

    # Email server smtp settings are in config/initializers/smtp_settings.rb.sample

    # default_can_create_group: false  # default: true
    # username_changing_enabled: false # default: true - User can change her username/namespace
    ## Default theme ID
    ##   1 - Indigo
    ##   2 - Dark
    ##   3 - Light
    ##   4 - Blue
    ##   5 - Green
    # default_theme: 1 # default: 1
    # issue_closing_pattern: '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing)|[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)'

    ## Default project features settings
    default_projects_features:
      issues: true
      merge_requests: true
      wiki: true
      snippets: true
      builds: true
      container_registry: true

    ## Repository downloads directory
    # When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory.
    # The default is 'shared/cache/archive/' relative to the root of the Rails app.
    # repository_downloads_path: shared/cache/archive/
  incoming_email:
    enabled: false

    # The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
    # The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`).
    address: "gitlab-incoming+%{key}@gmail.com"
    user: "gitlab-incoming@gmail.com"
    # Email account password
    password: "[REDACTED]"

    # IMAP server host
    host: "imap.gmail.com"
    # IMAP server port
    port: 993
    # Whether the IMAP server uses SSL
    ssl: true
    # Whether the IMAP server uses StartTLS
    start_tls: false

    # The mailbox where incoming mail will end up. Usually "inbox".
    mailbox: "inbox"
    # The IDLE command timeout.
    idle_timeout: 60

  ## Build Artifacts
  artifacts:
    enabled: true
    #   remote_directory: artifacts # The bucket name
    #   background_upload: false # Temporary option to limit automatic upload (Default: true)
    #   proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
    

  ## Git LFS
  lfs:
    enabled: true
    # The location where LFS objects are stored (default: shared/lfs-objects).
    # storage_path: shared/lfs-objects
    object_store:
      enabled: false
      remote_directory: lfs-objects # Bucket name
      # direct_upload: false # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false)
      # background_upload: false # Temporary option to limit automatic upload (Default: true)
      # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
      connection:
        provider: AWS
        aws_access_key_id: AWS_ACCESS_KEY_ID
        aws_secret_access_key: AWS_SECRET_ACCESS_KEY
        region: us-east-1

  ## Uploads (attachments, avatars, etc...)
  uploads:
    # The location where uploads objects are stored (default: public/).
    # storage_path: public/
    # base_dir: uploads/-/system
    object_store:
      enabled: false
      # remote_directory: uploads # Bucket name
      # direct_upload: false # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false)
      # background_upload: false # Temporary option to limit automatic upload (Default: true)
      # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
    connection:
      provider: AWS
      aws_access_key_id: AWS_ACCESS_KEY_ID
      aws_secret_access_key: AWS_SECRET_ACCESS_KEY
      region: us-east-1
      # host: 'localhost' # default: s3.amazonaws.com
      # endpoint: 'http://127.0.0.1:9000' # default: nil
      # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'

  ## GitLab Pages
  pages:
    enabled: false
    # The location where pages are stored (default: shared/pages).
    # path: shared/pages

    # The domain under which the pages are served:
    # http://group.example.com/project
    # or project path can be a group page: group.example.com
    host: example.com
    port: 80 # Set to 443 if you serve the pages with HTTPS
    https: false # Set to true if you serve the pages with HTTPS
    artifacts_server: true
    # external_http: ["1.1.1.1:80", "[2001::1]:80"] # If defined, enables custom domain support in GitLab Pages
    # external_https: ["1.1.1.1:443", "[2001::1]:443"] # If defined, enables custom domain and certificate support in GitLab Pages

  ## Mattermost
  ## For enabling Add to Mattermost button
  mattermost:
    enabled: false
    host: 'https://mattermost.example.com'

  gravatar:
    # Gravatar/Libravatar URLs: possible placeholders: %{hash} %{size} %{email} %{username}
    # plain_url: "http://..."     # default: https://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
    # ssl_url:   "https://..."    # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon

  ## Sidekiq
  sidekiq:
    log_format: default # (json is also supported)

  ## Auxiliary jobs
  # Periodically executed jobs, to self-heal GitLab, do external synchronizations, etc.
  # Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
  cron_jobs:
    # Flag stuck CI jobs as failed
    stuck_ci_jobs_worker:
      cron: "0 * * * *"
    # Execute scheduled triggers
    pipeline_schedule_worker:
      cron: "19 * * * *"
    # Remove expired build artifacts
    expire_build_artifacts_worker:
      cron: "50 * * * *"
    # Periodically run 'git fsck' on all repositories. If started more than
    # once per hour you will have concurrent 'git fsck' jobs.
    repository_check_worker:
      cron: "20 * * * *"
    # Send admin emails once a week
    admin_email_worker:
      cron: "0 0 * * 0"

    # Remove outdated repository archives
    repository_archive_cache_worker:
      cron: "0 * * * *"

    # Verify custom GitLab Pages domains
    pages_domain_verification_cron_worker:
      cron: "*/15 * * * *"

  registry:
    # enabled: true
    # host: registry.example.com
    # port: 5005
    # api_url: http://localhost:5000/ # internal address to the registry, will be used by GitLab to directly communicate with API
    # key: config/registry.key
    # path: shared/registry
    # issuer: gitlab-issuer

  #
  # 2. GitLab CI settings
  # ==========================

  gitlab_ci:

  #
  # 3. Auth settings
  # ==========================

  ## LDAP settings
  # You can test connections and inspect a sample of the LDAP users with login
  # access by running:
  #   bundle exec rake gitlab:ldap:check RAILS_ENV=production
  ldap:
    enabled: false
    servers:
      main: # 'main' is the GitLab 'provider ID' of this LDAP server
        ## label
        #
        # A human-friendly name for your LDAP server. It is OK to change the label later,
        # for instance if you find out it is too large to fit on the web page.
        #
        # Example: 'Paris' or 'Acme, Ltd.'
        label: 'LDAP'

        # Example: 'ldap.mydomain.com'
        host: '_your_ldap_server'
        # This port is an example, it is sometimes different but it is always an integer and not a string
        port: 389 # usually 636 for SSL
        uid: 'sAMAccountName' # This should be the attribute, not the value that maps to uid.

        # Examples: 'america\\momo' or 'CN=Gitlab Git,CN=Users,DC=mydomain,DC=com'
        bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
        password: '_the_password_of_the_bind_user'
        encryption: 'plain'

        # Enables SSL certificate verification if encryption method is
        # "start_tls" or "simple_tls". Defaults to true.
        verify_certificates: true

        # Specifies the path to a file containing a PEM-format CA certificate,
        # e.g. if you need to use an internal CA.
        #
        #   Example: '/etc/ca.pem'
        #
        ca_file: ''

        # Specifies the SSL version for OpenSSL to use, if the OpenSSL default
        # is not appropriate.
        #
        #   Example: 'TLSv1_1'
        #
        ssl_version: ''

        # Set a timeout, in seconds, for LDAP queries. This helps avoid blocking
        # a request if the LDAP server becomes unresponsive.
        # A value of 0 means there is no timeout.
        timeout: 10

        # This setting specifies if LDAP server is Active Directory LDAP server.
        # For non AD servers it skips the AD specific queries.
        # If your LDAP server is not AD, set this to false.
        active_directory: true
        # disable this setting, because the userPrincipalName contains an '@'.
        allow_username_or_email_login: false

       
        block_auto_created_users: false

        # Base where we can search for users
        #
        #   Ex. 'ou=People,dc=gitlab,dc=example' or 'DC=mydomain,DC=com'
        #
        base: ''

    
        user_filter: ''

        
        attributes:
          # The username will be used in paths for the user's own projects
          # (like `gitlab.example.com/username/project`) and when mentioning
          # them in issues, merge request and comments (like `@username`).
          # If the attribute specified for `username` contains an email address,
          # the GitLab username will be the part of the email address before the '@'.
          username: ['uid', 'userid', 'sAMAccountName']
          email:    ['mail', 'email', 'userPrincipalName']

          # If no full name could be found at the attribute specified for `name`,
          # the full name is determined using the attributes specified for
          # `first_name` and `last_name`.
          name:       'cn'
          first_name: 'givenName'
          last_name:  'sn'

        # If lowercase_usernames is enabled, GitLab will lower case the username.
        lowercase_usernames: false



  ## OmniAuth settings
  omniauth:
    # Allow login via Twitter, Google, etc. using OmniAuth providers
    enabled: false

    # Uncomment this to automatically sign in with a specific omniauth provider's without
    # showing GitLab's sign-in page (default: show the GitLab sign-in page)
    # auto_sign_in_with_provider: saml
    allow_single_sign_on: ["saml"]

    # Locks down those users until they have been cleared by the admin (default: true).
    block_auto_created_users: true
    # Look up new users in LDAP servers. If a match is found (same uid), automatically
    # link the omniauth identity with the LDAP account. (default: false)
    auto_link_ldap_user: false

    # Allow users with existing accounts to login and auto link their account via SAML
    # login, without having to do a manual login first and manually add SAML
    # (default: false)
    auto_link_saml_user: false
    external_providers: []
    providers:
      

    # SSO maximum session duration in seconds. Defaults to CAS default of 8 hours.
    # cas3:
    #   session_duration: 28800

  # Shared file storage settings
  shared:
    # path: /mnt/gitlab # Default: shared

  # Gitaly settings
  gitaly:
    # Path to the directory containing Gitaly client executables.
    client_path: /home/git/gitaly/bin
    # Default Gitaly authentication token. Can be overriden per storage. Can
    # be left blank when Gitaly is running locally on a Unix socket, which
    # is the normal way to deploy Gitaly.
    token:

  #
  # 4. Advanced settings
  # ==========================

  ## Repositories settings
  repositories:
    # Paths where repositories can be stored. Give the canonicalized absolute pathname.
    # IMPORTANT: None of the path components may be symlink, because
    # gitlab-shell invokes Dir.pwd inside the repository path and that results
    # real path not the symlink.
    storages: # You must have at least a `default` storage path.
      default:
        path: /home/git/repositories/
        gitaly_address: unix:/home/git/gitlab/tmp/sockets/private/gitaly.socket # TCP connections are supported too (e.g. tcp://host:port)
        # gitaly_token: 'special token' # Optional: override global gitaly.token for this storage.

  ## Backup settings
  backup:
    path: "tmp/backups"   # Relative paths are relative to Rails.root (default: tmp/backups/)
    # archive_permissions: 0640 # Permissions for the resulting backup.tar file (default: 0600)
    # keep_time: 604800   # default: 0 (forever) (in seconds)
    # pg_schema: public     # default: nil, it means that all schemas will be backed up
    # upload:
   
  ## GitLab Shell settings
  gitlab_shell:
    path: /home/git/gitlab-shell/
    hooks_path: /home/git/gitlab-shell/hooks/

   

    # Git over HTTP
    upload_pack: true
    receive_pack: true

    # Git import/fetch timeout, in seconds. Defaults to 3 hours.
    # git_timeout: 10800

    # If you use non-standard ssh port you need to specify it
    # ssh_port: 22

  workhorse:
    # File that contains the secret key for verifying access for gitlab-workhorse.
    # Default is '.gitlab_workhorse_secret' relative to Rails.root (i.e. root of the GitLab app).
    # secret_file: /home/git/gitlab/.gitlab_workhorse_secret

  ## Git settings
  # CAUTION!
  # Use the default values unless you really know what you are doing
  git:
    bin_path: /usr/local/bin/git

 
  webpack:
    # dev_server:
    #   enabled: true
    #   host: localhost
    #   port: 3808

  ## Monitoring
  # Built in monitoring settings
  monitoring:
    # Time between sampling of unicorn socket metrics, in seconds
    # unicorn_sampler_interval: 10
    # IP whitelist to access monitoring endpoints
    ip_whitelist:
      - 127.0.0.0/8

    # Sidekiq exporter is webserver built in to Sidekiq to expose Prometheus metrics
    sidekiq_exporter:
    #  enabled: true
    #  address: localhost
    #  port: 3807

  #
  # 5. Extra customization
  # ==========================

  extra:
    ## Google analytics. Uncomment if you want it
    # google_analytics_id: '_your_tracking_id'

    ## Piwik analytics.
    # piwik_url: '_your_piwik_url'
    # piwik_site_id: '_your_piwik_site_id'

  rack_attack:
    git_basic_auth:
      # Rack Attack IP banning enabled
      # enabled: true
      #
      # Whitelist requests from 127.0.0.1 for web proxies (NGINX/Apache) with incorrect headers
      # ip_whitelist: ["127.0.0.1"]
      #
      # Limit the number of Git HTTP authentication attempts per IP
      # maxretry: 10
      #
      # Reset the auth attempt counter per IP after 60 seconds
      # findtime: 60
      #
      # Ban an IP for one hour (3600s) after too many auth attempts
      # bantime: 3600

development:
  <<: *base

test:
  <<: *base
  gravatar:
    enabled: true
  lfs:
    enabled: false
    # The location where LFS objects are stored (default: shared/lfs-objects).
    # storage_path: shared/lfs-objects
    object_store:
      enabled: false
      remote_directory: lfs-objects # The bucket name
      connection:
        provider: AWS # Only AWS supported at the moment
        aws_access_key_id: AWS_ACCESS_KEY_ID
        aws_secret_access_key: AWS_SECRET_ACCESS_KEY
        region: us-east-1
  artifacts:
    path: tmp/tests/artifacts
    enabled: true
    # The location where build artifacts are stored (default: shared/artifacts).
    # path: shared/artifacts
    object_store:
      enabled: false
      remote_directory: artifacts # The bucket name
      background_upload: false
      connection:
        provider: AWS # Only AWS supported at the moment
        aws_access_key_id: AWS_ACCESS_KEY_ID
        aws_secret_access_key: AWS_SECRET_ACCESS_KEY
        region: us-east-1
  uploads:
    storage_path: tmp/tests/public
    object_store:
      enabled: false
      connection:
        provider: AWS # Only AWS supported at the moment
        aws_access_key_id: AWS_ACCESS_KEY_ID
        aws_secret_access_key: AWS_SECRET_ACCESS_KEY
        region: us-east-1
  gitlab:
    host: localhost
    port: 80

    # When you run tests we clone and setup gitlab-shell
    # In order to setup it correctly you need to specify
    # your system username you use to run GitLab
    # user: YOUR_USERNAME
  pages:
    path: tmp/tests/pages
  repositories:
    storages:
      default:
        path: tmp/tests/repositories/
        gitaly_address: unix:tmp/tests/gitaly/gitaly.socket
      broken:
        path: tmp/tests/non-existent-repositories
        gitaly_address: unix:tmp/tests/gitaly/gitaly.socket

  gitaly:
    client_path: tmp/tests/gitaly
    token: secret
  backup:
    path: tmp/tests/backups
  gitlab_shell:
    path: tmp/tests/gitlab-shell/
    hooks_path: tmp/tests/gitlab-shell/hooks/
  issues_tracker:
    redmine:
      title: "Redmine"
      project_url: "http://redmine/projects/:issues_tracker_id"
      issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
      new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
    jira:
      title: "JIRA"
      url: https://sample_company.atlassian.net
      project_key: PROJECT

  omniauth:
    enabled: true
    allow_single_sign_on: true
    external_providers: []

    providers:
      - { name: 'cas3',
          label: 'cas3',
          args: { url: 'https://sso.example.com',
                  disable_ssl_verification: false,
                  login_url: '/cas/login',
                  service_validate_url: '/cas/p3/serviceValidate',
                  logout_url: '/cas/logout'} }
      - { name: 'github',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET',
          url: "https://github.com/",
          verify_ssl: false,
          args: { scope: 'user:email' } }
      - { name: 'bitbucket',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET' }
      - { name: 'gitlab',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET',
          args: { scope: 'api' } }
      - { name: 'google_oauth2',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET',
          args: { access_type: 'offline', approval_prompt: '' } }
      - { name: 'facebook',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET' }
      - { name: 'twitter',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET' }
      - { name: 'jwt',
          app_secret: 'YOUR_APP_SECRET',
          args: {
                  algorithm: 'HS256',
                  uid_claim: 'email',
                  required_claims: ["name", "email"],
                  info_map: { name: "name", email: "email" },
                  auth_url: 'https://example.com/',
                  valid_within: nil,
                }
        }
      - { name: 'auth0',
          args: {
            client_id: 'YOUR_AUTH0_CLIENT_ID',
            client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
            namespace: 'YOUR_AUTH0_DOMAIN' } }
      - { name: 'authentiq',
          app_id: 'YOUR_CLIENT_ID',
          app_secret: 'YOUR_CLIENT_SECRET',
          args: { scope: 'aq:name email~rs address aq:push' } }
  ldap:
    enabled: false
    servers:
      main:
        label: ldap
        host: 127.0.0.1
        port: 3890
        uid: 'uid'
        encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
        base: 'dc=example,dc=com'
        user_filter: ''
        group_base: 'ou=groups,dc=example,dc=com'
        admin_group: ''

staging:
  <<: *base

gitlab-shell/config.yml
---
user: git
gitlab_url: https://127.0.0.1:8080/
http_settings:
  self_signed_cert: false
auth_file: "/home/git/.ssh/authorized_keys"
redis:
  bin: "/usr/local/bin/redis-cli"
  namespace: resque:gitlab
  socket: "/var/run/redis/redis.sock"
log_level: INFO
audit_usernames: false

Curl gives this

curl http://127.0.0.1:8080/gitslab/api/v4/internal/check
<html><body>You are being <a href="http://127.0.0.1:8080/users/sign_in">redirected</a>.</body></html>

curl with https :

curl https://127.0.0.1:8080/gitslab/api/v4/internal/checkcurl: (35) gnutls_handshake() failed: An unexpected TLS packet was received.

When changing gitlab-shell/config.yml url with http only it returns an error 302, the logs don’t add more than that.

nginx conf file

upstream gitlab-workhorse {
  # Gitlab socket file,
  # for Omnibus this would be: unix:/var/opt/gitlab/gitlab-workhorse/socket
  server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket fail_timeout=0;
}

map $http_upgrade $connection_upgrade_gitlab_ssl {
    default upgrade;
    ''      close;
}


## NGINX 'combined' log format with filtered query strings
log_format gitlab_ssl_access $remote_addr - $remote_user [$time_local] "$request_method $gitlab_ssl_filtered_request_uri $server_protocol" $status $body_bytes_sent "$gitlab_ssl_filtered_http_referer" "$http_user_agent";

## Remove private_token from the request URI
# In:  /foo?private_token=unfiltered&authenticity_token=unfiltered&rss_token=unfiltered&...
# Out: /foo?private_token=[FILTERED]&authenticity_token=unfiltered&rss_token=unfiltered&...
map $request_uri $gitlab_ssl_temp_request_uri_1 {
  default $request_uri;
  ~(?i)^(?<start>.*)(?<temp>[\?&]private[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
}

## Remove authenticity_token from the request URI
# In:  /foo?private_token=[FILTERED]&authenticity_token=unfiltered&rss_token=unfiltered&...
# Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=unfiltered&...
map $gitlab_ssl_temp_request_uri_1 $gitlab_ssl_temp_request_uri_2 {
  default $gitlab_ssl_temp_request_uri_1;
  ~(?i)^(?<start>.*)(?<temp>[\?&]authenticity[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
}

## Remove rss_token from the request URI
# In:  /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=unfiltered&...
# Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=[FILTERED]&...
map $gitlab_ssl_temp_request_uri_2 $gitlab_ssl_filtered_request_uri {
  default $gitlab_ssl_temp_request_uri_2;
  ~(?i)^(?<start>.*)(?<temp>[\?&]rss[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
}

## A version of the referer without the query string
map $http_referer $gitlab_ssl_filtered_http_referer {
  default $http_referer;
  ~^(?<temp>.*)\? $temp;
}


## Redirects all HTTP traffic to the HTTPS host
server {
  listen 0.0.0.0:80;
  listen [::]:80 ipv6only=on default_server;
  server_name redval.sytes.net; ## Replace this with something like gitlab.example.com
  server_tokens off; ## Don't show the nginx version number, a security best practice
  return 301 https://$http_host$request_uri;
  access_log  /var/log/nginx/gitlab_access.log gitlab_ssl_access;
  error_log   /var/log/nginx/gitlab_error.log;
}

## HTTPS host
server {
  listen 0.0.0.0:443 ssl;
  listen [::]:443 ipv6only=on ssl default_server;
  server_name redval.sytes.net; ## Replace this with something like gitlab.example.com
  server_tokens off; ## Don't show the nginx version number, a security best practice

  ## Strong SSL Security
  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
  ssl on;
  ssl_certificate /etc/letsencrypt/live/redval.sytes.net/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/redval.sytes.net/privkey.pem;
  # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 5m;

  ## See app/controllers/application_controller.rb for headers set

  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.

  ## [Optional] Generate a stronger DHE parameter:
  ##   sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
  ##
  # ssl_dhparam /etc/ssl/certs/dhparam.pem;

  ## [Optional] Enable HTTP Strict Transport Security
  # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

  ## Real IP Module Config
  ## http://nginx.org/en/docs/http/ngx_http_realip_module.html
  real_ip_header X-Real-IP; ## X-Real-IP or X-Forwarded-For or proxy_protocol
  real_ip_recursive off;    ## If you enable 'on'
  ## If you have a trusted IP address, uncomment it and set it
  # set_real_ip_from YOUR_TRUSTED_ADDRESS; ## Replace this with something like 192.168.1.0/24

  ## Individual nginx logs for this GitLab vhost
  access_log  /var/log/nginx/gitlab_access.log gitlab_ssl_access;
  error_log   /var/log/nginx/gitlab_error.log;

  location / {
    client_max_body_size 0;
    gzip off;

    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_http_version 1.1;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_set_header    Upgrade             $http_upgrade;
    proxy_set_header    Connection          $connection_upgrade_gitlab_ssl;

    proxy_pass http://gitlab-workhorse;
  }

  error_page 404 /404.html;
  error_page 422 /422.html;
  error_page 500 /500.html;
  error_page 502 /502.html;
  error_page 503 /503.html;
  location ~ ^/(404|422|500|502|503)\.html$ {
    # Location to the Gitlab's public directory,
    # for Omnibus this would be: /opt/gitlab/embedded/service/gitlab-rails/public
    root /home/git/gitlab/public;
    internal;
  }
}

If any other information is required please let me know.

EDIT: I have another conf file on nginx with the same hostname “redval.sytes.net
and running nginx -t returns :

nginx: [warn] conflicting server name "redval.sytes.net" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "redval.sytes.net" on [::]:80, ignored
nginx: [warn] conflicting server name "redval.sytes.net" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "redval.sytes.net" on [::]:443, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

does it mean that gitlab is ignored?

EDIT :
I have made it work but after restarting services and removing nextcloud conf file from nginx, the api check works and gitlab doesn’t give any errors, but the browser gives error 404 (from gitlab not nginx) and it doesn’t find any pages

EDIT:
I used a subdomain instead of a subdirectory and it works fine, so I guess the problem was with my nginx subdirectory config, I can’t seem to know what I did wrong so if anyone can please let me know.
The API problem went away as well after I added the new subdomain to my /etc/hosts and used that in the curl command (without https).

Hi,

I think it’s a permissions problem, and therefore you are redirected to the login page. You need to add an API token to your curl command like that:

curl --header “PRIVATE-TOKEN: XXXXXXXXXXXXXXXX” http://127.0.0.1:8080/gitslab/api/v4/internal/check

I know it is kind of weird but I installed gitlab on a subdomain instead of a subdirectory and apparently all issues were solved. This makes me think it was indeed a permission problem which is weird because I double checked all concerned files and folders, I even copied everything on an unused computer and did a chmod 777 everywhere and still had the same issues. I’m kinda trying to make the mail server work right now but I can only send emails to gmail, yahoo defers my emails.