Gitlab registry via nginx reverse proxy fail

Please help with settings.
I have one server with gitlab and container registry. And second is nginx reverse proxy.
Web interface works good via nginx reverse proxy. Nginx reverse proxy take certificate for https. Gitlab work without certificate.
With registry I have problems.
Part of the config nginx reverse proxy:

upstream docker-registry {
server {
   listen       5050 ssl;
   access_log  /var/log/nginx/git-5050-access.log  main;
   error_log  /var/log/nginx/git-5050-error.log;

   client_max_body_size        0;
   chunked_transfer_encoding on;

    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_certificate /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;
location / {
proxy_set_header        Host $http_host;
proxy_set_header        X-Real-IP $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header        X-Forwarded-Proto $scheme;
proxy_cache off;
proxy_buffering off;
proxy_request_buffering off;
proxy_read_timeout                  900;
proxy_pass          http://docker-registry;


external_url ''
registry_external_url ''
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_host'] = ""
gitlab_rails['registry_port'] = "5050"
gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
gitlab_rails['registry_api_url'] = ""
registry['enable'] = true
nginx['listen_port'] = 80
nginx['proxy_set_headers'] = {
 "X-Forwarded-Proto" => "https",
 "X-Forwarded-Ssl" => "on",
nginx['real_ip_trusted_addresses'] = ['']
nginx['real_ip_header'] = 'X-Real-IP'
registry_nginx['enable'] = true
registry_nginx['real_ip_trusted_addresses'] = ['']
registry_nginx['real_ip_header'] = 'X-Real-IP'
registry_nginx['listen_port'] = 5050

With this config I can docker login from internet. But not work docker push. And didn’t work docker-in-docker in pipeline.

Error response from daemon: Get “”: Get “”: dial tcp connect: connection refused

When I change external_url to ‘’ (no https), i can’t login from internet:

Error response from daemon: Get “”: denied: access forbidden

But work pipeline with dind, it’s can login in registry.
I know about of a lot of similar themes, i try to fix it some days. And read a lot, but could not understand what is needed.

This little helped me: Exposing Gitlab (with builtin container registry) on nginx ( swag image) · GitHub
Maybe it’s wrong. Why git registry must use certificate for correct work via reverse proxy.