GitLab Runner: The requested URL returned error: 403

Issue:
When I try to fire off a job via a shared runner, I get the following error (full output is at the bottom of the post):
fatal: unable to access 'https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@git.url.com/myuser/myproject.git/': The requested URL returned error: 403

Asks

  1. Am I configuring my runner correctly? It’s making me bypass the Nginx reverse proxy, which is strange
  2. Is my Nginx Reverse Proxy possibly at fault? Conf file: https://gist.github.com/SlothCroissant/957574b1dacb8910f38755daa5b73926
  3. Is there something i’m missing in my gitlab.rb config?

Environment & Repro steps
GitLab running in Docker:

docker run -d --name='gitlab' \
 --net='bridge' \
 -p '9005:80/tcp' \
 -v '/mnt/zfs/docker/gitlab/config':'/etc/gitlab':'rw' \
 -v '/mnt/zfs/docker/gitlab/logs':'/var/log/gitlab':'rw' \
 -v '/mnt/zfs/docker/gitlab/data':'/var/opt/gitlab':'rw' \
 --hostname git.url.com \
 --env GITLAB_OMNIBUS_CONFIG="external_url 'https://git.url.com/'; nginx['listen_https'] = false; nginx['listen_port'] = 80" \
 'gitlab/gitlab-ce:latest'

GitLab-Runner running in Docker on the same host:

 docker run -d \
  --name gitlab-runner \
  --restart always \
  -v /mnt/zfs/docker/gitlab/gitlab-runner:/etc/gitlab-runner \
  -v /var/run/docker.sock:/var/run/docker.sock \
  gitlab/gitlab-runner:latest

This is all behind an Nginx reverse proxy with SSL termination at https://git.url.com (my own domain): https://gist.github.com/SlothCroissant/957574b1dacb8910f38755daa5b73926

I attempt to register my runner using the following:

docker exec -it gitlab-runner gitlab-runner --debug register -n \
  --url https://git.url.com/ \
  --registration-token "randomtoken" \
  --executor docker \
  --description "My Docker Runner" \
  --docker-image "docker:latest" \
  --docker-volumes /var/run/docker.sock:/var/run/docker.sock

When I attempt that registration, I get the following error:

Dialing: tcp git.url.com:443 ...
ERROR: Registering runner... forbidden (check registration token)  runner=randomtoken
PANIC: Failed to register this runner. Perhaps you are having network problems

When I attempt to register using http://git.url.com:9005 (bypassing the reverse proxy), it works:

Registering runner... succeeded                     runner=randomtoken
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

So now that it’s registered (correctly, i’m not entirely sure), I fire off a job on project https://git.url.com/myuser/myproject.git. It’s picked up by the runner, but fails:

Running with gitlab-runner 11.5.1 (7f00c780)
  on My Docker Runner 342bd3ee
Using Docker executor with image docker:latest ...
Starting service docker:dind ...
Pulling docker image docker:dind ...
Using docker image sha256:edbe3f3ad406799b528fe6633c5553725860566b638cdc252e0520010436869f for docker:dind ...
Waiting for services to be up and running...
Pulling docker image docker:latest ...
Using docker image sha256:062267097b77e3ecf374b437e93fefe2bbb2897da989f930e4750752ddfc822a for docker:latest ...
Running on runner-342bd3ee-project-2-concurrent-0 via b9950603add5...
Cloning repository...
Cloning into '/builds/myuser/myproject'...
fatal: unable to access 'http://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@git.url.com/myuser/myproject.git/': The requested URL returned error: 403
/bin/bash: line 66: cd: /builds/myuser/myproject: No such file or directory
ERROR: Job failed: exit code 1