Https>nginx(dedicated host)->https->nginx(VM)->gitlab = loop redirect

Hello

I have dedicated server(ubuntu 14.04 +1.4.6) with VM(ubuntu 14.04 + nginx-1.8.0).
I installed gitlab 7.12 to VM (with https). But for external access I must set up reverse-proxy on host server.
How???
Now I get:
Https>nginx(dedicated host)->https->nginx(VM)->gitlab = loop redirect


Nginx (dedicated host):

server {
        server_name repo.domain.com;
        listen 443;
        include /etc/nginx/ssl.conf;
        location / {
                proxy_pass https://192.168.124.5;
                proxy_set_header Host $http_host;
        }  }
server {
        server_name repo.domain.com;
        listen 80;
        location / {
                rewrite     ^(.*)   https://repo.domain.com$1 permanent;
        }  }

Nginx (VM):

upstream gitlab {
  server unix:/home/git/gitlab/tmp/sockets/gitlab.socket fail_timeout=0;
}


server {
  listen 80;
  server_name repo.domain.com;
  rewrite ^ https://$server_name$request_uri? permanent;
}



server {
  listen 443;
  server_name repo.domain.com;
  server_tokens off; ## Don't show the nginx version number, a security best practice
  root /home/git/gitlab/public;

  ## Increase this if you want to upload large attachments
  ## Or if you want to accept large git objects over http
  client_max_body_size 20m;

  ## See app/controllers/application_controller.rb for headers set

  ## ssl
  include /etc/nginx/ssl.conf;

  ## Individual nginx logs for this GitLab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

  location / {
    ## Serve static files from defined root folder.
    ## @gitlab is a named location for the upstream fallback, see below.
    try_files $uri $uri/index.html $uri.html @gitlab;
  }

  ## We route uploads through GitLab to prevent XSS and enforce access control.
  location /uploads/ {
    ## If you use HTTPS make sure you disable gzip compression
    ## to be safe against BREACH attack.
    # gzip off;

    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
 proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_set_header    X-Frame-Options     SAMEORIGIN;

    proxy_pass http://gitlab;
  }

  ## If a file, which is not found in the root folder is requested,
  ## then the proxy passes the request to the upsteam (gitlab unicorn).
  location @gitlab {
    ## If you use HTTPS make sure you disable gzip compression
    ## to be safe against BREACH attack.
    # gzip off;

    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_set_header    X-Frame-Options     SAMEORIGIN;

    proxy_pass http://gitlab;
  }

  ## Enable gzip compression as per rails guide:
  ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
  ## WARNING: If you are using relative urls remove the block below
  ## See config/application.rb under "Relative url support" for the list of
  ## other files that need to be changed for relative url support
  location ~ ^/(assets)/ {
    root /home/git/gitlab/public;
    gzip_static on; # to serve pre-gzipped version
    expires max;
    add_header Cache-Control public;
  }

  error_page 502 /502.html;
}

/home/git/gitlab/config/gitlab.yml

## GitLab settings
  gitlab:
    ## Web server settings (note: host is the FQDN, do not include http://)
    host: repo.domain.com
    port: 443 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
    https: true # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details

/home/git/gitlab-shell/config.yml

gitlab_url: "https://repo.domain.com/"
http_settings:
  ca_file: /etc/ssl/private/domain.com.chained.crt
  ca_path: /etc/ssl/private/
  self_signed_cert: false