SSL and reverse proxy

Hi,
I’m a noob concerning ssl and apache configuration, and I have trouble understanding how everything is supposed to work together.

Currently, I have a server with apache and a star certificate for mydomain redirecting all https://gitlab.mydomain.com request on http://gitlab-server:80 where my docker gitlab instance is running and have not configured anything ssl related (the same goes for mattermost on port 8066 which runs in the same docker)

It works, but it feels wrong.

For example this is what I have configured for mattermost
mattermost_external_url ‘http://mattermost.mydomain.com’ # not https
mattermost[‘service_allowed_untrusted_internal_connections’] = “gitlab-server”
mattermost[‘gitlab_auth_endpoint’] = “https://gitlab.mydomain.com/oauth/authorize
mattermost[‘gitlab_token_endpoint’] = “http://gitlab-server/oauth/token
mattermost[‘gitlab_user_api_endpoint’] = “http://gitlab-server/api/v4/user

I don’t understand when I should use https, gitlab.mydomain.com and gitlab-server

I thing it would be easier if I would be using https://gitlab.mydomain.com everywhere.
For that, should I create a gitlab-server (or gitlab-server.myotherdomain.com) ssl certificate and give it to gitlab or should I give my mydomain star certificate to gitlab ?

Sorry for the noob question.