Nginx configure SSL load balancer -

i have docker server have installed gitlab sameersbn/docker-gitlab

i have nginx container listen 443:433 , 80:80, use 1 load balance http , https (with signed cert) requests

nginx.conf

worker_processes auto;  events { worker_connections 1024; }  http {      ##     # logging settings     ##      access_log /var/log/nginx/access.log;     error_log /var/log/nginx/error.log;       upstream gitlab {         server gitlab:10080;     }      server {         listen 80;         listen 443 ssl;         server_name www.domain.tld;          ssl on;         ssl_certificate         /usr/local/share/ca-certificates/domain.crt;         ssl_certificate_key     /usr/local/share/ca-certificates/domain.key;         ssl_trusted_certificate /usr/local/share/ca-certificates/gandistandardsslca2.pem;          ssl_session_timeout 5m;          ssl_protocols tlsv1 tlsv1.1 tlsv1.2;         ssl_ciphers "high:!anull:!md5 or high:!anull:!md5:!3des";         ssl_prefer_server_ciphers on;          root /usr/share/nginx/html;          location /git/ {             proxy_pass http://gitlab;             proxy_set_header x-forwarded-ssl on;             proxy_set_header host $host;             proxy_set_header x-real-ip $remote_addr;             proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;             proxy_set_header x-forwarded-proto $scheme;         }     } 

without ssl, working url acces gitlab http://www.domain.tld:10080/git

with ssl, want url https://www.domain.tld/git

using nginx load balancer configuration

when go on http://www.domain.tld/git

400 bad request  plain http request sent https port 

when go on https://www.domain.tld/git

err_connection_refused 

these first signed certificate, how supposed work ?

to solve problem there 2 steps required:

1. make nginx redirect http https
2. make gitlab listen port 80 via http

why make gitlab listen port 80? technique called ssl offload prevent redundant https encryption/decryption happen between upstream , web-server. required , makes sense in case of different hosts complex security requirements.

nginx

server {    listen         80;    server_name    www.domain.tld;    return         301 https://$server_name$request_uri; }  server {    listen         443 ssl;    server_name    www.domain.tld;     [....] 

}

gitlab

vi ./gitlab/config.yml gitlab_url: "http://server1.example.com" # http rather https