server { listen 80; server_name lab.${DOMAIN} chat.${DOMAIN}; root /var/www/html/ ; include /etc/nginx/snippets/letsencrypt.conf; location / { return 301 https://$host$request_uri; } } server { listen 443 ssl; listen [::]:443 ssl; server_name lab.${DOMAIN} chat.${DOMAIN} ; access_log /var/log/nginx/gitlab.access.log; error_log /var/log/nginx/gitlab.error.log; # add Strict-Transport-Security to prevent man in the middle attacks #add_header Strict-Transport-Security "max-age=31536000"; ssl_certificate /ssl/certs/nginx.crt; ssl_certificate_key /ssl/private/nginx.key; root /var/www/html/ ; location / { client_max_body_size 0; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass ${LAB_INTERNAL} ; } } server { listen 443 ssl; listen [::]:443 ssl; server_name registry.${DOMAIN} ; access_log /var/log/nginx/gitlab-registry.access.log; error_log /var/log/nginx/gitlab-registry.error.log; # add Strict-Transport-Security to prevent man in the middle attacks #add_header Strict-Transport-Security "max-age=31536000"; # disable any limits to avoid HTTP 413 for large image uploads client_max_body_size 0; # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) chunked_transfer_encoding on; ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; include /etc/nginx/snippets/letsencrypt.conf; root /var/www/html/ ; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass ${REGISTRY_INTERNAL}; proxy_read_timeout 900; } }