server { listen 80 default_server; listen [::]:80 default_server; root /path/to/doc/root; index index.html index.htm; server_name example.com www.example.com; location / { try_files $uri $uri/ =404; } location /.well-known/acme-challenge/ { root /var/opt/gitlab/nginx/www/; } } server { listen 443 ssl; listen [::]:443 ssl; root /path/to/doc/root; index index.html index.htm; server_name example.com www.example.com; # Refer to Gitlabs letsencrypt cert here. ssl_certificate /etc/gitlab/ssl/gitlab.example.com.crt; ssl_certificate_key /etc/gitlab/ssl/gitlab.example.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; location / { try_files $uri $uri/ =404; } location /.well-known/acme-challenge/ { root /var/opt/gitlab/nginx/www/; } }