Registry/Mattermost and HTTPS-Redirect: Let's Encrypt validation fails

Summary

When configuring registry_nginx['redirect_http_to_https'] = true in gitlab.rb, the Let's Encrypt validation for the registry and the mattermost domain name fails due to a 301 redirect to gitlab When the redirect is not active, the default gitlab nginx server is used, thus the validation is successful.

Steps to reproduce

• Have gitlab.rb to include a Redirect from HTTP to HTTPS for Gitlab, Mattermost and the Registry
• Enable Let's Encrypt handling in gitlab

What is the current bug behavior?

• Let's Encrypt tries to validate three domains for one certificate: gitlab itself, registry and mattermost
• Registry and Mattermost can't be validated, as Let's Encrypt encounters a 301 redirect
• thus, the certificate can never be created

What is the expected correct behavior?

• if Lets Encrypt is enabled, the nginx configuration for Mattermost and the Registry will also include an Alias to the well-known directory, so validation can happen successfully.
• This is already the case for nginx-gitlab-http.conf.erb
• nginx-gitlab-registry-http.conf.erb is missing the Alias
• as well as nginx-gitlab-mattermost-http.conf.erb

Relevant logs

Relevant logs

52.29.173.72 - - [19/Oct/2018:16:59:04 +0000] "GET /.well-known/acme-challenge/9dfGptP5ICFj-IHtCb8-hPMoecywyqFwnR4bdTXGdvc HTTP/1.1" 301 178 "" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
13.58.30.69 - - [19/Oct/2018:16:59:04 +0000] "GET /.well-known/acme-challenge/9dfGptP5ICFj-IHtCb8-hPMoecywyqFwnR4bdTXGdvc HTTP/1.1" 301 178 "" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
34.213.106.112 - - [19/Oct/2018:16:59:05 +0000] "GET /.well-known/acme-challenge/9dfGptP5ICFj-IHtCb8-hPMoecywyqFwnR4bdTXGdvc HTTP/1.1" 301 178 "" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
66.133.109.36 - - [19/Oct/2018:16:59:05 +0000] "GET /.well-known/acme-challenge/9dfGptP5ICFj-IHtCb8-hPMoecywyqFwnR4bdTXGdvc HTTP/1.1" 301 178 "" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

Details of package version

Provide the package version installation details

ii  gitlab-ce                                            11.3.6-ce.0                     amd64                           GitLab Community Edition (including NGINX, Postgres, Redis)
un  gitlab-ci-multi-runner                                                                                   (no description available)
un  gitlab-ci-multi-runner-beta                                                                              (no description available)
un  gitlab-ee                                                                                                (no description available)
ii  gitlab-runner                                        11.3.1                          amd64                           GitLab Runner
un  gitlab-runner-beta                                                                                       (no description available)

Environment details

• Operating System: Debian Stretch
• Installation Target, remove incorrect values:
  • Bare Metal Machine
• Installation Type, remove incorrect values:
  • Other: Omnibus since version 8 or so
• Is there any other software running on the machine: no, just gitlab-omnibus with gitlab-runner (and docker)
• single node installation?
• Resources
  • CPU: 4 cores
  • Memory total: 32G

Configuration details

Provide the relevant sections of `/etc/gitlab/gitlab.rb`

external_url 'https://git.example.com'
nginx['redirect_http_to_https'] = true
letsencrypt['enable'] = true
registry['registry_enabled'] = true
mattermost_external_url 'https://team.example.com'
mattermost['enable'] = true
mattermost_nginx['port'] = 443
mattermost_nginx['redirect_http_to_https'] = true
registry_external_url 'https://registry.example.com'
registry_nginx['port'] = 443
registry_nginx['redirect_http_to_https'] = true