GitLab listen on both port 80 (http) and 443 (https)

Hi, I've a self hosted installation of GiaLab 8.16.0 on CentOS 7. I would like to reach GitLab on http from internal network, and use https for public access. In this case there's a nginx reverse proxy on a different machine that act as ssl terminator.

In gitlab.rc:

external_url 'http://git.mydomain.xx'

nginx['enable'] = true
nginx['client_max_body_size'] = '250m'
nginx['redirect_http_to_https'] = false
nginx['redirect_http_to_https_port'] = 80
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
  "Host" => "$http_host",
  "X-Real-IP" => "$remote_addr",
  "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
  "X-Forwarded-Proto" => "http",
  "X-Forwarded-Ssl" => "off"
}

All works fine when using GitLab on http.

But when I connect from an external network I get https connection compromised because some assets (like project avatar located in git.mydomain.xx/uploaded folder) are retrive via http. The reverse proxy rewrite the URL to https but this redirection cause the browser to show "Connection in not secure"

The GitLab logo works fine because use a relative path.

Is there a way to adjust this behaviour?

Best regards