diff --git a/group_vars/git.yml b/group_vars/git.yml
index ad11520d7f5c70b5a2818031c6aa42f2f05b14d4..cd1a75eded783d2d2e4ca795810ba84d6992b730 100644
--- a/group_vars/git.yml
+++ b/group_vars/git.yml
@@ -10,6 +10,7 @@ glob_gitlab:
     port: 389
     uid: 'uid'
     bind_dn: 'cn=gitlab,ou=service-users,dc=crans,dc=org'
+    bind_password: "{{ vault_gitlab_ldap_password }}"
     base: 'cn=Utilisateurs,dc=crans,dc=org'
     user_filter: '(&(!(shadowExpire=0))(uid=*))'
   cas_name: 'cas3'
@@ -18,22 +19,3 @@ glob_gitlab:
   smtp:
     address: "{{ query('ldap', 'ip', 'redisdead', 'adm') | first }}"
     port: 25
-
-glob_nginx:
-  service_name: gitlab-omnibus-ssl-nginx
-  servers:
-    - server_name:
-        - "gitlab.crans.org"
-      root: "/opt/gitlab/embedded/service/gitlab-rails/public"
-      locations:
-        - filter: "/"
-          params:
-            - "include snippets/options-proxypass.conf"
-            - "client_max_body_size 0"
-            - "gzip off"
-            - "proxy_read_timeout 300"
-            - "proxy_connect_timeout 300"
-            - "proxy_pass http://gitlab-workhorse"
-  upstreams:
-    - name: gitlab-workhorse
-      server: "unix:/var/opt/gitlab/gitlab-workhorse/sockets/socket fail_timeout=0"
diff --git a/host_vars/gitzly.adm.crans.org.yml b/host_vars/gitzly.adm.crans.org.yml
index 65032e0cad50651d497c4a291a29396900829c8f..731dc9212878d6c473e055b9b61c096891d8eccb 100644
--- a/host_vars/gitzly.adm.crans.org.yml
+++ b/host_vars/gitzly.adm.crans.org.yml
@@ -18,6 +18,21 @@ loc_certbot:
     certname: adm.crans.org
     domains: "*.adm.crans.org"
 
-loc_gitlab:
-  ldap:
-    bind_password: "{{ vault_gitlab_ldap_password }}"
+loc_nginx:
+  ssl:
+    - name: adm.crans.org
+      cert: /etc/letsencrypt/live/adm.crans.org/fullchain.pem
+      cert_key: /etc/letsencrypt/live/adm.crans.org/privkey.pem
+      trusted_cert: /etc/letsencrypt/live/adm.crans.org/chain.pem
+    - name: crans.org
+      cert: /etc/letsencrypt/live/crans.org/fullchain.pem
+      cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
+      trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
+  servers: []
+
+loc_reverseproxy:
+  reverseproxy_sites:
+    - {from: gitlab.crans.org, to: "127.0.0.1:8000"}
+    - {from: gitlab.adm.crans.org, to: "127.0.0.1:8000", ssl: adm.crans.corg}
+
+  static_sites: []