diff --git a/gitlab/group_vars/all/main.yml b/gitlab/group_vars/all/main.yml
index c0babfc..168f54f 100755
--- a/gitlab/group_vars/all/main.yml
+++ b/gitlab/group_vars/all/main.yml
@@ -3,5 +3,5 @@ gitlab_dir:
   - "/home/{{ansible_user}}/.gitlab2/config"
   - "/home/{{ansible_user}}/.gitlab2/log"
   - "/home/{{ansible_user}}/.gitlab2/data"
-  - "/home/{{ansible_user}}/.gitlab2/config/cert"
+  - "/home/{{ansible_user}}/.gitlab2/config/ssl"
 
diff --git a/gitlab/roles/docker_gitlab/tasks/main.yml b/gitlab/roles/docker_gitlab/tasks/main.yml
index e0bb98d..6924886 100755
--- a/gitlab/roles/docker_gitlab/tasks/main.yml
+++ b/gitlab/roles/docker_gitlab/tasks/main.yml
@@ -5,18 +5,19 @@
     dest: "{{gitlab_dir[0]}}/docker-compose.yml"
     owner: "{{ansible_user}}"
     group: "{{ansible_user}}"
-    mode: 0777
+    mode: 0755
 
 - name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
   openssl_privatekey:
     path: "{{gitlab_dir[4]}}/gitlab.key"
+    size: 4096
      
 - name: Generate an OpenSSL Certificate Signing Request
   openssl_csr:
     path: "{{gitlab_dir[4]}}/gitlab.csr"
     privatekey_path: "{{gitlab_dir[4]}}/gitlab.key"
     #common_name: "{{ansible_hostname}"
-    common_name: man-dan-03
+    common_name: "man-dan-03"
     subject_alt_name: "{{ item.value | map('regex_replace', '^', 'DNS:') | list }}"
   with_dict:
     dns_server:
@@ -29,6 +30,7 @@
     privatekey_path: "{{gitlab_dir[4]}}/gitlab.key"
     csr_path: "{{gitlab_dir[4]}}/gitlab.csr"
     provider: selfsigned
+    entrust_not_after: 365d
 
 #- name: deploy Docker Compose stack
 #  docker_compose:
diff --git a/gitlab/roles/docker_gitlab/templates/docker-compose.yml.j2 b/gitlab/roles/docker_gitlab/templates/docker-compose.yml.j2
index ffa7263..7377539 100755
--- a/gitlab/roles/docker_gitlab/templates/docker-compose.yml.j2
+++ b/gitlab/roles/docker_gitlab/templates/docker-compose.yml.j2
@@ -7,11 +7,14 @@ services:
     container_name: gitlab-ce
     environment:
       GITLAB_OMNIBUS_CONFIG: |
+        gitlab_rails['time_zone'] = 'Europe/Berlin'
         external_url 'https://{{ansible_host}}'
         gitlab_rails['gitlab_shell_ssh_port'] = {{ssh_port}}
         nginx['listen_port'] = 443
-        nginx['ssl_certificate'] = '/etc/gitlab/certs/gitlab.cer'
-        nginx['ssl_certificate_key'] = '/etc/gitlab/certs/gitlab.key'
+        nginx['redirect_http_to_https'] = true
+        nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.cer"
+        nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.key"
+        nginx['ssl_protocols'] = "TLSv1.1 TLSv1.2"
     ports:
       - '{{http_ssl}}:443'
       - '{{ssh_port}}:22'