upstream gitlab {
	server 172.17.42.1:10080;
}

## This is a normal HTTP host which redirects all traffic to the HTTPS host.
server {
	listen 80;
	server_name git.example.com;
	server_tokens off;
	root /dev/null;
	rewrite ^ https://$server_name$request_uri permanent;
}

server {
	listen 443 ssl spdy;
	server_name git.example.com;
	server_tokens off;
	root /dev/null;

	ssl on;

	## Increase this if you want to upload large attachments
	## Or if you want to accept large git objects over http
	client_max_body_size 20m;

	add_header Strict-Transport-Security max-age=63072000;
	# add_header X-Frame-Options DENY;
	add_header X-Content-Type-Options nosniff;

	## Individual nginx logs for this vhost
	access_log  /var/log/nginx/gitlab_access.log;
	error_log   /var/log/nginx/gitlab_error.log;

	## proxy pass the request to upsteam.
	location / {
		## If you use https make sure you disable gzip compression
		## to be safe against BREACH attack.
		gzip off;

		## https://github.com/gitlabhq/gitlabhq/issues/694
		## Some requests take more than 30 seconds.
		proxy_read_timeout      300;
		proxy_connect_timeout   300;
		proxy_redirect          off;

		proxy_set_header    Host                $http_host;
		proxy_set_header    X-Real-IP           $remote_addr;
		proxy_set_header    X-Forwarded-Ssl     on;
		proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
		proxy_set_header    X-Forwarded-Proto   $scheme;
		proxy_set_header    X-Frame-Options     SAMEORIGIN;

		proxy_pass http://gitlab;
	}
}