upstream gitlab { server 172.17.42.1:50083; } # let gitlab deal with the redirection server { listen 80; server_name git.example.com; server_tokens off; root /dev/null; # Increase this if you want to upload larger attachments client_max_body_size 20m; # individual nginx logs for this vhost access_log /var/log/nginx/gitlab_access.log; error_log /var/log/nginx/gitlab_error.log; location / { proxy_read_timeout 300; proxy_connect_timeout 300; proxy_redirect off; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_pass http://gitlab; } } server { listen 443 ssl spdy; server_name git.example.com; server_tokens off; root /dev/null; ## Increase this if you want to upload larger attachments client_max_body_size 20m; ## SSL ssl on; ## Individual nginx logs for this vhost access_log /var/log/nginx/gitlab_ssl_access.log; error_log /var/log/nginx/gitlab_ssl_error.log; location / { ## If you use https make sure you disable gzip compression ## to be safe against BREACH attack. gzip off; proxy_read_timeout 300; proxy_connect_timeout 300; proxy_redirect off; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_pass http://gitlab; } }