/gist:56396e841d3239ee0185c4e9c4d4ab8e

## gistfile1.txt
server {
   access_log /var/log/nginx/gitlab_gitlab.log;
   error_log /var/log/nginx/gitlab_gitlab.error.log;

   listen 80;
   server_name git.domain.de;
   return 301 https://$server_name$request_uri;  # enforce https
}

server {
    listen 443 ssl;
    server_name git.domain.de;
    ssl on;

    ssl_certificate             /etc/ssl/bundle.cer;
    ssl_certificate_key         /etc/ssl/privkey.pem;
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers   on;
    ssl_ciphers                 "EECDH+AESGCM EDH+AESGCM EECDH -RC4 EDH -CAMELLIA -SEED !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";

    # Add HSTS
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

    access_log /var/log/nginx/gitlab_gitlab.log;
    error_log /var/log/nginx/gitlab_gitlab.error.log;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host   $http_host;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_read_timeout      300;
        proxy_set_header        X-Forwarded-Proto https;
        proxy_set_header        Host $http_host;
        add_header              Front-End-Https   on;

        proxy_pass http://127.0.0.1:8280/;
    }
}
	server {
	access_log /var/log/nginx/gitlab_gitlab.log;
	error_log /var/log/nginx/gitlab_gitlab.error.log;

	listen 80;
	server_name git.domain.de;
	return 301 https://$server_name$request_uri; # enforce https
	}

	server {
	listen 443 ssl;
	server_name git.domain.de;
	ssl on;

	ssl_certificate /etc/ssl/bundle.cer;
	ssl_certificate_key /etc/ssl/privkey.pem;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers "EECDH+AESGCM EDH+AESGCM EECDH -RC4 EDH -CAMELLIA -SEED !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";

	# Add HSTS
	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

	access_log /var/log/nginx/gitlab_gitlab.log;
	error_log /var/log/nginx/gitlab_gitlab.error.log;

	location / {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_set_header X-Forwarded-Ssl on;
	proxy_read_timeout 300;
	proxy_set_header X-Forwarded-Proto https;
	proxy_set_header Host $http_host;
	add_header Front-End-Https on;

	proxy_pass http://127.0.0.1:8280/;
	}
	}