From 0f5f17275cbb2e52f5d3c4f99aa3df050f433fed Mon Sep 17 00:00:00 2001
From: Sameer Naik <sameer@damagehead.com>
Date: Mon, 25 Aug 2014 20:47:40 +0530
Subject: [PATCH] added seperate server block for http config in
 gitlab.https.permissive. Fixes #127

---
 Changelog.md                                |  1 +
 assets/config/nginx/gitlab.https.permissive | 53 ++++++++++++++++++++-
 2 files changed, 53 insertions(+), 1 deletion(-)

diff --git a/Changelog.md b/Changelog.md
index 454a3f89..99532655 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,6 +1,7 @@
 # Changelog
 
 **latest**
+- added seperate server block for http config in gitlab.https.permissive. Fixes #127
 - added OAUTH_GOOGLE_RESTRICT_DOMAIN config option.
 
 **7.2.0**
diff --git a/assets/config/nginx/gitlab.https.permissive b/assets/config/nginx/gitlab.https.permissive
index 80922aa5..94619f14 100644
--- a/assets/config/nginx/gitlab.https.permissive
+++ b/assets/config/nginx/gitlab.https.permissive
@@ -60,7 +60,58 @@ upstream gitlab {
 }
 
 server {
-  listen 80;
+  listen *:80 default_server;         # e.g., listen 192.168.1.1:80; In most cases *:80 is a good idea
+  server_name {{YOUR_SERVER_FQDN}};     # e.g., server_name source.example.com;
+  server_tokens off;     # don't show the version number, a security best practice
+  root /dev/null;
+  
+  # Increase this if you want to upload large attachments
+  # Or if you want to accept large git objects over http
+  client_max_body_size {{NGINX_MAX_UPLOAD_SIZE}};
+
+  # individual nginx logs for this gitlab vhost
+  access_log  /var/log/nginx/gitlab_access.log;
+  error_log   /var/log/nginx/gitlab_error.log;
+
+  location {{GITLAB_RELATIVE_URL_ROOT}}/ {
+    root {{GITLAB_INSTALL_DIR}}/public;
+    # serve static files from defined root folder;.
+    # @gitlab is a named location for the upstream fallback, see below
+    try_files $uri $uri/index.html $uri.html @gitlab;
+  }
+
+  # if a file, which is not found in the root folder is requested,
+  # then the proxy pass the request to the upsteam (gitlab unicorn)
+  location @gitlab {
+    # If you use https make sure you disable gzip compression 
+    # to be safe against BREACH attack
+    # gzip off;
+
+    proxy_read_timeout 300; # Some requests take more than 30 seconds.
+    proxy_connect_timeout 300; # Some requests take more than 30 seconds.
+    proxy_redirect     off;
+
+    proxy_set_header   X-Forwarded-Proto $scheme;
+    proxy_set_header   Host              $http_host;
+    proxy_set_header   X-Real-IP         $remote_addr;
+    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header   X-Frame-Options   SAMEORIGIN;
+
+    proxy_pass http://gitlab;
+  }
+
+  # Enable gzip compression as per rails guide: http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
+  location ~ ^{{GITLAB_RELATIVE_URL_ROOT}}/assets/(.*) {
+    alias {{GITLAB_INSTALL_DIR}}/public/assets/$1;
+    gzip_static on; # to serve pre-gzipped version
+    expires max;
+    add_header Cache-Control public;
+  }
+
+  error_page 502 /502.html;
+}
+
+server {
   listen 443 ssl spdy;
   ## Replace git.example.com with your FQDN.
   server_name {{YOUR_SERVER_FQDN}};