Merge pull request #7578 from bbodenmiller/patch-8

Unify Nginx files to match as closely as possible

lib/support/nginx/gitlab

-# GITLAB
-# Maintainer: @randx
-
-# CHUNKED TRANSFER
-# It is a known issue that Git-over-HTTP requires chunked transfer encoding [0] which is not
-# supported by Nginx < 1.3.9 [1]. As a result, pushing a large object with Git (i.e. a single large file)
-# can lead to a 411 error. In theory you can get around this by tweaking this configuration file and either
-# - installing an old version of Nginx with the chunkin module [2] compiled in, or
-# - using a newer version of Nginx.
-#
-# At the time of writing we do not know if either of these theoretical solutions works. As a workaround
-# users can use Git over SSH to push large files.
-#
-# [0] https://git.kernel.org/cgit/git/git.git/tree/Documentation/technical/http-protocol.txt#n99
-# [1] https://github.com/agentzh/chunkin-nginx-module#status
-# [2] https://github.com/agentzh/chunkin-nginx-module
+## GitLab
+## Maintainer: @randx
+##
+## Lines starting with two hashes (##) are comments with information.
+## Lines starting with one hash (#) are configuration parameters that can be uncommented.
+##
+##################################
+##        CHUNKED TRANSFER      ##
+##################################
+##
+## It is a known issue that Git-over-HTTP requires chunked transfer encoding [0]
+## which is not supported by Nginx < 1.3.9 [1]. As a result, pushing a large object
+## with Git (i.e. a single large file) can lead to a 411 error. In theory you can get
+## around this by tweaking this configuration file and either:
+## - installing an old version of Nginx with the chunkin module [2] compiled in, or
+## - using a newer version of Nginx.
+##
+## At the time of writing we do not know if either of these theoretical solutions works. 
+## As a workaround users can use Git over SSH to push large files.
+##
+## [0] https://git.kernel.org/cgit/git/git.git/tree/Documentation/technical/http-protocol.txt#n99
+## [1] https://github.com/agentzh/chunkin-nginx-module#status
+## [2] https://github.com/agentzh/chunkin-nginx-module
+##
+###################################
+##         configuration         ##
+###################################
+##
 
 upstream gitlab {
   server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
 }
 
+## Normal HTTP host
 server {
   listen *:80 default_server;
   server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
   server_tokens off; ## Don't show the nginx version number, a security best practice
   root /home/git/gitlab/public;
-  
-  # Increase this if you want to upload large attachments
-  # Or if you want to accept large git objects over http
+
+  ## Increase this if you want to upload large attachments
+  ## Or if you want to accept large git objects over http
   client_max_body_size 20m;
 
-  # individual nginx logs for this gitlab vhost
+  ## Individual nginx logs for this GitLab vhost
   access_log  /var/log/nginx/gitlab_access.log;
   error_log   /var/log/nginx/gitlab_error.log;
 
   location / {
-    # serve static files from defined root folder;.
-    # @gitlab is a named location for the upstream fallback, see below
+    ## Serve static files from defined root folder.
+    ## @gitlab is a named location for the upstream fallback, see below.
     try_files $uri $uri/index.html $uri.html @gitlab;
   }
 
-  # if a file, which is not found in the root folder is requested,
-  # then the proxy pass the request to the upsteam (gitlab unicorn)
+  ## If a file, which is not found in the root folder is requested,
+  ## then the proxy passes the request to the upsteam (gitlab unicorn).
   location @gitlab {
-    # If you use https make sure you disable gzip compression 
-    # to be safe against BREACH attack
+    ## If you use HTTPS make sure you disable gzip compression
+    ## to be safe against BREACH attack.
     # gzip off;
 
-    proxy_read_timeout 300; # Some requests take more than 30 seconds.
-    proxy_connect_timeout 300; # Some requests take more than 30 seconds.
-    proxy_redirect     off;
+    ## https://github.com/gitlabhq/gitlabhq/issues/694
+    ## Some requests take more than 30 seconds.
+    proxy_read_timeout      300;
+    proxy_connect_timeout   300;
+    proxy_redirect          off;
 
-    proxy_set_header   X-Forwarded-Proto $scheme;
-    proxy_set_header   Host              $http_host;
-    proxy_set_header   X-Real-IP         $remote_addr;
-    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
-    proxy_set_header   X-Frame-Options   SAMEORIGIN;
+    proxy_set_header    Host                $http_host;
+    proxy_set_header    X-Real-IP           $remote_addr;
+    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+    proxy_set_header    X-Forwarded-Proto   $scheme;
+    proxy_set_header    X-Frame-Options     SAMEORIGIN;
 
     proxy_pass http://gitlab;
   }
 
-  # Enable gzip compression as per rails guide: http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
-  # WARNING: If you are using relative urls do remove the block below
-  # See config/application.rb under "Relative url support" for the list of
-  # other files that need to be changed for relative url support
-  location ~ ^/(assets)/  {
+  ## Enable gzip compression as per rails guide:
+  ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
+  ## WARNING: If you are using relative urls remove the block below
+  ## See config/application.rb under "Relative url support" for the list of
+  ## other files that need to be changed for relative url support
+  location ~ ^/(assets)/ {
     root /home/git/gitlab/public;
     gzip_static on; # to serve pre-gzipped version
     expires max;

lib/support/nginx/gitlab-ssl

@@ -19,8 +19,8 @@
 ## - installing an old version of Nginx with the chunkin module [2] compiled in, or
 ## - using a newer version of Nginx.
 ##
-## At the time of writing we do not know if either of these theoretical solutions works. As a workaround
-## users can use Git over SSH to push large files.
+## At the time of writing we do not know if either of these theoretical solutions works. 
+## As a workaround users can use Git over SSH to push large files.
 ##
 ## [0] https://git.kernel.org/cgit/git/git.git/tree/Documentation/technical/http-protocol.txt#n99
 ## [1] https://github.com/agentzh/chunkin-nginx-module#status
@@ -48,15 +48,18 @@ upstream gitlab {
   server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
 }
 
-## This is a normal HTTP host which redirects all traffic to the HTTPS host.
+## Normal HTTP host
 server {
   listen *:80 default_server;
   server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
   server_tokens off; ## Don't show the nginx version number, a security best practice
+  
+  ## Redirects all traffic to the HTTPS host
   root /nowhere; ## root doesn't have to be a valid path since we are redirecting
   rewrite ^ https://$server_name$request_uri permanent;
 }
 
+## HTTPS host
 server {
   listen 443 ssl;
   server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
@@ -95,10 +98,9 @@ server {
   }
 
   ## If a file, which is not found in the root folder is requested,
-  ## then the proxy pass the request to the upsteam (gitlab unicorn).
+  ## then the proxy passes the request to the upsteam (gitlab unicorn).
   location @gitlab {
-
-    ## If you use https make sure you disable gzip compression
+    ## If you use HTTPS make sure you disable gzip compression
     ## to be safe against BREACH attack.
     gzip off;
 
@@ -120,7 +122,7 @@ server {
 
   ## Enable gzip compression as per rails guide:
   ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
-  ## WARNING: If you are using relative urls do remove the block below
+  ## WARNING: If you are using relative urls remove the block below
   ## See config/application.rb under "Relative url support" for the list of
   ## other files that need to be changed for relative url support
   location ~ ^/(assets)/ {