Enable GZIP by default

- Keep gitaly service running during package upgrades 034992fbc

- Geo: Error when primary promotion fails

- Add option to disable healthcheck for storagedriver in registry

- Enable gzip by default

- Restart runsv when log directory is changed 0a784647b

- Bump rsync to 3.1.3 f539aa946

- Patch bzip2 against CVE-2016-3189 552730bfa

* https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/

## Disabling GZIP compression

By default, GitLab enables GZIP compression for text data over 10240 bytes. To

disable this behavior:

```ruby

nginx['gzip_enabled'] = false

```

## Using custom SSL ciphers

By default GitLab is using SSL ciphers that are combination of testing on gitlab.com and various best practices contributed by the GitLab community.

# nginx['hsts_max_age'] = 31536000

# nginx['hsts_include_subdomains'] = false

##! **Docs: http://nginx.org/en/docs/http/ngx_http_gzip_module.html**

# nginx['gzip_enabled'] = true

##! **Override only if you use a reverse proxy**

##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port

# nginx['listen_port'] = nil

# HSTS

default['gitlab']['nginx']['hsts_max_age'] = 31536000

default['gitlab']['nginx']['hsts_include_subdomains'] = false

# Compression

default['gitlab']['nginx']['gzip_enabled'] = true

###

# Nginx status

    set $http_host_with_default $http_host;

  }

  ## If you use HTTPS make sure you disable gzip compression

  ## to be safe against BREACH attack.

  <%= 'gzip off;' if @https %>

<% if @gzip_enabled %>

  gzip on;

  gzip_static on;

  gzip_comp_level 2;

  gzip_http_version 1.1;

  gzip_vary on;

  gzip_disable "msie6";

  gzip_min_length 10240;

  gzip_proxied no-cache no-store private expired auth;

  gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/json application/xml application/rss+xml;

<% end %>

  ## https://github.com/gitlabhq/gitlabhq/issues/694

  ## Some requests take more than 30 seconds.