Use X-File header for fast artifacts upload - requires gitlab-workhorse extension

Users are allowed to supply namespace%2Fproject instead of a numeric ID

This change relies on changes in gitlab_git and gitlab-git-http-server.

Before this change NGINX would convert a chunked HTTP POST (e.g.
git push) into a HTTP 1.0 single large POST. This creates an
unnecessary delay, and it creates unnecessary memory pressure on
gitlab-git-http-server.

For the response ('proxy_buffering') I am less sure that NGINX 's
buffering behavior is harmful, but it still makes more sense to me
not to interfere with gitlab-git-http-server (and the Golang net/http
server).

https://gitlab.com/gitlab-org/gitlab-git-http-server

This change introduces the GITLAB_GRACK_AUTH_ONLY environment
variable. When set, Grack requests to GitLab will only respond with
the user's GL_ID (if the request is OK) or an error. This allows
gitlab-git-http-server to use the main GitLab application as an
authentication and authorization backend.

If we like how this works we should drop the GITLAB_GRACK_AUTH_ONLY
variable at some point in the future.

Revert "Merge branch 'go-get-workaround-nginx' of https://github.com/mattes/gitlabhq into mattes-go-get-workaround-nginx"

This reverts commit 51349ca3, reversing
changes made to b180476b.

We want to make users aware that the nginx default config will conflict
with the gitlab default_server conf file.

This will ensure nginx starts up without the following errors messages:
nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
nginx: [emerg] still could not bind()

Googling for them leads you to this site:
https://chrisjean.com/2014/02/10/fix-nginx-emerg-bind-to-80-failed-98-address-already-in-use/

minor updates @ formatting changes to match other versions of file.
Unify formatting of
https://github.com/gitlabhq/gitlabhq/blob/master/lib/support/nginx/gitlab,
https://github.com/gitlabhq/gitlabhq/blob/master/lib/support/nginx/gitlab-ssl,
&
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb

The current configuration sample files only enable IPv4 by default, making the
server inaccesible for many remote hosts (and an increasing amount every day).

Enable IPv4 and IPv6 by default. Older servers with no external IPv6
connectivity will not fail since they'll have a local-link IPv6 address to bind
to anyway.

This reverts commit c41e5f50.

Set's fail_timeout=0 as recommended by
http://unicorn.bogomips.org/Unicorn/Configurator.html#method-i-timeout
when Unicorn is running behind nginx.

also adds comment about updating nginx files during upgrades

taken from
https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html /
https://cipherli.st/

backwards compatible ciphers not needed since gitlab does not support
ie8

Add warning about HSTS header as it means user will need to provide secure connection access to site for next 24 months from page view. See https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security for more details.

needed to allow sidekiq to load on background jobs tab

fixes #6203

before:

❯ curl -I http://gitlab/namespace/repo.git/info/refs?service=git-upload-pack
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 26 Jul 2014 18:20:27 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://gitlab/namespace/repo.git/info/refs?service=git-upload-pack?service=git-upload-pack

after:

❯ curl -I http://gitlab/namespace/repo.git/info/refs\?service=git-upload-pack
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 26 Jul 2014 18:23:54 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://gitlab/namespace/repo.git/info/refs?service=git-upload-pack

[ci skip]