```nginx
upstream gitlab {
  server unix:/var/opt/gitlab/gitlab-workhorse/sockets/socket;
}

server {
	listen *:8443 ssl;
  listen [::]:8443 ipv6only=on ssl;
	server_name igit.heysq.com;
	server_tokens off;
	root /opt/gitlab/embedded/service/gitlab-rails/public;
	client_max_body_size 250m;

	access_log  /var/log/gitlab/gitlab_access.log;
  error_log    /var/log/gitlab/gitlab_error.log;

  ssl_certificate     /etc/gitlab/ssl/cert.pem;
  ssl_certificate_key  /etc/gitlab/ssl/key.pem;
  ssl_session_timeout  5m;
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;

  error_page 497 https://$http_host$request_uri;

  location / {
    # serve static files from defined root folder;.
    # @gitlab is a named location for the upstream fallback, see below
    try_files $uri $uri/index.html $uri.html @gitlab;
  }

  location @gitlab {
    # If you use https make sure you disable gzip compression
    # to be safe against BREACH attack

    proxy_read_timeout 300; # Some requests take more than 30 seconds.
    proxy_connect_timeout 300; # Some requests take more than 30 seconds.
    proxy_redirect     off;

    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   Host              $http_host;
    proxy_set_header   X-Real-IP         $remote_addr;
    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header   X-Frame-Options   SAMEORIGIN;
    proxy_pass http://gitlab;
  }

  location ~ ^/(assets)/  {
    root /opt/gitlab/embedded/service/gitlab-rails/public;
    # gzip_static on; # to serve pre-gzipped version
    expires max;
    add_header Cache-Control public;
  }

  error_page 502 /502.html;
}
```