Nginx( C )-> Workhorse(gitlab自己的中间件 Go) -> Unicorn(新版本为 puma) (Ruby)

location / {  client_max_body_size 0;  gzip off;
  ## https://github.com/gitlabhq/gitlabhq/issues/694  ## Some requests take more than 30 seconds.  proxy_read_timeout      300;  proxy_connect_timeout   300;  proxy_redirect          off;
  proxy_http_version 1.1;
  proxy_set_header    Host                $http_host;  proxy_set_header    X-Real-IP           $remote_addr;  proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;  proxy_set_header    X-Forwarded-Proto   $scheme;  proxy_set_header    Upgrade             $http_upgrade;  proxy_set_header    Connection          $connection_upgrade_gitlab;
  proxy_pass http://gitlab-workhorse;}

/a/b/../../../

/a/b/%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F

scope path: :uploads do  # Note attachments and User/Group/Project/Topic avatars  get "-/system/:model/:mounted_as/:id/:filename",  to: "uploads#show",  constraints: { model: %r{note|user|group|project|projects/topic|achievements/achievement}, mounted_as: /avatar|attachment/, filename: %r{[^/]+} }......

# This should either#   - send the file directly#   - or redirect to its URL#def show  return render_404 unless uploader&.exists?
  ttl, directives = *cache_settings  ttl ||= 0  directives ||= { private: true, must_revalidate: true }
  expires_in ttl, directives
  file_uploader = [uploader, *uploader.versions.values].find do |version|    version.filename == params[:filename]  end
  return render_404 unless file_uploader
  workhorse_set_content_type!  send_upload(file_uploader, attachment: file_uploader.filename, disposition: content_disposition)end

def send_upload(file_upload, send_params: {}, redirect_params: {}, attachment: nil, proxy: false, disposition: 'attachment')  content_type = content_type_for(attachment)
  if attachment    response_disposition = ActionDispatch::Http::ContentDisposition.format(disposition: disposition, filename: attachment)
    # Response-Content-Type will not override an existing Content-Type in    # Google Cloud Storage, so the metadata needs to be cleared on GCS for    # this to work. However, this override works with AWS.    redirect_params[:query] = { "response-content-disposition" => response_disposition,                                "response-content-type" => content_type }    # By default, Rails will send uploads with an extension of .js with a    # content-type of text/javascript, which will trigger Rails'    # cross-origin JavaScript protection.    send_params[:content_type] = 'text/plain' if File.extname(attachment) == '.js'
    send_params.merge!(filename: attachment, disposition: disposition)  end
  if image_scaling_request?(file_upload)    location = file_upload.file_storage? ? file_upload.path : file_upload.url    headers.store(*Gitlab::Workhorse.send_scaled_image(location, params[:width].to_i, content_type))    head :ok  elsif file_upload.file_storage?    send_file file_upload.path, send_params  elsif file_upload.class.proxy_download_enabled? || proxy    headers.store(*Gitlab::Workhorse.send_url(file_upload.url(**redirect_params)))    head :ok  else    redirect_to cdn_fronted_url(file_upload, redirect_params)  endend