Gitlab always return 403 with nginx on fedora

I install gitlab from source and do all action in the document on fedora. There is no error during installing and some warning with yarn, but I think it isn’t a matter.

After I install gitlab and start nginx, it return a 403 code when I go to the url.

If I run sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production, it will return some error here.

Running /home/git/gitlab-shell/bin/check
Check GitLab API access: FAILED. code: 403
gitlab-shell self-check failed
  Try fixing it:
  Make sure GitLab is running;
  Check the gitlab-shell configuration file:
  sudo -u git -H editor /home/git/gitlab-shell/config.yml
  Please fix the error above and rerun the checks.

My gitshell config is here.

---
user: git
gitlab_url: https://git.vonfry.name/
http_settings:
  self_signed_cert: false
  ca_path: "/etc/letsencrypt/live/vonfry.name"
auth_file: "/home/git/.ssh/authorized_keys"
redis:
  bin: "/bin/redis-cli"
  namespace: resque:gitlab
  host: localhost
  port: 6379
log_level: INFO
audit_usernames: false

Here is the log in /var/log/nginx/gitlab_error.log

2017/03/01 01:51:12 [crit] 3662#0: *1 connect() to unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket failed (13: Permission denied) while connecting to upstream, client: ::1, server: git.vonfry.name, request: "GET /api/v3/internal/check HTTP/1.1", upstream: "http://unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket:/api/v3/internal/check", host: "git.vonfry.name"
2017/03/01 01:51:12 [error] 3662#0: *1 open() "/home/git/gitlab/public/502.html" failed (13: Permission denied), client: ::1, server: git.vonfry.name, request: "GET /api/v3/internal/check HTTP/1.1", upstream: "http://unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket/api/v3/internal/check", host: "git.vonfry.name"

But I have run every action in installing document about permission in the dir.

And if I try using curl with http://localhost:8080, it can be return a 302 code to the right url. But if I try it with https, it return curl error: curl: (35) SSL received a record that exceeded the maximum permissible length.
There is another sites on my server with https. It can work correctly. see url Both of them has the same ssl setting in nginx.

I have no idea to deal with it. It seems an error with nginx setting, but I use the gitlab-ssl in /home/git/gitlab/lib/support/nginx/gitlab-ssl and only change the setting about ssl and server_name. If I don’t use ssl and only use with http, It has the same error.

I have find the reason.

For ubuntu or debine, a default user dir is 755. But it is 700 in fedora. I must set it into 755.