docker-gitlab: Error: "transfer closed with xxx bytes remaining to read" when cloning over HTTPS

I’m running docker-gitlab with a pretty standard setup (see below) behind a SSL-terminating nginx (on the docker host). Normally everything is running perfectly, cloning over ssh works like a charm. But sometimes cloning over https fails with an error message:

~/Desktop → git clone https://example.com/foobar/foo.git
Cloning into 'foo'...
fatal: unable to access 'https://example.com/foobar/foo.git/': transfer closed with 2737 bytes remaining to read

I’ve looked into the logs. My SSL-terminator (nginx) says upstream prematurely closed connection while reading upstream, so I guess it’s not at fault. Next I looked into the nginx log at /var/log/gitlab/nginx/gitlab_error.log, and found this:

2014/12/15 16:26:02 [alert] 282#0: *1246 readv() failed (13: Permission denied) while reading upstream

I can’t figure out the reason. Obviously the socket has the correct permissions, otherwise it wouldn’t work at all. I also found that improper permissions on the proxy_temp folder can cause this, but the permissions on /var/lib/nginx/proxy/ look fine.

I’d be very happy to help debug this further, but I don’t know where to start. Any ideas?

docker-gitlab variables are:

  GITLAB_HOST: ...
  GITLAB_PORT: 443
  GITLAB_EMAIL: ...
  GITLAB_HTTPS: true
  GITLAB_HTTPS_HSTS: true
  GITLAB_HTTPS_HSTS_MAXAGE: 2592000
  JIRA_URL: ...
  SMTP_USER: ...
  SMTP_PASS: ...