I'll show you how-to deploy Gogs, a Git server with a webUI, wrote in Go. We'll use Docker-compose for launch Gogs and Nginx secured with HTTPS using Let's Encrypt.

Gogs (Go Git Service) is a painless self-hosted Git service.

For starting, we need to create some folders to receive our Gogs stack :

mkdir /srv/Gogs
mkdir -p /srv/Gogs/etc/nginx
mkdir -p /srv/Gogs/etc/certs

For sure, we need Docker in our server, I use Debian Jessie in my case :

apt-get install -y apt-transport-https ca-certificates python-pip
apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
echo "deb https://apt.dockerproject.org/repo debian-jessie main" > /etc/apt/sources.list.d/docker.list
apt-get update ; apt-get -y install docker-engine
pip install docker-compose

Next, we'll generate our TLS certificates using a Let's Encrypt container who launches a temporary web-server.
For this, reply to the answers asked by the container (e-mail and domain) :

docker run -it --rm -p 443:443 -p 80:80 --name letsencrypt \
            -v "/etc/letsencrypt:/etc/letsencrypt" \
            -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
            quay.io/letsencrypt/letsencrypt:latest auth

Now, we have our certs in /etc/letsencrypt, we can create the main Nginx configuration file named nginx.conf:

worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    gzip on;
    gzip_disable "msie6";  
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 32k;
    gzip_min_length  1100;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
   
    server {
      listen         80;
      server_name    git.domain.com; #Remplacer par votre nom de serveur
      return         301 https://$server_name$request_uri;
    }
    server {
      listen 443 ssl http2;
      ssl_certificate /etc/letsencrypt/live/git.domain.com/fullchain.pem; #Remplacer par votre chemin
      ssl_certificate_key /etc/letsencrypt/live/git.domain.com/privkey.pem; #Remplacer par votre chemin
      ssl_session_timeout 1d;
      ssl_session_cache shared:SSL:50m;
      ssl_session_tickets off;
      ssl_protocols TLSv1.1 TLSv1.2;
      ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
      ssl_prefer_server_ciphers on;
      ssl_dhparam /etc/nginx/certs/dhparam.pem;
      add_header Strict-Transport-Security max-age=15768000;
      ssl_stapling on;
      ssl_stapling_verify on;
      ssl_trusted_certificate /etc/letsencrypt/live/git.domain.com/chain.pem; 
      resolver 8.8.8.8 8.8.4.4 valid=86400;
    location / {
        proxy_read_timeout      300;
        proxy_connect_timeout   300;
        proxy_redirect          off;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_set_header        Host              $http_host;
        proxy_set_header        X-Real-IP         $remote_addr;
        proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header        X-Frame-Options   SAMEORIGIN;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_pass              http://gogs_engine:3000;
        }
	}
} 

Don't forget to replace all occurrences of git.domain.com with your domain name, do it quickly with vim :
%s/git.domain.com/your.domain.com/g

Now, we can create docker-compose.yml to describe our stack :

gogs_web:
  image: nginx
  restart: always
  ports:
    - 443:443
    - 80:80
  volumes:
     - .nginx.conf:/etc/nginx/nginx.conf:ro
     - ./var/log/nginx:/var/log/nginx
     - /etc/letsencrypt:/etc/letsencrypt
     - ./certs/dhparam.pem:/etc/nginx/certs/dhparam.pem
  links:
    - gogs_engine
gogs_engine:
  image: gogs/gogs:latest
  restart: always
  ports:
    - '2222:22'
  expose: 
    - '3000'
  volumes:
    - ./var/gogs:/data

For some details, this file launch at first a Nginx container who binds ports 80 and 443 with some volumes for config, certs, logs and it's linked to a second container of Gogs who listens on port 2222 for SSH connexions. Nginx and Gogs are speaking on the port 3000 linked in this file. Gogs also have a volume for stock data of our Git server.

Before launch our stack, we need to create a DHParam file using OpenSSL :

cd /srv/Gogs/etc/certs
openssl dhparam -out dhparam.pem 2048

Finally, we can launch our Containers stack :

docker-compose up -d 

Few seconds later, you can reach your server to configure your fresh Gogs server.
You need to set up a database, you can easily use SQLite but if you want to use MySQL, you can add some lines on your docker-compose.yml file to add a MariaDB instance and link it to your Gogs container.

Your Git server is ready to receive your dev team !