TLDR: If you run into 503 errors when trying to git pull, try pulling less often.
I've noticed an unusual amount of git-related HTTP requests in nginx logs which caused a noticeable increase in overall traffic sent per month (each request is only ~16K but with the rate of 1 per 3-4 seconds per IP it stacks up quite quickly - going by webalizer this specific URL endpoint caused 88% of monthly hits and 36% overall bytes sent in April, however this could be legit git traffic, at least partially):
(ip redacted) - - [09/Apr/2017:08:46:00 +0300] "GET /gitlab/fox/tt-rss.git/info/refs?service=git-upload-pack HTTP/1.1" 200 13638 "-" "git/1.9.1"
Only three IP addresses originate the vast majority of the above traffic, one of those registered to Digital Ocean. Maybe they NAT all outbound traffic for their hosted sites under one address? Maybe some special person out there decided to git pull every second? Who knows, really.
Anyway, for the time being I'm implementing a rate limit if the following two conditions match: request URI contains "service=git-upload-pack" and user agent contains "git".
Results so far: