Alex Konrad Keßler February 2016

BitBucket SSL over port 8443

I'm having an issue setting up a BitBucket server here locally in CentOS. I've done everything exactly as stated in the directions for setting up SSL over port 8443, but when I try to access the application with https://localhost:8443 it seems to just endlessly load. I created my own SSL key with Java's keytool, and used localhost, my WAN IP, and my public IP in 3 separate attempts to get this to work.

Here is the relevant section of my server.xml file:

<Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" useBodyEncodingForURI="true" acceptCount="100" scheme="https" SSLEnabled="true" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/home/bitbucket/Documents/bitbucket.jks" keystorePass="changeit" />

I've read everything on the internet related to this with no success. I have been sure to restart atlbitbucket after each change and I have verified that the application works with HTTP over port 7990. I'm sorry if this question is inappropriate but I've burnt a whole day on this at work and would love to move on! Thanks all for your help.

Answers


Shane March 2016

Ours is working with the following.

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
disableUploadTimeout="true" enableLookups="false" maxThreads="25"
port="7443" keystoreFile="/var/atlassian/application-data/ssl/keystore.jks" 
keystorePass="yourpwhere"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"  />

And make sure to add the redirectPort="7443" to the 7990 connector if it isn't already there.

If you want to force all HTTPS, and redirect if someone comes in on 7990, edit the web.xml (found close to: /opt/atlassian/bitbucket/4.4.1/atlassian-bitbucket/WEB-INF)

<security-constraint>
    <web-resource-collection>
        <web-resource-name>HTTPSOnly</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>            
<security-constraint>
    <web-resource-collection>                 
        <web-resource-name>HTTPSOrHTTP</web-resource-name>
        <url-pattern>*.ico</url-pattern>
        <url-pattern>/img/*</url-pattern>
        <url-pattern>/css/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

Post Status

Asked in February 2016
Viewed 1,102 times
Voted 4
Answered 1 times

Search




Leave an answer