Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

ssl configuration for bitbucket 5.7.2

Omprakash Thamsetty
Omprakash Thamsetty
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 16, 2018

Hi,

I recently upgraded Bitbucket to 5.7.2 version from 4.13.0. I see that needs to migrate server.xml file to bitbucket server. I configured it in DEV as per the instructions

https://confluence.atlassian.com/bitbucketserver/migrate-server-xml-customizations-to-bitbucket-properties-897811761.html

its working fine in DEV environment so I did the upgrade of production server and migrated server.xml to bitbucket.property file with reference to above URL and DEV configuration. 

 

Here is the server.xml file content.

<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
useBodyEncodingForURI="true"
redirectPort="443"
compression="on"
compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript" />

 

and 

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:\Apps\certs\Cert2018\xxx.xx.xx.pfx" keystorePass="xxx.xx.xx" keystoreType="PKCS12"/>

 

so my build.property file is look like this

 

server.compression.enabled=true
server.compression.mime-types=
text/css,text/html,text/javascript,text/json,text/plain,text/xml,text/x-javascript,\
application/javascript,application/json,application/x-javascript,application/vnd.git-lfs+json

server.require-ssl=true
server.additional-connector.1.port=80
server.additional-connector.1.redirect-port=443
server.additional-connector.1.address=xx.xxx.xx.xxxx (IP address of the server)
server.additional-connector.1.require-ssl=true
server.additional-connector.1.secure=true
server.additional-connector.1.scheme=https
server.additional-connector.1.ssl.protocol=TLSv1.2
server.additional-connector.1.ssl.enabled=true
server.ssl.key-alias=DNS.xx.xxx.
server.additional-connector.1.ssl.key-store=D:/Apps/certs/Cert2018/xxx.xxx.xxxx.jks
server.additional-connector.1.ssl.key-store-password=changeit
server.additional-connector.1.ssl.key-alias=xxx.xxx.xxxx
server.additional-connector.1.ssl.key-password=changeit
server.additional-connector.1.ssl.client-auth=want
server.additional-connector.1.ssl.key-store-type=jks

 

so look like this configuration is not working.  Can anyone please help me what I am missing here. 

Error:

Secure connection failed. 

Look like server.require-ssl=true value has bug it seems but it is affected version 5.9.0, 5.10.0

My bitbucket version is 5.7.2.

See below URL for bug.

https://jira.atlassian.com/browse/BSERV-10779

My DEV environment using that value without any issue. 

 

Does anyone have any idea where I am having issue.

 

Thanks

 

Answer
Watch
Like Be the first to like this
1347 views

1 answer

1 accepted

0 votes
Answer accepted
Michael Walker
Michael Walker
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 17, 2018

Hi Omprakash,

Based on the server.xml you provided, we would expect the bitbucket.properties config to look a bit different. With your currently proposed config, we see that there is a port 80 listener which will try to push traffic to port 443 but technically port 443 is never opened. As such you will find my suggested config will address both.

# Listens on port 80 and converts traffic to https and pushes to port 443
server.port=80
server.redirect-port=443
server.require-ssl=true
# Listens on port 443 for SSL connections
server.additional-connector.1.port=443
server.additional-connector.1.address=xx.xxx.xx.xxxx
server.additional-connector.1.secure=true
server.additional-connector.1.scheme=https
server.additional-connector.1.protocol=TLS
server.additional-connector.1.ssl.enabled=true
server.additional-connector.1.ssl.key-store=D:/Apps/certs/Cert2018/xxx.xxx.xxxx.jks
server.additional-connector.1.ssl.key-store-password=changeit
server.additional-connector.1.ssl.key-password=changeit
server.additional-connector.1.ssl.key-store-type=jks

You will notice that I left off a few things out, like the mime-tyes and compression which are simply running defaults. Any default configuration is assumed when you simply leave the configuration out. You can review these defaults by checking the Bitbucket server config properties documentation.

Cheers!

View More Comments
Omprakash Thamsetty
Omprakash Thamsetty
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 19, 2018

Working with this values. My ssl certificates were not good. 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.