Bonjour,
J'ai déployé Atlassian Bitbucket (avec ma licence) derrière le reverse proxy NGINX sécurisé via des certificats SSL Let's Encrypt. Le déploiement se passe bien et je me connecte à bitbucket, je crée mes dépôts sans problème.
Par contre lorsque j'essaie d'accéder à la page du Market place, j'ai une erreur d'accès au MarketPlace avec un message qui me dit :
"Le serveur d'Atlassian Marketplace n'est pas joignable...".
Dans les Logs de bitbucket j'ai une erreur de certificats :
2020-02-29 08:29:28,287 INFO [http-nio-7990-exec-5] @L1PR44x509x120x0 3sqnoe 192.168.1.254,172.16.1.14 "GET /s/d41d8cd98f00b204e9800998ecf8427e-CDN/24616435/5e5d5d4/1/4.0.1/_/download/batch/com.atlassian.upm.atlassian-universal-plugin-manager-plugin:upm-web-resources/com.atlassian.upm.atlassian-universal-plugin-manager-plugin:upm-web-resources.css HTTP/1.0" c.a.s.i.w.filters.StreamGuardFilter The remote client has aborted the connection
2020-02-29 08:29:29,050 WARN [http-nio-7990-exec-6] admin @L1PR44x509x137x3 3sqnoe 192.168.1.254,172.16.1.14 "GET /rest/plugins/1.0/available/featured HTTP/1.0" c.a.upm.pac.AddonMarketplaceQueries Marketplace product query failed: com.atlassian.marketplace.client.MpacException: javax.net.ssl.SSLPeerUnverifiedException: Certificate for <marketplace.atlassian.com> doesn't match any of the subject alternative names: [*.services.atlassian.com, services.atlassian.com]
Je sais pas comment résoudre ce problème.
Capture d'écran:
Le contenu de mes fochiers de configuration Bitbucket et NGINX
bitbucket.properties
# BEGIN ANSIBLE MANAGED BLOCK
server.context-path=/
server.port=7990
server.secure=true
server.scheme=https
server.proxy-port=443
server.proxy-name=vcs.lab.kube-cloud.be
jdbc.password=XXXXXX
jdbc.user=XXXXXX
jdbc.url=jdbc:mysql://kdb.lab.kube-cloud.int:3306/bitbucket?characterEncoding=utf8&useUnicode=true
jdbc.driver=com.mysql.jdbc.Driver
# END ANSIBLE MANAGED BLOCK
Nginx VHost
Virtual Host NGINX
# Virtual Host on Unsecured Connexion
server {
# Listen on unsecured IP V4 http port
listen 80;
# Listen on unsecured IP V6 http port
listen [::]:80;
# External DNS
server_name vcs.lab.kube-cloud.be;
# Force HTTPS Redirection
rewrite ^ https://vcs.lab.kube-cloud.be$request_uri? permanent;
}
# HTTPS for External connexion
server {
# Listen on unsecured IP V4 https port
listen 443 ssl;
# Listen on unsecured IP V6 https port
listen [::]:443 ipv6only=on ssl;
# Router DNS
server_name vcs.lab.kube-cloud.be;
resolver 172.16.1.1 valid=120s;
# SSL
ssl_certificate /etc/letsencrypt/live/lab.kube-cloud.be/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lab.kube-cloud.be/privkey.pem;
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
access_log /var/log/nginx/vcs-access.log;
error_log /var/log/nginx/vcs-error.log;
# Location
location / {
# Initialize the back-end
set $backend "vcs.lab.kube-cloud.int:7990";
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_set_header X-Nginx-Proxy true;
proxy_pass http://$backend;
}
}
Bonjour @Jean-Jacques ETUNE NGI ,
ce problème est probablement dû au proxy sortant utilisé, qui doit modifier la connexion SSL. Atlassian a publié un article qui explique comment résoudre ce problème : https://confluence.atlassian.com/confkb/ssl-handshake-error-when-connecting-to-atlassian-marketplace-978215061.html
Bonne journée,
--Alexis
Bonjour @Alexis Robert et merci pour ta réaction, je regarde le post et je reviens vers toi.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.