When setting the broker URL protocol to ssl, and when requiring client certificates from the build agents, how do I set the SSL context for the broker communication to restrict the trusted certificates or CAs? The activemq library used has an SSLContext where the trustStore can be set only for the broker (not for the whole VM), so this should be possible to do. Overriding the VM javax.net.ssl.trustStore is not feasible, since all other https-traffic going out from the Bamboo server will fail due to missing certificate trust.
I ended up proxying all broker traffic by setting the "Broker client URL" to the proxy server and using ssl-scheme. With the HAproxy I then check the Bamboo agent client certificate before relaying the traffic to the internal Bamboo server. Note that you will have to edit the wrapper.conf after installing the bamboo-agent installer with the 'install' command in order to add wrapper.java.additional.3=-Djavax.net.ssl.keyStore=/path/to/your/keystore.jks wrapper.java.additional.4=-Djavax.net.ssl.keyStorePassword=changeit wrapper.java.additional.5=-Djavax.net.ssl.trustStore=/path/to/your/truststore.jks wrapper.java.additional.6=-Djavax.net.ssl.trustStorePassword=changeit
Bamboo 5.9 will no longer be supported after June 12, 2017. What does this mean? As part of our End of Life policy, Atlassian supports major versions for two years after the first major iteratio...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot