When setting the broker URL protocol to ssl, and when requiring client certificates from the build agents, how do I set the SSL context for the broker communication to restrict the trusted certificates or CAs? The activemq library used has an SSLContext where the trustStore can be set only for the broker (not for the whole VM), so this should be possible to do. Overriding the VM javax.net.ssl.trustStore is not feasible, since all other https-traffic going out from the Bamboo server will fail due to missing certificate trust.
I ended up proxying all broker traffic by setting the "Broker client URL" to the proxy server and using ssl-scheme. With the HAproxy I then check the Bamboo agent client certificate before relaying the traffic to the internal Bamboo server. Note that you will have to edit the wrapper.conf after installing the bamboo-agent installer with the 'install' command in order to add wrapper.java.additional.3=-Djavax.net.ssl.keyStore=/path/to/your/keystore.jks wrapper.java.additional.4=-Djavax.net.ssl.keyStorePassword=changeit wrapper.java.additional.5=-Djavax.net.ssl.trustStore=/path/to/your/truststore.jks wrapper.java.additional.6=-Djavax.net.ssl.trustStorePassword=changeit
On 31 May, a GDPR-related change went live in the Bitbucket Cloud API that resulted in users not being able to create or edit Bitbucket Cloud Linked repositories in Bamboo. This API update removed t...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events