When setting the broker URL protocol to ssl, and when requiring client certificates from the build agents, how do I set the SSL context for the broker communication to restrict the trusted certificates or CAs? The activemq library used has an SSLContext where the trustStore can be set only for the broker (not for the whole VM), so this should be possible to do. Overriding the VM javax.net.ssl.trustStore is not feasible, since all other https-traffic going out from the Bamboo server will fail due to missing certificate trust.
I ended up proxying all broker traffic by setting the "Broker client URL" to the proxy server and using ssl-scheme. With the HAproxy I then check the Bamboo agent client certificate before relaying the traffic to the internal Bamboo server. Note that you will have to edit the wrapper.conf after installing the bamboo-agent installer with the 'install' command in order to add wrapper.java.additional.3=-Djavax.net.ssl.keyStore=/path/to/your/keystore.jks wrapper.java.additional.4=-Djavax.net.ssl.keyStorePassword=changeit wrapper.java.additional.5=-Djavax.net.ssl.trustStore=/path/to/your/truststore.jks wrapper.java.additional.6=-Djavax.net.ssl.trustStorePassword=changeit
Thanks for signing up for Jira Ops! I’m Matt Ryall, leader for the Jira Ops product team at Atlassian. Since this is a brand new product, we’ll be delivering improvements quickly and sharing updates...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs