How to properly configure proxy settings in Bamboo Edited

I'm trying to setup the proxy settings in bamboo so that i can add a linked repository via Bitbucket Cloud.

(Side note: my bamboo installation is running as a docker image)

I have been trying to set the proxy settings in the JVM_SUPPORT_RECOMMENDED_ARGS variable in the bin/setenv.sh file:
e.g.
-Dhttps.proxyHost=
-Dhttps.proxyPort=
-Dhttps.proxyUser=
-Dhttps.proxyPassword=
-Dhttps.nonProxyHosts=

When Bamboo starts up i can look at the "Environment Variables", i can see the JAVA_OPTS variable populated with the relevant proxy values.

Yet, as soon as i try to add a linked repository it fails with some sort of proxy error.
Trying various configurations i either get one of these errors:

1.) "Failed to load data from Bitbucket. com.atlassian.bamboo.plugins.bitbucket.api.BitbucketApiException: HTTP 407"

"The following error was encountered while trying to retrieve the URL: https://api.bitbucket.org/*

Cache Access Denied.

Sorry, you are not currently allowed to request https://api.bitbucket.org/* from this cache until you have authenticated yourself."

2.) "Failed to load data from Bitbucket. [502 Proxy Error]" on the frontend accompanied by the following in the logs:

[DefaultHttpClient] I/O exception (java.net.SocketException) caught when connecting to {s}->https://api.bitbucket.org:443: Network is unreachable (connect failed)

I have also configured the proxy on the environment itself and am able to connect to the Bitbucket Cloud repository using curl and make a successful call, but i can't seem to get the poxy settings to work in the JVM for Bamboo.

Any insight would be appreciated.

2 answers

0 votes

Hi Dewald,

In order to get more information please post the contents of the server.xml so we can take a look into this further.

Cheers,

Branden

<?xml version="1.0" encoding="utf-8"?>
<!--
====================================================================================

Atlassian Bamboo Server Edition Tomcat Configuration.


See the following for more information

https://confluence.atlassian.com/display/BAMBOO/Installing+and+upgrading+Bamboo

====================================================================================
-->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<Server port="8007" shutdown="SHUTDOWN">
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>
<!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -->
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<Connector protocol="HTTP/1.1" port="8085" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" disableUploadTimeout="true" acceptCount="100" enableLookups="false" maxHttpHeaderSize="8192" useBodyEncodingForURI="true" URIEncoding="UTF-8" redirectPort="8443"/>
<!--
====================================================================================
To run Bamboo via HTTPS:
* Uncomment the Connector below
* Execute:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
with a password value of "changeit" for both the certificate and the keystore itself.
* Restart and visit https://localhost:8443/

For more info, see :
https://confluence.atlassian.com/display/BAMBOO/Securing+Bamboo+with+Tomcat+using+SSL
and
http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html
====================================================================================
-->
<!--
<Connector
port="8443"

maxThreads="150" minSpareThreads="25"
connectionTimeout="20000"
disableUploadTimeout="true"
acceptCount="100"

enableLookups="false"
maxHttpHeaderSize="8192"

useBodyEncodingForURI="true"
URIEncoding="UTF-8"

scheme="https" secure="true" SSLEnabled="true" sslProtocol="TLS"
clientAuth="false"
/>
-->
<!--
====================================================================================

If you have Apache AJP Connector (mod_ajp) as a proxy in front of Bamboo you should uncomment the following connector configuration line

See the following for more information :

https://confluence.atlassian.com/display/BAMBOO/Securing+Bamboo+with+Apache+using+SSL

====================================================================================
-->
<!--
<Connector port="8009" redirectPort="8443" enableLookups="false" protocol="AJP/1.3" URIEncoding="UTF-8"/>
-->
<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Context path="" docBase="${catalina.home}/atlassian-bamboo" reloadable="false" useHttpOnly="true">
<!--<Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"-->
<!--factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>-->
<Manager pathname=""/>
</Context>
</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve" resolveHosts="false" pattern="%a %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot;"/>
<!-- StuckThreadDetectionValve added below to print stack traces if a thread has been stuck for 60 seconds -->
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
</Engine>
</Service>
</Server>

Hallo Branden

Can you confirm if http.proxyUser and http.proxyPassword are supported as JVM arguments in Bamboo?

We found this old ticket:
https://jira.atlassian.com/browse/BAM-14775

It's still OPEN so I'm assuming it has not. Can you confirm?

Regards,
Dewald

Hi Dewald,

Let me clarify a couple things:

1.  It's not necessary to set up a forward proxy to be able to connect to Bitbucket Cloud unless you really need to
2.  It looks like you have a reverse proxy sitting in front of Bamboo

If Bamboo is sitting behind a FORWARD proxy to communicate to the Internet, you should be able to add those parameters to the JVM arguments.  This is also mentioned in

How to Configure an Outbound HTTP and HTTPS Proxy for JIRA applications.

If you have a REVERSE proxy sitting in front of Bamboo, you must configure the Tomcat Connector as described in Integrating Bamboo with Apache HTTP server and adjust the server.xml file and add the following parameters to the Connector on port 8085:

scheme="http"
proxyName="mycompany.com"
proxyPort="80"


Cheers,

Branden

Our company uses Squid, a caching and forwarding web proxy, so in our case it is necessary to configure our application servers with proxy details in order to access anything external on the web (unless we go through the laborious process of requesting firewall access)

While we've been able to configure the proxy settings on a system level and are able to connect to Bitbucket Cloud via curl/wget on the command line, Bamboo does not seem to use these system settings.

We then resorted to adding those parameters (proxy host/port/user/password) to the JVM. I did actually refer to that link you provided, but note that it's specifically a JIRA article. I made the assumption that the same would apply for Bamboo, but it does not seem to be the case. 

So because our proxy responds with "Sorry, you are not currently allowed to request https://api.bitbucket.org/* from this cache until you have authenticated yourself." we came to the conclusion that the proxy might not be receiving the username/password from Bamboo.

And this was further supported by the open/unresolved bug we found (BAM-14775) where it says that the arguments "http.proxyUser" and "http.proxyPassword" are not currently supported.

I had better luck setting the http.proxy* settings in the BAMBOO_INSTALL_DIR/conf/catalina.properties, and of course only clone with HTTPS, since most web proxies like squid only do http/https by default on not ssh.
As a last resort I had also used a build (agent with http_proxy environment variables set to the clone from Bitbucket cloud and then push to a locate git repo in my on premise (behind firewall) instance of Bitbucket server, the a second build in bamboo that would get triggered from that commit.
So it works, not exactly the most direct route but we had similar issues with getting in and out of our proxy.

 

Personally I am not a fan of the use of a -D option when it involves a password, but it will show up in a ‘ps -ef’ so I always used the catalina.properties.

Suggest an answer

Log in or Join to answer

Stay in touch

Be the first to know what's trending on Atlassian Community