Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Advice on nginx public endpoint

Thomas Burke
Thomas Burke September 16, 2020

Hello,  and thanks ,

Looking for advice on creating a public endpoint with bitbucket / nginx as not an expert on latter.

We have  Bitbucket on SSL serving proxy for on-premise. on the same server

We need to perform a migration to cloud  Atlassian Bitbucket, therefore needing a public endpoint.

Our network team tried to create NAT access to the server on  443  like https://111.121.122.113:8388 but we always got a timeout. The reason given, the  Firewall we connect already using  443.  Therefore the suggestion was to use port 80.  which is fine however when they  NAT  port  80  all we get it the "Nginx Welcome" page.

Is there a way we may alter the  Nginx.conf below to get to the bitbucket server from outside NAT  given to us by network team  https://111.121.122.113:8388 ,   without disrupting the current inhouse users from accessing  internally on-prem with http://bitbucket.thomkinsltd.org  ?

 

The nginx.conf  (obfuscated)

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
worker_connections 768;
# multi_accept on;
}

http {

##
# Basic Settings
##

client_max_body_size 0;
proxy_max_temp_file_size 0;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
#######

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

server {
listen 80;
listen 443 ssl;
server_name bitbucket.thomkinsltd.org;
#ssl on;
ssl_certificate /etc/nginx/ssl/bitbucket_thomkinsltd_org.crt;
ssl_certificate_key /etc/nginx/ssl/bitbucket_thomkinsltd_org.key;
ssl_session_timeout 5m;
ssl_protocols ;
ssl_ciphers ;
ssl_prefer_server_ciphers on;

# Optional optimisation - please refer to
# http://nginx.org/en/docs/http/configuring_https_servers.html
# ssl_session_cache shared:SSL:10m;
location / {
proxy_pass http://bitbucket.thomkinsltd.org:7990;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
}
}
}

 

 

Answer
Watch
Like Be the first to like this
361 views

0 answers

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events