Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Bitbucket clone by ssh not working after proxy_protocol enabling in nginx

I trying to getting client real ip in bitbucket access log.

Here it says

https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/

For a TCP stream, the PROXY protocol can be enabled for connections between NGINX and an upstream server. To enable the PROXY protocol, include the proxy_protocol directive in a server block at the stream {} level:

stream {
    server {
        listen 12345;
        proxy_pass example.com:12345;
        proxy_protocol on;
    }
}

...

Additionally, a TCP server (the stream {} block) sends its own PROXY protocol data to its backend servers (the proxy_protocol on directive)

And here docs abut enabling ssh proxy protocol on Bitbucket side (enabled on my instance)

https://confluence.atlassian.com/bitbucketserverkb/how-to-enable-client-ip-forwarding-for-ssh-sessions-by-setting-up-proxy-protocol-for-bitbucket-data-center-1131089379.html

Bitbucket Data Center 7.20 and newer have PROXY protocol enabled by default.

However, you can always set it explicitly in $bitbucket_home/shared/bitbucket.properties:

plugin.ssh.haproxy.proxy-enabled=true

 

My nginx config

stream {
log_format main '[$time_local] $remote_addr - $server_addr:$server_port '
'$status [$bytes_sent/$bytes_received]';

upstream be-bitbucket-ssh {
server 127.0.0.1:7999 max_conns=0;
}

limit_conn_zone $binary_remote_addr zone=addr:10m;

server {
listen 7922reuseport proxy_protocol;
set_real_ip_from 0.0.0.0/0;

access_log /var/log/nginx/git/access.ssh.log main;
error_log /var/log/nginx/git/error.ssh.log;

limit_conn addr 8;
limit_conn_log_level error;

proxy_pass be-bitbucket-ssh;
proxy_protocol on;
}
}

When proxy_protocol on; in nginx config uncommented, i getting this error

Cloning into 'test'...
Bad packet length 1433301877.
ssh_dispatch_run_fatal: Connection to 10.228.65.36port 22: message authentication code incorrect
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Without that all works fine.

What i should to do? :)

0 answers

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events