Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Bitbucket clone by ssh not working after proxy_protocol enabling in nginx

I trying to getting client real ip in bitbucket access log.

Here it says

For a TCP stream, the PROXY protocol can be enabled for connections between NGINX and an upstream server. To enable the PROXY protocol, include the proxy_protocol directive in a server block at the stream {} level:

stream {
    server {
        listen 12345;
        proxy_protocol on;


Additionally, a TCP server (the stream {} block) sends its own PROXY protocol data to its backend servers (the proxy_protocol on directive)

And here docs abut enabling ssh proxy protocol on Bitbucket side (enabled on my instance)

Bitbucket Data Center 7.20 and newer have PROXY protocol enabled by default.

However, you can always set it explicitly in $bitbucket_home/shared/



My nginx config

stream {
log_format main '[$time_local] $remote_addr - $server_addr:$server_port '
'$status [$bytes_sent/$bytes_received]';

upstream be-bitbucket-ssh {
server max_conns=0;

limit_conn_zone $binary_remote_addr zone=addr:10m;

server {
listen 7922reuseport proxy_protocol;

access_log /var/log/nginx/git/access.ssh.log main;
error_log /var/log/nginx/git/error.ssh.log;

limit_conn addr 8;
limit_conn_log_level error;

proxy_pass be-bitbucket-ssh;
proxy_protocol on;

When proxy_protocol on; in nginx config uncommented, i getting this error

Cloning into 'test'...
Bad packet length 1433301877.
ssh_dispatch_run_fatal: Connection to 22: message authentication code incorrect
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Without that all works fine.

What i should to do? :)

0 answers

Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events