Bitbucket https works only partial Edited

Hello Everyone,

 

i am using git now since one year. i never cared for security as the system was so far entirly independent and not important to be secured.

 

never the less, this has changed, so i was working the last weekend on setting up some security aspects on my server.

 

one thing was to put my bitbucket and other software behind a nginx.

 

i created the certificates with letsencrypt and the other software is running without any issue.

 

my bitbucket address which was per default 

 

http://ip:port/dashboard, i placed behind a proxy with the explenation from here:

https://confluence.atlassian.com/bitbucketserver/securing-bitbucket-server-behind-nginx-using-ssl-776640112.html

i also adjusted the Base-URL on the bitbucket config. 

 

but sadly, it only works partial.

so what works:

- i can join the bitbucket over the domain link which is https://git.<domain>.de

- i can see all repos and check them and say i wanna edit them

- i can pull repos over source tree

- i can approve merge requests

 

what does not work:

- the info about activity has an endless loading

- the info about notifications / warnings has an endless loading

- i can not merge merge requests, the system tells me there was a server error

- i can not request a merge request it gives me an server error

 

Note: the stuff which does not work, only doesnt works if i go over https://git.<domain>.de, if i go directly over the ip, it works without issues. :(

 

Information:

i created a sub domain entry for my nginx to forward the request to bitbucket which looks like this (probably there is also my mistake, but i don't know where :( )

upstream php-handler {
server unix:/run/php/php7.0-fpm.sock;
}

server {
listen 80;
server_name git.<domain>.de;
# enforce https
rewrite ^ https://$server_name$request_uri permanent;
}

server {
listen 443 ssl;
server_name git.<domain>.de;

include /etc/nginx/snippets/letsencrypt.conf;

ssl on;
ssl_certificate /etc/letsencrypt/live/<domain>.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<domain>.de/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/<domain>.de/chain.pem;
resolver 8.8.8.8;

client_max_body_size 0;

# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/letsencrypt/live/<domain>.de/dh2048.pem;

# Optional optimisation - please refer to
# http://nginx.org/en/docs/http/configuring_https_servers.html
# ssl_session_cache shared:SSL:10m;
location / {
proxy_pass http://<ipFromTheDomain>:7990;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_redirect off;
}
}

 

the config on bitbucket looks like this

Base-URL: https://git.<domain>.de
HTTP(S): Enabled
SSH: Enabled
SSH-Port: 7999
SSH-URL: blank

 

 

i hope someone here can help me.

 

Kind regards

Marco

 

1 answer

1 accepted

1 vote
Accepted answer

Problem has been solved, i noticed that i missed to restart the bitbucket itselv to apply the server.xml configuration changes... *facepalm*

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Tuesday in Bitbucket

Upgrade Best Practices

Hello! My name is Mark Askew and I am a Premier Support Engineer for products Bitbucket Server/Data Center, Fisheye & Crucible. Today, I want to bring the discussion that Jennifer, Matt, and ...

166 views 3 6
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you