Hi @ArjunKumar Selvamani ,
It's unlikely that you'll hang Bitbucket Server by implementing SSL at Tomcat. There are some performance considerations - namely it will take more CPU cycles to serve requests over HTTPS from Tomcat directly, which is why most customers choose to use a reverse proxy to terminate HTTPS. Apache/nginx/F5/etc are a bit more efficient about serving HTTPS than Tomcat is.
However, if your security team is concerned about end-to-end encryption, I would suggest that ensuring you are compliant with your organization's security policies takes priority. The small amount of overhead that serving HTTPS directly from Tomcat incurs is not a show-stopper for the application. Depending on your environment, you will likely see added milliseconds on your page render times, but it should not be significant enough to prevent people from doing their work.
Information about performance related to HTTPS (and SSH) is available in Scaling Bitbucket Server. You might be interested in looking at Securing Bitbucket Server with Tomcat using SSL for information about encrypting the traffic between Bitbucket and your reverse proxy.
I would not be concerned about the extra CPU cycles if your security team is telling you that traffic needs to be encrypted between Bitbucket and an existing reverse proxy (where I would assume external traffic is already encrypted).
Cheers,
Daniel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.