Observed during fresh install of Bitbucket Server 5.5.x and 5.6.x. Earlier versions up to 5.4.4 are not affected.
Operating system - CentOS 7.4
nginx version: nginx/1.12.2
Bitbucket Server bitbucket.properties
cat /var/atlassian/application-data/bitbucket/shared/bitbucket.properties
server.proxy-port=443
server.proxy-name=bitbucket.domain.com
server.scheme=https
Nginx configuration:
cat /etc/nginx/conf.d/bitbucket.conf
server {
listen 80;
server_name bitbucket.domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name bitbucket.domain.com;
error_log /var/log/nginx/bitbucket_error.log info;
ssl on;
ssl_dhparam /path/to/dhparam;
ssl_certificate /path/to/ssl/cert;
ssl_certificate_key /path/to/ssl/key;
resolver 8.8.8.8;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES256+EECDH:AES256+EDH:AES128+EECDH:!aNULL;
ssl_session_cache shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=63072000; preload";
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header Host $http_host;
proxy_ssl_session_reuse off;
proxy_redirect off;
proxy_pass http://localhost:7990;
client_max_body_size 1024M;
}
}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.