Observed during fresh install of Bitbucket Server 5.5.x and 5.6.x. Earlier versions up to 5.4.4 are not affected.
Operating system - CentOS 7.4
nginx version: nginx/1.12.2
Bitbucket Server bitbucket.properties
cat /var/atlassian/application-data/bitbucket/shared/bitbucket.properties
server.proxy-port=443
server.proxy-name=bitbucket.domain.com
server.scheme=https
Nginx configuration:
cat /etc/nginx/conf.d/bitbucket.conf
server {
listen 80;
server_name bitbucket.domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name bitbucket.domain.com;
error_log /var/log/nginx/bitbucket_error.log info;
ssl on;
ssl_dhparam /path/to/dhparam;
ssl_certificate /path/to/ssl/cert;
ssl_certificate_key /path/to/ssl/key;
resolver 8.8.8.8;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES256+EECDH:AES256+EDH:AES128+EECDH:!aNULL;
ssl_session_cache shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=63072000; preload";
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header Host $http_host;
proxy_ssl_session_reuse off;
proxy_redirect off;
proxy_pass http://localhost:7990;
client_max_body_size 1024M;
}
}
Hi Alexander! A 400 error is basically a bad http request. Looking at the config details in there, seems like the port forwarding might be wrong. You can revisit your setup according to the details on the page Securing Bitbucket Server behind Nginx using SSL.
Let us know if this fixed the issue!
Best regards,
Ana
The error was caused by excessive proxy_set_header directives in nginx configuration below:
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header Host $http_host;
proxy_ssl_session_reuse off;
proxy_redirect off;
Error is gone after removing extra proxy_set_header Host as per Securing Bitbucket Server behind nginx using SSL
proxy_set_header Host $host;
proxy_set_header Host $http_host;
So, the final correct configuration is documented at the above Atlassian link
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Alexander,
it will be nice if you provide error logs from nginx and bitbucket app.
Because I have checked on other instances Bitbucket 5.6.1 behind nginx.
And other instances, e.g. I have googled with nginx/1.10.3 (Ubuntu) and bitbucket.
It works.
Could we check it together?
Thanks
Cheers,
Gonchik Tsymzhitov
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.