I am setting up bitbucket server (5.16.0) behind an Nginx+ server to act as the termination point for SSL and allow control of the bitbucket server (blue / green) without changing dns records.
Everything is setup according to the documentation
Bitbucket UI is accessible and working correctly. However no git operations are possible with any action over https (push or clone) resulting in an HTTP 503 error.
The unusual thing is there is no record in the bitbucket access log corresponding with the clone operation. There is a single entry in nginx log showing the 503 result.
I can clone using the backend server url, i can also perform curl operations through nginx and get a correct response
Git clone
git clone https://{load_balancer_url}/scm/~user/test-repo.git --progress --verbose
Cloning into 'test-repo'...
fatal: unable to access '{load_balancer_url}/scm/~user/test-repo.git/': The requested URL returned error: 503
Simple Curl
curl -u username:password https://{load_balancer_url}/scm/~user/test-repo.git/info/refs?service=git-upload-pack
Warning: Binary output can mess up your terminal. Use "--output -" to tell
Warning: curl to output it to your terminal anyway, or consider "--output
Warning: <FILE>" to save to a file.
Config
nginx:
Config is split into core & app specific as its also working for Jira, Crucible and Confluence
....
http {
##~~~~~~~~~~~~~~~~~~~~~~~~START LIMITS & OVERFLOWS~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
client_body_buffer_size 4K;
client_header_buffer_size 1k;
client_max_body_size 200M;
large_client_header_buffers 4 16k;
server_names_hash_bucket_size 512;
server_names_hash_max_size 512;
proxy_buffers 16 16k;
proxy_buffer_size 16k;
proxy_max_temp_file_size 0;
##~~~~~~~~~~~~~~~~~~~~~~~~END LIMITS & OVERFLOWS~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
##~~~~~~~~~~~~~~~~~~~~~~~~START TIMEOUTS~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
client_body_timeout 5m;
client_header_timeout 5m;
keepalive_timeout 65;
send_timeout 300s;
proxy_send_timeout 300s;
proxy_connect_timeout 60s;
proxy_read_timeout 480s;
##~~~~~~~~~~~~~~~~~~~~~~~~END TIMEOUTS~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
##~~~~~~~~~~~~~~~~~~~~~~~~START CUSTOM HEADERS~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
##~~~~~~~~~~~~~~~~~~~~~~~~END CUSTOM HEADERS~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
##~~~~~~~~~~~~~~~~~~~~~~~~START INCLUDES~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include /etc/nginx/mime.types;
include /etc/nginx/conf.d/*.conf;
##~~~~~~~~~~~~~~~~~~~~~~~~END INCLUDES~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
}
...........
upstream bitbucketTest {
zone bitbucketTest 64k;
least_time header;
keepalive 20;
server bitbucket_server:7990 slow_start=30s resolve;
}
server {
server_name {load_balancer_url};
listen 443 ssl http2;
status_zone status_page;
ssl_certificate /etc/nginx/ssl/star.crt;
ssl_certificate_key /etc/nginx/ssl/private.rsa;
location / {
proxy_pass http://bitbucketTest;
proxy_redirect off;
}
}
bitbucket:
bitbucket.properties
server.port=7990
server.secure=true
server.scheme=https
server.proxy-port=443
server.proxy-name={load_balancer_url}
Why not use HAproxy to do this and set up SSH load balancing? Your users will appreciate being able to use SSH for Git to connect with. This allows them to use SSH keys for auth and generally makes for a better user experience.
We have Nginx+ instances for all load balancing. Additionally we have firewall issues with SSH connections due to corporate policy.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.