Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to change Java Trust Store for Dockerfile

According to the warning on How to change the JVM parameter for a Docker container | Bitbucket Data Center and Server | Atlassian Documentation I can set the cacerts/ Java Trust Store path in my docker file using JVM_SUPPORT_RECOMMENDED_ARGS parameter, as I'm after v4.0 (7.6.0 now)

Can anyone show me how?? I cannot find an example anywhere, not even on the docker readme!

I have my cacerts in my docker home which is mapped as a volume, but obviously need to change startup params to read this location instead of the images own default /opt/.... path to its JVM.

 

I'm sure this is a one-liner, just don't want to mess up my install!
My docker file section for BB is like this:


bitbucket:
image: atlassian/bitbucket-server:7.6.0
container_name: bitbucket
environment:
ELASTICSEARCH_ENABLED: 'true'
JDBC_DRIVER: com.microsoft.sqlserver.jdbc.SQLServerDriver
JDBC_USER: sa
JDBC_PASSWORD: ***************************
JDBC_URL: 'jdbc:sqlserver://mssql:1433;databaseName=BitbucketDB'
volumes:
- '/var/bitbucket/home/:/var/atlassian/application-data/bitbucket/'
ports:
- '7999:7999'
expose:
- '7990'
networks:
- backend

Expecting to add the  JVM_SUPPORT_RECOMMENDED_ARGS bit in there I guess?

 

Really appreciate the help on this, will solve some internal integrations :)

1 answer

1 accepted

0 votes
Answer accepted
Dave Chevell Atlassian Team Jun 28, 2021

Hi @Jonathan Ward ,

If your cacerts file (your trust store) is located inside your $BITBUCKET_HOME folder, then you would tell your containers to use it like so:

environment:
JVM_SUPPORT_RECOMMENDED_ARGS="-Djavax.net.ssl.trustStore=/var/atlassian/application-data/bitbucket/cacerts" 

If you're using multiple nodes in a Data Center configuration, and you intend to use the same trust store for all nodes, you might instead choose to store your cacerts file inside $BITBUCKET_HOME/shared so all nodes can retrieve the same copy from your shared storage.

Hope that helps!

Dave

Thanks, @Dave Chevell 
Slight edit on your snippet needs to be 

 JVM_SUPPORT_RECOMMENDED_ARGS: '-

At least on whatever I'm running, it failed to start when I pasted this in as-is!

The good news is this has fixed my issues with integrating our Jenkins server, so thank you so much for this!

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
7.6.0
TAGS
Community showcase
Published in Bitbucket

⭐ Calling all Bitbucket and DevOps experts: Special showcase opportunity ⭐

Hi, Bitbucket community! Are you a DevOps practitioner (or know one in your network)? Do you have DevOps tips, tricks, or learnings you'd like to share with the community? If so, we'd love to hea...

1,483 views 4 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you