Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

How to set up Bitbucket server securely on AWS

Devashish Meena
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 16, 2018

Hi,

I'm trying to set up a trial version of Bitbucket Server on AWS behind an ELB with certs. The setup works correctly when accessing Bitbucket using just the instance IP and even when using the DNS mapping over http. There are two problems I'm facing with https configuration though

# ISSUE 1: not able to set up Bitbucket server(v5.12.0) instance to serve on secure port

-  Instance configuration:
  - aws vpc with public subnet.
  - aws `t2.large`(ubuntu 16.04) instance. Security group allows incoming on ports:
    - 22: instance ssh
    - 7990: bitbucket server UI
    - 7999: bitbucket server SSH
- Bibucket server network setup is based on instructions [HERE](https://confluence.atlassian.com/bitbucketserverkb/how-to-setup-aws-elb-to-proxy-requests-for-bitbucket-server-797412135.html)
  - aws `elb`security group that allows incoming on ports:
    - 80
    - 22
    - 443
  - aws `elb` with mapping
    - 443 -> 7990
    - 22 -> 7999
  - the `elb` allows all traffic to-and-from the instance security group
  - certificates have been set up correctly on port 443 and DNS mapping updated
- accessing the instance using `https` doesn't connect to the running instance. The loadbalancer correctly directs the traffic to the instance which is not able to serve the traffic
- if a new mapping is added to elb `80 -> 7990`, it works as expected and I'm able to access the server and login.

- Am I missing any configuration steps here?


# ISSUE 2: not able to use to clone repo from Bitbucket server


- after adding a user and the respective ssh key, tried to clone a repo
- the clone command over http works correctly

git clone http://my.bbs.com/scm/proj/testing.git

but it does not work with ssh url

git clone ssh://git@my.bbs.com/proj/testing.git
Cloning into 'testing'...
ssh: connect to host my.bbs.com port 22: Network is unreachable
fatal: Could not read from remote repository.


- the `SSH Base URL` setting in `Server settings` is set to `ssh://my.bbs.com` and `SSH Port` is set to 7999

- Not sure which settings need to be configured to make this work.

 

Thanks a lot in advance !

1 answer

1 accepted

0 votes
Answer accepted
Devashish Meena
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 17, 2018

I managed to fix this.

Issue 1: used the instructions in https://confluence.atlassian.com/bitbucketserverkb/redirect-http-requests-to-https-779171736.html to update bitbucket.properties file. This set up the ssl correctly and i was able to access BBS using https url

 

Issue 2: this was a networking issue at our end wrt loadbalancer settings. once fixed, we were able to clone the repos using ssh urls.

DOTS Team August 4, 2021

what was the issue 2, How did you manage to fix Issue 2:

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events