Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to use the DIY backup script maintenance mode with HTTPS Bitbucket ?

kriegalex
kriegalex January 6, 2020

The script is not working anymore at the stage of CURL:

[common.sh:52 -> lock_bitbucket][bitbucket] DEBUG: Running curl -L -s -f -u ******:****** http://localhost:7990/mvc/maintenance/lock[common.sh:52 -> lock_bitbucket][bitbucket] ERROR: Unable to lock Bitbucket for maintenance. POST to 'http://localhost:7990/mvc/maintenance/lock' returned ''Stack trace:[/home/debian/atlassian-servers-tools/bitbucket/atlassian-bitbucket-diy-backup/common.sh:52 -> lock_bitbucket][/home/debian/atlassian-servers-tools/bitbucket/atlassian-bitbucket-diy-backup/bitbucket.diy-backup.sh:0 -> main]

It was working previously. I tried changing the variable in the appropriate file to https://localhost:8443 but it is the same. I suspect the problem is that now my instance is using HTTPS and somehow it broke the maintenance mode lock via CURL.

Can anyone help ? Thanks

Answer
Watch
Like Be the first to like this
1496 views

4 answers

1 accepted

0 votes
Answer accepted
kriegalex
kriegalex January 7, 2020

See last code block for answer.

The problem is linked to HTTPS and curl. I get an error 503 with CURL.

I was able to see the problems with the verbose option of CURL:

* Rebuilt URL to: https://localhost:8443/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=SUB.DOMAIN.COM
* start date: Oct 18 12:09:52 2019 GMT
* expire date: Jan 16 12:09:52 2020 GMT
* subjectAltName does not match localhost
* SSL: no alternative certificate subject name matches target host name 'localhost'
* Curl_http_done: called premature == 1
* stopped the pause stream!
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):

Obviously the certificate will only work for https://sub.domain.com ...

And because of bitbucket.properties:

 server.require-ssl=true

You cannot use http://localhost:7990. And I don't want http connection to go through so I need this setting.

Also, moving this setting to an additional connector doesn't work, like so:

server.port=7991

server.additional-connector.1.port=7990

server.additional-connector.1.require-ssl=true

server.additional-connector.1.redirect-port=8443

server.additional-connector.2.port=8443

...

With this config, HTTP 7990 is not redirected to 8443 HTTPS, as it is in my current config. I was planning then to use 7991 for the backup script in localhost.

ANSWER:

So I simply changed bitbucket.properties to:

BITBUCKET_URL=https://SUB.DOMAIN.COM:8443

 

Reply
0 votes
Pratik
Pratik July 16, 2021

I had the same issue, DIY backup script stopped working after using https,

Error Message:  lock_bitbucket][Bitbucket] ERROR: Unable to lock Bitbucket for maintenance. POST to 'https://BitbucketURL/mvc/maintenance/lock' returned ''

Solution: Try Changing Bitbucket_URL to http://localhost:7990 into  bitbucket.diy-backup.vars.sh

It worked for me. 

Reply
0 votes
kriegalex
kriegalex January 7, 2020

DUPLICATE

Reply
0 votes
Jeff Thomas
Jeff Thomas
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 6, 2020

Just to confirm, when you say that you changed the URL to https://localhost:8443, did you do this in the bitbucket.diy-backup.vars.sh file by updating the BITBUCKET_URL?

What happens if you manually run the curl command (replacing the ******:****** with your username and password)?

curl -L -s -f -u ******:****** http://localhost:7990/mvc/maintenance/lock

Could you provide your $BITBUCKET_HOME/shared/bitbucket.properties (with any sensitive data removed)? Also, if you turn on Debug logging (Bitbucket Server Administration > Logging and profiling) and try again, you should see some entries in the logs ($BITBUCKET_HOME/log) which will help narrow down the problem. Searching for "POST /mvc/maintenance/lock" should lead you to the right entries. What do those logs say?

View More Comments
kriegalex
kriegalex January 7, 2020

MOVED

Like kns_jeinhorn likes this
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events