In Bitbucket 5.4, how to exclude /scm/* path from SSL redirect?

In bitbucket.properties, we have configured all connections to require SSL, but we actually want to exclude /scm/* path requests from this requirement. (We would prefer not to install a reverse proxy in front of tomcat, if we can avoid it.)

Is there any way to do this?

This is to accommodate the hundreds of legacy Git remote URLs we have, that would need to be updated. We don't consider this much of a security risk, since all access is inside the corporate network, and the repos being cloned are sitting, unencrypted, on the network, anyway.

But we do want to enforce HTTPS connections in the web UI, to prevent passwords from being sent in the clear.

Here is the relevant part of our bibtucket.properties file:

server.require-ssl=true
server.additional-connector.1.require-ssl=true
server.additional-connector.1.port=443
server.additional-connector.1.secure=true
server.additional-connector.1.ssl.enabled=true
server.additional-connector.1.ssl.client-auth=want
server.additional-connector.1.ssl.protocol=TLSv1.2
server.additional-connector.1.ssl.key-alias=****
server.additional-connector.1.ssl.key-store=****
server.additional-connector.1.ssl.key-store-password=****
server.additional-connector.1.ssl.key-password=****