Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Incorrect HTTP(S) clone URL

John Alexander 1
John Alexander Bye July 20, 2012

Hello.

I've installed Atlassian Stash and set up Nginx in front with SSL. Stash runs great behind this proxy, but one problem I am having is that the clone URL is still using HTTP, and HTTP is stated in the dropdown.

I have changed the base URL of Stash so that it is using HTTPS but it has had no effect on the clone URL. I am rewriting all HTTP requests to HTTPS via Nginx, but it is confusing our users that the dropdown still says HTTP.

Is there anything I can do about this other than to configure Stash itself to run on HTTPS?

Here's the nginx config:

upstream stash {
        server stash-srv:7990;
}

server {
        listen 80;
        server_name stash.example.com;

        location / {
                rewrite ^ https://stash.example.com$request_uri? permanent;
        }
}

server {
        listen 443;
        server_name stash.example.com;

        ssl on;
        ssl_certificate xxx;
        ssl_certificate_key xxx;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;

        location / {
                proxy_pass http://stash;
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-for $remote_addr;
                proxy_set_header X-Forwarded-Proto https;
                proxy_next_upstream error;
                proxy_redirect http://stash.example.com/ https://stash.example.com/;
        }
}

Answer
Watch
Like Be the first to like this
1220 views

4 answers

1 accepted

1 vote
Answer accepted
John Alexander 1
John Alexander Bye July 21, 2012

I managed to fix this issue by replicating what I had to do to solve gadget issues with SSL proxying in JIRA.

Add the following to the Connector in conf/server.xml:

scheme="https"
proxyName="your.domain.com"
proxyPort="443"

The dropdown still says HTTP, but the URL has https in it now so I guess that's intended.

Reply
0 votes
Alexey_Efimov
Alexey_Efimov
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 18, 2013 
Here is config from working nginx with no problems on HTTPS:
server {
listen 80;

    location / {
        return 302 https://$hostname$request_uri;
    }
}

server {
    listen 443 ssl;

    ssl on;
    ssl_certificate /etc/nginx/ssl/stash.crt;
    ssl_certificate_key /etc/nginx/ssl/stash.key;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 SSLv3;
    ssl_ciphers !aNULL:!LOW:!MD5:!EXP:RC4:CAMELLIA:AES128:3DES:SEED:AES256;

    client_header_timeout  10m;
    client_body_timeout    10m;
    client_max_body_size   1g;
    send_timeout           10m;

    location / {
        proxy_pass http://127.0.0.1:7990;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_read_timeout  900;
    }
}

If you not specified timeouts, then you can get errors on long pushes. Also, nginx must always redirect to HTTPS, not forward it into Tomcat, cos it always will show user login page.

For tomcat you should use port forwarding in server.xml:

redirectPort="443"
            secure="true"
            scheme="https"
            proxyPort="443" />

Reply
0 votes
Christoph Kempe
Christoph Kempen August 17, 2012

I have the same issue but then with apache as the proxy.. So I guess it's an stash thing. I use stash 1.2.0..

Reply
0 votes
rverschoor
rverschoor
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 20, 2012

Does the Wrong git Clone URL when using NGINX Proxy Knowledge Base article help?

View More Comments
John Alexander 1
John Alexander Bye July 20, 2012

I updated my answer with my nginx config. I've included the lines from the article you are linking to and I still have the same problem unfortunately.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events