Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Sign up for free Log in
Atlassian Community Hero Image Collage

Locking down bitbucket listener to localhost only

DEBS
DEBS Nov 19, 2020

I am trying to lock down our server to listen on localhost only and can't seem to find any documentation on the most current version of Bitbucket.  Below is a printout of my netstat:

# netstat -an |grep -iw listen
tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7980 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8020 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:7990 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7992 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7993 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8095 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:7999 0.0.0.0:* LISTEN

As you can see all the Atlassian ports are listening on 127.0.0.1 except for 7990 and 7999 which are served by Bitbucket.  I managed to change Crowd and Jira to localhost by modifying their respective server.xml settings and adding address=127.0.0.1 under the connector tag.  However, it seems that Bitbucket is no longer using a server.xml for the listener settings and I am unable to find a thread that is more current.

 

 

Answer
Watch
Like Be the first to like this

1 answer

0 votes
Christian Glockner
Christian Glockner Atlassian Team Nov 23, 2020

Hi,

You just need to add the server.address property to itbucket.properties, like so:

server.address=127.0.0.1

Restart Bitbucket Server and it will be listening on that IP address only

 

Cheers,

Christian

Premier Support Engineer

Atlassian

View More Comments
DEBS
DEBS Nov 24, 2020

Thank you for taking the time to answer my question, I realize how strange this must seem, but for security reasons this is a requirement of my organization.  For reference I found bitbucket.properties in the following location:

/var/atlassian/application-data/bitbucket/shared/bitbucket.properties

 

I added your suggestion to the end of the file

#>*******************************************************
#> Migrated to database at jdbc:postgresql://localhost:5432/GIT?targetServerType=master
#> Updated on 2020-09-03T09:53:02.626-05:00
#>*******************************************************
jdbc.driver=org.postgresql.Driver
jdbc.url=jdbc:postgresql://localhost:5432/GIT?targetServerType=master
jdbc.user=git
jdbc.password=devel
server.address=127.0.0.1

restarted the service and now 7990 is listening only on localhost.

# netstat -an |grep -iw listen
tcp 0 0 0.0.0.0:5701 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9418 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7980 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8020 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7990 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7992 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:35481 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7993 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8090 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:46171 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8091 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:7999 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8095 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:33025 0.0.0.0:* LISTEN

However, 5701 (hazelcast.network.multicast.port), 7999 (plugin.ssh.port), and 8091 (Confluence Synchrony) are still listening on all addresses.

I've tried adding the following to my bitbucket.properties and has not changed the listening ports of the above.

hazelcast.network.multicast=false
hazelcast.network.multicast.address=127.0.0.1

Below are the settings from my BB server settings screen.

image.png

We are only running a single instance of Bitbucket Server, Jira Server, Confluence Server, and Crowd Server with no plans of using the clustering features of the Data Center version for now.   

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
SERVER
VERSION
7.5.0
TAGS
Community showcase
Imran Khan
Imran Khan
Published in Bitbucket

Powering DevOps with Bitbucket Server & Data Center

Hi everyone, The Cloud team recently announced 12 new DevOps features that help developers ship better code, faster   ! While we’re all excited about the new improvements to Bitbucket ...

2,111 views 0 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you