You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
Next: Root
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
I am trying to lock down our server to listen on localhost only and can't seem to find any documentation on the most current version of Bitbucket. Below is a printout of my netstat:
# netstat -an |grep -iw listen
tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7980 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8020 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:7990 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7992 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7993 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8095 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:7999 0.0.0.0:* LISTEN
As you can see all the Atlassian ports are listening on 127.0.0.1 except for 7990 and 7999 which are served by Bitbucket. I managed to change Crowd and Jira to localhost by modifying their respective server.xml settings and adding address=127.0.0.1 under the connector tag. However, it seems that Bitbucket is no longer using a server.xml for the listener settings and I am unable to find a thread that is more current.
Hi,
You just need to add the server.address property to itbucket.properties, like so:
server.address=127.0.0.1
Restart Bitbucket Server and it will be listening on that IP address only
Cheers,
Christian
Premier Support Engineer
Atlassian
Thank you for taking the time to answer my question, I realize how strange this must seem, but for security reasons this is a requirement of my organization. For reference I found bitbucket.properties in the following location:
/var/atlassian/application-data/bitbucket/shared/bitbucket.properties
I added your suggestion to the end of the file
#>*******************************************************
#> Migrated to database at jdbc:postgresql://localhost:5432/GIT?targetServerType=master
#> Updated on 2020-09-03T09:53:02.626-05:00
#>*******************************************************
jdbc.driver=org.postgresql.Driver
jdbc.url=jdbc:postgresql://localhost:5432/GIT?targetServerType=master
jdbc.user=git
jdbc.password=devel
server.address=127.0.0.1
restarted the service and now 7990 is listening only on localhost.
# netstat -an |grep -iw listen
tcp 0 0 0.0.0.0:5701 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9418 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7980 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:9200 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:45297 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8020 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7990 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7992 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7993 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8090 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:39453 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:7999 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:45055 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8095 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN
However, 5701 (hazelcast.network.multicast.port), and 7999 (plugin.ssh.port) are still listening on all addresses.
Per suggestion in another thread, I tried adding the following to my bitbucket.properties and has not changed the listening ports of the above.
hazelcast.network.multicast=false
hazelcast.network.multicast.address=127.0.0.1
As for 7999 or Bitbucket SSH access, below are the settings from my BB server settings screen.
We are only running a single instance of Bitbucket Server, Jira Server, Confluence Server, and Crowd Server with no plans of using the clustering features of the Data Center version for now.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This was resolved with Bitbucket release 7.11 following implementation of suggestion BSERV-12764
Bryan Turner added a comment - 26/Feb/2021 1:19 AM
Bitbucket Server/Data Center 7.11.0 will add a new property, plugin.ssh.address, which can be set in bitbucket.properties to control what address (or addresses; a comma-separated list is supported) SSH should listen on. The default behavior of listening on all addresses remains unchanged. To bind only to localhost, add plugin.ssh.address=127.0.0.1 to bitbucket.properties.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.