Hi,
we are using Bitbucket server over HTTPS behind reverse proxy (Netscaler). The site/page is not secure if there is default avatar on page because the request is over http and not https.
Our base url is https:\\bitbucket.[companyname].de
Everything works fine and is secure except requesting default avatar:
Request is:
http://bitbucket.[companyname].de/s/617802216/6613e62/1/1.0/_/download/resources/com.atlassian.bitbucket.server.bitbucket-web:avatar/avatar/default-avatar-48.png
so that page results in not-secure page!
Other avatars will be directly requested as https:
https://bitbucket.[companyname].de/users/[USER]/avatar.png?s=256&v=1486739466730
What is the correct configuration to get requests over https to get secure pages?
We are using v4.14.3 of Bitbucket
Kind regards,
André
I have had similar problem with jira in past. Configured reverse proxy with ssl but the pictures have been delivered over http.
I forgot to set the "scheme" in server.xml connector to https.
proxyName="yourProxy"
proxyPort="443" secure="true" scheme="https"
Thanks for your answer, Stefan, but it doesn't work. The effects are same (default avatar images will be requested over http not https).
My server.xml contains following configuration:
<Service name="Catalina"> <Connector port="7990" SSLEnabled="false" scheme="https" secure="true" proxyPort="443" proxyHost="bitbucket.[companyname].de" connectionTimeout="20000" redirectPort="8443" maxThreads="48" minSpareThreads="10" enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11NioProtocol" />
I renamed .default-server.xml to server.xml in \conf-folder.
Any idea?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
For Bitbucket Server, the server.xml is read from $BITBUCKET_HOME/shared/server.xml first, not from the installation directory. If you make the same changes to the shared directory and restart Bitbucket Server, the avatar should be loaded over HTTPS.
More details available at https://confluence.atlassian.com/bitbucketserver0414/securing-bitbucket-server-behind-haproxy-using-ssl-895368117.html#SecuringBitbucketServerbehindHAProxyusingSSL-step3Step3:ConfiguretheTomcatConnector
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.