Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Problems with Bitbucket over HTTPS on default avatar

AMW99992
AMW99992 July 4, 2017

Hi,

we are using Bitbucket server over HTTPS behind reverse proxy (Netscaler). The site/page is not secure if there is default avatar on page because the request is over http and not https.

Our base url is https:\\bitbucket.[companyname].de

Everything works fine and is secure except requesting default avatar:

Request is:

http://bitbucket.[companyname].de/s/617802216/6613e62/1/1.0/_/download/resources/com.atlassian.bitbucket.server.bitbucket-web:avatar/avatar/default-avatar-48.png

so that page results in not-secure page!

Other avatars will be directly requested as https:

https://bitbucket.[companyname].de/users/[USER]/avatar.png?s=256&v=1486739466730

What is the correct configuration to get requests over https to get secure pages?

We are using v4.14.3 of Bitbucket

Kind regards,
André

Answer
Watch
Like Be the first to like this
1219 views

1 answer

1 accepted

2 votes
Answer accepted
Stefan Arnold
Stefan Arnold
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 4, 2017

I have had similar problem with jira in past. Configured reverse proxy with ssl but the pictures have been delivered over http.

I forgot to set the "scheme" in server.xml connector to https.

 proxyName="yourProxy"
                   proxyPort="443"
                   secure="true"
                   scheme="https"
View More Comments
AMW99992
AMW99992 July 4, 2017

Thanks for your answer, Stefan, but it doesn't work. The effects are same (default avatar images will be requested over http not https).

My server.xml contains following configuration:

<Service name="Catalina">
<Connector port="7990" 
  SSLEnabled="false" 
  scheme="https" 
  secure="true" 
  proxyPort="443" 
  proxyHost="bitbucket.[companyname].de" 

  connectionTimeout="20000" 
  redirectPort="8443"                
  maxThreads="48" 
  minSpareThreads="10"                
  enableLookups="false" 
  acceptCount="10" 
  debug="0" 
  URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
                    />

I renamed .default-server.xml to server.xml in \conf-folder.

Any idea?

Like
Jeff Thomas
Jeff Thomas
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 4, 2017

For Bitbucket Server, the server.xml is read from $BITBUCKET_HOME/shared/server.xml first, not from the installation directory. If you make the same changes to the shared directory and restart Bitbucket Server, the avatar should be loaded over HTTPS.

More details available at https://confluence.atlassian.com/bitbucketserver0414/securing-bitbucket-server-behind-haproxy-using-ssl-895368117.html#SecuringBitbucketServerbehindHAProxyusingSSL-step3Step3:ConfiguretheTomcatConnector

Like
AMW99992
AMW99992 July 4, 2017

Thank you, Jeff! That was just the right note, now it works!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events