Problems with Bitbucket over HTTPS on default avatar Edited

Hi,

we are using Bitbucket server over HTTPS behind reverse proxy (Netscaler). The site/page is not secure if there is default avatar on page because the request is over http and not https.

Our base url is https:\\bitbucket.[companyname].de

Everything works fine and is secure except requesting default avatar:

Request is:

http://bitbucket.[companyname].de/s/617802216/6613e62/1/1.0/_/download/resources/com.atlassian.bitbucket.server.bitbucket-web:avatar/avatar/default-avatar-48.png

so that page results in not-secure page!

Other avatars will be directly requested as https:

https://bitbucket.[companyname].de/users/[USER]/avatar.png?s=256&v=1486739466730

What is the correct configuration to get requests over https to get secure pages?

We are using v4.14.3 of Bitbucket

Kind regards,
André

1 answer

1 accepted

I have had similar problem with jira in past. Configured reverse proxy with ssl but the pictures have been delivered over http.

I forgot to set the "scheme" in server.xml connector to https.

 proxyName="yourProxy"
proxyPort="443" secure="true" scheme="https"

Thanks for your answer, Stefan, but it doesn't work. The effects are same (default avatar images will be requested over http not https).

My server.xml contains following configuration:

<Service name="Catalina">
<Connector port="7990" 
  SSLEnabled="false" 
  scheme="https" 
  secure="true" 
  proxyPort="443" 
  proxyHost="bitbucket.[companyname].de" 

  connectionTimeout="20000" 
  redirectPort="8443"                
  maxThreads="48" 
  minSpareThreads="10"                
  enableLookups="false" 
  acceptCount="10" 
  debug="0" 
  URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
                    />

I renamed .default-server.xml to server.xml in \conf-folder.

Any idea?

Jeff Thomas Atlassian Team Jul 04, 2017

For Bitbucket Server, the server.xml is read from $BITBUCKET_HOME/shared/server.xml first, not from the installation directory. If you make the same changes to the shared directory and restart Bitbucket Server, the avatar should be loaded over HTTPS.

More details available at https://confluence.atlassian.com/bitbucketserver0414/securing-bitbucket-server-behind-haproxy-using-ssl-895368117.html#SecuringBitbucketServerbehindHAProxyusingSSL-step3Step3:ConfiguretheTomcatConnector

Thank you, Jeff! That was just the right note, now it works!

Suggest an answer

Log in or Join to answer
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

706 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot