Problems with Bitbucket over HTTPS on default avatar Edited

Hi,

we are using Bitbucket server over HTTPS behind reverse proxy (Netscaler). The site/page is not secure if there is default avatar on page because the request is over http and not https.

Our base url is https:\\bitbucket.[companyname].de

Everything works fine and is secure except requesting default avatar:

Request is:

http://bitbucket.[companyname].de/s/617802216/6613e62/1/1.0/_/download/resources/com.atlassian.bitbucket.server.bitbucket-web:avatar/avatar/default-avatar-48.png

so that page results in not-secure page!

Other avatars will be directly requested as https:

https://bitbucket.[companyname].de/users/[USER]/avatar.png?s=256&v=1486739466730

What is the correct configuration to get requests over https to get secure pages?

We are using v4.14.3 of Bitbucket

Kind regards,
André

1 answer

1 accepted

I have had similar problem with jira in past. Configured reverse proxy with ssl but the pictures have been delivered over http.

I forgot to set the "scheme" in server.xml connector to https.

 proxyName="yourProxy"
proxyPort="443" secure="true" scheme="https"

Thanks for your answer, Stefan, but it doesn't work. The effects are same (default avatar images will be requested over http not https).

My server.xml contains following configuration:

<Service name="Catalina">
<Connector port="7990" 
  SSLEnabled="false" 
  scheme="https" 
  secure="true" 
  proxyPort="443" 
  proxyHost="bitbucket.[companyname].de" 

  connectionTimeout="20000" 
  redirectPort="8443"                
  maxThreads="48" 
  minSpareThreads="10"                
  enableLookups="false" 
  acceptCount="10" 
  debug="0" 
  URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
                    />

I renamed .default-server.xml to server.xml in \conf-folder.

Any idea?

Jeff Thomas Atlassian Team Jul 04, 2017

For Bitbucket Server, the server.xml is read from $BITBUCKET_HOME/shared/server.xml first, not from the installation directory. If you make the same changes to the shared directory and restart Bitbucket Server, the avatar should be loaded over HTTPS.

More details available at https://confluence.atlassian.com/bitbucketserver0414/securing-bitbucket-server-behind-haproxy-using-ssl-895368117.html#SecuringBitbucketServerbehindHAProxyusingSSL-step3Step3:ConfiguretheTomcatConnector

Thank you, Jeff! That was just the right note, now it works!

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Jun 12, 2018 in Bitbucket

Do you use any Atlassian products for your personal projects?

After spinning my wheels trying to get organized enough to write a book for National Novel Writing Month (NaNoWriMo) I took my affinity for Atlassian products from my work life and decided to tr...

22,827 views 26 12
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you