SSL configuration

I would like to ask your help for SSL configuration. 

Our Bitbucket server uses reverse proxy server installed on the same server where Bitbucket is installed.

Problem is when I type 'http' in url instead of 'https', it doesn't re-direct but showing "https://localhost" in the url section with the error saying "this site can't be reached".

When I had the following configuration in VitualHost for port 80 and 443, it re-directed OK.  But the problem that clone process also works with both 'https' and 'http'.  I was expecting that using 'http' shouldn't work on cloning.

 <VirtualHost *:80>
#    ServerAdmin webmaster@dummy-host.example.com
#    DocumentRoot /www/docs/dummy-host.example.com
#    ServerName dummy-host.example.com
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common

ProxyPass / http://localhost:7990/
ProxyPassReverse / http://localhost:7990/

</VirtualHost>

<VirtualHost *.443>

SSLEngine On
SSLCertificateFile /path/to/your/cert.pem
SSLCertificateKeyFile /path/to/your/privkey.pem
SSLCertificateChainFile /path/to/your/chain.pem

ProxyPass        / http://localhost:7990/ connectiontimeout=5 timeout=300
ProxyPassReverse / http://localhost:7990/
</VirtualHost>

From the technote, https://confluence.atlassian.com/kb/securing-your-atlassian-applications-with-apache-using-ssl-838284349.html, it says that I need to use "Redirect Permanent" in VirtualHost port 80 instead of Proxy.  So I followed as it says and face the issue that re-direct doesn't work. 

I would appreciate if you can help me to resolve this issue.

-Chang

 

1 answer

0 vote

You'll need to change:

<VirtualHost *:80>
#    ServerAdmin webmaster@dummy-host.example.com
#    DocumentRoot /www/docs/dummy-host.example.com
#    ServerName dummy-host.example.com
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common

ProxyPass / http://localhost:7990/
ProxyPassReverse / http://localhost:7990/

</VirtualHost>

to be something like:

<VirtualHost *:80>
Redirect 301 / https://your-public-url/

</VirtualHost>

(Change the your-public-url to your public url). I'm guessing that you've already tried this but it didn't work (based on your comment) - can you explain what didn't work about it?

Hi Daniel,

Thanks for your quick response.  I changed VirtualHost for port 80 to the following as technote suggests, but it didn't work

First, I changed to

<VirtualHost *:80>
  ServerName localhost
   Redirect Permanent / https://localhost/
</VirtualHost>

But it didn't work, so I changed localhost with real hostname including domain name like

<VirtualHost *:80>
  ServerName servername.subdomain.domain.com
   Redirect Permanent / https://servername.subdomain.domain.com/
</VirtualHost>

But the result I see was same.  none of them worked as expected.

So I don't know what I did wrong.

-Chang

That should work though. Can you restart Apache and do a curl -v http://public-host and tell us what the output is (feel free to anonymize things)

Hi Daniel,

Following is output.  I changed real hostname and ip.

[parkc@server ~]$ curl -v http://server.sub.domain.com
* About to connect() to server.sub.domain.com port 80 (#0)
*   Trying 100.10.1.70... connected
* Connected to server.sub.domain.com (100.10.1.70) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zl                                                     ib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: server.sub.domain.com
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 07 Nov 2017 23:59:17 GMT
< Server: Apache/2.2.15 (Red Hat)
< Location: https://server.sub.domain.com/
< Content-Length: 332
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://server.sub.domain.com/">here</a>.<                                                     /p>
<hr>
<address>Apache/2.2.15 (Red Hat) Server at server.sub.domain.com Port 80</add                                                     ress>
</body></html>
* Closing connection #0

Thanks,

Chang

Well that’s doing the redirect correctly. What are you seeing in a browser (and which browser)? Because looking at that if you go to http://hostname you’ll end up on https://hostname. 

Assuming fully qualified host name is server.sub.domain.com.  Then when I type, http://server.sub.domain.com in url section, it re-directs to url https://localhost and error message in the contect instead of https://server.sub.domain.com.

I used Google Chrome.

Thanks,

Chang

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

1,778 views 1 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you