Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

SSL configuration

Chang Park
Chang Park November 7, 2017

I would like to ask your help for SSL configuration. 

Our Bitbucket server uses reverse proxy server installed on the same server where Bitbucket is installed.

Problem is when I type 'http' in url instead of 'https', it doesn't re-direct but showing "https://localhost" in the url section with the error saying "this site can't be reached".

When I had the following configuration in VitualHost for port 80 and 443, it re-directed OK.  But the problem that clone process also works with both 'https' and 'http'.  I was expecting that using 'http' shouldn't work on cloning.

 <VirtualHost *:80>
#    ServerAdmin webmaster@dummy-host.example.com
#    DocumentRoot /www/docs/dummy-host.example.com
#    ServerName dummy-host.example.com
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common

ProxyPass / http://localhost:7990/
ProxyPassReverse / http://localhost:7990/

</VirtualHost>

<VirtualHost *.443>

SSLEngine On
SSLCertificateFile /path/to/your/cert.pem
SSLCertificateKeyFile /path/to/your/privkey.pem
SSLCertificateChainFile /path/to/your/chain.pem

ProxyPass        / http://localhost:7990/ connectiontimeout=5 timeout=300
ProxyPassReverse / http://localhost:7990/
</VirtualHost>

From the technote, https://confluence.atlassian.com/kb/securing-your-atlassian-applications-with-apache-using-ssl-838284349.html, it says that I need to use "Redirect Permanent" in VirtualHost port 80 instead of Proxy.  So I followed as it says and face the issue that re-direct doesn't work. 

I would appreciate if you can help me to resolve this issue.

-Chang

 

Answer
Watch
Like Be the first to like this
564 views

1 answer

0 votes
Daniel Wester
Daniel Wester
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 7, 2017

You'll need to change:

<VirtualHost *:80>
#    ServerAdmin webmaster@dummy-host.example.com
#    DocumentRoot /www/docs/dummy-host.example.com
#    ServerName dummy-host.example.com
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common

ProxyPass / http://localhost:7990/
ProxyPassReverse / http://localhost:7990/

</VirtualHost>

to be something like:

<VirtualHost *:80>
Redirect 301 / https://your-public-url/

</VirtualHost>

(Change the your-public-url to your public url). I'm guessing that you've already tried this but it didn't work (based on your comment) - can you explain what didn't work about it?

View More Comments
Chang Park
Chang Park November 7, 2017

Hi Daniel,

Thanks for your quick response.  I changed VirtualHost for port 80 to the following as technote suggests, but it didn't work

First, I changed to

<VirtualHost *:80>
  ServerName localhost
   Redirect Permanent / https://localhost/
</VirtualHost>

But it didn't work, so I changed localhost with real hostname including domain name like

<VirtualHost *:80>
  ServerName servername.subdomain.domain.com
   Redirect Permanent / https://servername.subdomain.domain.com/
</VirtualHost>

But the result I see was same.  none of them worked as expected.

So I don't know what I did wrong.

-Chang

Like
Daniel Wester
Daniel Wester
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 7, 2017

That should work though. Can you restart Apache and do a curl -v http://public-host and tell us what the output is (feel free to anonymize things)

Like
Chang Park
Chang Park November 7, 2017

Hi Daniel,

Following is output.  I changed real hostname and ip.

[parkc@server ~]$ curl -v http://server.sub.domain.com
* About to connect() to server.sub.domain.com port 80 (#0)
*   Trying 100.10.1.70... connected
* Connected to server.sub.domain.com (100.10.1.70) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zl                                                     ib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: server.sub.domain.com
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 07 Nov 2017 23:59:17 GMT
< Server: Apache/2.2.15 (Red Hat)
< Location: https://server.sub.domain.com/
< Content-Length: 332
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://server.sub.domain.com/">here</a>.<                                                     /p>
<hr>
<address>Apache/2.2.15 (Red Hat) Server at server.sub.domain.com Port 80</add                                                     ress>
</body></html>
* Closing connection #0

Thanks,

Chang

Like
Daniel Wester
Daniel Wester
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 7, 2017

Well that’s doing the redirect correctly. What are you seeing in a browser (and which browser)? Because looking at that if you go to http://hostname you’ll end up on https://hostname. 

Like
Chang Park
Chang Park November 7, 2017

Assuming fully qualified host name is server.sub.domain.com.  Then when I type, http://server.sub.domain.com in url section, it re-directs to url https://localhost and error message in the contect instead of https://server.sub.domain.com.

I used Google Chrome.

Thanks,

Chang

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events