SSL configuration

I would like to ask your help for SSL configuration. 

Our Bitbucket server uses reverse proxy server installed on the same server where Bitbucket is installed.

Problem is when I type 'http' in url instead of 'https', it doesn't re-direct but showing "https://localhost" in the url section with the error saying "this site can't be reached".

When I had the following configuration in VitualHost for port 80 and 443, it re-directed OK.  But the problem that clone process also works with both 'https' and 'http'.  I was expecting that using 'http' shouldn't work on cloning.

 <VirtualHost *:80>
#    ServerAdmin webmaster@dummy-host.example.com
#    DocumentRoot /www/docs/dummy-host.example.com
#    ServerName dummy-host.example.com
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common

ProxyPass / http://localhost:7990/
ProxyPassReverse / http://localhost:7990/

</VirtualHost>

<VirtualHost *.443>

SSLEngine On
SSLCertificateFile /path/to/your/cert.pem
SSLCertificateKeyFile /path/to/your/privkey.pem
SSLCertificateChainFile /path/to/your/chain.pem

ProxyPass        / http://localhost:7990/ connectiontimeout=5 timeout=300
ProxyPassReverse / http://localhost:7990/
</VirtualHost>

From the technote, https://confluence.atlassian.com/kb/securing-your-atlassian-applications-with-apache-using-ssl-838284349.html, it says that I need to use "Redirect Permanent" in VirtualHost port 80 instead of Proxy.  So I followed as it says and face the issue that re-direct doesn't work. 

I would appreciate if you can help me to resolve this issue.

-Chang

 

1 answer

0 vote
Daniel Wester Community Champion Nov 07, 2017

You'll need to change:

<VirtualHost *:80>
#    ServerAdmin webmaster@dummy-host.example.com
#    DocumentRoot /www/docs/dummy-host.example.com
#    ServerName dummy-host.example.com
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common

ProxyPass / http://localhost:7990/
ProxyPassReverse / http://localhost:7990/

</VirtualHost>

to be something like:

<VirtualHost *:80>
Redirect 301 / https://your-public-url/

</VirtualHost>

(Change the your-public-url to your public url). I'm guessing that you've already tried this but it didn't work (based on your comment) - can you explain what didn't work about it?

Hi Daniel,

Thanks for your quick response.  I changed VirtualHost for port 80 to the following as technote suggests, but it didn't work

First, I changed to

<VirtualHost *:80>
  ServerName localhost
   Redirect Permanent / https://localhost/
</VirtualHost>

But it didn't work, so I changed localhost with real hostname including domain name like

<VirtualHost *:80>
  ServerName servername.subdomain.domain.com
   Redirect Permanent / https://servername.subdomain.domain.com/
</VirtualHost>

But the result I see was same.  none of them worked as expected.

So I don't know what I did wrong.

-Chang

Daniel Wester Community Champion Nov 07, 2017

That should work though. Can you restart Apache and do a curl -v http://public-host and tell us what the output is (feel free to anonymize things)

Hi Daniel,

Following is output.  I changed real hostname and ip.

[parkc@server ~]$ curl -v http://server.sub.domain.com
* About to connect() to server.sub.domain.com port 80 (#0)
*   Trying 100.10.1.70... connected
* Connected to server.sub.domain.com (100.10.1.70) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zl                                                     ib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: server.sub.domain.com
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 07 Nov 2017 23:59:17 GMT
< Server: Apache/2.2.15 (Red Hat)
< Location: https://server.sub.domain.com/
< Content-Length: 332
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://server.sub.domain.com/">here</a>.<                                                     /p>
<hr>
<address>Apache/2.2.15 (Red Hat) Server at server.sub.domain.com Port 80</add                                                     ress>
</body></html>
* Closing connection #0

Thanks,

Chang

Daniel Wester Community Champion Nov 07, 2017

Well that’s doing the redirect correctly. What are you seeing in a browser (and which browser)? Because looking at that if you go to http://hostname you’ll end up on https://hostname. 

Assuming fully qualified host name is server.sub.domain.com.  Then when I type, http://server.sub.domain.com in url section, it re-directs to url https://localhost and error message in the contect instead of https://server.sub.domain.com.

I used Google Chrome.

Thanks,

Chang

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Jun 12, 2018 in Bitbucket

Do you use any Atlassian products for your personal projects?

After spinning my wheels trying to get organized enough to write a book for National Novel Writing Month (NaNoWriMo) I took my affinity for Atlassian products from my work life and decided to tr...

26,715 views 26 12
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you