It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Set up HTTPS on the mirror

Hi Team,

 

For setting up the mirror with bitbucket cloud, in the second step "Set up HTTPS on the mirror" on the page https://confluence.atlassian.com/bitbucket/set-up-bitbucket-smart-mirroring-838427555.html you have mentioned the SSL, so where we will get the SSL certificate and how to apply it on the mirror? and where I will get my mirror url?

 

please explained me in detail so that I can do mirror installation

Thanks & Regards,

Prathamesh Bhoir

2 answers

1 vote
Ana Retamal Atlassian Team Apr 12, 2019

Hi @Prathamesh Bhoir ,

The mirror uses a local installation of Bitbucket Server, so that's where you should apply the SSL certificate.

For more info on how to obtain it, you can read Securing Bitbucket Server with tomcat using SSL. In that document you'll find the steps in detail.

If after reading that article you still have questions, please let us know and we'll be happy to continue helping you.

Best regards,

Ana

Hi Ana,

 

I have done the 1st step for Set up Bitbucket Smart Mirroring as mentioned by choosing Install a new instance and then Install a mirror instance.

 

but as per 2nd step "Set up HTTPS on the mirror".  Should I follow "https://confluence.atlassian.com/bitbucketserver/running-the-bitbucket-server-installer-776640183.html" this page mentioned in the sub link and install new server again on my machine as bitbucket instance?

 

if yes, then What is the connection between mirror instance and bitbucket instance.

Should we require both or mirror instance is sufficient to do the setup.

 

2nd step is quite confusing for me to do the setup. Please kindly assist for the mirror installation.

 

Thanks & Regards,

Prathamesh Bhoir

Ana Retamal Atlassian Team Apr 15, 2019

Hi Prathamesh,

if you have already followed step 1 from this article, then you have already installed the Bitbucket Server instance that you need (which will work as a mirror). The second step is only about adding the SSL certificate. If you have questions about the installation, then you should go back to step 1.

The connection between the mirror and your current Bitbucket account will happen later during steps 4 and 5.

If you have any more questions during the completion of those steps, let us know and we'll be happy to help.

Kind regards,

Ana

Hi Ana,

 

but first I have to complete step Securing a reverse proxy using HTTPS mentioned in the link "https://confluence.atlassian.com/bitbucketserver/proxying-and-securing-bitbucket-server-776640099.html#ProxyingandsecuringBitbucketServer-HTTPS"

 

which is required Securing Bitbucket Server with Apache using SSL mentioned in the link "https://confluence.atlassian.com/kb/securing-your-atlassian-applications-with-apache-using-ssl-838284349.html"

 

which is saying Connect to your application via a Reverse Proxy over HTTP mentioned in the link "https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-753894340.html#ProxyingAtlassianServerapplications-reversehttp" and on this link what should I follow to proceed further?

 

Should I go with mod_proxy_http or mod_proxy_ajp?

 

If I will go with mod_proxy_http then there is need of installation of bitbucket instance mentioned and not mirror instance. please find the link "https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-mod_proxy_http-806032611.html"

 

But according to your reply I should not do this installation again because I have already installed the mirror instance. So how to apply 2nd step "Set up HTTPS on the mirror" and SSL certificate?

 

Can you please give me stepwise process which I can follow and get the mirror linked with bitbucket account.

 

Thanks & Regards,

Prathamesh Bhoir.

Hi Ana,

 

I saw many sublinks which are present in the 2nd step which is "Set up HTTPS on the mirror"

Can you please explain me which steps and pages to follow for mirror setup properly so that I can set up the mirror on my machine.

There is no any stepwise explaination which we can follow and complete the mirror setup. Please provide the stepwise instructions to setup the mirror for step no. 2.

 

Thanks & Regards,

Prathamesh

0 votes

Hi Prathamesh,

Please allow me to jump in and provide some steps.

It sounds like you have already completed Step 1 from the guide at "Set up Bitbucket Smart Mirroring". The next step of "2. Set up HTTPS on the mirror" requires you to set up SSL on a reverse proxy (as discussed in "Proxying and securing Bitbucket Server") like Nginx, or Apache, or, you can set up SSL on Bitbucket itself (as discussed in "Securing Bitbucket Server with Tomcat"). Either option will work, however, using a proxy is more performant and less complicated.

The first step is to get an SSL certificate, This can be done by creating a self-signed certificate (this is the most complicated option and requires the most work), or by having an SSL certificate issued to you from a "Certification Authority" (CA) such as VeriSignDigiCert, Thawte or Let'sEncrypt.

Once you have the certificate, you can set up the proxy to be prepared to listen for requests. For the below example, I will go ahead and use Nginx.

server { listen 80; server_name bitbucket.example.com; return 301 https://bitbucket.example.com$request_uri; }
server {
listen 443 ssl;
server_name bitbucket.example.com;
client_max_body_size 0;
ssl on;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_certificate /<path>/<to>/fullchain.pem;
ssl_certificate_key /<path>/<to>/privkey.pem;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_pass http://<private-IP-of-bitbucket>:7990;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
}

The First line will accept port 80 (standard HTTP) traffic and redirect it to the secured port 443 (standard HTTPS). The second line starts the listen block for port 443, specifically for the "server_name". You will need to replace the string "bitbucket.example.com" with the desired URL of your Bitbucket server instance. (Note that this will need to match your SSL certificate).

You will also need to update the path to your certificate as well as the key for the SSL cert on your local filesystem. For improved security, feel free to add a dhparam file. Lastly, you will need to adjust the "proxy_pass" line to the private IP of Bitbucket itself (or to "localhost" if the proxy is running on the same machine as bitbucket).

Once the Proxy is up and listening for secure traffic you will need to configure your Bitbucket Smart Mirror so that it knows that the traffic is secured on Bitbucket's behalf by your proxy. To do this, you will need to edit the "bitbucket.properties" file located within your $BITBUCKET_HOME/shared/bitbucket.properties path, as mentioned in the "Configure the Embedded Tomcat Connector" step.

server.mode=mirror
server.port=7990
server.secure=true
server.scheme=https
server.proxy-port=443
server.proxy-name=bitbucket.example.com

The "proxy-name" will need to be adjusted to match the "server_name" in your proxy config.

At this point, you should be able to restart your Smart Mirror for the changes to take effect and you will be able to access the mirror via HTTPS through your proxy. Feel free to continue with step 3 of "Set up a Bitbucket Smart Mirror".

Best Regards,

Michael
Atlassian DevTools Support Engineer

Hi Michael,

 

Should I do this step also "Connecting to your Atlassian application through a reverse proxy over HTTP" as I am doing setup for the mirror from the scratch?

 

Thanks & Regards,

Prathamesh

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bitbucket Pipelines

Building a Bitbucket Pipe as a casual coder

...ipe.sh :  #!/bin/bash source "$(dirname "$0")/common.sh" enable_debug extra_args="" if [[ "${DEBUG}" == "true" ]]; then extra_args="--verbose" fi # mandatory variables R...

4,093 views 4 22
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you