Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

connect to Bitbucket to deploy into production

andrew wrigley July 11, 2023

I am not allowed to have bitbucket connect to my production server (security), so I need to have that server connect and pull the final code from bitbucket.

 

Is this possible ? 

1 answer

1 accepted

0 votes
Answer accepted
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 12, 2023

Hi Andrew and welcome to the community!

You don't have to make your server accessible from anywhere on the internet, but it needs to be accessible from the IPs that Bitbucket is using. Otherwise, there is no way for your server to reach Bitbucket Cloud.

You can find on the following link the IPs and ports that Bitbucket Cloud is using:

The ports are mentioned in the first paragraph and the IPs in the section Valid IP addresses for bitbucket.org, api.bitbucket.org, and altssh.bitbucket.org.

Kind regards,
Theodora

andrew wrigley July 12, 2023

The problem is that's several IP ranges, and our security just won't allow it.

 

Is there any solution to this ?

Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 12, 2023

Hi Andrew,

If you only use IPv4, then you only need to whitelist the following ranges (and not everything from that page):

104.192.136.0/21
185.166.140.0/22
18.205.93.0/25
18.234.32.128/25
13.52.5.0/25

If that is still a lot for your security team, and if you only need to clone/pull a Bitbucket Cloud repo (and not use our API), then you could:

  • edit the hosts file on this server to resolve bitbucket.org to an IP from the range 104.192.136.0/21
  • then whitelist on your firewall this specific IP

Please keep in mind though that if the firewall or a proxy in your network tries to resolve bitbucket.org again and ends up getting a different IP than the one set on the hosts file, the operation will fail.

This is not a recommended setup because the IPs we use could change at any time. In case this happens, there will be a failure again until you update the hosts file and your firewall with one of the new IPs.

Kind regards,
Theodora

andrew wrigley July 13, 2023

104.192.136.0/21  is a range not an IP, I can't edit the host file to resolve to a range.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events