It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

git ssh to dockerized bitbucket server behind reverse nginx proxy (docker-compose) Edited

Hi

 

I've been trying to set up the reverse proxy configuration with nginx and docker-compose but it keeps on asking me for a password (and even if I enter it correctly, refuses the connection) and I'm not sure where I'm going wrong at this point anymore.

I'm pretty sure I've missed something totally obvious but I think I've spent so much time on it I just can't see it anymore. If anyone could take a look I'd be incredibly happy to get that very last tid-bit working.

 

Here is my docker-compose and nginx configuration.

 

I've already tried a myriad of things, including enabeling ssh in the bitbucket serer and setting the url to default to one without a port number behind it. Any help would be greatly appreciated.

 

Update:

I've included some more information as suggested

 

Ah, thanks for pointing it out. I thought I had the domain names replaced.

the certbot certification is done once to get the certificates up and running and afterwards is accepted. I can access the bitbucket subdomain via web with encryption.

The problem I am having is trying to clone/push changes to a repository via git using ssh keys. I've enabled ssh and uploaded the public ssh key into the bitbucket server via the UI.


Inside the server configuration UI of bitbucket I've enabled ssh and set the base url to ssh://subdomain.domain.dev

I've created a sample project and added myself as the admin to that project. Then set created a local repository and set the remote url according to the instructions given in the bitbucket repository ui.

When I add a README.md, add all changes and

git push -u origin master -v

It reports that it is connecting to

git@subdomain.domaindev/project/repository.git


Then it asks me for a password. I haven't explicitly set a password (apart from my user password) but that one isn't being accepted either.

In the docker-compose file I realised last night that I didn't expose the nginx service on port 22. I'm not too familiar with how exactly the git ssh protocol works but is it something like

outgoing ssh:port -> my_vps_ip:22 -> docker-compose_nginx_service:22 -> bitbucket-server:22


Does bitbucket then forward the ssh port 22 to the standard port (7999 i think?)

Is there any other information or logs I could provide which might help?

 

2 answers

1 accepted

Right, so. After a long period of trying different settings I realized something very important.

 

SSH does not have the header information required for subdomain forwarding.

That means that you can't make a ssh request via the standard port to a subdomain. I will always go to the main domain and handled by the ssh agent there. I could open up a second port for ssh, but then I'd have the port number in the git@subdomain.domain.dev:PORT/project/repostiry which I specifically don't want.

I also don't want to have to specify a port number when sshing into my vps. So the only real solution would be to differentiate incoming requests based on their structure and forwarding them internally to the correct port.

Introducing SSLH. Basically:

 

sslh accepts connections on specified ports, and forwards them further based on tests performed on the first data packet sent by the remote client.

 

I haven't tried it yet but it sounds promising. There are some people using this when you google "nginx reverse proxy sslh". This, in my eyes, is the only viable solution at this point in time.

0 votes

Hi! 

Also, could you  provide more details password for certbot or for connect ? 

Could you set into variables SERVER_PROXY_NAME , please? (it)

SERVER_PROXY_NAME=code.dle.dev

Cheers,

Gonchik Tsymzhitov

Ah, thanks for pointing it out. I thought I had the domain names replaced.

the certbot certification is done once to get the certificates up and running and afterwards is accepted. I can access the bitbucket subdomain via web with encryption.

The problem I am having is trying to clone/push changes to a repository via git using ssh keys. I've enabled ssh and uploaded the public ssh key into the bitbucket server via the UI.

 

Inside the server configuration UI of bitbucket I've enabled ssh and set the base url to ssh://subdomain.domain.dev

I've created a sample project and added myself as the admin to that project. Then set created a local repository and set the remote url according to the instructions given in the bitbucket repository ui.

When I add a README.md, add all changes and

git push -u origin master -v

 It reports that it is connecting to

git@subdomain.domaindev/project/repository.git


Then it asks me for a password. I haven't explicitly set a password (apart from my user password) but that one isn't being accepted either.

In the docker-compose file I realised last night that I didn't expose the nginx service on port 22. I'm not too familiar with how exactly the git ssh protocol works but is it something like

outgoing ssh:port -> my_vps_ip:22 -> docker-compose_nginx_service:22 -> bitbucket-server:22

 

Does bitbucket then forward the ssh port 22 to the standard port (7999 i think?)

Is there any other information or logs I could provide which might help?

Ah, thanks for pointing it out. I thought I had the domain names replaced.

the certbot certification is done once to get the certificates up and running and afterwards is accepted. I can access the bitbucket subdomain via web with encryption.

The problem I am having is trying to clone/push changes to a repository via git using ssh keys. I've enabled ssh and uploaded the public ssh key into the bitbucket server via the UI.

 

Inside the server configuration UI of bitbucket I've enabled ssh and set the base url to ssh://subdomain.domain.dev

I've created a sample project and added myself as the admin to that project. Then set created a local repository and set the remote url according to the instructions given in the bitbucket repository ui.

When I add a README.md, add all changes and

git push -u origin master -v

 It reports that it is connecting to

git@subdomain.domaindev/project/repository.git


Then it asks me for a password. I haven't explicitly set a password (apart from my user password) but that one isn't being accepted either.

In the docker-compose file I realised last night that I didn't expose the nginx service on port 22. I'm not too familiar with how exactly the git ssh protocol works but is it something like

outgoing ssh:port -> my_vps_ip:22 -> docker-compose_nginx_service:22 -> bitbucket-server:22

 

Does bitbucket then forward the ssh port 22 to the standard port (7999 i think?)

Is there any other information or logs I could provide which might help?

Ah, thanks for pointing it out. I thought I had the domain names replaced.

the certbot certification is done once to get the certificates up and running and afterwards is accepted. I can access the bitbucket subdomain via web with encryption.

The problem I am having is trying to clone/push changes to a repository via git using ssh keys. I've enabled ssh and uploaded the public ssh key into the bitbucket server via the UI.


Inside the server configuration UI of bitbucket I've enabled ssh and set the base url to ssh://subdomain.domain.dev

I've created a sample project and added myself as the admin to that project. Then set created a local repository and set the remote url according to the instructions given in the bitbucket repository ui.

When I add a README.md, add all changes and

git push -u origin master -v

It reports that it is connecting to

git@subdomain.domaindev/project/repository.git


Then it asks me for a password. I haven't explicitly set a password (apart from my user password) but that one isn't being accepted either.

In the docker-compose file I realised last night that I didn't expose the nginx service on port 22. I'm not too familiar with how exactly the git ssh protocol works but is it something like

outgoing ssh:port -> my_vps_ip:22 -> docker-compose_nginx_service:22 -> bitbucket-server:22


Does bitbucket then forward the ssh port 22 to the standard port (7999 i think?)

Is there any other information or logs I could provide which might help?

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bitbucket

Atlassian supported Jenkins integration for Bitbucket Server

We’ve been building a plugin to integrate Bitbucket Server and Jenkins CI, and I’m excited to announce that our alpha is ready to download and install. It lets you seamlessly configure a Jenkins job ...

423 views 0 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you