Incorrect HTTP(S) clone URL


I've installed Atlassian Stash and set up Nginx in front with SSL. Stash runs great behind this proxy, but one problem I am having is that the clone URL is still using HTTP, and HTTP is stated in the dropdown.

I have changed the base URL of Stash so that it is using HTTPS but it has had no effect on the clone URL. I am rewriting all HTTP requests to HTTPS via Nginx, but it is confusing our users that the dropdown still says HTTP.

Is there anything I can do about this other than to configure Stash itself to run on HTTPS?

Here's the nginx config:

upstream stash {
        server stash-srv:7990;

server {
        listen 80;

        location / {
                rewrite ^$request_uri? permanent;

server {
        listen 443;

        ssl on;
        ssl_certificate xxx;
        ssl_certificate_key xxx;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;

        location / {
                proxy_pass http://stash;
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-for $remote_addr;
                proxy_set_header X-Forwarded-Proto https;
                proxy_next_upstream error;

4 answers

1 accepted

I managed to fix this issue by replicating what I had to do to solve gadget issues with SSL proxying in JIRA.

Add the following to the Connector in conf/server.xml:


The dropdown still says HTTP, but the URL has https in it now so I guess that's intended.

I updated my answer with my nginx config. I've included the lines from the article you are linking to and I still have the same problem unfortunately.

I have the same issue but then with apache as the proxy.. So I guess it's an stash thing. I use stash 1.2.0..

Here is config from working nginx with no problems on HTTPS:
server {
listen 80;

    location / {
        return 302 https://$hostname$request_uri;

server {
    listen 443 ssl;

    ssl on;
    ssl_certificate /etc/nginx/ssl/stash.crt;
    ssl_certificate_key /etc/nginx/ssl/stash.key;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 SSLv3;
    ssl_ciphers !aNULL:!LOW:!MD5:!EXP:RC4:CAMELLIA:AES128:3DES:SEED:AES256;

    client_header_timeout  10m;
    client_body_timeout    10m;
    client_max_body_size   1g;
    send_timeout           10m;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_read_timeout  900;

If you not specified timeouts, then you can get errors on long pushes. Also, nginx must always redirect to HTTPS, not forward it into Tomcat, cos it always will show user login page.

For tomcat you should use port forwarding in server.xml:

            proxyPort="443" />

Suggest an answer

Log in or Join to answer
Community showcase
Jason Wong
Published 35m ago in Agility Beta

Welcome to agility

Every team in the world is unique, and so   Atlassian believes   that each and every team's best way of working  needs to  be molded to their unique circumstances  – ...

11 views 1 3
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot