Community
Products
Bitbucket
Questions
How can i to implement HTTPS on bitbucket server?

How can i to implement HTTPS on bitbucket server?

Hi!, I installed Bitbucket Server on my Ubuntu VM and works perfect, but is untrusted, works below http protocol and i need to implement HTTPS. If i have an certificate, ¿how can i to implement on my bitbucket?, ¿What files i should to edit?.

Many Thanks!!

2 answers

2 accepted

1 vote

Answer accepted

Hi,

In Ubuntu the path for de apache configuration files (I guess you are using Apache) is here: /etc/apache2/sites-available/ and the content of the file should be something like this:

<VirtualHost *:443>
    ...
    SSLEngine on
    SSLCertificateFile /var/www/.../certificate/YOUR_CERTIFICATE_FILE.crt
    SSLCertificateKeyFile /var/www/.../certificate/YOUR_CERTIFICATE_KEY.key
    SSLCertificateChainFile /var/www/.../certificate/CHAIN_CERTIFICATE_FILE.crt
    ...
</VirtualHost>

Hope this information helps you.

Regards.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Thanks Lair, i dont know if i use Apache or not, because i install Bitbucket through a bin installer with ./ command, so i dont know how bitbucket works below.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

1 vote

Answer accepted

Do you want to do this at the Tomcat level (see https://confluence.atlassian.com/bitbucketserver/securing-bitbucket-server-with-tomcat-using-ssl-776640127.html ) or via a proxy server (see https://confluence.atlassian.com/bitbucketserver/proxying-and-securing-bitbucket-server-776640099.html )

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Thanks Nic, i dont know if i use Apache Tomcat or not, because i install Bitbucket through a bin installer with ./ command, so i dont know how bitbucket works below. I need to install tomcat also?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

You don't need to worry about Tomcat separately, it's part of the installation bundle.

If you do not want to use a proxy, just follow the instructions in the first doc I pointed to, it walks you through the (Tomcat and) Bitbucket changes you'll need to make.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Many Thanks Nic, i tried to config bitbucket.properties file and a minimum change make that bitbucket cannot to be access. I keep the port 7990 and still cannot access.

If i let properties file blank, i can access perfect

server.port=7990
server.secure=true
server.scheme=https
server.ssl.enabled=true
server.ssl.client-auth=want
server.ssl.key-store-type=pkcs12
server.ssl.key-store="/var/atlassian/application-data/bitbucket/shared/config/ssl-llave/key.pfx"
server.ssl.key-store-password="xxxxx"
server.ssl.key-password="xxxxx"
server.require-ssl=true

Whats may be happening?

********************EDIT********************

I wait a few moments and now can access with the customize port only, but if i add more parameters, cannot access.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

What do the logs say when you add parameters? What else are you adding?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

*******************EDIT*****************************

Finally i can to start the server, in this part i needed to put the correct password only, (the password that I had placed was the incorrect one, because I put the new password that I requested when converting from pfx to jks, but the key that corresponded was the original of the pfx)

Thanks!!!

Now i convert pfx to jks and obtain the alias and log says the following text:.

(I read that i need to extract from pfx a certificate and private key and put on keystore, bu i dont know what that refer :/)

. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.1.1.RELEASE)

2019-07-01 14:23:07,547 INFO [main] c.a.b.i.b.BitbucketServerApplication Starting BitbucketServerApplication on srvgitcl01 with PID 21077 (/opt/atlassian/$
2019-07-01 14:23:07,565 INFO [main] c.a.b.i.b.BitbucketServerApplication No active profile set, falling back to default profiles: default
2019-07-01 14:23:13,302 INFO [main] c.a.b.i.boot.log.BuildInfoLogger Starting Bitbucket 6.2.3 (a254062 built on Wed Jun 05 07:35:39 UTC 2019)
2019-07-01 14:23:13,303 INFO [main] c.a.b.i.boot.log.BuildInfoLogger JVM: Oracle Corporation Java HotSpot(TM) 64-Bit Server VM 1.8.0_172-b11
2019-07-01 14:23:23,291 ERROR [main] o.apache.catalina.util.LifecycleBase Failed to start component [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Protocol handler start failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1008)
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:259)
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:311)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:164)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:549)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:142)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:775)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:316)
at com.atlassian.bitbucket.internal.boot.BitbucketServerApplication.start(BitbucketServerApplication.java:247)
at com.atlassian.bitbucket.internal.boot.BitbucketServerApplication.main(BitbucketServerApplication.java:82)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
at com.atlassian.bitbucket.internal.launcher.BitbucketServerLauncher.start(BitbucketServerLauncher.java:151)
at com.atlassian.bitbucket.internal.launcher.BitbucketServerLauncher.main(BitbucketServerLauncher.java:99)
... 6 frames trimmed

Caused by: java.lang.IllegalArgumentException: Cannot recover key
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
... 16 common frames omitted
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70)
at java.security.KeyStore.getKey(KeyStore.java:1023)
... 16 common frames omitted
2019-07-01 14:23:27,670 ERROR [spring-startup] c.a.j.s.w.s.JohnsonDispatcherServlet SpringMVC dispatcher [springMvc] could not be started
org.springframework.beans.factory.BeanDefinitionStoreException: Failed to read candidate component class: file [/opt/atlassian/bitbucket/6.2.3/app/WEB-INF/c$
at org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider.scanCandidateComponents(ClassPathScanningCandidateComponentPro$
at org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider.findCandidateComponents(ClassPathScanningCandidateComponentPro$
at org.springframework.context.annotation.ClassPathBeanDefinitionScanner.doScan(ClassPathBeanDefinitionScanner.java:275)
at org.springframework.context.annotation.ComponentScanBeanDefinitionParser.parse(ComponentScanBeanDefinitionParser.java:90)
at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:125)
at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:94)
at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:133)
at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:622)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:518)
at javax.servlet.GenericServlet.init(GenericServlet.java:158)
at java.lang.Thread.run(Thread.java:748)
... 21 frames trimmed

Caused by: java.nio.channels.ClosedByInterruptException: null
at java.nio.channels.spi.AbstractInterruptibleChannel.end(AbstractInterruptibleChannel.java:202)
at sun.nio.ch.FileChannelImpl.read(FileChannelImpl.java:164)
at sun.nio.ch.ChannelInputStream.read(ChannelInputStream.java:65)
at sun.nio.ch.ChannelInputStream.read(ChannelInputStream.java:109)
at sun.nio.ch.ChannelInputStream.read(ChannelInputStream.java:103)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
at org.springframework.asm.ClassReader.readStream(ClassReader.java:306)
at org.springframework.asm.ClassReader.<init>(ClassReader.java:273)
at org.springframework.core.type.classreading.SimpleMetadataReader.<init>(SimpleMetadataReader.java:54)
at org.springframework.core.type.classreading.SimpleMetadataReaderFactory.getMetadataReader(SimpleMetadataReaderFactory.java:103)
at org.springframework.core.type.classreading.CachingMetadataReaderFactory.getMetadataReader(CachingMetadataReaderFactory.java:123)
at org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider.scanCandidateComponents(ClassPathScanningCandidateComponentPro$
... 11 common frames omitted
2019-07-01 14:23:28,412 ERROR [main] o.s.b.d.LoggingFailureAnalysisReporter

***************************
APPLICATION FAILED TO START
***************************

Description:

The Tomcat connector configured to listen on port 8443 failed to start. The port may already be in use or the connector may be misconfigured.

Action:

Verify the connector's configuration, identify and stop any process that's listening on port 8443, or configure this application to listen on another port.

2019-07-01 14:23:28,434 INFO [main] c.a.b.i.boot.log.BuildInfoLogger Bitbucket 6.2.3 has shut down

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

How can i to implement HTTPS on bitbucket server?

2 answers

2 accepted

Suggest an answer

Was this helpful?

Thanks!

TAGS

Atlassian Community Events

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

How can i to implement HTTPS on bitbucket server?

2 answers

2 accepted

Suggest an answer

Was this helpful?

Thanks!

TAGS

Atlassian Community Events

Welcome to the new Atlassian Community