Setting up SSL and forcing https

I’m setting up Bitbucket Server and having difficulty locating documentation on setting up my SSL certificate and forcing Bitbucket Server to use https for all requests.

I’ve installed it on a server running Windows Server 2012 R2.

Thanks.

The appropriate documentation can be found here: https://confluence.atlassian.com/bitbucketserver/securing-bitbucket-server-with-tomcat-using-ssl-776640127.html. Unfortunately, the site is currently down for maintenance :slight_smile:

I saw that, but isn’t tomcat an apache tool? I’m running Windows Server.

Tomcat is the application container (the actual Server part of BitBucket Server) running the BitBucket JAVA code. It is responsible for accepting the HTTP requests and forwarding it to the JVM for processing. Tomcat also runs on Windows Server. If you are running IIS, you can use it to proxy the requests to the built-in Tomcat server that comes with BitBucket Server. In that set-up, IIS can be configured to take care of the SSL offloading. See also https://www.google.com/#safe=off&q=iis+in+front+of+tomcat&* and https://www.google.com/#safe=off&q=iis+in+front+of+bitbucket&*

1 Like

I think i understand now. I do have a CA certificate that i’d like to use and i just need to get it installed and route all traffic to https.

Which ever method is secure and easy to install/configure is fine with me.

Using IIS as a proxy with SSL offloading is definitely a secure and easy option. I’ve never enjoyed configuring Tomcat, especially because you will potentially need to do stuff with every new BitBucket release as it is part of the installation. In terms of security, you should be fine granted that you have properly secured IIS, the server and your entire network :slight_smile:

Sounds like that’ll be the route I take. Will take a look at the documentation once the site is back up.

thanks!

Will using IIS as a proxy also allow me to use a url such as https://bitbucket.mycompany.com without the port at the end?

Yes, you can. This setup is called reverse proxy, in which the IIS server is the endpoint for the client. You can read more about the principle on Wikipedia. The BitBucket documentation also includes examples of configuring a reverse proxy with Tomcat, but there are also additional resources available (see https://www.google.com/#safe=off&q=reverse+proxy+iis+tomcat&*)

I went through all the steps of this article but when i load the url at http://bitbucket.mycompany.com i just got a 404 error.

Also, the step by step has me create a site in IIS but it doesn’t specify what i’m supposed to set as the home directory.

all the other steps I believe I was able to complete correctly.

Have you tried if you can access the Tomcat server directly? That would probably be accessible through http://localhost:7990. If that does work, the problem lies within IIS configuration. It is somewhat difficult to debug remotely. It usually will take some tinkering the first time you are setting up a proxy because, as you may have noticed in the documentation, there are a lot of steps involved.