Log the original IP address when Bitbucket Server is behind a load balancer or reverse proxy
If Bitbucket Server is behind a load balancer or reverse proxy, you may see the load balancer's or reverse proxy's IP address in the
atlassian-bitbucket-access.log instead of the IP address of the client making the request.
In Bitbucket Server 5.0+ if the load balancer is sending over the
x-forwarded-for header, this should be logged correctly in the access logs without any further configuration needed.
Whilst Bitbucket Server 5 will do this for you without additional configuration, if you need to customise these settings in Bitbucket Server 5, you can apply the following settings in
server.tomcat.remote_ip_header=x-forwarded-for server.tomcat.protocol_header=x-forwarded-proto server.tomcat.internal_proxies=127\\.0\\.0\\.1
In order for this to work, the load balancer should send a header with the IP address of the original request, some load balancers use
Add a Valve element to your
$BITBUCKET_HOME/shared/server.xml that is configured for the header that the load balancer is sending
<Engine name="Catalina" defaultHost="localhost"> <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127\.0\.0\.1" remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto" />
- Read more about the RemoteIpValve and each attribute here: https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html