Running Bitbucket Server on a Privileged Port (without Root)


アトラシアン コミュニティをご利用ください。


This Knowledge Base article was written specifically for the Atlassian Server platform. Due to the Compare Atlassian cloud vs server, the contents of this article cannot be applied to Atlassian Cloud applications.


On Linux, you are typically unable to run Bitbucket Server (or any other Atlassian product) on a port below 1024 as these are Privileged ports, without starting as root. Starting as Root introduces both a security risk and can prevent ElasticSearch from starting/operating as expected.

The following appears in your Bitbucket_home/log/atlassian-bitbucket.log when you attempt to start Bitbucket on a port below 1024 without any changes.

2018-05-10 10:37:02,346 ERROR [main]  o.a.catalina.core.StandardService Failed to start connector [Connector[HTTP/1.1-80]]
org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-80]]
        at org.apache.catalina.util.LifecycleBase.start(
        at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(
        at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(
        at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(
        at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(
        at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(
        at org.springframework.boot.SpringApplication.refresh(
        at org.springframework.boot.SpringApplication.refreshContext(
        at com.atlassian.bitbucket.internal.boot.BitbucketServerApplication.start(
        at com.atlassian.bitbucket.internal.boot.BitbucketServerApplication.main(
        at org.springframework.boot.loader.Launcher.launch(
        at com.atlassian.bitbucket.internal.launcher.BitbucketServerLauncher.start(
        at com.atlassian.bitbucket.internal.launcher.BitbucketServerLauncher.main(
        ... 5 frames trimmed
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
        at org.apache.catalina.connector.Connector.startInternal(
        ... 16 common frames omitted
Caused by: Permission denied
        at Method)
        ... 16 common frames omitted
2018-05-10 10:37:06,559 ERROR [main]  o.s.b.d.LoggingFailureAnalysisReporter
The Tomcat connector configured to listen on port 80 failed to start. The port may already be in use or the connector may be misconfigured.
Verify the connector's configuration, identify and stop any process that's listening on port 80, or configure this application to listen on another port.
2018-05-10 10:37:06,562 INFO  [main]  c.a.b.i.boot.log.BuildInfoLogger Bitbucket 5.9.0 has shut down


The below steps will provide a workaround for Java itself, allowing all Java applications elevated network permissions, thereby allowing you to bind to ports under 1024.

If your system supports "capabilities" then you can utilize "CAP_NET_BIND_SERVICE". You can verify if your system has this capability by running 'man capabilities'.  

Needed if "setcap" and "getcap" are not available on your machine
$ sudo apt-get install libcap2-bin
Checking what capabilities Java has
$ sudo getcap $JAVA_HOME/jre/bin/java
Expected output when Capabilities are not yet set:
/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java =
Setting the Capability to add Elevated Privileges for network ports
$ sudo setcap cap_net_bind_service=+ep $JAVA_HOME/jre/bin/java
Confirm change took effect with previous command
$ sudo getcap $JAVA_HOME/jre/bin/java
New expected output confirming change took effect
/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java = cap_net_bind_service+ep

Once the above steps have been completed and you verify the permissions, you can then edit the desired listen port within your configuration as covered in our Changing the port that Bitbucket Server Listens on.

On attempting to start up Bitbucket, it's possible that you receive the error "error while loading shared libraries: cannot open shared object file: No such file or directory"

If you receive this error on starting Bitbucket, or attempting to even run ./java -version, then it's likely you will need to create a symbolic link for this library - as Java (once escalated) will start looking for libraries under a specific directory as part of a security feature.

The command to generate this symbolic link is as follows:

Creating a symbolic link to the library
ln -s /path/to/your/jre/lib/amd64/jli/ /usr/lib/
#Note: If your OS is instead 64 bit, you may need to create a symbolic link to the lib64 directory instead:
ln -s /path/to/your/jre/lib/amd64/jli/ /usr/lib64/

最終更新日 2019 年 9 月 26 日


Powered by Confluence and Scroll Viewport.