Migrate server.xml customizations to bitbucket.properties
Bitbucket Server 5.0 introduces some changes to how connector configuration customization is performed. In Bitbucket Server 4.x and earlier Bitbucket Server startup involved starting Apache Tomcat and deploying the web application into Tomcat. Customizing connector configuration (for example to secure connections with SSL) involved updating the Tomcat server.xml
file.
In Bitbucket Server 5.0 and later, an embedded container (still Apache Tomcat) is started by the application. This allows you to make customizations to connector configuration directly in the bitbucket.properties
file (the same file that hosts the vast majority of other settings).
Upgrading from any version earlier than Bitbucket Server 4.14 or earlier to Bitbucket Server 5.x or later requires that you manually migrate any changes to the server.xml
file to the bitbucket.properties
file.
This document explains in what cases this may be necessary, describes how to perform this migration, and provides some migration examples for common use cases.
How do I know if there were customizations to my server.xml
file?
The server.xml
file was where you would make customizations to do a number of things, but most users used it to:
- Secure Bitbucket using SSL.
- Run Bitbucket behind a reverse proxy.
- Changed the port Bitbucket runs on.
- Set up a custom keystore.
How to migrate your customizations to bitbucket.properties
To migrate customizations made in the server.xml
file to the bitbucket.properties
file
Locate your
server.xml
file.
Identify and note any customizations made. Ideally you will know which customizations were made and can locate them in your
server.xml
file.
- Locate your
bitbucket.properties
file in the<Bitbucket home directory>
/shared
directory. - Look up the customization equivalent in the
bitbucket.properties
file by referring to one of the migration examples and/or by using the migration table below. Add the equivalent values to the
bitbucket.properties
file. Save and close the file.- Remove or rename the
server.xml
file (don't delete this file until you confirm the customizations were successfully migrated to your upgraded instance).
Migration reference table
Migration examples
Here are some examples that demonstrate some common use cases for customizing the server.xml
file, and how you would migrate those values to the bitbucket.properties
file.
For these examples, if there are less properties in the bitbucket.properties
syntax then in the initial server.xml
syntax, that indicates the default value would be acceptable and you don't need to add that property to achieve the same result.
Read the Configuration properties - Server section for more details about all of the various properties that can be configured.
For Windows users
When adding values with file paths in them, for instance server.context-path
, backslashes are escaped by default. Be sure to include two backslashes in any values with file paths in them.
Additional connectors
Bitbucket is preconfigured with a single connector and, as previously described, the default configuration for that connector can be configured using properties with a server.
prefix. For example to change the port from the default 7990
to 7991
:
server.port=7991
Bitbucket also supports up to five additional connectors and these are configured using properties with prefix server.additional-connector.#
, where #
is a number between 1 and 5 inclusive. For example, if in addition to the default connector that is configured to listen on port 7990
, you wanted to add an SSL secured connector listening on port 8443
, you would add these lines to the bitbucket.properties
file:
server.additional-connector.1.port=8443
server.additional-connector.1.ssl.enabled=true
server.additional-connector.1.ssl.key-store=/path/to/keystore/bitbucket.jks
server.additional-connector.1.ssl.key-store-password=<password value>
Running Bitbucket behind a reverse proxy secured with SSL
If Bitbucket is configured to run behind a reverse proxy that is secured with SSL, the existing server.xml file might contain the following connector configuration:
<Connector port="7990"
protocol="HTTP/1.1"
connectionTimeout="20000"
useBodyEncodingForURI="true"
redirectPort="443"
compression="on"
compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript"
secure="true"
scheme="https"
proxyName="mycompany.com"
proxyPort="443" />
To achieve the same configuration in Bitbucket 5.0 and later, add these entries to the bitbucket.properties
file:
server.secure=true
server.scheme=https
server.proxy-port=443
server.proxy-name=mycompany.com
For these examples, if there are less properties in the bitbucket.properties
syntax then in the initial server.xml
syntax, that indicates the default value would be acceptable and you don't need to add that property to achieve the same result. For example, the port for the default connector is 7990
, the default protocol is HTTP/1.1
, and so on.
Bitbucket secured with SSL-terminating connector
If Bitbucket is secured with SSL, where the SSL connection is terminated at the application rather than a proxy, the existing server.xml
file might contain the following connector configuration:
<Connector port="8443"
protocol="HTTP/1.1"
connectionTimeout="20000"
useBodyEncodingForURI="true"
redirectPort="443"
compression="on"
compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript"
secure="true"
scheme="https"
SSLEnabled="true"
sslProtocol="TLSv1.2"
keystoreType="JKS"
keystoreFile="/path/to/keystore/bitbucket.jks"
keystorePass="changeit"
keyAlias="YourAlias"
clientAuth="false"
/>
To achieve the same configuration in Bitbucket 5.0 and later, add these entries to the bitbucket.properties
file:
server.port=8443
server.secure=true
server.scheme=https
server.ssl.enabled=true
server.ssl.client-auth=want
server.ssl.protocol=TLSv1.2
server.ssl.key-store=/path/to/keystore/bitbucket.jks
server.ssl.key-store-password=<password value>
server.ssl.key-password=<password value>
Both ssl.key-store-password
and ssl.key-password
require explicit configuration. Even if you did not configure both values in the server.xml
file, values for both entries need to be explicitly set in bitbucket.properties
to secure Bitbucket with SSL.
Bitbucket secured with SSL and additional connector to redirect HTTP requests
For some with an SSL-terminating connector configured, you might also have an additional connector that redirects HTTP requests to the HTTPS connector. This would have required you to also specify an additional attribute in the <Bitbucket installation directory>/atlassian-bitbucket/WEB-INF/web.xml
file.
Here's what that configuration might have looked like prior to Bitbucket 5.0:
<Connector port="7990"
protocol="HTTP/1.1"
connectionTimeout="20000"
useBodyEncodingForURI="true"
redirectPort="8443"
compression="on"
compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript"/>
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted URLs</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
To achieve the same configuration in Bitbucket 5.0 and later, add these entries to the bitbucket.properties
file:
server.require-ssl=true
server.additional-connector.1.port=7990
server.additional-connector.1.redirect-port=8443
For these examples, if there are less properties in the bitbucket.properties
syntax then in the initial server.xml
syntax, that indicates the default value would be acceptable and you don't need to add that property to achieve the same result.