How to configure an outbound HTTP and HTTPS proxy for Stash

'How Do I...' and 'How to...' Guide to Stash



アトラシアン コミュニティをご利用ください。


プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。

このページの内容は、サポート対象外のプラットフォームに関連しています。したがって、アトラシアンは、そのためのサポートの提供を保証できません 。この資料は情報提供のみを目的としているため、お客様自身の責任でご使用ください。


This page defines how to configure Stash such that it can communicate externally through an outbound proxy. This is required to access servers outside the network it's hosted in, such as the Atlassian Marketplace. If you wish to host Stash behind a reverse-proxy (or inbound proxy), please refer to Proxying and securing Stash.


Proxy Support is configured in Stash by passing certain system properties to the Java Virtual Machine (JVM) on startup. These properties follow the conventions defined by Oracle:

  • http.proxyHost
  • http.proxyPort (default: 80)
  • http.nonProxyHosts (default: <none>)
  • https.proxyHost
  • https.proxyPort

The http.proxyHost property must be defined to configure an HTTP proxy, and https.proxyHost for an HTTPS proxy. System property configuration is described in further detail within our Setting Properties and Options on Startup documentation.

The http.proxyHost and http.proxyPort properties indicate the proxy server and the port that the HTTP protocol handler will use. For example: -Dhttp.proxyPort=8080 -Dhttps.proxyPort=8080 -Dhttp.nonProxyHosts=localhost

The property http.nonProxyHosts indicates the hosts which should be connected to directly and not through the proxy server. The value can be a list of hosts, each separated by a |, and in addition a wildcard character (*) can be used for matching. For example:


(info) The pipe character (|) may need to be escaped in Linux, as per our JAVA Option '-Dhttp.nonProxyHosts' Does Not Work KB article.

If the http.nonProxyHosts property is not configured, all web requests will be routed through the proxy. For example, if connecting the Stash and JIRA applications together with Application Links, we would recommend bypassing the proxy and communicating on the internal network with this property. Routing through the proxy can have ramifications when taking into account IP validation on those links - the source IP of the server can be different depending on how the traffic is routed.

(warning) At the minimum, the http.nonProxyHosts must exclude localhost, otherwise certain functionality may not properly work. For example:



NTLM is not supported by UPM. Please refer to  UPM-1104 - Getting issue details... STATUS  for further comments.

It is not supported by Stash either:  STASH-7694 - Getting issue details... STATUS

It is not supported by JIRA either:  JRA-2398 - Getting issue details... STATUS

How to make it work with Stash, then?

As you can see from past comments: here and here, customers reported success by following the steps below:

  • Install Cntlm Authentication Proxy locally to their JIRA/Stash server
  • Configured and tested it to make sure "Cntlm" works with their corporate NTLM and then used the parameters

    How to test Cntlm is working with your NTLM

    cntlm.ini でユーザー、ドメイン、およびプロキシ情報を更新し、次のコマンドでプロキシをテストします (Cntlm のインストール フォルダで実行します)。

    cntlm -c cntlm.ini -I -M

    パスワードが確認され、必要な認証情報が表示されるはずです。これは cntlm.ini に保存する必要があります。

    cntlm.ini の例

    Username            user
    Domain              domain
    # provide actual value if autodetection fails
    # Workstation         pc-name
    NoProxy             127.0.0.*, 192.168.*
    Gateway             no
    SOCKS5Proxy         5000
    # provide socks auth info if you want it
    # SOCKS5User          socks-user:socks-password
    # printed authentication info from the previous step
    Auth            NTLMv2
    PassNTLMv2      98D6986BCFA9886E41698C1686B58A09

    注: Linux の場合、構成ファイルは cntlm.conf です

  • Have the configuration described on the section above point to the "Cntlm" proxy instead - and that one will do the job to talk to NTLM.

If connecting Stash to any other applications, the application URL should be added to the nonProxyHosts argument. Otherwise what can happen is when Stash attempts to talk to another Atlassian application the HTTP request can timeout, or not resolve. This will prevent the applications from linking. For example when connecting Stash to JIRA (located on



Proxy authentication is configured by passing the below properties to Java:

  • http.proxyUser
  • http.proxyPassword
  • https.proxyUser
  • https.proxyPassword


Modify <Stash Installation>/bin/ and add the following to JVM_SUPPORT_RECOMMENDED_ARGS:

JVM_SUPPORT_RECOMMENDED_ARGS="-Dhttp.proxyUser=atlaspirate -Dhttp.proxyPassword=yarrrrr -Dhttps.proxyUser=atlaspirate -Dhttps.proxyPassword=yarrrrr"


  1. Open the command window from Start >> Run >> type in 'cmd' >> Enter
  2. cd to the bin directory of your STASH installation directory
  3. 次のコマンドを実行します。

    tomcat8w //ES//AtlassianStash
  4. Click on the Java tab to see the list of current start-up options.
  5. Add the proxy configuration options on their own lines under Java Options 

  6. Restart Stash

最終更新日 2018 年 11 月 2 日


Powered by Confluence and Scroll Viewport.