Summary

After setting the feature.public.access=false configuration property in your bitbucket.properties file and then restarting, Bitbucket will start up but then throws a "Secure connection failed" error when accessing it through the browser.

Environment

• Bitbucket version 6.10.0
• A load balancer/proxy is being used to access the Bitbucket instance
  • SSL is being terminated at the load balancer/proxy level (see Securing a reverse proxy using HTTPS)

Diagnosis

• Although Bitbucket isn't available through the browser, the logs indicate that Bitbucket started up successfully and there are no errors that would actually prevent Bitbucket from starting.  
• When feature.public.access=false is commented out, Bitbucket starts with no issues and is accessible from the browser.
• When checking the access logs after starting Bitbucket with the property set, there are no HTTP(S) request entries except for a few entries of "GET /repos HTTP/1.1", with response code 302 (redirect), as shown below:

10.0.0.15 | https | i@W72Z25x319x55x2 ... "GET /repos HTTP/1.1" | "" "" | - | ...
10.0.0.15 | https | o@W72Z25x319x55x2 ... "GET /repos HTTP/1.1" | "" "" | 302 | ...

• •  When cross-checking the application logs for this request-id, there is a clear mention of the /mvc/repos?visibility=public endpoint. However, if feature.public.access=false, this endpoint should not be available.

2021-03-07 05:19:06,469 DEBUG ... @W72Z25x319x55x2 10.0.0.15 "GET /repos HTTP/1.1" ... 
"FORWARD" dispatch for GET "/mvc/repos?visibility=public", parameters={masked}

Cause

There is a configuration problem on the proxy/load balancer that needs to be investigated.

Solution

Check your proxy/load balancer device settings and modify them accordingly.

Workaround

Attempt to access Bitbucket through bypassing the proxy.

•  For instance, see if you can access the application directly through http://localhost:7995 after following the instructions in the above document.