Log the original IP address when Bitbucket Server is behind a load balancer or reverse proxy

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

If Bitbucket Server is behind a load balancer or the reverse proxy, you may see the load balancer's or reverse proxy's IP address in the atlassian-bitbucket-access.log instead of the IP address of the client making the request. 

Resolution

In Bitbucket Server 5.0+ if the load balancer is sending over the x-forwarded-for header, this should be logged correctly in the access logs without any further configuration needed.


Bitbucket Server 5 and newer will do this for you without additional configuration for the "x-forwarded-for" header.

If you need to customize these settings in Bitbucket Server/Data Center 5.x - 7.7, you can apply the following settings in $BITBUCKET_HOME/shared/bitbucket.properties:

server.tomcat.remote_ip_header=x-forwarded-for
server.tomcat.protocol_header=x-forwarded-proto
server.tomcat.internal_proxies=127\\.0\\.0\\.1


If you need to customize these settings in Bitbucket Server/Data Center 7.8 and newer, you can apply the following settings in $BITBUCKET_HOME/shared/bitbucket.properties::

server.tomcat.remoteip.remote-ip-header=x-forwarded-for
server.tomcat.remoteip.protocol-header=x-forwarded-proto
server.tomcat.remoteip.internal-proxies=127\\.0\\.0\\.1


Please note that the values in the examples above are already configured by default. You need to adjust them only if you use different headers.

This guide is only applicable to HTTP(S). For SSH, please check the KB How to enable Client IP Forwarding For SSH Sessions by setting up Proxy protocol for Bitbucket Data Center.


Last modified on Aug 30, 2022

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.