Bitbucket with Traefik Reverse Proxy #
Prerequisites #
Docker Network #
# Create an external network used for Traefik
sudo docker network create traefik
Docker System User #
# Create a system user for Docker
sudo adduser --system --ingroup docker --shell /sbin/nologin docker-system
Bitbucket & Postgres Docker Compose #
Folder Structure #
# Create folder struture
sudo mkdir -p /opt/bitbucket/bitbucket_data && cd /opt/bitbucket
Environment Variables #
# Create .env file for the environemt variables
sudo vi .env
# Define the db password
BITBUCKET_DB_PASSWORD=mysecurepw
Docker Compose YAML #
# Create Docker Compose file
sudo vi docker-compose.yml
services:
postgres:
image: postgres:15
volumes:
- ./postgres:/var/lib/postgresql/data
environment:
POSTGRES_DB: bitbucketdb
POSTGRES_USER: bitbucketdbuser
POSTGRES_PASSWORD: ${BITBUCKET_DB_PASSWORD}
healthcheck:
test: [ "CMD", "pg_isready", "-q", "-d", "bitbucketdb", "-U", "bitbucketdbuser" ]
interval: 10s
timeout: 5s
retries: 3
start_period: 60s
restart: unless-stopped
networks:
- bitbucket
bitbucket:
image: atlassian/bitbucket-server:latest
volumes:
- ./bitbucket_data:/var/atlassian/application-data/bitbucket
ports:
- "7990:7990"
- "7999:7999"
environment:
JVM_MINIMUM_MEMORY: 4G
JVM_MAXIMUM_MEMORY: 8G
SERVER_PROXY_NAME: bitbucket.jklug.work
SERVER_SECURE: 'true'
SERVER_SCHEME: https
SERVER_PROXY_PORT: 443
SETUP_DISPLAYNAME: Bitbucket
SETUP_BASEURL: https://bitbucket.jklug.work
JDBC_DRIVER: org.postgresql.Driver
JDBC_USER: bitbucketdbuser
JDBC_PASSWORD: ${BITBUCKET_DB_PASSWORD}
JDBC_URL: jdbc:postgresql://postgres:5432/bitbucketdb
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:7990/"]
interval: 10s
timeout: 5s
retries: 3
start_period: 90s
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.services.bitbucket.loadbalancer.server.port=7990"
# HTTPS Router
- "traefik.http.routers.bitbucket.entrypoints=websecure"
- "traefik.http.routers.bitbucket.tls=true"
- "traefik.http.routers.bitbucket.rule=Host(`bitbucket.jklug.work`)"
# HTTP Router
- "traefik.http.routers.bitbucket-http.rule=Host(`bitbucket.jklug.work`)"
- "traefik.http.routers.bitbucket-http.entrypoints=web"
- "traefik.http.routers.bitbucket-http.middlewares=redirect-to-https"
# Middleware for HTTP to HTTPS redirection
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
restart: unless-stopped
depends_on:
postgres:
condition: service_healthy
networks:
- bitbucket
- traefik
networks:
bitbucket:
name: bitbucket
traefik:
external: true
Change Ownership #
# Change ownership
sudo chown -R docker-system:docker /opt/bitbucket &&
sudo chown 2003:2003 /opt/bitbucket/bitbucket_data
Create & Start Docker Stack #
# Create & start containers
sudo -u docker-system docker compose up -d
Traefik Reverse Proxy Container #
Folder Structure #
# Create folder structure
sudo mkdir -p /opt/traefik/certs && cd /opt/traefik
Certificates #
# Place the certificates into the "/opt/traefik/certs" directory
sudo cp fullchain.pem privkey.pem /opt/traefik/certs/
Traefik Dynamic Configuration #
# Create file for dynamic configuration
sudo vi tls-configuration.yaml
tls:
certificates:
- certFile: /etc/certs/fullchain.pem
keyFile: /etc/certs/privkey.pem
Docker Compose File #
# Create Docker Compose file
sudo vi docker-compose.yml
version: '3'
services:
reverse-proxy:
image: traefik:v2.10
container_name: Traefik-Reverse-Proxy
restart: unless-stopped
command:
- --api.insecure=true
- --providers.docker
- --providers.file.directory=/etc/traefik/dynamic
- --entryPoints.web.address=:80
- --entryPoints.websecure.address=:443
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./tls-configuration.yaml:/etc/traefik/dynamic/tls-configuration.yaml
- ./certs/:/etc/certs/
networks:
- traefik
networks:
traefik:
external: true
Change Ownership #
# Change ownership
sudo chown -R docker-system:docker /opt/traefik
Create & Start Docker Stack #
# Create & start containers
sudo -u docker-system docker compose up -d
Bitbucket #
Webinterface #
# Open the Bitbucket webinterface
https://bitbucket.jklug.work/
Initial Setup #
Note: The initial setup from the within the webinterface does not work with a private browser tab.
-
Application title:
Bitbucket -
Base URL:
https://bitbucket.jklug.work -
License key: Select “I need an evaluation license”
-
Login to your Atlassian account
-
create an evaluation license for “Bitbucket (Data Center)”
-
Confirm the license key server:
bitbucket.jklug.work -
Click “Next
-
Fill the following fields: Username, Full name, Email address, Password, Confirm password
-
Click: “Go to Butbucket
-
Login with your credentials
Repository Example #
Create Project #
-
Click “Create Project”
-
Project name:
example-project -
Project key:
EX -
Click “Create project”
Create Repository #
-
Select the project “example-project”
-
Click “Create repository”
-
Name:
example-repo -
Default branch name:
main
Repository URL: https://bitbucket.jklug.work/scm/ex/example-repo.git
Push to Repository #
Hosts Entry #
Make sure the host that pushes into the Bitbucket repository is able to resolve the Bitbucket DNS name:
# Create hosts entry
192.168.30.60 bitbucket.jklug.work
Push #
# Configure Git
git config --global user.email "juergen@jklug.work"
git config --global user.name "juergen"
# Initializes a new Git repository in the current directory
git init
# Stage some files for the commit
git add app.py test_app.py
# Stage all files for the commit
git add --all
# Commit the changes
git commit -m "Example App"
# Add the Bitbucket remote repository
git remote add origin https://bitbucket.jklug.work/scm/ex/example-repo.git
# Push into the Bitbucket repository
git push -u origin HEAD:main