Log the original IP address when Bitbucket Data Center is behind a load balancer or reverse proxy

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

If Bitbucket is behind a load balancer or the reverse proxy, you may see the load balancer's or reverse proxy's IP address in the atlassian-bitbucket-access.log instead of the IP address of the client making the request. 

Resolution

In Bitbucket Data Center 5.0+ if the load balancer is sending over the x-forwarded-for header, this should be logged correctly in the access logs without any further configuration needed.


Bitbucket Data Center 5 and newer will do this for you without additional configuration for the "x-forwarded-for" header.

If you need to customize these settings in Bitbucket 5.x - 7.7, you can apply the following settings in $BITBUCKET_HOME/shared/bitbucket.properties:

server.tomcat.remote_ip_header=x-forwarded-for
server.tomcat.protocol_header=x-forwarded-proto
server.tomcat.internal_proxies=127\\.0\\.0\\.1


If you need to customize these settings in Bitbucket 7.8 and newer, you can apply the following settings in $BITBUCKET_HOME/shared/bitbucket.properties::

server.tomcat.remoteip.remote-ip-header=x-forwarded-for
server.tomcat.remoteip.protocol-header=x-forwarded-proto
server.tomcat.remoteip.internal-proxies=127\\.0\\.0\\.1


Please note that the values in the examples above are already configured by default. You need to adjust them only if you use different headers.

This guide is only applicable to HTTP(S). For SSH, please check the KB How to enable Client IP Forwarding For SSH Sessions by setting up Proxy protocol for Bitbucket Data Center.


Last modified on Jan 30, 2025

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.