Index
Downloads (PDF, HTML & XML formats)
[Bamboo Knowledge Base Home]
Documentation for Bamboo 4.2.x. Documentation for other versions of Bamboo is available too. 
This document is a guide to configuring the Bamboo Standalone distribution (not EAR-WAR) with basic HTTPS authentication. For further reference please visit the Jetty page on configuring SSL with Jetty.
1. Adding Certificate to your Keystore
Option 1. Using a self-signed Certificate
The simplest way to generate keys and certificates is to use the keytool application that comes with the JDK, as it generates keys and certificates directly into the keystore.
The following command will generate a key pair and certificate directly into a keystore:
keytool -keystore keystore -alias jetty -genkey -keyalg RSA
This command will prompt for information about the certificate and for passwords to protect both the keystore and the keys within it. The only mandatory response is to provide the fully qualified host name of the server at the "first and last name" prompt.
Option 2. Using Certificate issued by an Certificate Authority
Certificate Option 2 – Use a Certificate Issued by a Certificate Authority
When running Bamboo in a production environment, you will need a certificate issued by a certificate authority (CA, sometimes also called a 'certification authority') such as VeriSign, Thawte or TrustCenter. The instructions below are adapted from the Tomcat documentation.
First you will generate a local certificate and create a 'certificate signing request' (CSR) based on that certificate. You will submit the CSR to your chosen certificate authority. The CA will use that CSR to generate a certificate for you.
- Use Java's
keytoolutility to generate a local certificate, as described in the previous section. Use the
keytoolutility to generate a CSR, replacing the text<MY_KEYSTORE_FILENAME>with the path to and file name of the.keystorefile generated for your local certificate:keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore <MY_KEYSTORE_FILENAME>- Submit the generated file called
certreq.csrto your chosen certificate authority. Refer to the documentation on the CA's website to find out how to do this. - The CA will send you a certificate.
Import the new certificate into your local keystore:
keytool -importcert -alias tomcat -keystore <MY_KEYSTORE_FILENAME> -file <MY_CERTIFICATE_FILENAME>
Now, we need to configure an SSL listener.
NOTE: If you're running a Bamboo EAR-WAR distribution deployed in Tomcat, please follow these instructions. Otherwise, go to Step 2 below.
2. Configuring Jetty
Using the Sun JVM, add the SunJsseListener as a HttpListeners, In the ../<Bamboo_Application_Directory>/webapp/WEB-INF/classes/jetty.xml file add the following lines.
This will make Bamboo accessible in port 8443 on https://localhost:8443/
If you are using Bamboo 1.2.4 (or earlier)
<Call name="addListener">
<Arg>
<New class="org.mortbay.http.SunJsseListener">
<Set name="Port">8443</Set>
<Set name="Keystore"><SystemProperty name="jetty.home" default="."/>/keystore</Set>
<Set name="Password">password</Set>
<Set name="KeyPassword">password</Set>
</New>
</Arg>
</Call>
If you are using Bamboo 2.0 (or newer version)
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Set name="Port">8443</Set>
<Set name="Keystore"><SystemProperty name="jetty.home" default="."/>/keystore</Set>
<Set name="Password">password</Set>
<Set name="KeyPassword">password</Set>
</New>
</Arg>
</Call>
- Please note that Password and KeyPassword indicate the passwords you entered when you imported the certificate to the keystore.
The keystore file in this example is given relative to the Bamboo Application Directory, so copy your keystore file to BAMBOO_INSTALL directory.
- Also, you might need an extra "." (dot) at ./keystore.
- Clear out the context path at (<Arg name="contextPath">/bamboo</Arg>), so it now looks like (<Arg name="contextPath">/</Arg>) if you are not using a context URL.
- Please ensure that jcert.jar, jnet.jar and jsse.jar files are on your classpath (http://docs.oracle.com/javase/6/docs/technotes/tools/windows/classpath.html).
Your jetty.xml file should look like this:
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
<!-- =============================================================== -->
<!-- Configure the Jetty Server -->
<!-- -->
<!-- Documentation of this file format can be found at: -->
<!-- http://wiki.eclipse.org/Jetty/Reference/jetty.xml_syntax -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<!-- =========================================================== -->
<!-- Server Thread Pool -->
<!-- =========================================================== -->
<!-- Set name="ThreadPool" -->
<!-- Default queued blocking threadpool -->
<!--New class="org.eclipse.jetty.util.thread.QueuedThreadPool">
<Set name="minThreads">10</Set>
<Set name="maxThreads">200</Set>
</New>
</Set-->
<!-- =========================================================== -->
<!-- Set connectors -->
<!-- =========================================================== -->
<!-- Add and configure a Connector to port 8085 -->
<!-- The default port can be changed using: java -Djetty.port=8085 -->
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Set name="Port">8443</Set>
<Set name="Keystore"><SystemProperty name="jetty.home" default="."/>keystore</Set>
<Set name="Password">password</Set>
<Set name="KeyPassword">password</Set>
</New>
</Arg>
</Call>
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<!-- For SSL Connextions use: -->
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<!--<Call name="addConnector">-->
<!--<Arg>-->
<!--<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">-->
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<!-- Add web applications Context. -->
<!-- The default location can be changed using: java -Dbamboo.webapp= -->
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<Call name="setHandler">
<Arg>
<New class="org.eclipse.jetty.webapp.WebAppContext">
<Arg name="webApp">
<!--SystemProperty name="bamboo.webapp" default="/opt/dev/src/atlassian/bamboo-trunk/components/bamboo-web-app/src/main/webapp"/-->
<SystemProperty name="bamboo.webapp" default="./webapp"/>
</Arg>
<Arg name="contextPath">/</Arg>
<!--<Set name="parentLoaderPriority">true</Set>-->
<Set name="defaultsDescriptor">webdefault.xml</Set>
<Get name="sessionHandler">
<Set name="sessionManager">
<New class="org.eclipse.jetty.server.session.HashSessionManager">
<Set name="httpOnly">true</Set> <!-- use M$ http only cookies? -->
</New>
</Set>
</Get>
</New>
</Arg>
</Call>
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<!-- Add Any JNDI Resources -->
<!-- The default location can be changed using: java -Dbamboo.webapp= -->
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<!--New id="resourceID" class="org.eclipse.jetty.plus.jndi.Resource">
<Arg>resourceName</Arg>
<Arg>
<New class="org.eclipse.jetty.jndi.factories.MailSessionReference">
<Set name="user">name</Set>
<Set name="password">password</Set>
<Set name="properties">
<New class="java.util.Properties">
<Put name="mail.smtp.host">host</Put>
<Put name="mail.from">fromaddress@example.com</Put>
</New>
</Set>
</New>
</Arg>
</New-->
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<!-- Uncomment to enable AJP Support -->
<!--
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.ajp.Ajp13SocketConnector">
<Set name="port">8009</Set>
</New>
</Arg>
</Call>
-->
</Configure>
Also, modify C:\Atlassian\atlassian-bamboo-4.0\Bamboo\conf\wrapper.conf by:
- Replacing the argument which specifies the port number
"wrapper.app.parameter.2=8085"with"wrapper.app.parameter.2=../webapp/WEB-INF/classes/jetty.xml". - Commenting out the other arguments:
"wrapper.app.parameter.3=../webapp"and"wrapper.app.parameter.4=/". Please not that using this part might fail for Windows: "
<SystemProperty name="bamboo.webapp"default="./webapp"/>". In that case use 2 dots before "/webapp":... <SystemProperty name="bamboo.webapp" default="../webapp"/> ...
After following the steps mentioned above, you should be able to start your Bamboo instance by reaching it at https://127.0.0.1:8443
3. Getting Bamboo to use the jetty.xml file
Follow this Knowledge Base article, to instruct Bamboo to use the jetty.xml file configured in step 2.
Running Bamboo EAR-WAR over HTTPS
After adding a certificate to your Keystore (Step 1), please follow these steps:
- Open Tomcat's
server.xml, located at<Tomcat_Installation_Directory>/conf Uncomment this section:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />Edit it so it looks like this:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystorePass="<keystore_password_defined>" keystoreFile="<keystore_file_location>" />- Start Tomcat
- Access Bamboo at https://host_name:8443/bamboo_context
Overview
Content Tools
Apps
Log a request with our support team.
Raise an issue for our developers or tech writers.
See answers from the community.
Tweet, blog and update our documentation.
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.