1

I am using haproxy for port forwarding to Bitbucket server ssh. Here's haproxy config:

frontend sshd
        bind *:7999
        default_backend ssh
        timeout client 1h

backend ssh
        mode tcp
        server localhost-bitbucket-ssh 127.0.0.1:7999 check port 7999

However if i do:

sudo haproxy -f haproxy.cfg

i am getting the following error:

[ALERT] 305/201411 (4168) : http frontend 'sshd' (haproxy.cfg:38) tries to use incompatible tcp backend 'ssh' (haproxy.cfg:43) as its default backend (see 'mode').
[ALERT] 305/201411 (4168) : Fatal errors found in configuration.

But i was referring to an official atlassian guide: https://confluence.atlassian.com/bitbucketserver/setting-up-ssh-port-forwarding-776640364.html are they wrong?

Also if i start haproxy before bitbucket server, bitbucket server cannot start on port 7999. I am totally confused. I have paid for that software and now i need to figure it out myself how to configure it for more than 2 days...

UPDATE

It was UFW as Thomj mentioned. But for what purposes do i need haproxy? If i can't bind Bitbucket's ssh to 22 port? I don't like to set port number.

Alexander Kim
  • 17,304
  • 23
  • 100
  • 157

1 Answers1

3

The frontend configuration is defaulting to a mode of http which can't use a backend that's configured for tcp. Try adding 'mode tcp' to the frontend:

frontend sshd
        bind *:7999
        default_backend ssh
        timeout client 1h
        mode tcp
thomj
  • 383
  • 1
  • 3
  • 14
  • Thank you, i tried this before, but it started to complain about bind socket 0.0.0.0:7999. Tried ```netstat -apn | grep ":7999"``` it showed me java (bitbucket server). So haproxy won't let use port 7999 for bitbucket? – Alexander Kim Nov 01 '16 at 14:38
  • You can only have one process bind to a port. In this case you have both HAProxy and Bitbucket Server trying to bind to 7999. You'll have to configure one of them to use a different port. – thomj Nov 01 '16 at 14:50
  • well, if i change port on bitbucket, what do i have to write in haproxy? – Alexander Kim Nov 01 '16 at 15:29
  • If you change the port in Bitbucket Server so that SSH is listening on port 7998 for example, you'd have the following in HAProxy: `frontend sshd bind *:7999 default_backend ssh timeout client 1h backend ssh mode tcp server localhost-bitbucket-ssh 127.0.0.1:7998 check port 7998` – thomj Nov 01 '16 at 15:41
  • when haproxy is turned off, if i type: ```alexander@server:/etc/haproxy$ ssh -p 7999 git@git.webium.me Permission denied (publickey).``` if i turn on haproxy i am getting timeout again. – Alexander Kim Nov 01 '16 at 15:44
  • Have you added your public key to Bitbucket Server? – thomj Nov 01 '16 at 15:45
  • Yes i did, i am on ubuntu 16.04 (on the host machine). Can you throw example with ufw? – Alexander Kim Nov 01 '16 at 15:49
  • Just to confirm, if you go to `http:/:7990/plugins/servlet/ssh/account/keys` in your browser, you have the SSH key added there? – thomj Nov 01 '16 at 16:47
  • Yes, i did, told you before. – Alexander Kim Nov 01 '16 at 16:57
  • I wanted to confirm, it wasn't 100% clear that it was added to Bitbucket Server. The `permission denied (publickey)` error indicates that either your public key is not in Bitbucket Server or SSH is using a different private key (where the public key hasn't be uploaded either). What's the output of `ssh -v -p 7999 git@git.domain.com whoami` – thomj Nov 01 '16 at 17:06
  • permission denied was on the host machine, because it didn't had the key, that's ok. – Alexander Kim Nov 02 '16 at 04:14