I need to access a remote server from Bitbucket Pipelines. This remote server is available only to a specific host which has its IP address whitelisted. Here is what I want:

Pipelines <---> The gateway host <---> The remote server

I was trying to use sshutle to setup an ssh-based VPN to forward all network traffic via the gateway host, but it looks like Pipelines don't allow containers to run VPN (see issue #12753).

What can I do to access the remote server?

There is a solution if forwarding only http/https is enough for you. Use SSH to set up a socks5 proxy.

First, add Bitbucket's public SSH key to ~/.ssh/authorized_keys on the gateway server. Open Repository --> Settings --> (Pipelines) SSH keys and follow instructions on this page.

Then add these steps to the bitbucket-pipelines.yml:

# Start in foreground (-fN), use compression (-C), set up port forwarding (-D)
ssh -fN -C -D 41337 [email protected]
export http_proxy='socks5://localhost:41337'
export https_proxy='socks5://localhost:41337'

Use curl to check whether proxy works:

curl http://checkip.amazonaws.com

You can also create SSH tunnel instead of proxy with one line, and you can put multiple ip addresses, this is what worked for me. It exposes 9200 and 5000 from server to your localhost

ssh -fN user@server -L *:9200:localhost:9200 -L *:5000:localhost:5000

Bitbucket now has Test Runners.

Runners allows you to run builds in Pipelines on your own infrastructure, and you won’t be charged for the build minutes used by your self-hosted runners.

This allows you to register your own Jenkins or other CI/CD build server that is on private VPN.

More info at https://support.atlassian.com/bitbucket-cloud/docs/runners/

Full Disclosure - I ended up going with a serverless implementation on AWS Codebuild, which has access to the private server.

If you are interested in finding out more about the AWS Codebuild implementation, feel free to drop a comment.