Configure FogBugz On-Premises to Use HTTPS


Follow

Overview

Due to security considerations, you might want to configure your FogBugz On-Premise instance to use HTTPS and SSL/TLS.

This article provides you the steps to enable HTTPS on your FogBugz On-Premise and configure the SSL/TLS certificate to use with it.

 


Prerequisites

  • A working installation of FogBugz On-Premises that is accessible over HTTP
  • A valid SSL certificate (can be a self-signed certificate if your FogBugz domain is the Common Name or Subject Alternate Name)
  • The SSL certificate is imported to the FogBugz IIS server.
If you are migrating data from FBFYS to FogBugz On-Premise / On-Site, please wait until your data migration finishes before configuring HTTPS.

 

Back to top


Solution

Note: Currently we support only IIS 8.5 and IIS 10.0 as per the Windows versions listed in the System Requirements.

Once you have acquired an SSL/TLS certificate to use on your server, configuring SSL/TLS and HTTPS on your FogBugz On-Premises instance requires the following steps:

  1. Enable FogBugz to accept HTTPS requests
  2. Modify the Registry Settings
  3. Redirect HTTP requests to use HTTPS, by using one of the following methods:
  4. As an additional step, you might need also to Configure ElasticSearch to trust the HTTPS connection towards your IIS server.

 

Enabling FogBugz On-Premises to Accept HTTPS Requests

  1. In IIS Manager, create a new HTTPS binding on the FB GEN ALL site. While creating the binding select the SSL/TLS certificate imported as a prerequisite. Your binding configuration should look something like this:
    • localhost on port 80 
    • {your_fogbugz_fqdn} binding on port 443.

      Optionally, you can restrict IP addresses for 80 and 443, or you can bind all hosts on 443 depending on the environment. 

      image-2.png

       

  2. Verify that the binding works by pointing your web browser to the HTTPS version of the site.
  3. In the appropriate FogBugz trial database (the default trial database is trial1), run the following command to update the Prefix of the URL in outgoing emails:
     
    UPDATE Setting
    SET sValue = replace(sValue, 'http://', 'https://')
    WHERE sKey = 'sUrlPrefixEmail';
     
  4. Navigate to your site via HTTPS.
  5. Verify that you can load the filters and get the expected results.

 

Back to top


Modify the Registry Settings

  1. Press the Windows and R keys together.
  2. In the Run dialog box, type regedit and press Enter to open the Registry Editor.
  3. Look up and select the following registry path  HKEY_LOCAL_MACHINE\SOFTWARE\Fog Creek Software\FogBugz\<your_install_path> .
    Replace <your_install_path> in the registry path with the actual installation path.
  4. Check if the registry keys fForceHTTPS and fSSLOverride appear in the right pane of the Registry Editor window.
  5. Double-click fForceHTTPS.
  6. Set the Value data to 1 and click OK.
  7. Double-click fSSLOverride.
  8. Set the Value data to 1 and click OK.
  9. Click File and select Exit from the menu bar.

 

Back to the top


Setup IIS to Redirect all HTTP requests to HTTPS

Read the article about the Differences between URL Redirect and URL Rewrite. Network policies might influence your decision (ex. proxy settings). We list both methods for your convenience.

Either method you use, DO NOT redirect the localhost as the HeartBeat Pinger service uses it.

 

 

URL Redirect

If you prefer URL Rewrite, skip the steps of this method.

  1. Ensure that the HTTP Redirection functionality is enabled by navigating to Server Manager > Manage > Add Roles and Features > Web Server (IIS) > Web Server > Common HTTP Features > HTTP Redirection.
     
    image-1.png
     
  2. Create a new website that redirects {your_fogbugz_fqdn}:80 traffic to {your_fogbugz_fqdn}:443.
    The physical path can be the default wwwroot path (or anywhere else on the disk).
  3. Bind the new website on {your_fogbugz_fqdn}:80.
     
    image-3.png
     
  4. Configure an HTTP Redirect (IIS Manager > {your redirect site} > IIS > HTTP Redirect) to the HTTPS variant of your FogBugz FQDN.
     
    image-4.png
     
  5. Restart the webserver in IIS.

 

 

Back to the top


URL Rewrite

If you already configured URL Redirect, do not configure URL Rewrite.

  1. Download and install the URL Rewrite module of IIS.
  2. Select your FB GEN ALL site, then click on URL Rewrite.

    URLRewrite_URLRewrite.jpg

  3. Click Add Rule(s) in the right side menu, select Blank rule in the Inbound rules, click OK.

    URLRewrite_InboundRule_New.jpg

  4. Enter any name for the rule.
  5. In the Match URL section:
    • Requested URL: Matches the Pattern
    • Using: Regular Expressions
    • Pattern: (.*)
    • Ignore case: checked.

    URLRewrite_MatchURL.jpg

  6. In the Conditions section:
    • Logical grouping: Match All
    • Click Add...
        • Condition input: {HTTPS}
        • Check if input string: Matches the Pattern
        • Pattern: ^OFF$
        • Ignore case: checked.
    • Click OK to add the condition.

    URLRewrite_Conditions.jpg

  7. In the Action section
    • Action type: Redirect
    • Redirect URL: https://{HTTP_HOST}{REQUEST_URI}
    • Append query string: Uncheck
    • Redirect type: Permanent (301)

    URLRewrite_Action.jpg

  8. Click Apply in the upper right corner
  9. Click Back to Rules to see your new rule in the rule list.

    URLRewrite_Apply.jpg

  10. Restart the webserver in IIS.

 

 

Back to the top


Testing

  1. Verify that going to the HTTP version of your site redirects you into the HTTPS version.
  2. Verify that you can load your filters and get the expected results.

 

Back to top


Related Articles