Configure FogBugz On-Premises to Use HTTPS


Follow

Overview

Due to security considerations, you might want to configure your FogBugz On-Premise instance to use HTTPS and SSL/TLS.

This article provides you the steps to enable HTTPS on your FogBugz On-Premise and configure the SSL/TLS certificate to use with it.

 


Prerequisites

  • A working installation of FogBugz On-Premises that is accessible over HTTP
  • A valid SSL certificate (can be a self-signed certificate if your FogBugz domain is the Common Name or Subject Alternate Name)
  • The SSL certificate is imported to the FogBugz IIS server.
If you are migrating data from FBFYS to FogBugz On-Premise / On-Site, please wait until your data migration finishes before configuring HTTPS.

 

Back to top


Solution

Once you have acquired an SSL/TLS certificate to use on your server, configuring SSL/TLS and HTTPS on you FogBugz On-Premises (On-Site) instance requires the following steps:

  1. Enable FogBugz to accept HTTPS requests
  2. Redirect HTTP requests to use HTTPS
  3. As an additional step, you might need also to Configure ElasticSearch to use HTTPS.

 

Enabling FogBugz On-Premises to Accept HTTPS Requests

  1. In IIS Manager, create a new HTTPS binding on the FB GEN ALL site. While creating the binding select the SSL/TLS certificate imported as a prerequisite.
  2. Verify that the binding works by pointing your web browser to the HTTPS version of the site.
  3. In the appropriate FogBugz trial database (the default trial database is trial1), run the following command to update the Prefix of the URL in outgoing emails:
     
    UPDATE Setting
    SET sValue = replace(sValue, 'http://', 'https://')
    WHERE sKey = 'sUrlPrefixEmail';
     
  4. Navigate to your site via HTTPS.
  5. Verify that you can load the filters and get the expected results.

 

Back to top


Redirecting HTTP Requests to Use HTTPS

Once you complete the steps in the section above to allow HTTPS connections to your site, follow the procedure below to redirect HTTP requests to use HTTPS.

Modify the registry Settings

  1. Press the Windows and R keys together.
  2. In the Run dialog box, type regedit and press Enter to open the Registry Editor.
  3. Look up and select the following registry path  HKEY_LOCAL_MACHINE\SOFTWARE\Fog Creek Software\FogBugz\<your_install_path> .
    Replace <your_install_path> in the registry path with the actual installation path.
  4. Check if the registry keys fForceHTTPS and fSSLOverride appear in the right pane of the Registry Editor window.
  5. Double-click fForceHTTPS.
  6. Set the Value data to 1 and click OK.
  7. Double-click fSSLOverride.
  8. Set the Value data to 1 and click OK.
  9. Click File and select Exit from the menu bar.

 

Setup IIS to Redirect all HTTP requests to HTTPS (port 80 to 443)

Please do not redirect the localhost as the HeartBeat service uses it.
  1. Ensure that the HTTP Redirection functionality is enabled by navigating to Server Manager > Manage > Add Roles and Features > Web Server (IIS) > Web Server > Common HTTP Features > HTTP Redirection.
     
    image-1.png
     
  2. Configure the FB GEN ALL website to bind the localhost on port 80 and {your_fogbugz_fqdn} on port 443
    Optionally, you can restrict IP addresses for 80 and 443, or you can bind all hosts on 443 depending on the environment.
     
     image-2.png
       
  3. Create a new website which redirects {your_fogbugz_fqdn}:80 traffic to {your_fogbugz_fqdn}:443.
    The physical path can be the default wwwroot path (or anywhere else on the disk).
  4. Bind the new website on {your_fogbugz_fqdn}:80.
     
    image-3.png
     
  5. Configure an HTTP Redirect (IIS Manager > {your redirect site} > IIS > HTTP Redirect) to the HTTPS variant of your FogBugz FQDN.
     
    image-4.png
     
  6. Restart the webserver in IIS.

Back to the top


Testing

  1. Verify that going to the HTTP version of your site redirects you into the HTTPS version.
  2. Verify that you can load your filters and get the expected results.

 

Back to top


Related Articles