Using FogBugz On Demand? We've recently rolled out a new sidebar as part of taking FogBugz forward. Please see this article for details on what's new, what's changed, and where you can find all your favorite things.

FogBugz On Site has extensive configuration options which allow it to be deployed in many different network configurations. This article describes the network configuration options available in On Site 8.16.625+ as well as some common configuration scenarios. If you are running on an older version or have a configuration other than those described, please contact us for more help.

Registry Values

FogBugz On Site configuration is controlled by values in the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Fog Creek Software\FogBugz\<install directory>. The following are related to how FogBugz behaves relative to your network:

sTrustedForwardedByHeader

This value determines how FogBugz determines the IP Address of the requests it serves. If it is unset or empty (the default), FogBugz will use the REMOTE_ADDR header. If it is set to any other {value}, FogBugz will use the X-FORWARDED-FOR header only if X-FORWARDED-BY is {value}.

srgTrustedNetworks

This value determines what IP Addresses are able to reach certain administrative or debugging endpoints in FogBugz. If it is unset (the default), only traffic originating from the FogBugz web server is able to reach these endpoints. To allow certain addresses access to these endpoints, use a comma separated list of IPv4 and IPv6 addresses. If an address ends with a subnet, the address represents all of the addresses in that range. For example, the value "192.168.37.53,192.168.37.54,2001:db8:85a3::8a2e:370:7334,10.1.101.0/24" allows access to computers at the following ip addresses:

  • 192.168.37.53
  • 192.168.37.54
  • 2001:db8:85a3::8a2e:370:7334
  • 10.1.101.1 to 10.1.101.254

If you configure srgTrustedNetworks, we recommend also configuring a value for sTrustedOriginHeader.

sTrustedOriginHeader

This value determines what requests are allowed to “advanced” administrative or debugging endpoints. If it is unset (the default), all requests originating from all TrustedNetworks are allowed. If set to any {value}, only local requests or requests with {value} as a header are allowed. Here is an example of a non-local request to modify the full text index when sTrustedOriginHeader is set to X-Request-Is-From-A-Power-User:

curl -H "X-Request-Is-From-A-Power-User:True" "http://fogbugz.example.com/f/tasks/indexer/heal?start=2016-12-23T05:30:10Z&end=2016-12-25T07:30:10Z"

Common Scenarios

Reverse Proxy

To ensure that requests passing through a reverse proxy are properly handled, set sTrustedForwardedByHeader to some value and configure your reverse proxy to set X-FORWARDED-BY to the same value.

Non-Local Debugging

To allow users to access debugging endpoints and view stack traces and the miniprofiler, configure srgTrustedNetworks to the IP Addresses you’d like to permit. Make sure to also set sTrustedOriginHeader so that potentially destructive endpoints are prevented from accidental use.