Bug 1442520 - move inbound_proxies to localconfig

4 files changed, 14 insertions, 25 deletions

diff --git a/Bugzilla/Config/Advanced.pm b/Bugzilla/Config/Advanced.pm
index e2c00f910..2eec11dbe 100644
--- a/Bugzilla/Config/Advanced.pm
+++ b/Bugzilla/Config/Advanced.pm
@@ -18,13 +18,6 @@ our $sortkey = 1700;
 
 use constant get_param_list => (
     {
-        name    => 'inbound_proxies',
-        type    => 't',
-        default => '',
-        checker => \&check_inbound_proxies
-    },
-
-    {
         name    => 'proxy_url',
         type    => 't',
         default => ''
@@ -82,15 +75,4 @@ use constant get_param_list => (
     },
 );
 
-sub check_inbound_proxies {
-    my $inbound_proxies = shift;
-
-    return "" if $inbound_proxies eq "*";
-    my @proxies = split( /[\s,]+/, $inbound_proxies );
-    foreach my $proxy (@proxies) {
-        validate_ip($proxy) || return "$proxy is not a valid IPv4 or IPv6 address";
-    }
-    return "";
-}
-
 1;
diff --git a/Bugzilla/DaemonControl.pm b/Bugzilla/DaemonControl.pm
index 97ecb84e0..1de8350c1 100644
--- a/Bugzilla/DaemonControl.pm
+++ b/Bugzilla/DaemonControl.pm
@@ -10,6 +10,7 @@ use 5.10.1;
 use strict;
 use warnings;
 
+use Bugzilla::Logging;
 use Bugzilla::Constants qw(bz_locations);
 use Cwd qw(realpath);
 use English qw(-no_match_vars $PROGRAM_NAME);
@@ -131,16 +132,19 @@ sub run_httpd {
 sub run_cereal_and_httpd {
     my @httpd_args = @_;
 
-    my $lc = Bugzilla::Install::Localconfig::read_localconfig();
-    if ( ($lc->{inbound_proxies} // '') eq '*' && $lc->{urlbase} =~ /^https/) {
-        push @httpd_args, '-DHTTPS';
-    }
     push @httpd_args, '-DNETCAT_LOGS';
     my $signal_f      = catch_signal("TERM", 0);
     my $cereal_exit_f = run_cereal();
 
     return assert_cereal()->then(
         sub {
+            my $lc = Bugzilla::Install::Localconfig::read_localconfig();
+            if ( ($lc->{inbound_proxies} // '') eq '*' && $lc->{urlbase} =~ /^https/) {
+                push @httpd_args, '-DHTTPS';
+            }
+            elsif (not $lc->{urlbase} =~ /^https/) {
+                WARN("HTTPS urlbase but inbound_proxies is not '*'");
+            }
             my $httpd_exit_f  = run_httpd(@httpd_args);
 
             return Future->wait_any($cereal_exit_f, $httpd_exit_f, $signal_f);
diff --git a/Bugzilla/Install/Localconfig.pm b/Bugzilla/Install/Localconfig.pm
index 646dbc1a7..ba8e8dc57 100644
--- a/Bugzilla/Install/Localconfig.pm
+++ b/Bugzilla/Install/Localconfig.pm
@@ -43,7 +43,7 @@ our @EXPORT_OK = qw(
 
 # might want to change this for upstream
 use constant ENV_PREFIX     => 'BMO_';
-use constant PARAM_OVERRIDE => qw( inbound_proxies shadowdb shadowdbhost shadowdbport shadowdbsock );
+use constant PARAM_OVERRIDE => qw( shadowdb shadowdbhost shadowdbport shadowdbsock );
 
 sub _sensible_group {
     return '' if ON_WINDOWS;
@@ -135,7 +135,6 @@ use constant LOCALCONFIG_VARS => (
     {
         name    => 'param_override',
         default => {
-            inbound_proxies     => undef,
             memcached_servers   => undef,
             memcached_namespace => undef,
             shadowdb            => undef,
@@ -172,6 +171,10 @@ use constant LOCALCONFIG_VARS => (
         name    => 'ses_password',
         default => '',
     },
+    {
+        name => 'inbound_proxies',
+        default => _migrate_param( 'inbound_proxies', '' ),
+    },
 );
 
 
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index c23e738e6..91f06e650 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -270,7 +270,7 @@ sub do_ssl_redirect_if_required {
 # Returns the real remote address of the client,
 sub remote_ip {
     my $remote_ip       = $ENV{'REMOTE_ADDR'} || '127.0.0.1';
-    my @proxies         = split(/[\s,]+/, Bugzilla->get_param_with_override('inbound_proxies'));
+    my @proxies         = split(/[\s,]+/, Bugzilla->localconfig->{inbound_proxies});
     my @x_forwarded_for = split(/[\s,]+/, $ENV{HTTP_X_FORWARDED_FOR} // '');
 
     return $remote_ip unless @x_forwarded_for;