Phabricator Ubuntu Installation Guide

by digipine posted Jan 26, 2022
?

Shortcut

PrevPrev Article

NextNext Article

ESCClose

Larger Font Smaller Font Up Down Go comment Print

This is a supplement to the official Phabricator Installation Guide, because their guide will leave you with all kinds of permission and config errors and ~15,000 setup issues on startup.

 

Install bonus packages:

# apt-get install mercurial subversion python-pygments sendmail imagemagick

Create necessary users and add phd-user to sudoers:

# adduser phd --home /home/phd

# adduser phd sudo

# adduser git

And create repo directory if phabricator will be hosting repos:

 

# mkdir /var/repo

# chown -R phd /var/repo

# chgrp -R phd /var/repo

Install phabricator:

su phd

cd /home/phd

wget https://raw.githubusercontent.com/phacility/phabricator/master/scripts/install/install_ubuntu.sh

bash install_ubuntu.sh

Recommended Phabricator Configurations to set:

cd /home/phd/phabricator

 

# Generally acceptable settings:

./bin/config set mysql.pass <MYSQL_ROOT_PASSWD>

./bin/config set phabricator.base-uri 'http://phabricator.mydomain.net/'

./bin/config set phd.user phd

./bin/config set environment.append-paths '["/usr/lib/git-core"]'

./bin/config set diffusion.ssh-user git

./bin/config set pygments.enabled true

 

# for local-disk file storage only:

mkdir /home/phd/phabricator-files

chmod -R 666 /home/phd/phabricator-files

./bin/config set storage.local-disk.path /home/phd/phabricator-files

 

# Set true if you want to allow public http cloning:

./bin/config set policy.allow-public true

# Set to true if you want to allow http pushes

./bin/config set diffusion.allow-http-auth false

# You most likely want prototype apps, they are very useful:

./bin/config set phabricator.show-prototypes true

# You may want this true, depending on your workflow:

./bin/config set differential.require-test-plan-field false

 

# recommended silliness-enabling settings:

./bin/config set files.enable-imagemagick true

./bin/config set remarkup.enable-embedded-youtube true

This needs to be appended to /etc/sudoers (NOTE: verify your binary locations):

git ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve

www-data ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/lib/git-core/git-http-backend, /usr/bin/hg

Apache Configuration:

First verify that apache is displaying a default page on port 80, then setup apache configuration file (see examples below) and enable phabricator site:

 

# cat /etc/apache2/sites-available/phabricator.conf

<VirtualHost *:80>

        # The ServerName directive sets the request scheme, hostname and port that

        # the server uses to identify itself. This is used when creating

        # redirection URLs. In the context of virtual hosts, the ServerName

        # specifies what hostname must appear in the request's Host: header to

        # match this virtual host. For the default virtual host (this file) this

        # value is not decisive as it is used as a last resort host regardless.

        # However, you must set it for any further virtual host explicitly.

        ServerName phabricator.mydomain.net

        ServerAlias phabricator.mydomain.net

        ServerAdmin webmaster@example.com

 

        DocumentRoot /home/phd/phabricator/webroot

 

        RewriteEngine on

        RewriteRule ^/rsrc/(.*)     -                       [L,QSA]

        RewriteRule ^/favicon.ico   -                       [L,QSA]

        RewriteRule ^(.*)$          /index.php?__path__=$1  [B,L,QSA]

 

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,

        # error, crit, alert, emerg.

        # It is also possible to configure the loglevel for particular

        # modules, e.g.

        #LogLevel info ssl:warn

 

        ErrorLog ${APACHE_LOG_DIR}/error.log

        CustomLog ${APACHE_LOG_DIR}/access.log combined

 

        # For most configuration files from conf-available/, which are

        # enabled or disabled at a global level, it is possible to

        # include a line for only one particular virtual host. For example the

        # following line enables the CGI configuration for this host only

        # after it has been globally disabled with "a2disconf".

        #Include conf-available/serve-cgi-bin.conf

        <Directory "/home/phd/phabricator/webroot">

                Require all granted

        </Directory>

</VirtualHost>

And here is an example of an HTTPS-enabled phabricator conf:

 

<IfModule mod_ssl.c>

        <VirtualHost *:80>

                ServerName phabricator.mydomain.net

                Redirect permanent / https://phabricator.mydomain.net

        </VirtualHost>

        <VirtualHost *:443>

 

                # Change this to the domain which points to your host.

                ServerName phabricator.mydomain.net

                SSLEngine on

                SSLCertificateKeyFile /etc/ssl/private/phabricator.key

                SSLCertificateFile /etc/ssl/certs/phabricator_mydomain.net.crt

                SSLCertificateChainFile /etc/ssl/certs/phabricator_mydomain.net.ca-bundle

                SSLProtocol All -SSLv2 -SSLv3

 

                # Change this to the path where you put 'phabricator' when you checked it

                # out from GitHub when following the Installation Guide.

                #

                # Make sure you include "/webroot" at the end!

                DocumentRoot /home/phd/phabricator/webroot

 

                RewriteEngine on

                RewriteRule ^/rsrc/(.*)     -                       [L,QSA]

                RewriteRule ^/favicon.ico   -                       [L,QSA]

                RewriteRule ^(.*)$          /index.php?__path__=$1  [B,L,QSA]

                <Directory "/home/phd/phabricator/webroot">

                        Require all granted

                </Directory>

        </VirtualHost>

</IfModule>

Make sure mod_php and mod_rewrite are enabled, and mod_ssl if you intend to set up SSL

 

# a2dissite 000-default

# a2ensite phabricator

# service apache2 restart

Configure mysql and storage:

Add these new lines to /etc/mysql/my.cnf under the [mysqld] heading:

 

sql_mode=STRICT_ALL_TABLES

ft_boolean_syntax=' |-><()~*:""&^'

ft_stopword_file=/home/phd/phabricator/resources/sql/stopwords.txt

ft_min_word_len=3

This new line should be about 40% of the memory of the box:

 

innodb_buffer_pool_size=800M

And also adjust max_allowed_packet to 32M (this line will already exist)

 

max_allowed_packet      = 32M

Restart mysql and run phabricator storage upgrade:

 

service mysql restart

./bin/storage upgrade

Configure php:

Adjust the following fields in /etc/php5/apache2/php.ini

 

post_max_size = 8M

date.timezone = Etc/UTC

opcache.validate_timestamps=0

Then restart apache

 

service apache2 restart

Restart phd daemons:

./bin/phd restart

Enable ssh clone & push

Change default ssh port to something other than port 22 (I like to use 2222)

 

# edit Port setting here

vim /etc/ssh/sshd_config

# restart sshd service

service sshd restart

Make executable ssh hook for phabricator ssh daemon

 

# copy ssh hook to executable location

cp /home/phd/phabricator/resources/sshd/phabricator-ssh-hook.sh /usr/lib/phabricator-ssh-hook.sh

chown root /usr/lib/phabricator-ssh-hook.sh

chmod 755 /usr/lib/phabricator-ssh-hook.sh

# Modify hook to match your system (hint: vcs-user == git)

vim /usr/lib/phabricator-ssh-hook.sh

Create phabricator ssh daemon on port 22

 

# Copy the examply sshd config

cp /home/phd/phabricator/resources/sshd/sshd_config.phabricator.example /etc/ssh/sshd_config.phabricator.conf

# Edit AuthorizedKeysCommand, AuthorizedKeysCommandUser, and AllowUsers

vim /etc/ssh/sshd_config.phabricator

# Start the phabricator sshd

/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator

Now you should be able to run this command:

 

echo [] | ssh git@phabricator.mydomain.net conduit conduit.ping

And get output like this:

 

{"result":"orbital","error_code":null,"error_info":null}

Refer to the phabricator configuration guide for next steps:

At this point, you should be able to host and clone repositories via HTTP & SSH. Refer to the Diffusion Hosting Configuration Guide for trouble-shooting.

TAG •