This is a supplement to the official Phabricator Installation Guide, because their guide will leave you with all kinds of permission and config errors and ~15,000 setup issues on startup.
Install bonus packages:
# apt-get install mercurial subversion python-pygments sendmail imagemagick
Create necessary users and add phd-user to sudoers:
# adduser phd --home /home/phd
# adduser phd sudo
# adduser git
And create repo directory if phabricator will be hosting repos:
# mkdir /var/repo
# chown -R phd /var/repo
# chgrp -R phd /var/repo
Install phabricator:
su phd
cd /home/phd
wget https://raw.githubusercontent.com/phacility/phabricator/master/scripts/install/install_ubuntu.sh
bash install_ubuntu.sh
Recommended Phabricator Configurations to set:
cd /home/phd/phabricator
# Generally acceptable settings:
./bin/config set mysql.pass <MYSQL_ROOT_PASSWD>
./bin/config set phabricator.base-uri 'http://phabricator.mydomain.net/'
./bin/config set phd.user phd
./bin/config set environment.append-paths '["/usr/lib/git-core"]'
./bin/config set diffusion.ssh-user git
./bin/config set pygments.enabled true
# for local-disk file storage only:
mkdir /home/phd/phabricator-files
chmod -R 666 /home/phd/phabricator-files
./bin/config set storage.local-disk.path /home/phd/phabricator-files
# Set true if you want to allow public http cloning:
./bin/config set policy.allow-public true
# Set to true if you want to allow http pushes
./bin/config set diffusion.allow-http-auth false
# You most likely want prototype apps, they are very useful:
./bin/config set phabricator.show-prototypes true
# You may want this true, depending on your workflow:
./bin/config set differential.require-test-plan-field false
# recommended silliness-enabling settings:
./bin/config set files.enable-imagemagick true
./bin/config set remarkup.enable-embedded-youtube true
This needs to be appended to /etc/sudoers (NOTE: verify your binary locations):
git ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve
www-data ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/lib/git-core/git-http-backend, /usr/bin/hg
Apache Configuration:
First verify that apache is displaying a default page on port 80, then setup apache configuration file (see examples below) and enable phabricator site:
# cat /etc/apache2/sites-available/phabricator.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName phabricator.mydomain.net
ServerAlias phabricator.mydomain.net
ServerAdmin webmaster@example.com
DocumentRoot /home/phd/phabricator/webroot
RewriteEngine on
RewriteRule ^/rsrc/(.*) - [L,QSA]
RewriteRule ^/favicon.ico - [L,QSA]
RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA]
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
<Directory "/home/phd/phabricator/webroot">
Require all granted
</Directory>
</VirtualHost>
And here is an example of an HTTPS-enabled phabricator conf:
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerName phabricator.mydomain.net
Redirect permanent / https://phabricator.mydomain.net
</VirtualHost>
<VirtualHost *:443>
# Change this to the domain which points to your host.
ServerName phabricator.mydomain.net
SSLEngine on
SSLCertificateKeyFile /etc/ssl/private/phabricator.key
SSLCertificateFile /etc/ssl/certs/phabricator_mydomain.net.crt
SSLCertificateChainFile /etc/ssl/certs/phabricator_mydomain.net.ca-bundle
SSLProtocol All -SSLv2 -SSLv3
# Change this to the path where you put 'phabricator' when you checked it
# out from GitHub when following the Installation Guide.
#
# Make sure you include "/webroot" at the end!
DocumentRoot /home/phd/phabricator/webroot
RewriteEngine on
RewriteRule ^/rsrc/(.*) - [L,QSA]
RewriteRule ^/favicon.ico - [L,QSA]
RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA]
<Directory "/home/phd/phabricator/webroot">
Require all granted
</Directory>
</VirtualHost>
</IfModule>
Make sure mod_php and mod_rewrite are enabled, and mod_ssl if you intend to set up SSL
# a2dissite 000-default
# a2ensite phabricator
# service apache2 restart
Configure mysql and storage:
Add these new lines to /etc/mysql/my.cnf under the [mysqld] heading:
sql_mode=STRICT_ALL_TABLES
ft_boolean_syntax=' |-><()~*:""&^'
ft_stopword_file=/home/phd/phabricator/resources/sql/stopwords.txt
ft_min_word_len=3
This new line should be about 40% of the memory of the box:
innodb_buffer_pool_size=800M
And also adjust max_allowed_packet to 32M (this line will already exist)
max_allowed_packet = 32M
Restart mysql and run phabricator storage upgrade:
service mysql restart
./bin/storage upgrade
Configure php:
Adjust the following fields in /etc/php5/apache2/php.ini
post_max_size = 8M
date.timezone = Etc/UTC
opcache.validate_timestamps=0
Then restart apache
service apache2 restart
Restart phd daemons:
./bin/phd restart
Enable ssh clone & push
Change default ssh port to something other than port 22 (I like to use 2222)
# edit Port setting here
vim /etc/ssh/sshd_config
# restart sshd service
service sshd restart
Make executable ssh hook for phabricator ssh daemon
# copy ssh hook to executable location
cp /home/phd/phabricator/resources/sshd/phabricator-ssh-hook.sh /usr/lib/phabricator-ssh-hook.sh
chown root /usr/lib/phabricator-ssh-hook.sh
chmod 755 /usr/lib/phabricator-ssh-hook.sh
# Modify hook to match your system (hint: vcs-user == git)
vim /usr/lib/phabricator-ssh-hook.sh
Create phabricator ssh daemon on port 22
# Copy the examply sshd config
cp /home/phd/phabricator/resources/sshd/sshd_config.phabricator.example /etc/ssh/sshd_config.phabricator.conf
# Edit AuthorizedKeysCommand, AuthorizedKeysCommandUser, and AllowUsers
vim /etc/ssh/sshd_config.phabricator
# Start the phabricator sshd
/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator
Now you should be able to run this command:
echo [] | ssh git@phabricator.mydomain.net conduit conduit.ping
And get output like this:
{"result":"orbital","error_code":null,"error_info":null}
Refer to the phabricator configuration guide for next steps:
At this point, you should be able to host and clone repositories via HTTP & SSH. Refer to the Diffusion Hosting Configuration Guide for trouble-shooting.