Skip to content

Instantly share code, notes, and snippets.

@sparrc
Last active March 25, 2024 05:59
Show Gist options
  • Save sparrc/b4eff48a3e7af8411fc1 to your computer and use it in GitHub Desktop.
Save sparrc/b4eff48a3e7af8411fc1 to your computer and use it in GitHub Desktop.
Phabricator Ubuntu Installation Guide

Phabricator Ubuntu Installation Guide

This is a supplement to the official Phabricator Installation Guide, because their guide will leave you with all kinds of permission and config errors and ~15,000 setup issues on startup.

Install bonus packages:

# apt-get install mercurial subversion python-pygments sendmail imagemagick

Create necessary users and add phd-user to sudoers:

# adduser phd --home /home/phd
# adduser phd sudo
# adduser git

And create repo directory if phabricator will be hosting repos:

# mkdir /var/repo
# chown -R phd /var/repo
# chgrp -R phd /var/repo

Install phabricator:

su phd
cd /home/phd
wget https://raw.githubusercontent.com/phacility/phabricator/master/scripts/install/install_ubuntu.sh
bash install_ubuntu.sh

Recommended Phabricator Configurations to set:

cd /home/phd/phabricator

# Generally acceptable settings:
./bin/config set mysql.pass <MYSQL_ROOT_PASSWD>
./bin/config set phabricator.base-uri 'http://phabricator.mydomain.net/'
./bin/config set phd.user phd
./bin/config set environment.append-paths '["/usr/lib/git-core"]'
./bin/config set diffusion.ssh-user git
./bin/config set pygments.enabled true

# for local-disk file storage only:
mkdir /home/phd/phabricator-files
chmod -R 666 /home/phd/phabricator-files
./bin/config set storage.local-disk.path /home/phd/phabricator-files

# Set true if you want to allow public http cloning:
./bin/config set policy.allow-public true
# Set to true if you want to allow http pushes
./bin/config set diffusion.allow-http-auth false
# You most likely want prototype apps, they are very useful:
./bin/config set phabricator.show-prototypes true
# You may want this true, depending on your workflow:
./bin/config set differential.require-test-plan-field false

# recommended silliness-enabling settings:
./bin/config set files.enable-imagemagick true
./bin/config set remarkup.enable-embedded-youtube true

This needs to be appended to /etc/sudoers (NOTE: verify your binary locations):

git ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve
www-data ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/lib/git-core/git-http-backend, /usr/bin/hg

Apache Configuration:

First verify that apache is displaying a default page on port 80, then setup apache configuration file (see examples below) and enable phabricator site:

# cat /etc/apache2/sites-available/phabricator.conf
<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName phabricator.mydomain.net
        ServerAlias phabricator.mydomain.net
        ServerAdmin [email protected]

        DocumentRoot /home/phd/phabricator/webroot

        RewriteEngine on
        RewriteRule ^/rsrc/(.*)     -                       [L,QSA]
        RewriteRule ^/favicon.ico   -                       [L,QSA]
        RewriteRule ^(.*)$          /index.php?__path__=$1  [B,L,QSA]

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
        <Directory "/home/phd/phabricator/webroot">
                Require all granted
        </Directory>
</VirtualHost>

And here is an example of an HTTPS-enabled phabricator conf:

<IfModule mod_ssl.c>
        <VirtualHost *:80>
                ServerName phabricator.mydomain.net
                Redirect permanent / https://phabricator.mydomain.net
        </VirtualHost>
        <VirtualHost *:443>

                # Change this to the domain which points to your host.
                ServerName phabricator.mydomain.net
                SSLEngine on
                SSLCertificateKeyFile /etc/ssl/private/phabricator.key
                SSLCertificateFile /etc/ssl/certs/phabricator_mydomain.net.crt
                SSLCertificateChainFile /etc/ssl/certs/phabricator_mydomain.net.ca-bundle
                SSLProtocol All -SSLv2 -SSLv3

                # Change this to the path where you put 'phabricator' when you checked it
                # out from GitHub when following the Installation Guide.
                #
                # Make sure you include "/webroot" at the end!
                DocumentRoot /home/phd/phabricator/webroot

                RewriteEngine on
                RewriteRule ^/rsrc/(.*)     -                       [L,QSA]
                RewriteRule ^/favicon.ico   -                       [L,QSA]
                RewriteRule ^(.*)$          /index.php?__path__=$1  [B,L,QSA]
                <Directory "/home/phd/phabricator/webroot">
                        Require all granted
                </Directory>
        </VirtualHost>
</IfModule>

Make sure mod_php and mod_rewrite are enabled, and mod_ssl if you intend to set up SSL

# a2dissite 000-default
# a2ensite phabricator
# service apache2 restart

Configure mysql and storage:

Add these new lines to /etc/mysql/my.cnf under the [mysqld] heading:

sql_mode=STRICT_ALL_TABLES
ft_boolean_syntax=' |-><()~*:""&^'
ft_stopword_file=/home/phd/phabricator/resources/sql/stopwords.txt
ft_min_word_len=3

This new line should be about 40% of the memory of the box:

innodb_buffer_pool_size=800M

And also adjust max_allowed_packet to 32M (this line will already exist)

max_allowed_packet      = 32M

Restart mysql and run phabricator storage upgrade:

service mysql restart
./bin/storage upgrade

Configure php:

Adjust the following fields in /etc/php5/apache2/php.ini

post_max_size = 8M
date.timezone = Etc/UTC
opcache.validate_timestamps=0

Then restart apache

service apache2 restart

Restart phd daemons:

./bin/phd restart

Enable ssh clone & push

Change default ssh port to something other than port 22 (I like to use 2222)

# edit Port setting here
vim /etc/ssh/sshd_config
# restart sshd service
service sshd restart

Make executable ssh hook for phabricator ssh daemon

# copy ssh hook to executable location
cp /home/phd/phabricator/resources/sshd/phabricator-ssh-hook.sh /usr/lib/phabricator-ssh-hook.sh
chown root /usr/lib/phabricator-ssh-hook.sh
chmod 755 /usr/lib/phabricator-ssh-hook.sh
# Modify hook to match your system (hint: vcs-user == git)
vim /usr/lib/phabricator-ssh-hook.sh

Create phabricator ssh daemon on port 22

# Copy the examply sshd config
cp /home/phd/phabricator/resources/sshd/sshd_config.phabricator.example /etc/ssh/sshd_config.phabricator.conf
# Edit AuthorizedKeysCommand, AuthorizedKeysCommandUser, and AllowUsers
vim /etc/ssh/sshd_config.phabricator
# Start the phabricator sshd
/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator

Now you should be able to run this command:

echo [] | ssh [email protected] conduit conduit.ping

And get output like this:

{"result":"orbital","error_code":null,"error_info":null}

Refer to the phabricator configuration guide for next steps:

At this point, you should be able to host and clone repositories via HTTP & SSH. Refer to the Diffusion Hosting Configuration Guide for trouble-shooting.

Also see the official Phabricator Configuration Guide for additional advanced configuration steps.

@johannesberdin
Copy link

Thanks @sparrc for the install instructions. We moved them into a Vagrant environment: Check it out, https://github.com/apptimists/phabricator-vagrant

@spradnyesh
Copy link

spradnyesh commented Aug 11, 2016

@sparrc, thanks for the supplement; it really avoids a lot of issues

however, i'm facing multiple issues w/ ssh access to git repo, and would be grateful if you could kindly help me out

  • generally, it's ssh <hostname> <cmd> <cmd-args>, and above we do ssh <hostname> conduit conduit.ping, but i don't see conduit being installed in any step. in fact on my ubuntu box conduit gives a command not found error
  • secondly, we changed our ssh port to 2222, so shouldn't it be echo {} | ssh -p 2222 [email protected] conduit conduit.ping? if i omit the -p 2222, then i am asked for the passwd of "git" user, not if i don't omit -p 2222
  • also, even after following both the phabricator/diffusion_hosting and your supplement, i'm getting the following error
echo {} | ssh -p 2222 [email protected] conduit conduit.ping
Permission denied (publickey,keyboard-interactive).

ssh -T -p 2222 [email protected]
Permission denied (publickey,keyboard-interactive).
  • furthermore, i have added public-key on the site for my user, but when doing ssh we use the "git" user. how does this tie up?

i've been breaking my head for the last few hours over this, and would really appreciate any help

thanks a ton in advance :)

@Deliganli
Copy link

Deliganli commented Sep 10, 2016

@sparrc, thank you for this gem, it solves many configuration warning and makes a clean installation

however still i am facing the same issue when i tried to install million times from phabricator's guide. Whenever i try to interact with git or simply ssh connection i am having the nasty

Permission denied (publickey)

error. I do have a public key added and private is added to my ssh agent. I have configured hook and ssh daemon according to your post and phabricator guide.

I am trying to install this on a ec2 instance of amazon with ubuntu setup

Thanks a lot

@anriKogan
Copy link

@Deliganli
add user "git" as below:

adduser --quiet --no-create-home --disabled-password --gecos "" git

it will be solve the problem.

@ssnd292
Copy link

ssnd292 commented Nov 11, 2016

@spradnyesh - Were you ever able to fix this? I have the exact same problem.....

@Deliganli
Copy link

@anriKogan
Hi mate,

i have performed a clean install and added user as you specified but still no luck. Same old error message

Permission denied (publickey).

I am in lack of logs, i couldn't find any log to understand what is going wrong here.

@simone-pizzolato
Copy link

Hi mate,
after installation I need extra conf:
always_populate_raw_post_data = -1
post_max_size = 32M

chmod 777 /home/phd/phabricator-files (maybe phabricator needs a particular user access?)

Thanks for this superbe guide

@miwi-fbsd
Copy link

miwi-fbsd commented Mar 22, 2017

@ssnd292 @spradnyesh did any of you got fixed that problem?

@swapnilpatil1682
Copy link

@miwi-fbsd Hello , Have you been able to setup this properly ? I am still facing issues.

@theriverman
Copy link

Hi,

Few comments on this gist as it's not compliant to the latest distributions and changes
[My experiences are based on Ubuntu 17.04 server]

  • Install php5.6 from the ondrej-ubuntu-php repository. Use Google for instructions!
  • Remove any other php versions, because they collide for some reason when using Apache2.
    Issue php --version and see your results. If its not PHP 5.6.xx, then you still have some kind of php installed.
    Try: ( apt-get remove php7-* ) together with purge and check your /etc/php* folder for junks.
  • The config file of mysql has been moved. Edit /etc/mysql/mysql.conf.d/mysqld.cnf, otherwise MySQL will fail to restart during one of these steps.
  • Before configuring Git, you need to add your ssh public key to Phabricator. So log in to your instance, go to Avatar --> Settings --> SSH Public Keys and add your SSH key (cat ~/.ssh/id_rsa.pub). If you don't have one, hit ssh-keygen and generate one.

Good luck!

@marcelloinfoweb
Copy link

Would you take the step by step to CentOS 6?

@bekicot
Copy link

bekicot commented Dec 26, 2017

change wget http://www.phabricator.com/rsrc/install/install_ubuntu.sh to wget https://raw.githubusercontent.com/phacility/phabricator/master/scripts/install/install_ubuntu.sh

@pdacity
Copy link

pdacity commented Jul 17, 2018

Please fix:

echo {} | ssh [email protected] conduit conduit.ping

must be:

echo [] | ssh [email protected] conduit conduit.ping

@fractalspace
Copy link

service restart mysql (and not service mysql restart)

@vintprox
Copy link

vintprox commented May 1, 2020

Probably should be obvious after all this adventure that local disk storage directory requires also write permissions, so instead of

chmod -R 755 /home/phd/phabricator-files

type

chmod -R 666 /home/phd/phabricator-files

Thank you very much for such detailed manual! I would never have thought about adding anything in sudoers, which I could probably figure out very roughly without it.

@ljstek
Copy link

ljstek commented Oct 17, 2020

Thanks for this guide, very useful.

One small comment about the sshd config file, by default (Ubuntu 20.04 LTS) sshd loads the *.conf files from /etc/ssh/sshd_conf.d/ on service start, so I would suggest changing the file target for cp from

cp /home/phd/phabricator/resources/sshd/sshd_config.phabricator.example /etc/ssh/sshd_config.phabricator

to

cp /home/phd/phabricator/resources/sshd/sshd_config.phabricator.example /etc/ssh/sshd_config.d/phabricator.conf

or something similar, and adjust the then following commands from your guide accordingly to the new location.

@sparrc
Copy link
Author

sparrc commented Oct 26, 2020

I've skimmed over the recommendations here and made some edits, glad this guide is helping people, please keep the suggestions coming!

@ionics
Copy link

ionics commented Feb 13, 2021

Like @ljstek mentioned: putting ssh config into /etc/sshd_config.d/phabricator.conf seems best practice.

Right now please fix:

# Copy the examply sshd config
cp /home/phd/phabricator/resources/sshd/sshd_config.phabricator.example /etc/ssh/sshd_config.phabricator.conf
# Edit AuthorizedKeysCommand, AuthorizedKeysCommandUser, and AllowUsers
- vim /etc/ssh/sshd_config.phabricator
+ vim /etc/ssh/sshd_config.phabricator.conf
# Start the phabricator sshd
- /usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator
+ /usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator.conf

Issue: in /etc/ssh @sparrc created file with filename-extension .conf but in the gist .conf is missing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment