This is a supplement to the official Phabricator Installation Guide, because their guide will leave you with all kinds of permission and config errors and ~15,000 setup issues on startup.
# apt-get install mercurial subversion python-pygments sendmail imagemagick
# adduser phd --home /home/phd
# adduser phd sudo
# adduser git
And create repo directory if phabricator will be hosting repos:
# mkdir /var/repo
# chown -R phd /var/repo
# chgrp -R phd /var/repo
su phd
cd /home/phd
wget https://raw.githubusercontent.com/phacility/phabricator/master/scripts/install/install_ubuntu.sh
bash install_ubuntu.sh
cd /home/phd/phabricator
# Generally acceptable settings:
./bin/config set mysql.pass <MYSQL_ROOT_PASSWD>
./bin/config set phabricator.base-uri 'http://phabricator.mydomain.net/'
./bin/config set phd.user phd
./bin/config set environment.append-paths '["/usr/lib/git-core"]'
./bin/config set diffusion.ssh-user git
./bin/config set pygments.enabled true
# for local-disk file storage only:
mkdir /home/phd/phabricator-files
chmod -R 666 /home/phd/phabricator-files
./bin/config set storage.local-disk.path /home/phd/phabricator-files
# Set true if you want to allow public http cloning:
./bin/config set policy.allow-public true
# Set to true if you want to allow http pushes
./bin/config set diffusion.allow-http-auth false
# You most likely want prototype apps, they are very useful:
./bin/config set phabricator.show-prototypes true
# You may want this true, depending on your workflow:
./bin/config set differential.require-test-plan-field false
# recommended silliness-enabling settings:
./bin/config set files.enable-imagemagick true
./bin/config set remarkup.enable-embedded-youtube true
git ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve
www-data ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/lib/git-core/git-http-backend, /usr/bin/hg
First verify that apache is displaying a default page on port 80, then setup apache configuration file (see examples below) and enable phabricator site:
# cat /etc/apache2/sites-available/phabricator.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName phabricator.mydomain.net
ServerAlias phabricator.mydomain.net
ServerAdmin [email protected]
DocumentRoot /home/phd/phabricator/webroot
RewriteEngine on
RewriteRule ^/rsrc/(.*) - [L,QSA]
RewriteRule ^/favicon.ico - [L,QSA]
RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA]
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
<Directory "/home/phd/phabricator/webroot">
Require all granted
</Directory>
</VirtualHost>
And here is an example of an HTTPS-enabled phabricator conf:
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerName phabricator.mydomain.net
Redirect permanent / https://phabricator.mydomain.net
</VirtualHost>
<VirtualHost *:443>
# Change this to the domain which points to your host.
ServerName phabricator.mydomain.net
SSLEngine on
SSLCertificateKeyFile /etc/ssl/private/phabricator.key
SSLCertificateFile /etc/ssl/certs/phabricator_mydomain.net.crt
SSLCertificateChainFile /etc/ssl/certs/phabricator_mydomain.net.ca-bundle
SSLProtocol All -SSLv2 -SSLv3
# Change this to the path where you put 'phabricator' when you checked it
# out from GitHub when following the Installation Guide.
#
# Make sure you include "/webroot" at the end!
DocumentRoot /home/phd/phabricator/webroot
RewriteEngine on
RewriteRule ^/rsrc/(.*) - [L,QSA]
RewriteRule ^/favicon.ico - [L,QSA]
RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA]
<Directory "/home/phd/phabricator/webroot">
Require all granted
</Directory>
</VirtualHost>
</IfModule>
Make sure mod_php
and mod_rewrite
are enabled, and mod_ssl
if you intend to set up SSL
# a2dissite 000-default
# a2ensite phabricator
# service apache2 restart
Add these new lines to /etc/mysql/my.cnf under the [mysqld] heading:
sql_mode=STRICT_ALL_TABLES
ft_boolean_syntax=' |-><()~*:""&^'
ft_stopword_file=/home/phd/phabricator/resources/sql/stopwords.txt
ft_min_word_len=3
This new line should be about 40% of the memory of the box:
innodb_buffer_pool_size=800M
And also adjust max_allowed_packet to 32M (this line will already exist)
max_allowed_packet = 32M
Restart mysql and run phabricator storage upgrade:
service mysql restart
./bin/storage upgrade
Adjust the following fields in /etc/php5/apache2/php.ini
post_max_size = 8M
date.timezone = Etc/UTC
opcache.validate_timestamps=0
Then restart apache
service apache2 restart
./bin/phd restart
Change default ssh port to something other than port 22 (I like to use 2222)
# edit Port setting here
vim /etc/ssh/sshd_config
# restart sshd service
service sshd restart
Make executable ssh hook for phabricator ssh daemon
# copy ssh hook to executable location
cp /home/phd/phabricator/resources/sshd/phabricator-ssh-hook.sh /usr/lib/phabricator-ssh-hook.sh
chown root /usr/lib/phabricator-ssh-hook.sh
chmod 755 /usr/lib/phabricator-ssh-hook.sh
# Modify hook to match your system (hint: vcs-user == git)
vim /usr/lib/phabricator-ssh-hook.sh
Create phabricator ssh daemon on port 22
# Copy the examply sshd config
cp /home/phd/phabricator/resources/sshd/sshd_config.phabricator.example /etc/ssh/sshd_config.phabricator.conf
# Edit AuthorizedKeysCommand, AuthorizedKeysCommandUser, and AllowUsers
vim /etc/ssh/sshd_config.phabricator
# Start the phabricator sshd
/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator
Now you should be able to run this command:
echo [] | ssh [email protected] conduit conduit.ping
And get output like this:
{"result":"orbital","error_code":null,"error_info":null}
At this point, you should be able to host and clone repositories via HTTP & SSH. Refer to the Diffusion Hosting Configuration Guide for trouble-shooting.
Also see the official Phabricator Configuration Guide for additional advanced configuration steps.
Probably should be obvious after all this adventure that local disk storage directory requires also write permissions, so instead of
type
Thank you very much for such detailed manual! I would never have thought about adding anything in sudoers, which I could probably figure out very roughly without it.