Phabricator Ubuntu Installation Guide ------------------------------------- This is a supplement to the official [Phabricator Installation Guide](https://secure.phabricator.com/book/phabricator/article/installation_guide/), because their guide will leave you with all kinds of permission and config errors and ~15,000 setup issues on startup. #### Install bonus packages: # apt-get install mercurial subversion python-pygments sendmail imagemagick #### Create necessary users and add phd-user to sudoers: # adduser phd --home /home/phd # adduser phd sudo # adduser git And create repo directory if phabricator will be hosting repos: # mkdir /var/repo # chown -R phd /var/repo # chgrp -R phd /var/repo #### Install phabricator: su phd cd /home/phd wget https://raw.githubusercontent.com/phacility/phabricator/master/scripts/install/install_ubuntu.sh bash install_ubuntu.sh #### Recommended Phabricator Configurations to set: ```bash cd /home/phd/phabricator # Generally acceptable settings: ./bin/config set mysql.pass ./bin/config set phabricator.base-uri 'http://phabricator.mydomain.net/' ./bin/config set phd.user phd ./bin/config set environment.append-paths '["/usr/lib/git-core"]' ./bin/config set diffusion.ssh-user git ./bin/config set pygments.enabled true # for local-disk file storage only: mkdir /home/phd/phabricator-files chmod -R 666 /home/phd/phabricator-files ./bin/config set storage.local-disk.path /home/phd/phabricator-files # Set true if you want to allow public http cloning: ./bin/config set policy.allow-public true # Set to true if you want to allow http pushes ./bin/config set diffusion.allow-http-auth false # You most likely want prototype apps, they are very useful: ./bin/config set phabricator.show-prototypes true # You may want this true, depending on your workflow: ./bin/config set differential.require-test-plan-field false # recommended silliness-enabling settings: ./bin/config set files.enable-imagemagick true ./bin/config set remarkup.enable-embedded-youtube true ``` #### This needs to be appended to `/etc/sudoers` (NOTE: verify your binary locations): git ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve www-data ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/lib/git-core/git-http-backend, /usr/bin/hg #### Apache Configuration: First verify that apache is displaying a default page on port 80, then setup apache configuration file (see examples below) and enable phabricator site: # cat /etc/apache2/sites-available/phabricator.conf # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. ServerName phabricator.mydomain.net ServerAlias phabricator.mydomain.net ServerAdmin webmaster@example.com DocumentRoot /home/phd/phabricator/webroot RewriteEngine on RewriteRule ^/rsrc/(.*) - [L,QSA] RewriteRule ^/favicon.ico - [L,QSA] RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA] # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf Require all granted And here is an example of an HTTPS-enabled phabricator conf: ServerName phabricator.mydomain.net Redirect permanent / https://phabricator.mydomain.net # Change this to the domain which points to your host. ServerName phabricator.mydomain.net SSLEngine on SSLCertificateKeyFile /etc/ssl/private/phabricator.key SSLCertificateFile /etc/ssl/certs/phabricator_mydomain.net.crt SSLCertificateChainFile /etc/ssl/certs/phabricator_mydomain.net.ca-bundle SSLProtocol All -SSLv2 -SSLv3 # Change this to the path where you put 'phabricator' when you checked it # out from GitHub when following the Installation Guide. # # Make sure you include "/webroot" at the end! DocumentRoot /home/phd/phabricator/webroot RewriteEngine on RewriteRule ^/rsrc/(.*) - [L,QSA] RewriteRule ^/favicon.ico - [L,QSA] RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA] Require all granted Make sure `mod_php` and `mod_rewrite` are enabled, and `mod_ssl` if you intend to set up SSL # a2dissite 000-default # a2ensite phabricator # service apache2 restart #### Configure mysql and storage: Add these new lines to /etc/mysql/my.cnf under the [mysqld] heading: sql_mode=STRICT_ALL_TABLES ft_boolean_syntax=' |-><()~*:""&^' ft_stopword_file=/home/phd/phabricator/resources/sql/stopwords.txt ft_min_word_len=3 This new line should be about 40% of the memory of the box: innodb_buffer_pool_size=800M And also adjust max_allowed_packet to 32M (this line will already exist) max_allowed_packet = 32M Restart mysql and run phabricator storage upgrade: service mysql restart ./bin/storage upgrade #### Configure php: Adjust the following fields in `/etc/php5/apache2/php.ini` post_max_size = 8M date.timezone = Etc/UTC opcache.validate_timestamps=0 Then restart apache service apache2 restart #### Restart phd daemons: ./bin/phd restart #### Enable ssh clone & push Change default ssh port to something other than port 22 (I like to use 2222) ```bash # edit Port setting here vim /etc/ssh/sshd_config # restart sshd service service sshd restart ``` Make executable ssh hook for phabricator ssh daemon ```bash # copy ssh hook to executable location cp /home/phd/phabricator/resources/sshd/phabricator-ssh-hook.sh /usr/lib/phabricator-ssh-hook.sh chown root /usr/lib/phabricator-ssh-hook.sh chmod 755 /usr/lib/phabricator-ssh-hook.sh # Modify hook to match your system (hint: vcs-user == git) vim /usr/lib/phabricator-ssh-hook.sh ``` Create phabricator ssh daemon on port 22 ```bash # Copy the examply sshd config cp /home/phd/phabricator/resources/sshd/sshd_config.phabricator.example /etc/ssh/sshd_config.phabricator.conf # Edit AuthorizedKeysCommand, AuthorizedKeysCommandUser, and AllowUsers vim /etc/ssh/sshd_config.phabricator # Start the phabricator sshd /usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator ``` Now you should be able to run this command: echo [] | ssh git@phabricator.mydomain.net conduit conduit.ping And get output like this: {"result":"orbital","error_code":null,"error_info":null} #### Refer to the phabricator configuration guide for next steps: At this point, you should be able to host and clone repositories via HTTP & SSH. Refer to the [Diffusion Hosting Configuration Guide](https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/) for trouble-shooting. Also see the official [Phabricator Configuration Guide](https://secure.phabricator.com/book/phabricator/article/configuration_guide/) for additional advanced configuration steps.