Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Phabricator Ubuntu Installation Guide

Phabricator Ubuntu Installation Guide

This is a supplement to the official Phabricator Installation Guide, because their guide will leave you with all kinds of permission and config errors and ~15,000 setup issues on startup.

Install bonus packages:

# apt-get install mercurial subversion python-pygments sendmail imagemagick

Create necessary users and add phd-user to sudoers:

# adduser phd --home /home/phd
# adduser phd sudo
# adduser git

And create repo directory if phabricator will be hosting repos:

# mkdir /var/repo
# chown -R phd /var/repo
# chgrp -R phd /var/repo

Install phabricator:

su phd
cd /home/phd
wget http://www.phabricator.com/rsrc/install/install_ubuntu.sh
bash install_ubuntu.sh

Recommended Phabricator Configurations to set:

cd /home/phd/phabricator

# Generally acceptable settings:
./bin/config set mysql.pass <MYSQL_ROOT_PASSWD>
./bin/config set phabricator.base-uri 'http://phabricator.mydomain.net/'
./bin/config set phd.user phd
./bin/config set environment.append-paths '["/usr/lib/git-core"]'
./bin/config set diffusion.ssh-user git
./bin/config set pygments.enabled true

# for local-disk file storage only:
mkdir /home/phd/phabricator-files
chmod -R 755 /home/phd/phabricator-files
./bin/config set storage.local-disk.path /home/phd/phabricator-files

# Set true if you want to allow public http cloning:
./bin/config set policy.allow-public true
# Set to true if you want to allow http pushes
./bin/config set diffusion.allow-http-auth false
# You most likely want prototype apps, they are very useful:
./bin/config set phabricator.show-prototypes true
# You may want this true, depending on your workflow:
./bin/config set differential.require-test-plan-field false

# recommended silliness-enabling settings:
./bin/config set files.enable-imagemagick true
./bin/config set remarkup.enable-embedded-youtube true

This needs to be appended to /etc/sudoers (NOTE: verify your binary locations):

git ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve
www-data ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/lib/git-core/git-http-backend, /usr/bin/hg

Apache Configuration:

First verify that apache is displaying a default page on port 80, then setup apache configuration file (see examples below) and enable phabricator site:

# cat /etc/apache2/sites-available/phabricator.conf
<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName phabricator.mydomain.net
        ServerAlias phabricator.mydomain.net
        ServerAdmin webmaster@example.com

        DocumentRoot /home/phd/phabricator/webroot

        RewriteEngine on
        RewriteRule ^/rsrc/(.*)     -                       [L,QSA]
        RewriteRule ^/favicon.ico   -                       [L,QSA]
        RewriteRule ^(.*)$          /index.php?__path__=$1  [B,L,QSA]

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
        <Directory "/home/phd/phabricator/webroot">
                Require all granted
        </Directory>
</VirtualHost>

And here is an example of an HTTPS-enabled phabricator conf:

<IfModule mod_ssl.c>
        <VirtualHost *:80>
                ServerName phabricator.mydomain.net
                Redirect permanent / https://phabricator.mydomain.net
        </VirtualHost>
        <VirtualHost *:443>

                # Change this to the domain which points to your host.
                ServerName phabricator.mydomain.net
                SSLEngine on
                SSLCertificateKeyFile /etc/ssl/private/phabricator.key
                SSLCertificateFile /etc/ssl/certs/phabricator_mydomain.net.crt
                SSLCertificateChainFile /etc/ssl/certs/phabricator_mydomain.net.ca-bundle
                SSLProtocol All -SSLv2 -SSLv3

                # Change this to the path where you put 'phabricator' when you checked it
                # out from GitHub when following the Installation Guide.
                #
                # Make sure you include "/webroot" at the end!
                DocumentRoot /home/phd/phabricator/webroot

                RewriteEngine on
                RewriteRule ^/rsrc/(.*)     -                       [L,QSA]
                RewriteRule ^/favicon.ico   -                       [L,QSA]
                RewriteRule ^(.*)$          /index.php?__path__=$1  [B,L,QSA]
                <Directory "/home/phd/phabricator/webroot">
                        Require all granted
                </Directory>
        </VirtualHost>
</IfModule>

Make sure mod_php and mod_rewrite are enabled, and mod_ssl if you intend to set up SSL

# a2dissite 000-default
# a2ensite phabricator
# service apache2 restart

Configure mysql and storage:

Add these new lines to /etc/mysql/my.cnf under the [mysqld] heading:

sql_mode=STRICT_ALL_TABLES
ft_boolean_syntax=' |-><()~*:""&^'
ft_stopword_file=/home/phd/phabricator/resources/sql/stopwords.txt
ft_min_word_len=3

This new line should be about 40% of the memory of the box:

innodb_buffer_pool_size=800M

And also adjust max_allowed_packet to 32M (this line will already exist)

max_allowed_packet      = 32M

Restart mysql and run phabricator storage upgrade:

service restart mysql
./bin/storage upgrade

Configure php:

Adjust the following fields in /etc/php5/apache2/php.ini

post_max_size = 8M
date.timezone = Etc/UTC
opcache.validate_timestamps=0

Then restart apache

service apache2 restart

Restart phd daemons:

./bin/phd restart

Enable ssh clone & push

Change default ssh port to something other than port 22 (I like to use 2222)

# edit Port setting here
vim /etc/ssh/sshd_config
# restart sshd service
service sshd restart

Make executable ssh hook for phabricator ssh daemon

# copy ssh hook to executable location
cp /home/phd/phabricator/resources/sshd/phabricator-ssh-hook.sh /usr/lib/phabricator-ssh-hook.sh
chown root /usr/lib/phabricator-ssh-hook.sh
chmod 755 /usr/lib/phabricator-ssh-hook.sh
# Modify hook to match your system (hint: vcs-user == git)
vim /usr/lib/phabricator-ssh-hook.sh

Create phabricator ssh daemon on port 22

# Copy the examply sshd config
cp /home/phd/phabricator/resources/sshd/sshd_config.phabricator.example /etc/ssh/sshd_config.phabricator
# Edit AuthorizedKeysCommand, AuthorizedKeysCommandUser, and AllowUsers
vim /etc/ssh/sshd_config.phabricator
# Start the phabricator sshd
/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator

Now you should be able to run this command:

echo {} | ssh git@phabricator.mydomain.net conduit conduit.ping

And get output like this:

{"result":"orbital","error_code":null,"error_info":null}

Refer to the phabricator configuration guide for next steps:

At this point, you should be able to host and clone repositories via HTTP & SSH. Refer to the Diffusion Hosting Configuration Guide for trouble-shooting.

Also see the official Phabricator Configuration Guide for additional advanced configuration steps.

@gomons

This comment has been minimized.

Copy link

commented Jul 2, 2016

Hello! My experiences: I change line in apache config from RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA] to RewriteRule ^(.*)$ /index.php?__path__=/$1 [B,L,QSA], slash added before $1.

@johannesberdin

This comment has been minimized.

Copy link

commented Jul 30, 2016

Thanks @sparrc for the install instructions. We moved them into a Vagrant environment: Check it out, https://github.com/apptimists/phabricator-vagrant

@spradnyesh

This comment has been minimized.

Copy link

commented Aug 11, 2016

@sparrc, thanks for the supplement; it really avoids a lot of issues

however, i'm facing multiple issues w/ ssh access to git repo, and would be grateful if you could kindly help me out

  • generally, it's ssh <hostname> <cmd> <cmd-args>, and above we do ssh <hostname> conduit conduit.ping, but i don't see conduit being installed in any step. in fact on my ubuntu box conduit gives a command not found error
  • secondly, we changed our ssh port to 2222, so shouldn't it be echo {} | ssh -p 2222 git@phabricator.mydomain.net conduit conduit.ping? if i omit the -p 2222, then i am asked for the passwd of "git" user, not if i don't omit -p 2222
  • also, even after following both the phabricator/diffusion_hosting and your supplement, i'm getting the following error
echo {} | ssh -p 2222 git@phab.ricator.com conduit conduit.ping
Permission denied (publickey,keyboard-interactive).

ssh -T -p 2222 ph-git@pm.mindseed.in
Permission denied (publickey,keyboard-interactive).
  • furthermore, i have added public-key on the site for my user, but when doing ssh we use the "git" user. how does this tie up?

i've been breaking my head for the last few hours over this, and would really appreciate any help

thanks a ton in advance :)

@Deliganli

This comment has been minimized.

Copy link

commented Sep 10, 2016

@sparrc, thank you for this gem, it solves many configuration warning and makes a clean installation

however still i am facing the same issue when i tried to install million times from phabricator's guide. Whenever i try to interact with git or simply ssh connection i am having the nasty

Permission denied (publickey)

error. I do have a public key added and private is added to my ssh agent. I have configured hook and ssh daemon according to your post and phabricator guide.

I am trying to install this on a ec2 instance of amazon with ubuntu setup

Thanks a lot

@anriKogan

This comment has been minimized.

Copy link

commented Oct 2, 2016

@Deliganli
add user "git" as below:

adduser --quiet --no-create-home --disabled-password --gecos "" git

it will be solve the problem.

@ssnd292

This comment has been minimized.

Copy link

commented Nov 11, 2016

@spradnyesh - Were you ever able to fix this? I have the exact same problem.....

@Deliganli

This comment has been minimized.

Copy link

commented Nov 12, 2016

@anriKogan
Hi mate,

i have performed a clean install and added user as you specified but still no luck. Same old error message

Permission denied (publickey).

I am in lack of logs, i couldn't find any log to understand what is going wrong here.

@simone-pizzolato

This comment has been minimized.

Copy link

commented Nov 30, 2016

Hi mate,
after installation I need extra conf:
always_populate_raw_post_data = -1
post_max_size = 32M

chmod 777 /home/phd/phabricator-files (maybe phabricator needs a particular user access?)

Thanks for this superbe guide

@miwi-fbsd

This comment has been minimized.

Copy link

commented Mar 22, 2017

@ssnd292 @spradnyesh did any of you got fixed that problem?

@swapnilpatil1682

This comment has been minimized.

Copy link

commented May 3, 2017

@miwi-fbsd Hello , Have you been able to setup this properly ? I am still facing issues.

@theriverman

This comment has been minimized.

Copy link

commented Sep 9, 2017

Hi,

Few comments on this gist as it's not compliant to the latest distributions and changes
[My experiences are based on Ubuntu 17.04 server]

  • Install php5.6 from the ondrej-ubuntu-php repository. Use Google for instructions!
  • Remove any other php versions, because they collide for some reason when using Apache2.
    Issue php --version and see your results. If its not PHP 5.6.xx, then you still have some kind of php installed.
    Try: ( apt-get remove php7-* ) together with purge and check your /etc/php* folder for junks.
  • The config file of mysql has been moved. Edit /etc/mysql/mysql.conf.d/mysqld.cnf, otherwise MySQL will fail to restart during one of these steps.
  • Before configuring Git, you need to add your ssh public key to Phabricator. So log in to your instance, go to Avatar --> Settings --> SSH Public Keys and add your SSH key (cat ~/.ssh/id_rsa.pub). If you don't have one, hit ssh-keygen and generate one.

Good luck!

@marcelloinfoweb

This comment has been minimized.

Copy link

commented Nov 1, 2017

Would you take the step by step to CentOS 6?

@bekicot

This comment has been minimized.

Copy link

commented Dec 26, 2017

change wget http://www.phabricator.com/rsrc/install/install_ubuntu.sh to wget https://raw.githubusercontent.com/phacility/phabricator/master/scripts/install/install_ubuntu.sh

@pdacity

This comment has been minimized.

Copy link

commented Jul 17, 2018

Please fix:

echo {} | ssh git@phabricator.mydomain.net conduit conduit.ping

must be:

echo [] | ssh git@phabricator.mydomain.net conduit conduit.ping

@fractalspace

This comment has been minimized.

Copy link

commented May 1, 2019

service restart mysql (and not service mysql restart)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.