Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Phabricator Ubuntu Installation Guide

Phabricator Ubuntu Installation Guide

This is a supplement to the official Phabricator Installation Guide, because their guide will leave you with all kinds of permission and config errors and ~15,000 setup issues on startup.

Install bonus packages:

# apt-get install mercurial subversion python-pygments sendmail imagemagick

Create necessary users and add phd-user to sudoers:

# adduser phd --home /home/phd
# adduser phd sudo
# adduser git

And create repo directory if phabricator will be hosting repos:

# mkdir /var/repo
# chown -R phd /var/repo
# chgrp -R phd /var/repo

Install phabricator:

su phd
cd /home/phd

Recommended Phabricator Configurations to set:

cd /home/phd/phabricator

# Generally acceptable settings:
./bin/config set mysql.pass <MYSQL_ROOT_PASSWD>
./bin/config set phabricator.base-uri ''
./bin/config set phd.user phd
./bin/config set environment.append-paths '["/usr/lib/git-core"]'
./bin/config set diffusion.ssh-user git
./bin/config set pygments.enabled true

# for local-disk file storage only:
mkdir /home/phd/phabricator-files
chmod -R 755 /home/phd/phabricator-files
./bin/config set storage.local-disk.path /home/phd/phabricator-files

# Set true if you want to allow public http cloning:
./bin/config set policy.allow-public true
# Set to true if you want to allow http pushes
./bin/config set diffusion.allow-http-auth false
# You most likely want prototype apps, they are very useful:
./bin/config set true
# You may want this true, depending on your workflow:
./bin/config set differential.require-test-plan-field false

# recommended silliness-enabling settings:
./bin/config set files.enable-imagemagick true
./bin/config set remarkup.enable-embedded-youtube true

This needs to be appended to /etc/sudoers (NOTE: verify your binary locations):

git ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve
www-data ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/lib/git-core/git-http-backend, /usr/bin/hg

Apache Configuration:

First verify that apache is displaying a default page on port 80, then setup apache configuration file (see examples below) and enable phabricator site:

# cat /etc/apache2/sites-available/phabricator.conf
<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.

        DocumentRoot /home/phd/phabricator/webroot

        RewriteEngine on
        RewriteRule ^/rsrc/(.*)     -                       [L,QSA]
        RewriteRule ^/favicon.ico   -                       [L,QSA]
        RewriteRule ^(.*)$          /index.php?__path__=$1  [B,L,QSA]

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
        <Directory "/home/phd/phabricator/webroot">
                Require all granted

And here is an example of an HTTPS-enabled phabricator conf:

<IfModule mod_ssl.c>
        <VirtualHost *:80>
                Redirect permanent /
        <VirtualHost *:443>

                # Change this to the domain which points to your host.
                SSLEngine on
                SSLCertificateKeyFile /etc/ssl/private/phabricator.key
                SSLCertificateFile /etc/ssl/certs/
                SSLCertificateChainFile /etc/ssl/certs/
                SSLProtocol All -SSLv2 -SSLv3

                # Change this to the path where you put 'phabricator' when you checked it
                # out from GitHub when following the Installation Guide.
                # Make sure you include "/webroot" at the end!
                DocumentRoot /home/phd/phabricator/webroot

                RewriteEngine on
                RewriteRule ^/rsrc/(.*)     -                       [L,QSA]
                RewriteRule ^/favicon.ico   -                       [L,QSA]
                RewriteRule ^(.*)$          /index.php?__path__=$1  [B,L,QSA]
                <Directory "/home/phd/phabricator/webroot">
                        Require all granted

Make sure mod_php and mod_rewrite are enabled, and mod_ssl if you intend to set up SSL

# a2dissite 000-default
# a2ensite phabricator
# service apache2 restart

Configure mysql and storage:

Add these new lines to /etc/mysql/my.cnf under the [mysqld] heading:

ft_boolean_syntax=' |-><()~*:""&^'

This new line should be about 40% of the memory of the box:


And also adjust max_allowed_packet to 32M (this line will already exist)

max_allowed_packet      = 32M

Restart mysql and run phabricator storage upgrade:

service restart mysql
./bin/storage upgrade

Configure php:

Adjust the following fields in /etc/php5/apache2/php.ini

post_max_size = 8M
date.timezone = Etc/UTC

Then restart apache

service apache2 restart

Restart phd daemons:

./bin/phd restart

Enable ssh clone & push

Change default ssh port to something other than port 22 (I like to use 2222)

# edit Port setting here
vim /etc/ssh/sshd_config
# restart sshd service
service sshd restart

Make executable ssh hook for phabricator ssh daemon

# copy ssh hook to executable location
cp /home/phd/phabricator/resources/sshd/ /usr/lib/
chown root /usr/lib/
chmod 755 /usr/lib/
# Modify hook to match your system (hint: vcs-user == git)
vim /usr/lib/

Create phabricator ssh daemon on port 22

# Copy the examply sshd config
cp /home/phd/phabricator/resources/sshd/sshd_config.phabricator.example /etc/ssh/sshd_config.phabricator
# Edit AuthorizedKeysCommand, AuthorizedKeysCommandUser, and AllowUsers
vim /etc/ssh/sshd_config.phabricator
# Start the phabricator sshd
/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator

Now you should be able to run this command:

echo {} | ssh conduit

And get output like this:


Refer to the phabricator configuration guide for next steps:

At this point, you should be able to host and clone repositories via HTTP & SSH. Refer to the Diffusion Hosting Configuration Guide for trouble-shooting.

Also see the official Phabricator Configuration Guide for additional advanced configuration steps.


This comment has been minimized.

Copy link

commented Jul 2, 2016

Hello! My experiences: I change line in apache config from RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA] to RewriteRule ^(.*)$ /index.php?__path__=/$1 [B,L,QSA], slash added before $1.


This comment has been minimized.

Copy link

commented Jul 30, 2016

Thanks @sparrc for the install instructions. We moved them into a Vagrant environment: Check it out,


This comment has been minimized.

Copy link

commented Aug 11, 2016

@sparrc, thanks for the supplement; it really avoids a lot of issues

however, i'm facing multiple issues w/ ssh access to git repo, and would be grateful if you could kindly help me out

  • generally, it's ssh <hostname> <cmd> <cmd-args>, and above we do ssh <hostname> conduit, but i don't see conduit being installed in any step. in fact on my ubuntu box conduit gives a command not found error
  • secondly, we changed our ssh port to 2222, so shouldn't it be echo {} | ssh -p 2222 conduit if i omit the -p 2222, then i am asked for the passwd of "git" user, not if i don't omit -p 2222
  • also, even after following both the phabricator/diffusion_hosting and your supplement, i'm getting the following error
echo {} | ssh -p 2222 conduit
Permission denied (publickey,keyboard-interactive).

ssh -T -p 2222
Permission denied (publickey,keyboard-interactive).
  • furthermore, i have added public-key on the site for my user, but when doing ssh we use the "git" user. how does this tie up?

i've been breaking my head for the last few hours over this, and would really appreciate any help

thanks a ton in advance :)


This comment has been minimized.

Copy link

commented Sep 10, 2016

@sparrc, thank you for this gem, it solves many configuration warning and makes a clean installation

however still i am facing the same issue when i tried to install million times from phabricator's guide. Whenever i try to interact with git or simply ssh connection i am having the nasty

Permission denied (publickey)

error. I do have a public key added and private is added to my ssh agent. I have configured hook and ssh daemon according to your post and phabricator guide.

I am trying to install this on a ec2 instance of amazon with ubuntu setup

Thanks a lot


This comment has been minimized.

Copy link

commented Oct 2, 2016

add user "git" as below:

adduser --quiet --no-create-home --disabled-password --gecos "" git

it will be solve the problem.


This comment has been minimized.

Copy link

commented Nov 11, 2016

@spradnyesh - Were you ever able to fix this? I have the exact same problem.....


This comment has been minimized.

Copy link

commented Nov 12, 2016

Hi mate,

i have performed a clean install and added user as you specified but still no luck. Same old error message

Permission denied (publickey).

I am in lack of logs, i couldn't find any log to understand what is going wrong here.


This comment has been minimized.

Copy link

commented Nov 30, 2016

Hi mate,
after installation I need extra conf:
always_populate_raw_post_data = -1
post_max_size = 32M

chmod 777 /home/phd/phabricator-files (maybe phabricator needs a particular user access?)

Thanks for this superbe guide


This comment has been minimized.

Copy link

commented Mar 22, 2017

@ssnd292 @spradnyesh did any of you got fixed that problem?


This comment has been minimized.

Copy link

commented May 3, 2017

@miwi-fbsd Hello , Have you been able to setup this properly ? I am still facing issues.


This comment has been minimized.

Copy link

commented Sep 9, 2017


Few comments on this gist as it's not compliant to the latest distributions and changes
[My experiences are based on Ubuntu 17.04 server]

  • Install php5.6 from the ondrej-ubuntu-php repository. Use Google for instructions!
  • Remove any other php versions, because they collide for some reason when using Apache2.
    Issue php --version and see your results. If its not PHP 5.6.xx, then you still have some kind of php installed.
    Try: ( apt-get remove php7-* ) together with purge and check your /etc/php* folder for junks.
  • The config file of mysql has been moved. Edit /etc/mysql/mysql.conf.d/mysqld.cnf, otherwise MySQL will fail to restart during one of these steps.
  • Before configuring Git, you need to add your ssh public key to Phabricator. So log in to your instance, go to Avatar --> Settings --> SSH Public Keys and add your SSH key (cat ~/.ssh/ If you don't have one, hit ssh-keygen and generate one.

Good luck!


This comment has been minimized.

Copy link

commented Nov 1, 2017

Would you take the step by step to CentOS 6?


This comment has been minimized.

Copy link

commented Dec 26, 2017

change wget to wget


This comment has been minimized.

Copy link

commented Jul 17, 2018

Please fix:

echo {} | ssh conduit

must be:

echo [] | ssh conduit


This comment has been minimized.

Copy link

commented May 1, 2019

service restart mysql (and not service mysql restart)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.