Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Phabricator Ubuntu Installation Guide

Phabricator Ubuntu Installation Guide

This is a supplement to the official Phabricator Installation Guide, because their guide will leave you with all kinds of permission and config errors and ~15,000 setup issues on startup.

Install bonus packages:

# apt-get install mercurial subversion python-pygments sendmail imagemagick

Create necessary users and add phd-user to sudoers:

# adduser phd --home /home/phd
# adduser phd sudo
# adduser git

And create repo directory if phabricator will be hosting repos:

# mkdir /var/repo
# chown -R phd /var/repo
# chgrp -R phd /var/repo

Install phabricator:

su phd
cd /home/phd

Recommended Phabricator Configurations to set:

cd /home/phd/phabricator

# Generally acceptable settings:
./bin/config set mysql.pass <MYSQL_ROOT_PASSWD>
./bin/config set phabricator.base-uri ''
./bin/config set phd.user phd
./bin/config set environment.append-paths '["/usr/lib/git-core"]'
./bin/config set diffusion.ssh-user git
./bin/config set pygments.enabled true

# for local-disk file storage only:
mkdir /home/phd/phabricator-files
chmod -R 666 /home/phd/phabricator-files
./bin/config set storage.local-disk.path /home/phd/phabricator-files

# Set true if you want to allow public http cloning:
./bin/config set policy.allow-public true
# Set to true if you want to allow http pushes
./bin/config set diffusion.allow-http-auth false
# You most likely want prototype apps, they are very useful:
./bin/config set true
# You may want this true, depending on your workflow:
./bin/config set differential.require-test-plan-field false

# recommended silliness-enabling settings:
./bin/config set files.enable-imagemagick true
./bin/config set remarkup.enable-embedded-youtube true

This needs to be appended to /etc/sudoers (NOTE: verify your binary locations):

git ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve
www-data ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/lib/git-core/git-http-backend, /usr/bin/hg

Apache Configuration:

First verify that apache is displaying a default page on port 80, then setup apache configuration file (see examples below) and enable phabricator site:

# cat /etc/apache2/sites-available/phabricator.conf
<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.

        DocumentRoot /home/phd/phabricator/webroot

        RewriteEngine on
        RewriteRule ^/rsrc/(.*)     -                       [L,QSA]
        RewriteRule ^/favicon.ico   -                       [L,QSA]
        RewriteRule ^(.*)$          /index.php?__path__=$1  [B,L,QSA]

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
        <Directory "/home/phd/phabricator/webroot">
                Require all granted

And here is an example of an HTTPS-enabled phabricator conf:

<IfModule mod_ssl.c>
        <VirtualHost *:80>
                Redirect permanent /
        <VirtualHost *:443>

                # Change this to the domain which points to your host.
                SSLEngine on
                SSLCertificateKeyFile /etc/ssl/private/phabricator.key
                SSLCertificateFile /etc/ssl/certs/
                SSLCertificateChainFile /etc/ssl/certs/
                SSLProtocol All -SSLv2 -SSLv3

                # Change this to the path where you put 'phabricator' when you checked it
                # out from GitHub when following the Installation Guide.
                # Make sure you include "/webroot" at the end!
                DocumentRoot /home/phd/phabricator/webroot

                RewriteEngine on
                RewriteRule ^/rsrc/(.*)     -                       [L,QSA]
                RewriteRule ^/favicon.ico   -                       [L,QSA]
                RewriteRule ^(.*)$          /index.php?__path__=$1  [B,L,QSA]
                <Directory "/home/phd/phabricator/webroot">
                        Require all granted

Make sure mod_php and mod_rewrite are enabled, and mod_ssl if you intend to set up SSL

# a2dissite 000-default
# a2ensite phabricator
# service apache2 restart

Configure mysql and storage:

Add these new lines to /etc/mysql/my.cnf under the [mysqld] heading:

ft_boolean_syntax=' |-><()~*:""&^'

This new line should be about 40% of the memory of the box:


And also adjust max_allowed_packet to 32M (this line will already exist)

max_allowed_packet      = 32M

Restart mysql and run phabricator storage upgrade:

service mysql restart
./bin/storage upgrade

Configure php:

Adjust the following fields in /etc/php5/apache2/php.ini

post_max_size = 8M
date.timezone = Etc/UTC

Then restart apache

service apache2 restart

Restart phd daemons:

./bin/phd restart

Enable ssh clone & push

Change default ssh port to something other than port 22 (I like to use 2222)

# edit Port setting here
vim /etc/ssh/sshd_config
# restart sshd service
service sshd restart

Make executable ssh hook for phabricator ssh daemon

# copy ssh hook to executable location
cp /home/phd/phabricator/resources/sshd/ /usr/lib/
chown root /usr/lib/
chmod 755 /usr/lib/
# Modify hook to match your system (hint: vcs-user == git)
vim /usr/lib/

Create phabricator ssh daemon on port 22

# Copy the examply sshd config
cp /home/phd/phabricator/resources/sshd/sshd_config.phabricator.example /etc/ssh/sshd_config.phabricator.conf
# Edit AuthorizedKeysCommand, AuthorizedKeysCommandUser, and AllowUsers
vim /etc/ssh/sshd_config.phabricator
# Start the phabricator sshd
/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator

Now you should be able to run this command:

echo [] | ssh conduit

And get output like this:


Refer to the phabricator configuration guide for next steps:

At this point, you should be able to host and clone repositories via HTTP & SSH. Refer to the Diffusion Hosting Configuration Guide for trouble-shooting.

Also see the official Phabricator Configuration Guide for additional advanced configuration steps.

Copy link

gomons commented Jul 2, 2016

Hello! My experiences: I change line in apache config from RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA] to RewriteRule ^(.*)$ /index.php?__path__=/$1 [B,L,QSA], slash added before $1.

Copy link

johannesberdin commented Jul 30, 2016

Thanks @sparrc for the install instructions. We moved them into a Vagrant environment: Check it out,

Copy link

spradnyesh commented Aug 11, 2016

@sparrc, thanks for the supplement; it really avoids a lot of issues

however, i'm facing multiple issues w/ ssh access to git repo, and would be grateful if you could kindly help me out

  • generally, it's ssh <hostname> <cmd> <cmd-args>, and above we do ssh <hostname> conduit, but i don't see conduit being installed in any step. in fact on my ubuntu box conduit gives a command not found error
  • secondly, we changed our ssh port to 2222, so shouldn't it be echo {} | ssh -p 2222 conduit if i omit the -p 2222, then i am asked for the passwd of "git" user, not if i don't omit -p 2222
  • also, even after following both the phabricator/diffusion_hosting and your supplement, i'm getting the following error
echo {} | ssh -p 2222 conduit
Permission denied (publickey,keyboard-interactive).

ssh -T -p 2222
Permission denied (publickey,keyboard-interactive).
  • furthermore, i have added public-key on the site for my user, but when doing ssh we use the "git" user. how does this tie up?

i've been breaking my head for the last few hours over this, and would really appreciate any help

thanks a ton in advance :)

Copy link

Deliganli commented Sep 10, 2016

@sparrc, thank you for this gem, it solves many configuration warning and makes a clean installation

however still i am facing the same issue when i tried to install million times from phabricator's guide. Whenever i try to interact with git or simply ssh connection i am having the nasty

Permission denied (publickey)

error. I do have a public key added and private is added to my ssh agent. I have configured hook and ssh daemon according to your post and phabricator guide.

I am trying to install this on a ec2 instance of amazon with ubuntu setup

Thanks a lot

Copy link

anriKogan commented Oct 2, 2016

add user "git" as below:

adduser --quiet --no-create-home --disabled-password --gecos "" git

it will be solve the problem.

Copy link

ssnd292 commented Nov 11, 2016

@spradnyesh - Were you ever able to fix this? I have the exact same problem.....

Copy link

Deliganli commented Nov 12, 2016

Hi mate,

i have performed a clean install and added user as you specified but still no luck. Same old error message

Permission denied (publickey).

I am in lack of logs, i couldn't find any log to understand what is going wrong here.

Copy link

simone-pizzolato commented Nov 30, 2016

Hi mate,
after installation I need extra conf:
always_populate_raw_post_data = -1
post_max_size = 32M

chmod 777 /home/phd/phabricator-files (maybe phabricator needs a particular user access?)

Thanks for this superbe guide

Copy link

miwi-fbsd commented Mar 22, 2017

@ssnd292 @spradnyesh did any of you got fixed that problem?

Copy link

swapnilpatil1682 commented May 3, 2017

@miwi-fbsd Hello , Have you been able to setup this properly ? I am still facing issues.

Copy link

theriverman commented Sep 9, 2017


Few comments on this gist as it's not compliant to the latest distributions and changes
[My experiences are based on Ubuntu 17.04 server]

  • Install php5.6 from the ondrej-ubuntu-php repository. Use Google for instructions!
  • Remove any other php versions, because they collide for some reason when using Apache2.
    Issue php --version and see your results. If its not PHP 5.6.xx, then you still have some kind of php installed.
    Try: ( apt-get remove php7-* ) together with purge and check your /etc/php* folder for junks.
  • The config file of mysql has been moved. Edit /etc/mysql/mysql.conf.d/mysqld.cnf, otherwise MySQL will fail to restart during one of these steps.
  • Before configuring Git, you need to add your ssh public key to Phabricator. So log in to your instance, go to Avatar --> Settings --> SSH Public Keys and add your SSH key (cat ~/.ssh/ If you don't have one, hit ssh-keygen and generate one.

Good luck!

Copy link

marcelloinfoweb commented Nov 1, 2017

Would you take the step by step to CentOS 6?

Copy link

bekicot commented Dec 26, 2017

change wget to wget

Copy link

pdacity commented Jul 17, 2018

Please fix:

echo {} | ssh conduit

must be:

echo [] | ssh conduit

Copy link

fractalspace commented May 1, 2019

service restart mysql (and not service mysql restart)

Copy link

vintprox commented May 1, 2020

Probably should be obvious after all this adventure that local disk storage directory requires also write permissions, so instead of

chmod -R 755 /home/phd/phabricator-files


chmod -R 666 /home/phd/phabricator-files

Thank you very much for such detailed manual! I would never have thought about adding anything in sudoers, which I could probably figure out very roughly without it.

Copy link

ljstek commented Oct 17, 2020

Thanks for this guide, very useful.

One small comment about the sshd config file, by default (Ubuntu 20.04 LTS) sshd loads the *.conf files from /etc/ssh/sshd_conf.d/ on service start, so I would suggest changing the file target for cp from

cp /home/phd/phabricator/resources/sshd/sshd_config.phabricator.example /etc/ssh/sshd_config.phabricator


cp /home/phd/phabricator/resources/sshd/sshd_config.phabricator.example /etc/ssh/sshd_config.d/phabricator.conf

or something similar, and adjust the then following commands from your guide accordingly to the new location.

Copy link

sparrc commented Oct 26, 2020

I've skimmed over the recommendations here and made some edits, glad this guide is helping people, please keep the suggestions coming!

Copy link

ionics commented Feb 13, 2021

Like @ljstek mentioned: putting ssh config into /etc/sshd_config.d/phabricator.conf seems best practice.

Right now please fix:

# Copy the examply sshd config
cp /home/phd/phabricator/resources/sshd/sshd_config.phabricator.example /etc/ssh/sshd_config.phabricator.conf
# Edit AuthorizedKeysCommand, AuthorizedKeysCommandUser, and AllowUsers
- vim /etc/ssh/sshd_config.phabricator
+ vim /etc/ssh/sshd_config.phabricator.conf
# Start the phabricator sshd
- /usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator
+ /usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator.conf

Issue: in /etc/ssh @sparrc created file with filename-extension .conf but in the gist .conf is missing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment