Last active
March 4, 2021 05:48
-
-
Save zengxs/3a31ad37ff0333d9ee729eb772023f04 to your computer and use it in GitHub Desktop.
Install phabricator in a few minutes for CentOS 8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # Interactive script for phabricator installation, setup phabricator in a few minutes | |
| # * Support CentOS 8 only | |
| # * Require a valid SSL certificate | |
| # * Require run as root | |
| # * Will execute some dangerous operations | |
| # * May damage your system | |
| # * Without warranty of any kind | |
| # | |
| # How to run this script: | |
| # curl -sSL https://gist.githubusercontent.com/zengxs/3a31ad37ff0333d9ee729eb772023f04/raw/ | sudo sh | |
| # | |
| # @author : zengxs | |
| # @date : 2020-07-11 | |
| # @license : Apache-2.0 | |
| # Default configurations | |
| INSTANCE_HOST=phabricator.example.com | |
| INSTANCE_TITLE=Phabricator | |
| PHABRICATOR_REPO=https://github.com/phacility/phabricator.git | |
| PHABRICATOR_VERSION=stable | |
| ARCANIST_REPO=https://github.com/phacility/arcanist.git | |
| ARCANIST_VERSION=stable | |
| INSTALLATION_PATH=/usr/share/nginx | |
| PHABRICATOR_ROOT=$INSTALLATION_PATH/phabricator | |
| ARCANIST_PATH=$INSTALLATION_PATH/arcanist | |
| MYSQL_USER=u_phabricator | |
| MYSQL_PASS=JESfQ9Zh | |
| SSL_CERT_PATH=/etc/ssl/certs/phabricator.crt | |
| SSL_KEY_PATH=/etc/ssl/private/phabricator.key | |
| DHPARAM_PATH=/etc/ssl/private/dhparam.key | |
| TIMEZONE=Asia/Shanghai | |
| PHD_USER=phd | |
| VCS_USER=git | |
| REPOS_PATH=/var/phabricator/repos | |
| FILES_PATH=/var/phabricator/files | |
| PHD_LOG_DIR=/var/log/phd | |
| MAILER_CONFIGURATIONS='"cluster.mailers": [],' | |
| public_ip=$(curl -sSL http://whatismyip.akamai.com) | |
| function ensure_environment() { | |
| if [ "$EUID" -ne 0 ]; then | |
| echo "Please run as root." | |
| exit 1 | |
| fi | |
| if hash rpm 2>/dev/null; then | |
| CENTOS_VERSION=$(rpm -E '%{rhel}') | |
| if [[ "$CENTOS_VERSION" == "8" ]]; then | |
| return | |
| fi | |
| fi | |
| echo "Support linux (CentOS 8) only." | |
| exit 1 | |
| } | |
| function ask_continue() { | |
| DEFAULT_MSG="Do you want to continue?" | |
| MESSAGE=${1:-$DEFAULT_MSG} | |
| read -r -p "$MESSAGE [y/N] " _continue | |
| case "$_continue" in | |
| [yY][eE][sS]|[yY]) | |
| ;; | |
| *) | |
| exit 1 | |
| ;; | |
| esac | |
| } | |
| function configure_base() { | |
| cat <<EOF | |
| > Configure basic: | |
| NOTICE: | |
| You should make your dns record of instance host | |
| point to this machine. | |
| (Your public ip address may be "$public_ip") | |
| EOF | |
| read -p " * Your phabricator instance host [$INSTANCE_HOST] : " _host | |
| read -p " * Your phabricator instance title [$INSTANCE_TITLE] : " _title | |
| INSTANCE_HOST=${_host:-$INSTANCE_HOST} | |
| INSTANCE_TITLE=${_title:-$INSTANCE_TITLE} | |
| echo | |
| } | |
| function configure_version() { | |
| cat <<EOF | |
| > Configure the version to install: | |
| NOTICE: | |
| Your can specify a git-commit-hash to install, | |
| or "stable" for latest stable version, "master" | |
| for latest development version. | |
| EOF | |
| read -p " * Phabricator remote repository [$PHABRICATOR_REPO] : " _phab_repo | |
| read -p " * Phabricator version [$PHABRICATOR_VERSION] : " _phab_version | |
| read -p " * Arcanist remote repository [$ARCANIST_REPO] : " _arc_repo | |
| read -p " * Arcanist version [$ARCANIST_VERSION] : " _arc_version | |
| read -p " * Installation path [$INSTALLATION_PATH] : " _installation_path | |
| PHABRICATOR_REPO=${_phab_repo:-$PHABRICATOR_REPO} | |
| PHABRICATOR_VERSION=${_phab_version:-$PHABRICATOR_VERSION} | |
| ARCANIST_REPO=${_arc_repo:-$ARCANIST_REPO} | |
| ARCANIST_VERSION=${_arc_version:-$ARCANIST_VERSION} | |
| INSTALLATION_PATH=${_installation_path:-$INSTALLATION_PATH} | |
| PHABRICATOR_ROOT=$INSTALLATION_PATH/phabricator | |
| ARCANIST_PATH=$INSTALLATION_PATH/arcanist | |
| echo | |
| } | |
| function configure_mysql() { | |
| cat <<EOF | |
| > Configure mysql | |
| NOTICE: | |
| Create new mysql user account and grant privileges | |
| for phabricator. | |
| You should regenerate your mysql password: | |
| https://duckduckgo.com/?q=password+8+normal&ia=answer | |
| EOF | |
| read -p " * MySQL user [$MYSQL_USER] : " _mysql_user | |
| read -p " * MySQL password [$MYSQL_PASS] : " _mysql_pass | |
| MYSQL_USER=${_mysql_user:-$MYSQL_USER} | |
| MYSQL_PASS=${_mysql_pass:-$MYSQL_PASS} | |
| echo | |
| } | |
| function configure_ssl() { | |
| cat <<EOF | |
| > Configure ssl | |
| NOTICE: | |
| For security, you must install Phabricator with ssl, | |
| SSL certificate must match your domain. | |
| ** All file path should be absolute path. ** | |
| You can request a free ssl certificate from Let's Encrypt. | |
| https://www.letsencrypt.org | |
| Useful tools: | |
| https://freessl.org | |
| https://www.sslforfree.com | |
| https://gethttpsforfree.com | |
| Other references: | |
| https://ssl-config.mozilla.org | |
| EOF | |
| read -p " * SSL certificate path [$SSL_CERT_PATH] : " _ssl_cert_path | |
| SSL_CERT_PATH=${_ssl_cert_path:-$SSL_CERT_PATH} | |
| if [ ! -f "$SSL_CERT_PATH" ]; then | |
| cat <<EOF | |
| Your SSL certificate file not exist. You can paste your SSL | |
| certificate content here, or press CTRL+C to exit installation. | |
| * Input your SSL certificate content : | |
| EOF | |
| SSL_CERT=$(</dev/stdin) | |
| echo | |
| SSL_CERT_DIR=$(dirname "$SSL_CERT_PATH") | |
| echo " % mkdir \"$SSL_CERT_DIR\" " | |
| mkdir -p "$SSL_CERT_DIR" | |
| echo " % write ssl certificate content to \"$SSL_CERT_PATH\"" | |
| echo "$SSL_CERT" > "$SSL_CERT_PATH" | |
| echo | |
| fi | |
| read -p " * SSL private key path [$SSL_KEY_PATH] : " _ssl_key_path | |
| SSL_KEY_PATH=${_ssl_key_path:-$SSL_KEY_PATH} | |
| if [ ! -f "$SSL_KEY_PATH" ]; then | |
| cat <<EOF | |
| Your SSL private key file not exist. You can paste your SSL | |
| private key content here, or press CTRL+C to exit installation. | |
| * Input your SSL private key content : | |
| EOF | |
| SSL_KEY=$(</dev/stdin) | |
| echo | |
| SSL_KEY_DIR=$(dirname "$SSL_KEY_PATH") | |
| echo " % mkdir \"$SSL_KEY_DIR\"" | |
| mkdir -p "$SSL_KEY_DIR" | |
| echo " % write ssl private key content to \"$SSL_KEY_PATH\"" | |
| echo "$SSL_KEY" > "$SSL_KEY_PATH" | |
| chown 0600 "$SSL_KEY_PATH" | |
| echo | |
| fi | |
| read -p " * dhparam file path [$DHPARAM_PATH] : " _dhparam_path | |
| DHPARAM_PATH=${_dhparam_path:-$DHPARAM_PATH} | |
| if [ ! -f "$DHPARAM_PATH" ]; then | |
| DHPARAM_DIR=$(dirname "$DHPARAM_PATH") | |
| echo " % mkdir \"$DHPARAM_DIR\"" | |
| mkdir -p "$DHPARAM_DIR" | |
| echo " % generate dhparam file to \"$DHPARAM_PATH\"" | |
| openssl dhparam -out "$DHPARAM_PATH" 2048 | |
| chown 0600 "$DHPARAM_PATH" | |
| echo | |
| fi | |
| } | |
| function configure_core() { | |
| cat <<EOF | |
| > Configure phabricator | |
| NOTICE: | |
| Script will automatically create related system users. | |
| EOF | |
| read -p " * Time Zone [$TIMEZONE] : " _timezone | |
| read -p " * User to run phd [$PHD_USER] : " _phd_user | |
| read -p " * User to run vcs operations [$VCS_USER] : " _vcs_user | |
| read -p " * Directory to store vcs repositories [$REPOS_PATH] : " _repos_dir | |
| read -p " * Directory to store files [$FILES_PATH] : " _files_dir | |
| read -p " * phd log dir [$PHD_LOG_DIR] : " _phd_log_dir | |
| TIMEZONE=${_timezone:-$TIMEZONE} | |
| PHD_USER=${_phd_user:-$PHD_USER} | |
| VCS_USER=${_vcs_user:-$VCS_USER} | |
| REPOS_PATH=${_repos_dir:-$REPOS_PATH} | |
| FILES_PATH=${_files_dir:-$FILES_PATH} | |
| PHD_LOG_DIR=${_phd_log_dir:-$PHD_LOG_DIR} | |
| echo | |
| } | |
| function configure_mailer_smtp() { | |
| cat <<EOF | |
| > Configure SMTP service for Phabricator | |
| NOTICE: | |
| smtp host : The hostname of your SMTP server (like: "smtp.gmail.com"). | |
| smtp port : The port to connect to on your SMTP server. | |
| smtp protocol : Set to "tls" or "ssl". In general, port 465 is "ssl", 587 is "tls". | |
| smtp user : Username used for authentication. | |
| smtp password : Password for authentication. | |
| EOF | |
| read -p " * smtp host : " MAILER_SMTP_HOST | |
| read -p " * smtp port : " MAILER_SMTP_PORT | |
| case "$MAILER_SMTP_PORT" in | |
| 465) | |
| DEFAULT_MAILER_SMTP_PROTOCOL=ssl | |
| ;; | |
| 587) | |
| DEFAULT_MAILER_SMTP_PROTOCOL=tls | |
| ;; | |
| *) | |
| DEFAULT_MAILER_SMTP_PROTOCOL=tls | |
| ;; | |
| esac | |
| read -p " * smtp protocol [$DEFAULT_MAILER_SMTP_PROTOCOL] : " _smtp_protocol | |
| MAILER_SMTP_PROTOCOL=${_smtp_protocol:-$DEFAULT_MAILER_SMTP_PROTOCOL} | |
| read -p " * smtp user : " MAILER_SMTP_USER | |
| read -p " * smtp password : " MAILER_SMTP_PASS | |
| } | |
| function configure_mailer_mailgun() { | |
| cat <<EOF | |
| > Configure mailgun service for Phabricator | |
| NOTICE: | |
| mailgun server : Mailgun API server host, default is "api.mailgun.net". | |
| If your account is in another region (like EU), you may | |
| need to specify a different hostname. | |
| mailgun domain : Your mailgun domain | |
| mailgun apikey : Your mailgun API key | |
| mailgun sender : Mailgun sender email address | |
| EOF | |
| DEFAULT_MAILER_MAILGUN_SERVER=api.mailgun.net | |
| read -p " * mailgun server [$DEFAULT_MAILER_MAILGUN_SERVER] : " _mailgun_server | |
| MAILER_MAILGUN_SERVER=${_mailgun_server:-$DEFAULT_MAILER_MAILGUN_SERVER} | |
| read -p " * mailgun domain : " MAILER_MAILGUN_DOMAIN | |
| read -p " * mailgun apikey : " MAILER_MAILGUN_APIKEY | |
| DEFAULT_MAILER_MAILGUN_SENDER=phabricator@$MAILER_MAILGUN_DOMAIN | |
| read -p " * mailgun sender [$DEFAULT_MAILER_MAILGUN_SENDER] : " _mailgun_sender | |
| MAILER_MAILGUN_SENDER=${_mailgun_sender:-$DEFAULT_MAILER_MAILGUN_SENDER} | |
| } | |
| function configure_mailer() { | |
| cat <<EOF | |
| > Configure mailer | |
| NOTICE: | |
| Configure mailer for mail sender of Phabricator. | |
| * Select mail sender type, choices: | |
| "none" : Don't configure any mailers. | |
| "smtp" : Send mail via an external SMTP server, like Gmail. | |
| "mailgun" : Send mail via MailGun. | |
| EOF | |
| read -p "Input your choice [none] : " _choice | |
| case "$_choice" in | |
| smtp) | |
| configure_mailer_smtp | |
| MAILER_CONFIGURATIONS=$( | |
| cat <<EOF | |
| "metamta.default-address": "$MAILER_MAILGUN_SENDER", | |
| "cluster.mailers": [ | |
| { | |
| "key": "email-outgoing", | |
| "type": "smtp", | |
| "options": { | |
| "protocol": "$MAILER_SMTP_PROTOCOL", | |
| "host": "$MAILER_SMTP_HOST", | |
| "port": $MAILER_SMTP_PORT, | |
| "user": "$MAILER_SMTP_USER", | |
| "password": "$MAILER_SMTP_PASS" | |
| } | |
| } | |
| ] | |
| EOF | |
| ) | |
| ;; | |
| mailgun) | |
| configure_mailer_mailgun | |
| MAILER_CONFIGURATIONS=$( | |
| cat <<EOF | |
| "cluster.mailers": [ | |
| { | |
| "key": "email-outgoing", | |
| "type": "mailgun", | |
| "options": { | |
| "api-hostname": "$MAILER_MAILGUN_SERVER", | |
| "domain": "$MAILER_MAILGUN_DOMAIN", | |
| "api-key": "$MAILER_MAILGUN_APIKEY" | |
| } | |
| } | |
| ] | |
| EOF | |
| ) | |
| ;; | |
| *) | |
| MAILER_CONFIGURATIONS='"cluster.mailers": []' | |
| ;; | |
| esac | |
| } | |
| function review_configurations() { | |
| cat <<EOF | |
| ===================================================================== | |
| Configure finished. Please review your configurations before install: | |
| Phabricator base-uri : https://$INSTANCE_HOST | |
| Phabricator title : $INSTANCE_TITLE | |
| Phabricator version : $PHABRICATOR_REPO ($PHABRICATOR_VERSION) -> $PHABRICATOR_ROOT | |
| Arcanist version : $ARCANIST_REPO ($ARCANIST_VERSION) -> $ARCANIST_PATH | |
| Timezone : $TIMEZONE | |
| User to run phd : $PHD_USER | |
| User to vcs ops : $VCS_USER | |
| Dir to store repos : $REPOS_PATH | |
| Dir to store files : $FILES_PATH | |
| Dir for phd logs : $PHD_LOG_DIR | |
| MySQL user : $MYSQL_USER:****** | |
| ===================================================================== | |
| EOF | |
| ask_continue | |
| } | |
| function show_disclaimer() { | |
| cat <<EOF | |
| ATTENTION: | |
| The installation may damage your system, cause you cannot | |
| access ssh, disrupt your existing ssh connection or other | |
| uncertain dangerous consequences. | |
| ATTENTION!!! THE INSTALLATION MAY DAMAGE YOUR SYSTEM!!! | |
| ATTENTION!!! THE INSTALLATION MAY DAMAGE YOUR SYSTEM!!! | |
| ATTENTION!!! THE INSTALLATION MAY DAMAGE YOUR SYSTEM!!! | |
| EOF | |
| ask_continue "Do you want to continue anyway?" | |
| } | |
| function install_required_packages() { | |
| echo "Install required packages..." | |
| yum makecache | |
| yum install -y \ | |
| glibc-langpack-zh \ | |
| git \ | |
| nginx \ | |
| mariadb-server \ | |
| php-cli \ | |
| php-fpm \ | |
| php-gd \ | |
| php-gmp \ | |
| php-pdo \ | |
| php-xml \ | |
| php-intl \ | |
| php-json \ | |
| php-ldap \ | |
| php-odbc \ | |
| php-pear \ | |
| php-snmp \ | |
| php-soap \ | |
| php-pgsql \ | |
| php-bcmath \ | |
| php-common \ | |
| php-recode \ | |
| php-xmlrpc \ | |
| php-enchant \ | |
| php-mysqlnd \ | |
| php-opcache \ | |
| php-process \ | |
| php-embedded \ | |
| php-mbstring \ | |
| php-pecl-zip \ | |
| php-pecl-apcu \ | |
| python3-pygments | |
| echo "Install \"git-http-backend\"..." | |
| cat <<EOF | tee /usr/local/bin/git-http-backend > /dev/null | |
| #!/bin/sh | |
| /usr/bin/git http-backend \$@ | |
| EOF | |
| chmod 655 /usr/local/bin/git-http-backend | |
| } | |
| function setup_checkout() { | |
| echo "Create directory \"$PHABRICATOR_ROOT\"" | |
| mkdir -p "$PHABRICATOR_ROOT" | |
| echo "Checkout phabricator from $PHABRICATOR_REPO" | |
| git clone "$PHABRICATOR_REPO" "$PHABRICATOR_ROOT" | |
| echo "Checkout to the specified verison : \"$PHABRICATOR_VERSION\"" | |
| git -C "$PHABRICATOR_ROOT" checkout "$PHABRICATOR_VERSION" | |
| echo "Create directory \"$ARCANIST_PATH\"" | |
| mkdir -p "$ARCANIST_PATH" | |
| echo "Checkout arcanist from $ARCANIST_REPO" | |
| git clone "$ARCANIST_REPO" "$ARCANIST_PATH" | |
| echo "Checkout to the specified verison : \"$ARCANIST_VERSION\"" | |
| git -C "$ARCANIST_PATH" checkout "$ARCANIST_VERSION" | |
| } | |
| function setup_mysql() { | |
| echo "Modify my.cnf" | |
| cat <<EOF | tee -a /etc/my.cnf.d/mariadb-server.cnf > /dev/null | |
| local_infile=0 | |
| sql_mode=STRICT_ALL_TABLES | |
| EOF | |
| echo "Start mysql.service" | |
| systemctl enable --now mariadb.service | |
| echo "Configure mariadb users and privilges..." | |
| cat <<EOF | mysql | |
| CREATE USER \`$MYSQL_USER\`@localhost IDENTIFIED BY '$MYSQL_PASS'; | |
| GRANT ALL PRIVILEGES ON \`phabricator\_%\`.* TO \`$MYSQL_USER\`@localhost; | |
| EOF | |
| cat <<EOF | |
| ======================================================================= | |
| MySQL setup finisehd, later you can run "mysql_secure_installation" | |
| to improve the security of your MySQL (MariaDB) installation. | |
| ======================================================================= | |
| EOF | |
| } | |
| function setup_php() { | |
| echo "Configure \"date.timezone\" to \"$TIMEZONE\"" | |
| sed -i "s,;date.timezone =.*,date.timezone = '$TIMEZONE'," /etc/php.ini | |
| echo "Configure \"post_max_size\"" | |
| sed -i 's/post_max_size =.*/post_max_size = 32M/' /etc/php.ini | |
| echo "Configure opcache" | |
| sed -i 's/;opcache.validate_timestamps=.*/opcache.validate_timestamps=0/' /etc/php.d/10-opcache.ini | |
| echo "Start php-fpm..." | |
| systemctl enable --now php-fpm | |
| } | |
| function setup_users() { | |
| echo "Create user \"$PHD_USER\"..." | |
| sudo useradd -U -M -l -r -s /sbin/nologin $PHD_USER | |
| echo "Create user \"$VCS_USER\"..." | |
| sudo useradd -U -m -r -s /bin/sh $VCS_USER | |
| echo "Create directory \"$REPOS_PATH\"" | |
| mkdir -p "$REPOS_PATH" | |
| chown $PHD_USER:$PHD_USER "$REPOS_PATH" | |
| echo "Create directory \"$FILES_PATH\"" | |
| mkdir -p "$FILES_PATH" | |
| chown apache:apache "$FILES_PATH" | |
| echo "Create directory \"$PHD_LOG_DIR\"" | |
| mkdir -p "$PHD_LOG_DIR" | |
| chown $PHD_USER:$PHD_USER "$PHD_LOG_DIR" | |
| } | |
| function setup_sudoers() { | |
| echo "Configure sudoers..." | |
| cat <<EOF | sudo tee -a /etc/sudoers.d/phabricator > /dev/null | |
| apache ALL=($PHD_USER) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/local/bin/git-http-backend | |
| $VCS_USER ALL=($PHD_USER) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/local/bin/git-http-backend | |
| EOF | |
| } | |
| function setup_sshd() { | |
| echo "Installing \"/usr/local/sbin/phabricator-ssh-hook.sh\"" | |
| cp $PHABRICATOR_ROOT/resources/sshd/phabricator-ssh-hook.sh /usr/local/sbin/phabricator-ssh-hook.sh | |
| sed -i "s/vcs-user/$VCS_USER/" /usr/local/sbin/phabricator-ssh-hook.sh | |
| sed -i "s,/path/to/phabricator,$PHABRICATOR_ROOT," /usr/local/sbin/phabricator-ssh-hook.sh | |
| chmod 755 /usr/local/sbin/phabricator-ssh-hook.sh | |
| echo "Backing original \"sshd_config\" to \"/etc/ssh/.sshd_config.bak\"" | |
| cp /etc/ssh/sshd_config /etc/ssh/.sshd_config.bak | |
| echo "Modify \"/etc/ssh/sshd_config\"..." | |
| cat <<EOF | tee -a /etc/ssh/sshd_config > /dev/null | |
| Match User $VCS_USER | |
| AllowAgentForwarding no | |
| AllowTcpForwarding no | |
| PasswordAuthentication no | |
| AuthorizedKeysFile none | |
| AuthorizedKeysCommand /usr/local/sbin/phabricator-ssh-hook.sh | |
| AuthorizedKeysCommandUser $VCS_USER | |
| EOF | |
| sshd -T -C user=$VCS_USER > /dev/null | |
| if [ "$?" -ne 0 ]; then | |
| echo "BREAK: \"sshd_config\" check syntax failed, will restore to old \"sshd_config\"" | |
| mv /etc/ssh/.sshd_config.bak /etc/ssh/sshd_config | |
| exit 1 | |
| else | |
| echo "Restart sshd.service" | |
| systemctl restart sshd.service | |
| fi | |
| } | |
| function setup_phabricator() { | |
| echo "Configure phabricator..." | |
| cat <<EOF | sudo tee $PHABRICATOR_ROOT/conf/local/local.json > /dev/null | |
| { | |
| "mysql.user": "$MYSQL_USER", | |
| "mysql.pass": "$MYSQL_PASS", | |
| "ui.header-color": "blue", | |
| "ui.logo": { | |
| "logoImagePHID": null, | |
| "wordmarkText": "$INSTANCE_TITLE" | |
| }, | |
| "phabricator.base-uri": "https://$INSTANCE_HOST", | |
| "phd.user": "$PHD_USER", | |
| "diffusion.ssh-user": "$VCS_USER", | |
| "repository.default-local-path": "$REPOS_PATH", | |
| "storage.local-disk.path": "$FILES_PATH", | |
| "storage.mysql-engine.max-size": 0, | |
| "diffusion.allow-git-lfs": true, | |
| "diffusion.allow-http-auth": true, | |
| "config.ignore-issues": { | |
| "security.security.alternate-file-domain": true, | |
| "mysql.innodb_buffer_pool_size": true, | |
| "mysql.max_allowed_packet": true | |
| }, | |
| "security.require-https": true, | |
| $MAILER_CONFIGURATIONS, | |
| "phabricator.show-prototypes": true, | |
| "pygments.enabled": true, | |
| "phd.log-directory": "$PHD_LOG_DIR" | |
| } | |
| EOF | |
| echo "Initialize databases..." | |
| $PHABRICATOR_ROOT/bin/storage upgrade --force | |
| } | |
| function setup_phd() { | |
| echo "Configure phd.service" | |
| cat <<EOF | sudo tee /etc/systemd/system/phd.service > /dev/null | |
| # Systemd unit file for phd | |
| [Unit] | |
| Description=Phabricator Daemon | |
| After=syslog.target network.target | |
| [Service] | |
| Type=forking | |
| ExecStart=$PHABRICATOR_ROOT/bin/phd start | |
| ExecStop=$PHABRICATOR_ROOT/bin/phd stop | |
| User=$PHD_USER | |
| Group=$PHD_USER | |
| Restart=on-failure | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOF | |
| systemctl daemon-reload | |
| systemctl enable --now phd.service | |
| } | |
| function setup_nginx() { | |
| echo "Configure nginx..." | |
| cat <<EOF | sudo tee /etc/nginx/conf.d/phabricator.conf > /dev/null | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name $INSTANCE_HOST; | |
| return 301 https://\$host\$request_uri; | |
| } | |
| server { | |
| listen 443 ssl http2; | |
| listen [::]:443 ssl http2; | |
| server_name $INSTANCE_HOST; | |
| root $PHABRICATOR_ROOT/webroot; | |
| client_max_body_size 32m; | |
| location / { | |
| index index.php; | |
| rewrite ^/(.*)\$ /index.php?__path__=/\$1 last; | |
| } | |
| location /index.php { | |
| fastcgi_pass php-fpm; | |
| fastcgi_index index.php; | |
| include fastcgi.conf; | |
| } | |
| ssl_certificate $SSL_CERT_PATH; | |
| ssl_certificate_key $SSL_KEY_PATH; | |
| ssl_session_timeout 1d; | |
| ssl_session_cache shared:MozSSL:10m; | |
| ssl_session_tickets off; | |
| ssl_dhparam $DHPARAM_PATH; | |
| ssl_protocols TLSv1.2 TLSv1.3; | |
| ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; | |
| ssl_prefer_server_ciphers off; | |
| resolver 8.8.8.8 8.8.4.4; | |
| } | |
| EOF | |
| systemctl enable --now nginx | |
| nginx -s reload | |
| } | |
| # Comment this line when debugging | |
| ensure_environment | |
| # Start to configure | |
| echo "======= Configure Phabricator =======" | |
| configure_base | |
| configure_version | |
| configure_mysql | |
| configure_ssl | |
| configure_core | |
| configure_mailer | |
| review_configurations | |
| show_disclaimer | |
| cat <<EOF | |
| Installation will start in 5 seconds... | |
| You can press CTRL+C to STOP it before starting. | |
| EOF | |
| sleep 5 | |
| # Start to install | |
| echo "> First, we will start to install required packages." | |
| ask_continue | |
| install_required_packages | |
| echo "> Next, we will checkout phabricator and arcanist to local." | |
| ask_continue | |
| setup_checkout | |
| echo "> Next, we will configure mysql." | |
| ask_continue | |
| setup_mysql | |
| echo "> Next, we will configure php-fpm." | |
| ask_continue | |
| setup_php | |
| echo "> Next, we will create required system users for phabricator," | |
| echo " and create some required directories." | |
| ask_continue | |
| setup_users | |
| cat <<EOF | |
| > Next, we will modify your sudoers configuration. | |
| ATTENTION: This is a dangerous operation!!! | |
| EOF | |
| ask_continue | |
| setup_sudoers | |
| cat <<EOF | |
| > Next, we will modify your "sshd_config" | |
| The operation may cause you cannot access this machine. | |
| ATTENSION: This is a very dangerous operation!!! | |
| ATTENSION: This is a very dangerous operation!!! | |
| ATTENSION: This is a very dangerous operation!!! | |
| If you don't want to make this change, you should press | |
| CTRL+C to quit the installation. | |
| EOF | |
| ask_continue | |
| ask_continue "This operation is VERY dangerous! Do you want to continue anyway?" | |
| ask_continue "Are you sure?" | |
| setup_sshd | |
| echo "Next, we will configure phabricator" | |
| ask_continue | |
| setup_phabricator | |
| echo "Next, we will install phd.service (Phabricator Daemon)" | |
| ask_continue | |
| setup_phd | |
| echo "Finally, we will configure your nginx." | |
| ask_continue | |
| setup_nginx | |
| cat <<EOF | |
| ***************************************** | |
| Phabricator Installation Finished | |
| Please make your dns record to point this machine: | |
| $INSTANCE_HOST -> "$public_ip" | |
| Or edit your hosts file to make your domain "$INSTANCE_HOST" | |
| point to this machine. | |
| Now, you can visit your Phabricator on: | |
| https://$INSTANCE_HOST | |
| NOTE: | |
| Please disable SELinux for your system, it will cause many problem: | |
| sudo setenforce 0 | |
| If you cannot access phabricator, check your firewall settings. | |
| You can allow http and https service via firewall-cmd: | |
| sudo firewall-cmd --zone=public --add-service=http --permanent | |
| sudo firewall-cmd --zone=public --add-service=https --permanent | |
| sudo firewall-cmd --reload | |
| ***************************************** | |
| EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment