Let’s say Phabricator is installed as I described in the article:
Install Phabricator on Ubuntu
Now let’s get started with the setup.
On the left menu, select “Auth”, click “Add Provider” and select “Username/Password” to add authorization by login/password.
After that, according to security recommendations, we prohibit changing authorization methods:
cd /home/phd/phabricator/
./bin/auth lock
In the user profile, set the password. If after installation you accidentally closed Phabricator and did not have time to specify a password, then you can log in by running the command below, in a similar way you can restore the password for users:
./bin/auth recover admin
Create directories for repositories, large files and specify the owner:
mkdir -p /var/repo/
mkdir -p /var/files/
chown -R phd:phd /var/repo/
chown -R phd:phd /var/files/
chown -R phd:phd /home/phd/
Create an autorun script:
nano /etc/systemd/system/phd.service
Add to it:
[Unit]
Description=Phabricator Daemons
After=network.target,mysql.service
Requires=network.target,mysql.service
[Service]
Type=forking
User=phd
ExecStart=/home/phd/phabricator/bin/phd start
ExecStop=/home/phd/phabricator/bin/phd stop
Restart=always
RestartSec=10
StartLimitInterval=0
StartLimitBurst=0
[Install]
WantedBy=multi-user.target
If sometimes you need to stop the phd process, then in the script, change Restart=always to Restart=on-failure and execute:
systemctl daemon-reload
We activate the script:
systemctl enable phd --now
We indicate the necessary parameters:
./bin/config set repository.default-local-path /var/repo/
./bin/config set storage.local-disk.path /var/files/
./bin/config set phd.user phd
./bin/config set phabricator.timezone Europe/Kiev
./bin/config set policy.allow-public false
Specify the domain on which Phabricator runs:
./bin/config set phabricator.base-uri 'https://git.ixnfo.com/'
If necessary, you can see the value of any parameter, for example like this:
./bin/config get phd.user
If necessary, you can enable detailed logs (I note that they will grow very quickly in size and can fill the disk system):
./bin/config set phd.trace true
./bin/config set phd.verbose true
./bin/config set phd.trace false
./bin/config set phd.verbose false
An example of manually stopping and starting phd:
./bin/phd start
./bin/phd restart
sudo -En -u 'phd' -- /home/phd/phabricator/bin/phd start
You can check if the process is running as follows:
ps aux | grep phd
systemctl status phd
I also created a symlink to git-http-backend:
ln -s /usr/lib/git-core/git-http-backend /usr/bin/git-http-backend
Let’s create the first repository using Diffusion and create “VCS Password” in the profile of our user (it is necessary for connecting to repositories via https).
If you connect to the repository with the wrong password, an error will be displayed:
abort: HTTP Error 403: Invalid credentials.
We also indicate the recommended parameters in php.ini:
file_uploads = On
allow_url_fopen = On
short_open_tag = On
memory_limit = 512M
upload_max_filesize = 128M
post_max_size = 128M
max_execution_time = 360
date.timezone = Europe/Kiev
opcache.validate_timestamps=0
You can specify them in the Apache2 configuration, or in the .htaccess file, for example:
<IfModule mod_php7.c>
file_uploads = On
allow_url_fopen = On
short_open_tag = On
memory_limit = 512M
upload_max_filesize = 1024M
post_max_size = 1024M
max_execution_time = 3600
date.timezone = Europe/Kiev
opcache.validate_timestamps=0
</IfModule>
I also specified in /etc/mysql/mysql.conf.d/mysqld.cnf some recommended options:
local_infile=0
innodb_buffer_pool_size=2G
innodb_buffer_pool_instances=2
sql_mode=ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION,STRICT_ALL_TABLES
It is also necessary to configure the mail parameters, for the test I just installed Postfix:
Installing and Configuring Postfix
Created a mailers.json file with the contents:
[
{
"key": "sendmail",
"type": "sendmail"
}
]
And executed the command:
./bin/config set --stdin cluster.mailers < mailers.json
After this, letters can already be sent from the server, but it is advisable to configure a mail server or specify a third-party one.
Example of sending a test message to the user’s email and viewing his status:
./bin/mail send-test
./bin/mail send-test --to admin < README.md
./bin/mail list-outbound
./bin/mail show-outbound
./bin/mail show-outbound --id 1
./bin/mail help
You can install Pygments:
sudo apt-get install python-pygments
./bin/config set pygments.enabled true
Allow connections to repositories via http:
./bin/config set diffusion.allow-http-auth true
And so that https is always used:
./bin/config set security.require-https true
If you want to prevent search sites from indexing the site, create the file /home/phd/phabricator/webroot/robots.txt with the following contents:
User-agent: *
Disallow: /
Set up the logs (by default, the logs are written in /var/tmp/phd/log):
mkdir /var/log/phabricator/
touch /var/log/phabricator/access.log
touch /var/log/phabricator/ssh.log
touch /var/log/phabricator/daemons.log
chown phd:phd /var/log/phabricator/daemons.log
chown vcs-user:vcs-user /var/log/phabricator/ssh.log
chown www-data:www-data /var/log/phabricator/access.log
./bin/config set log.access.path /var/log/phabricator/access.log
./bin/config set log.ssh.path /var/log/phabricator/ssh.log
./bin/config set phd.log-directory /var/log/phabricator
You can configure recaptcha:
recaptcha.enabled true
recaptcha.private-key ...
recaptcha.public-key ...
Add at the end of the file /etc/sudoers:
git ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/local/bin/hg, /usr/bin/svnserve
www-data ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/lib/git-core/git-http-backend, /usr/bin/hg, /usr/local/bin/hg
An example of manual execution of commands:
su phd
printf 'listkeys\nnamespace 10\n' | /usr/local/bin/hg -R /var/repo/1/ serve --stdio
See also my articles:
Configuring SSH for Phabricator
Install Phabricator on Ubuntu
Backup Phabricator