Configuring Phabricator

Let’s say Phabricator is installed as I described in the article:
Install Phabricator on Ubuntu
Now let’s get started with the setup.

On the left menu, select “Auth”, click “Add Provider” and select “Username/Password” to add authorization by login/password.

After that, according to security recommendations, we prohibit changing authorization methods:

cd /home/phd/phabricator/
./bin/auth lock

In the user profile, set the password. If after installation you accidentally closed Phabricator and did not have time to specify a password, then you can log in by running the command below, in a similar way you can restore the password for users:

./bin/auth recover admin

Create directories for repositories, large files and specify the owner:

mkdir -p /var/repo/
mkdir -p /var/files/
chown -R phd:phd /var/repo/
chown -R phd:phd /var/files/
chown -R phd:phd /home/phd/

Create an autorun script:

nano /etc/systemd/system/phd.service

Add to it:

[Unit]
Description=Phabricator Daemons
After=network.target,mysql.service
Requires=network.target,mysql.service

[Service]
Type=forking
User=phd
ExecStart=/home/phd/phabricator/bin/phd start
ExecStop=/home/phd/phabricator/bin/phd stop
Restart=always
RestartSec=10
StartLimitInterval=0
StartLimitBurst=0

[Install]
WantedBy=multi-user.target

If sometimes you need to stop the phd process, then in the script, change Restart=always to Restart=on-failure and execute:

systemctl daemon-reload

We activate the script:

systemctl enable phd --now

We indicate the necessary parameters:

./bin/config set repository.default-local-path /var/repo/
./bin/config set storage.local-disk.path /var/files/
./bin/config set phd.user phd
./bin/config set phabricator.timezone Europe/Kiev
./bin/config set policy.allow-public false

Specify the domain on which Phabricator runs:

./bin/config set phabricator.base-uri 'https://git.ixnfo.com/'

If necessary, you can see the value of any parameter, for example like this:

./bin/config get phd.user

If necessary, you can enable detailed logs (I note that they will grow very quickly in size and can fill the disk system):

./bin/config set phd.trace true
./bin/config set phd.verbose true
./bin/config set phd.trace false
./bin/config set phd.verbose false

An example of manually stopping and starting phd:

./bin/phd start
./bin/phd restart
sudo -En -u 'phd' -- /home/phd/phabricator/bin/phd start

You can check if the process is running as follows:

ps aux | grep phd
systemctl status phd

I also created a symlink to git-http-backend:

ln -s /usr/lib/git-core/git-http-backend /usr/bin/git-http-backend

Let’s create the first repository using Diffusion and create “VCS Password” in the profile of our user (it is necessary for connecting to repositories via https).
If you connect to the repository with the wrong password, an error will be displayed:
abort: HTTP Error 403: Invalid credentials.

We also indicate the recommended parameters in php.ini:

file_uploads = On
allow_url_fopen = On
short_open_tag = On
memory_limit = 512M
upload_max_filesize = 128M
post_max_size = 128M
max_execution_time = 360
date.timezone = Europe/Kiev
opcache.validate_timestamps=0

I also specified in /etc/mysql/mysql.conf.d/mysqld.cnf some recommended options:

local_infile=0
innodb_buffer_pool_size=2G
innodb_buffer_pool_instances=2
sql_mode=ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION,STRICT_ALL_TABLES

It is also necessary to configure the mail parameters, for the test I just installed Postfix:
Installing and Configuring Postfix

Created a mailers.json file with the contents:

[
  {
    "key": "sendmail",
    "type": "sendmail"
  }
]

And executed the command:

./bin/config set --stdin cluster.mailers < mailers.json

After this, letters can already be sent from the server, but it is advisable to configure a mail server or specify a third-party one.

Example of sending a test message to the user’s email and viewing his status:

./bin/mail send-test
./bin/mail send-test --to admin < README.md
./bin/mail list-outbound
./bin/mail show-outbound
./bin/mail show-outbound --id 1
./bin/mail help

You can install Pygments:

sudo apt-get install python-pygments
./bin/config set pygments.enabled true

Allow connections to repositories via http:

./bin/config set diffusion.allow-http-auth true

And so that https is always used:

./bin/config set security.require-https true

If you want to prevent search sites from indexing the site, create the file /home/phd/phabricator/webroot/robots.txt with the following contents:

User-agent: *
Disallow: /

Set up the logs (by default, the logs are written in /var/tmp/phd/log):

mkdir /var/log/phabricator/
touch /var/log/phabricator/access.log
touch /var/log/phabricator/ssh.log
chown phd:phd /var/log/phabricator/daemon
chown vcs-user:vcs-user /var/log/phabricator/ssh.log
chown www-data:www-data /var/log/phabricator/access.log
./bin/config set log.access.path /var/log/phabricator/access.log
./bin/config set log.ssh.path /var/log/phabricator/ssh.log
./bin/config set phd.log-directory /var/log/phabricator

You can configure recaptcha:

recaptcha.enabled true
recaptcha.private-key ...
recaptcha.public-key ...

Add at the end of the file /etc/sudoers:

git ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/local/bin/hg, /usr/bin/svnserve
www-data ALL=(phd) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/lib/git-core/git-http-backend, /usr/bin/hg, /usr/local/bin/hg

An example of manual execution of commands:

su phd
printf 'listkeys\nnamespace 10\n' | /usr/local/bin/hg -R /var/repo/1/ serve --stdio

See also my articles:
Install Phabricator on Ubuntu
Backup Phabricator

Leave a comment

Leave a Reply