some information about Phabricator server setup;
authorwenzelm
Tue Sep 24 16:17:37 2019 +0200 (4 weeks ago ago)
changeset 7094207673e7cb5e6
parent 70940 5d06b7bb9d22
child 70943 c5232e6fb10b
some information about Phabricator server setup;
Admin/Phabricator/README
Admin/Phabricator/ssh/ssh-hook
Admin/Phabricator/ssh/sshd-phabricator.service
Admin/Phabricator/ssh/sshd_config.phabricator
Admin/Phabricator/ssh/sudoers.d/phabricator
Admin/Phabricator/update
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/Admin/Phabricator/README	Tue Sep 24 16:17:37 2019 +0200
     1.3 @@ -0,0 +1,54 @@
     1.4 +Phabricator server
     1.5 +==================
     1.6 +
     1.7 +- https://www.phacility.com/phabricator
     1.8 +
     1.9 +  Slogan: "Discuss. Plan. Code. Review. Test.
    1.10 +  Every application your project needs, all in one tool."
    1.11 +
    1.12 +- Ubuntu 18.04 LTS Linux Server standard installation with
    1.13 +  Apache and MySQL
    1.14 +  https://help.ubuntu.com/lts/serverguide
    1.15 +  https://help.ubuntu.com/lts/serverguide/httpd.html
    1.16 +  https://help.ubuntu.com/lts/serverguide/mysql.html
    1.17 +
    1.18 +- Apache HTTPS via "Let's Encrypt":
    1.19 +  https://letsencrypt.org/getting-started
    1.20 +
    1.21 +- Installation:
    1.22 +
    1.23 +  https://secure.phabricator.com/book/phabricator/article/installation_guide
    1.24 +  https://secure.phabricator.com/source/phabricator/browse/master/scripts/install/install_ubuntu.sh
    1.25 +
    1.26 +- Configuration/Setup Issues: ignore "Alternate File Domain Not Configured"
    1.27 +
    1.28 +- Configuration/Accounts: local, *not* Google, Github etc.
    1.29 +  https://secure.phabricator.com/book/phabricator/article/configuring_accounts_and_registration
    1.30 +
    1.31 +- Configuration/Mail:
    1.32 +  https://secure.phabricator.com/book/phabricator/article/configuring_outbound_email
    1.33 +
    1.34 +  e.g. external SMTP via suitable mailers.json:
    1.35 +  $ ./bin/config set --stdin cluster.mailers < mailers.json
    1.36 +
    1.37 +- Configuration/SSH:
    1.38 +  https://secure.phabricator.com/book/phabricator/article/diffusion_hosting
    1.39 +
    1.40 +  $ cp ssh/ssh-hook /usr/local/bin/.
    1.41 +  $ cp ssh/sshd_config.phabricator /etc/ssh/.
    1.42 +  $ cp ssh/sshd-phabricator.service /etc/systemd/system/.
    1.43 +  $ cp ssh/sudoers.d/phabricator /etc/sudoers.d/.
    1.44 +
    1.45 +  Test:
    1.46 +  $ echo "{}" | ssh -p2222 vcs@phabricator.sketis.net conduit conduit.ping
    1.47 +
    1.48 +- Update:
    1.49 +  https://secure.phabricator.com/book/phabricator/article/upgrading
    1.50 +
    1.51 +  sudo ./update
    1.52 +
    1.53 +- Backup:
    1.54 +  https://secure.phabricator.com/book/phabricator/article/configuring_backups
    1.55 +
    1.56 +  $ apt install automysqlbackup
    1.57 +  edit /etc/default/automysqlbackup: BACKUPDIR
     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/Admin/Phabricator/ssh/ssh-hook	Tue Sep 24 16:17:37 2019 +0200
     2.3 @@ -0,0 +1,14 @@
     2.4 +#!/bin/sh
     2.5 +
     2.6 +# NOTE: Replace this with the username that you expect users to connect with.
     2.7 +VCSUSER="vcs"
     2.8 +
     2.9 +# NOTE: Replace this with the path to your Phabricator directory.
    2.10 +ROOT="/var/www/phabricator/phabricator"
    2.11 +
    2.12 +if [ "$1" != "$VCSUSER" ];
    2.13 +then
    2.14 +  exit 1
    2.15 +fi
    2.16 +
    2.17 +exec "$ROOT/bin/ssh-auth" $@
     3.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.2 +++ b/Admin/Phabricator/ssh/sshd-phabricator.service	Tue Sep 24 16:17:37 2019 +0200
     3.3 @@ -0,0 +1,21 @@
     3.4 +[Unit]
     3.5 +Description=OpenBSD Secure Shell server (Phabricator)
     3.6 +After=network.target auditd.service
     3.7 +ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
     3.8 +
     3.9 +[Service]
    3.10 +EnvironmentFile=-/etc/default/ssh
    3.11 +ExecStartPre=/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator -t
    3.12 +ExecStart=/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator -D $SSHD_OPTS
    3.13 +ExecReload=/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator -t
    3.14 +ExecReload=/bin/kill -HUP $MAINPID
    3.15 +KillMode=process
    3.16 +Restart=on-failure
    3.17 +RestartPreventExitStatus=255
    3.18 +Type=notify
    3.19 +RuntimeDirectory=sshd-phabricator
    3.20 +RuntimeDirectoryMode=0755
    3.21 +
    3.22 +[Install]
    3.23 +WantedBy=multi-user.target
    3.24 +Alias=sshd-phabricator.service
     4.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     4.2 +++ b/Admin/Phabricator/ssh/sshd_config.phabricator	Tue Sep 24 16:17:37 2019 +0200
     4.3 @@ -0,0 +1,24 @@
     4.4 +# NOTE: You must have OpenSSHD 6.2 or newer; support for AuthorizedKeysCommand
     4.5 +# was added in this version.
     4.6 +
     4.7 +# NOTE: Edit these to the correct values for your setup.
     4.8 +
     4.9 +AuthorizedKeysCommand /usr/local/bin/ssh-hook
    4.10 +AuthorizedKeysCommandUser vcs
    4.11 +AllowUsers vcs
    4.12 +
    4.13 +# You may need to tweak these options, but mostly they just turn off everything
    4.14 +# dangerous.
    4.15 +
    4.16 +Port 2222
    4.17 +Protocol 2
    4.18 +PermitRootLogin no
    4.19 +AllowAgentForwarding no
    4.20 +AllowTcpForwarding no
    4.21 +PrintMotd no
    4.22 +PrintLastLog no
    4.23 +PasswordAuthentication no
    4.24 +ChallengeResponseAuthentication no
    4.25 +AuthorizedKeysFile none
    4.26 +
    4.27 +PidFile /var/run/sshd-phabricator.pid
     5.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     5.2 +++ b/Admin/Phabricator/ssh/sudoers.d/phabricator	Tue Sep 24 16:17:37 2019 +0200
     5.3 @@ -0,0 +1,2 @@
     5.4 +www-data ALL=(phab-daemon) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/hg, /usr/bin/ssh, /usr/bin/id
     5.5 +vcs ALL=(phab-daemon) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve, /usr/bin/ssh, /usr/bin/id
     6.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     6.2 +++ b/Admin/Phabricator/update	Tue Sep 24 16:17:37 2019 +0200
     6.3 @@ -0,0 +1,24 @@
     6.4 +#!/usr/bin/env bash
     6.5 +#
     6.6 +# Update Phabricator installation in given ROOT directory
     6.7 +# see https://secure.phabricator.com/book/phabricator/article/upgrading
     6.8 +
     6.9 +set -e
    6.10 +
    6.11 +ROOT="${1:-/var/www/phabricator}"
    6.12 +
    6.13 +"$ROOT/phabricator/bin/phd" stop
    6.14 +
    6.15 +systemctl stop apache2
    6.16 +
    6.17 +for REPOS in libphutil arcanist phabricator
    6.18 +do
    6.19 +  cd "$ROOT/$REPOS"
    6.20 +  git pull
    6.21 +done
    6.22 +
    6.23 +"$ROOT/phabricator/bin/storage" upgrade --force
    6.24 +
    6.25 +systemctl start apache2
    6.26 +
    6.27 +"$ROOT/phabricator/bin/phd" start