# HG changeset patch # User wenzelm # Date 1569334657 -7200 # Node ID 07673e7cb5e6fab0460b8142ddf690fd676d9bbf # Parent 5d06b7bb9d229af3534deb61fed2734e9b4a3a92 some information about Phabricator server setup; diff -r 5d06b7bb9d22 -r 07673e7cb5e6 Admin/Phabricator/README --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/Admin/Phabricator/README Tue Sep 24 16:17:37 2019 +0200 @@ -0,0 +1,54 @@ +Phabricator server +================== + +- https://www.phacility.com/phabricator + + Slogan: "Discuss. Plan. Code. Review. Test. + Every application your project needs, all in one tool." + +- Ubuntu 18.04 LTS Linux Server standard installation with + Apache and MySQL + https://help.ubuntu.com/lts/serverguide + https://help.ubuntu.com/lts/serverguide/httpd.html + https://help.ubuntu.com/lts/serverguide/mysql.html + +- Apache HTTPS via "Let's Encrypt": + https://letsencrypt.org/getting-started + +- Installation: + + https://secure.phabricator.com/book/phabricator/article/installation_guide + https://secure.phabricator.com/source/phabricator/browse/master/scripts/install/install_ubuntu.sh + +- Configuration/Setup Issues: ignore "Alternate File Domain Not Configured" + +- Configuration/Accounts: local, *not* Google, Github etc. + https://secure.phabricator.com/book/phabricator/article/configuring_accounts_and_registration + +- Configuration/Mail: + https://secure.phabricator.com/book/phabricator/article/configuring_outbound_email + + e.g. external SMTP via suitable mailers.json: + $ ./bin/config set --stdin cluster.mailers < mailers.json + +- Configuration/SSH: + https://secure.phabricator.com/book/phabricator/article/diffusion_hosting + + $ cp ssh/ssh-hook /usr/local/bin/. + $ cp ssh/sshd_config.phabricator /etc/ssh/. + $ cp ssh/sshd-phabricator.service /etc/systemd/system/. + $ cp ssh/sudoers.d/phabricator /etc/sudoers.d/. + + Test: + $ echo "{}" | ssh -p2222 vcs@phabricator.sketis.net conduit conduit.ping + +- Update: + https://secure.phabricator.com/book/phabricator/article/upgrading + + sudo ./update + +- Backup: + https://secure.phabricator.com/book/phabricator/article/configuring_backups + + $ apt install automysqlbackup + edit /etc/default/automysqlbackup: BACKUPDIR diff -r 5d06b7bb9d22 -r 07673e7cb5e6 Admin/Phabricator/ssh/ssh-hook --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/Admin/Phabricator/ssh/ssh-hook Tue Sep 24 16:17:37 2019 +0200 @@ -0,0 +1,14 @@ +#!/bin/sh + +# NOTE: Replace this with the username that you expect users to connect with. +VCSUSER="vcs" + +# NOTE: Replace this with the path to your Phabricator directory. +ROOT="/var/www/phabricator/phabricator" + +if [ "$1" != "$VCSUSER" ]; +then + exit 1 +fi + +exec "$ROOT/bin/ssh-auth" $@ diff -r 5d06b7bb9d22 -r 07673e7cb5e6 Admin/Phabricator/ssh/sshd-phabricator.service --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/Admin/Phabricator/ssh/sshd-phabricator.service Tue Sep 24 16:17:37 2019 +0200 @@ -0,0 +1,21 @@ +[Unit] +Description=OpenBSD Secure Shell server (Phabricator) +After=network.target auditd.service +ConditionPathExists=!/etc/ssh/sshd_not_to_be_run + +[Service] +EnvironmentFile=-/etc/default/ssh +ExecStartPre=/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator -t +ExecStart=/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator -D $SSHD_OPTS +ExecReload=/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator -t +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=on-failure +RestartPreventExitStatus=255 +Type=notify +RuntimeDirectory=sshd-phabricator +RuntimeDirectoryMode=0755 + +[Install] +WantedBy=multi-user.target +Alias=sshd-phabricator.service diff -r 5d06b7bb9d22 -r 07673e7cb5e6 Admin/Phabricator/ssh/sshd_config.phabricator --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/Admin/Phabricator/ssh/sshd_config.phabricator Tue Sep 24 16:17:37 2019 +0200 @@ -0,0 +1,24 @@ +# NOTE: You must have OpenSSHD 6.2 or newer; support for AuthorizedKeysCommand +# was added in this version. + +# NOTE: Edit these to the correct values for your setup. + +AuthorizedKeysCommand /usr/local/bin/ssh-hook +AuthorizedKeysCommandUser vcs +AllowUsers vcs + +# You may need to tweak these options, but mostly they just turn off everything +# dangerous. + +Port 2222 +Protocol 2 +PermitRootLogin no +AllowAgentForwarding no +AllowTcpForwarding no +PrintMotd no +PrintLastLog no +PasswordAuthentication no +ChallengeResponseAuthentication no +AuthorizedKeysFile none + +PidFile /var/run/sshd-phabricator.pid diff -r 5d06b7bb9d22 -r 07673e7cb5e6 Admin/Phabricator/ssh/sudoers.d/phabricator --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/Admin/Phabricator/ssh/sudoers.d/phabricator Tue Sep 24 16:17:37 2019 +0200 @@ -0,0 +1,2 @@ +www-data ALL=(phab-daemon) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/hg, /usr/bin/ssh, /usr/bin/id +vcs ALL=(phab-daemon) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve, /usr/bin/ssh, /usr/bin/id diff -r 5d06b7bb9d22 -r 07673e7cb5e6 Admin/Phabricator/update --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/Admin/Phabricator/update Tue Sep 24 16:17:37 2019 +0200 @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +# +# Update Phabricator installation in given ROOT directory +# see https://secure.phabricator.com/book/phabricator/article/upgrading + +set -e + +ROOT="${1:-/var/www/phabricator}" + +"$ROOT/phabricator/bin/phd" stop + +systemctl stop apache2 + +for REPOS in libphutil arcanist phabricator +do + cd "$ROOT/$REPOS" + git pull +done + +"$ROOT/phabricator/bin/storage" upgrade --force + +systemctl start apache2 + +"$ROOT/phabricator/bin/phd" start