Mercurial Mercurial > repos > isabelle / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | gz | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
some information about Phabricator server setup;
authorwenzelm
Tue, 24 Sep 2019 16:17:37 +0200
changeset 70750 07673e7cb5e6
parent 70749 5d06b7bb9d22
child 70753 c5232e6fb10b
some information about Phabricator server setup;
Admin/Phabricator/README file | annotate | diff | comparison | revisions
Admin/Phabricator/ssh/ssh-hook file | annotate | diff | comparison | revisions
Admin/Phabricator/ssh/sshd-phabricator.service file | annotate | diff | comparison | revisions
Admin/Phabricator/ssh/sshd_config.phabricator file | annotate | diff | comparison | revisions
Admin/Phabricator/ssh/sudoers.d/phabricator file | annotate | diff | comparison | revisions
Admin/Phabricator/update file | annotate | diff | comparison | revisions 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Admin/Phabricator/README	Tue Sep 24 16:17:37 2019 +0200
@@ -0,0 +1,54 @@
+Phabricator server
+==================
+
+- https://www.phacility.com/phabricator
+
+  Slogan: "Discuss. Plan. Code. Review. Test.
+  Every application your project needs, all in one tool."
+
+- Ubuntu 18.04 LTS Linux Server standard installation with
+  Apache and MySQL
+  https://help.ubuntu.com/lts/serverguide
+  https://help.ubuntu.com/lts/serverguide/httpd.html
+  https://help.ubuntu.com/lts/serverguide/mysql.html
+
+- Apache HTTPS via "Let's Encrypt":
+  https://letsencrypt.org/getting-started
+
+- Installation:
+
+  https://secure.phabricator.com/book/phabricator/article/installation_guide
+  https://secure.phabricator.com/source/phabricator/browse/master/scripts/install/install_ubuntu.sh
+
+- Configuration/Setup Issues: ignore "Alternate File Domain Not Configured"
+
+- Configuration/Accounts: local, *not* Google, Github etc.
+  https://secure.phabricator.com/book/phabricator/article/configuring_accounts_and_registration
+
+- Configuration/Mail:
+  https://secure.phabricator.com/book/phabricator/article/configuring_outbound_email
+
+  e.g. external SMTP via suitable mailers.json:
+  $ ./bin/config set --stdin cluster.mailers < mailers.json
+
+- Configuration/SSH:
+  https://secure.phabricator.com/book/phabricator/article/diffusion_hosting
+
+  $ cp ssh/ssh-hook /usr/local/bin/.
+  $ cp ssh/sshd_config.phabricator /etc/ssh/.
+  $ cp ssh/sshd-phabricator.service /etc/systemd/system/.
+  $ cp ssh/sudoers.d/phabricator /etc/sudoers.d/.
+
+  Test:
+  $ echo "{}" | ssh -p2222 vcs@phabricator.sketis.net conduit conduit.ping
+
+- Update:
+  https://secure.phabricator.com/book/phabricator/article/upgrading
+
+  sudo ./update
+
+- Backup:
+  https://secure.phabricator.com/book/phabricator/article/configuring_backups
+
+  $ apt install automysqlbackup
+  edit /etc/default/automysqlbackup: BACKUPDIR
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Admin/Phabricator/ssh/ssh-hook	Tue Sep 24 16:17:37 2019 +0200
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# NOTE: Replace this with the username that you expect users to connect with.
+VCSUSER="vcs"
+
+# NOTE: Replace this with the path to your Phabricator directory.
+ROOT="/var/www/phabricator/phabricator"
+
+if [ "$1" != "$VCSUSER" ];
+then
+  exit 1
+fi
+
+exec "$ROOT/bin/ssh-auth" $@
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Admin/Phabricator/ssh/sshd-phabricator.service	Tue Sep 24 16:17:37 2019 +0200
@@ -0,0 +1,21 @@
+[Unit]
+Description=OpenBSD Secure Shell server (Phabricator)
+After=network.target auditd.service
+ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
+
+[Service]
+EnvironmentFile=-/etc/default/ssh
+ExecStartPre=/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator -t
+ExecStart=/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator -D $SSHD_OPTS
+ExecReload=/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator -t
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+RestartPreventExitStatus=255
+Type=notify
+RuntimeDirectory=sshd-phabricator
+RuntimeDirectoryMode=0755
+
+[Install]
+WantedBy=multi-user.target
+Alias=sshd-phabricator.service
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Admin/Phabricator/ssh/sshd_config.phabricator	Tue Sep 24 16:17:37 2019 +0200
@@ -0,0 +1,24 @@
+# NOTE: You must have OpenSSHD 6.2 or newer; support for AuthorizedKeysCommand
+# was added in this version.
+
+# NOTE: Edit these to the correct values for your setup.
+
+AuthorizedKeysCommand /usr/local/bin/ssh-hook
+AuthorizedKeysCommandUser vcs
+AllowUsers vcs
+
+# You may need to tweak these options, but mostly they just turn off everything
+# dangerous.
+
+Port 2222
+Protocol 2
+PermitRootLogin no
+AllowAgentForwarding no
+AllowTcpForwarding no
+PrintMotd no
+PrintLastLog no
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+AuthorizedKeysFile none
+
+PidFile /var/run/sshd-phabricator.pid
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Admin/Phabricator/ssh/sudoers.d/phabricator	Tue Sep 24 16:17:37 2019 +0200
@@ -0,0 +1,2 @@
+www-data ALL=(phab-daemon) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/hg, /usr/bin/ssh, /usr/bin/id
+vcs ALL=(phab-daemon) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve, /usr/bin/ssh, /usr/bin/id
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Admin/Phabricator/update	Tue Sep 24 16:17:37 2019 +0200
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+#
+# Update Phabricator installation in given ROOT directory
+# see https://secure.phabricator.com/book/phabricator/article/upgrading
+
+set -e
+
+ROOT="${1:-/var/www/phabricator}"
+
+"$ROOT/phabricator/bin/phd" stop
+
+systemctl stop apache2
+
+for REPOS in libphutil arcanist phabricator
+do
+  cd "$ROOT/$REPOS"
+  git pull
+done
+
+"$ROOT/phabricator/bin/storage" upgrade --force
+
+systemctl start apache2
+
+"$ROOT/phabricator/bin/phd" start
isabelle