How to setup Phabricator on AWS (Part 3 — Configuring Phabricator)
Summary
In the previous parts of this walkthrough we went through the process of setting up requirements needed to launch an instance of Phabricator. At this point of the walkthrough we should have an instance of Phabricator up and running but without it core features. If you missed out on those steps you can visit them through the links listed below:
Part 1 — Setting up requirements
Part 2 — Launching Phabricator
This part of the walkthrough will guide you through the process of setting up the core features needed to run Phabricator properly.
Configuring Mailgun
During the last part of the walkthrough we had just finished configuring mysql to work with Phabricator. You should have ended up on a screen that looks similar to the one above.
Once you have created an admin account you will see a large amount of notifications in the top left that require your attention.
The first items that you should address are configuring the base-uri and authentication methods for Phabricator. Set those up by following the given instructions as they are pretty straightforward.
Under the list of notification you should see another one telling you configure a mailer with instructions on how to do so. Since we have already setup the outbound mailer in Part 1, we just need to set it in our Phabricator configuration. To do so, create a file called ‘mailers.json’ and paste in the following contents:
Be sure to replace ‘MYDOMAIN’ and ‘MYMAILERAPIKEY’ with your own values. Once you have create that file, apply it to your configuration for Phabricator and restart the daemon with the commands:
sudo ./bin/config set --stdin cluster.mailers < mailers.json
sudo ./bin/phd restart
This should now initialize the mailer and you can test it by sending a message to the email you provided when creating your admin account.
If all goes well you should receive an email with a link to setup a password for your account.
Configuring Diffusion
The next critical step in this configuration process is setting up Diffusion so that you can now host your code repositories. For this process we will be accessing git through SSH and to do so we need to create a set of keys (on your own machine) that we can use to authenticate with Phabricator. First make sure that you have resolved the issue of creating a directory to store you git repositories.
Once you have done that, GitHub provides a guide on how to create SSH keys here. Once you have created the key, go to the ‘Settings’ tab under your profile dropdown and upload the public key to Phabricator.
Now that you have setup your SSH keys, we can now go on and configure Diffusion. To do this we will be following some of the steps outlined in these two guides:
First login to your AWS Phabricator instance and enter the following command to add a vcs-user (we will be using ‘git’ as our vcs-user):
sudo adduser git
After filling out (or skipping) the fields for this new user, we need to add some sudo permissions for this user. We can do this by using visudo to add in a new file into our sudoers.d folder. (Note: The next steps are extremely important)
sudo EDITOR=vim visudo -f /etc/sudoers.d/phabricator
Once inside this new file, enter in the following line (we will be using ‘root’ as our daemon-user):
git ALL=(root) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/bin/git-receive-pack
Save and exit; however if you did not enter the following correctly, you may receive a prompt saying that you have a syntax error. DO NOT ignore this error and continue with saving as it may corrupt your sudoers file, address this error accordingly and ensure that this step is done correctly before moving on.
Restart the Phabricator daemons with the command:
sudo ./bin/phd restart
After doing this configure the vcs-user and daemon-user values for Phabricator (remember to cd into the ‘phabricator’ directory).
sudo ./bin/config set phd.user root
sudo ./bin/config set diffusion.ssh-user git
We will then need to change the values for our git user in ‘/etc/shadow’ and ‘/etc/passwd’ directories. This can be done using usermod but can also be done manually if needed.
sudo usermod -p NP git
sudo usermod -s /bin/sh git
Now we need to open a new port in our firewall to serve git, this can be done with the following command:
sudo iptables -A INPUT -p tcp --dport 2222 -j ACCEPT
Also remember to add a new custom rule for port 2222 to AWS security group if you haven’t already done so. Set this as your ssh port in Phabricator with the following command:
sudo ./bin/config set diffusion.ssh-port 2222
Create a new directory name ‘libexec’ under your ‘/usr’ directory if it doesn’t already exist.
sudo mkdir /usr/libexec
Now create a ‘phabricator-ssh-hook.sh’ file by copy the template from the ‘resources’ directory to the ‘/usr/libexec’ one you just made
sudo cp resources/sshd/phabricator-ssh-hook.sh /usr/libexec/
In that file change the template so that it looks something like this:
Now enter the following commands to set ownership:
sudo chown root /usr/libexec/
sudo chown root /usr/libexec/phabricator-ssh-hook.sh
sudo chmod 755 /usr/libexec/phabricator-ssh-hook.sh
Setup the ‘sshd_config.phabricator’ by copying the template to the ‘/etc/ssh’ directory with the command:
sudo cp resources/sshd/sshd_config.phabricator.example /etc/ssh/sshd_config.phabricator
Once copied, change the ‘vcs-user’ values to ‘git’. Now run it with command:
sudo /usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator
You can now test this by going back to your local machine and entering this command:
echo {} | ssh git@phabricator.MYDOMAIN.com conduit conduit.ping
If everything is setup correctly you should get a response that looks similar to this:
{"result":"phabricator.MYDOMAIN.com","error_code":null,"error_info":null}
You should now be able to go into Diffusion and create a new repository. Once created you can activate it with the ‘Active Repository’ button the right
Troubleshooting
If you get an error when activating you repository that looks similar to this, try the following steps.
Look for the process id on the SSH port with the following command:
sudo lsof -i :2222
You should see something like this:
Kill the process and restart it
sudo kill 1737
sudo /usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator
This should fix the error and display the following:
Next Step
Part 4 — Configuring Backups