How to setup Phabricator on AWS (Part 3 — Configuring Phabricator)

Summary

In the previous parts of this walkthrough we went through the process of setting up requirements needed to launch an instance of Phabricator. At this point of the walkthrough we should have an instance of Phabricator up and running but without it core features. If you missed out on those steps you can visit them through the links listed below:

Part 1 — Setting up requirements

Part 2 — Launching Phabricator

This part of the walkthrough will guide you through the process of setting up the core features needed to run Phabricator properly.

Configuring Mailgun

During the last part of the walkthrough we had just finished configuring mysql to work with Phabricator. You should have ended up on a screen that looks similar to the one above.

Once you have created an admin account you will see a large amount of notifications in the top left that require your attention.

The first items that you should address are configuring the base-uri and authentication methods for Phabricator. Set those up by following the given instructions as they are pretty straightforward.

Under the list of notification you should see another one telling you configure a mailer with instructions on how to do so. Since we have already setup the outbound mailer in Part 1, we just need to set it in our Phabricator configuration. To do so, create a file called ‘mailers.json’ and paste in the following contents:

Be sure to replace ‘MYDOMAIN’ and ‘MYMAILERAPIKEY’ with your own values. Once you have create that file, apply it to your configuration for Phabricator and restart the daemon with the commands:

sudo ./bin/config set --stdin cluster.mailers < mailers.json
sudo ./bin/phd restart

This should now initialize the mailer and you can test it by sending a message to the email you provided when creating your admin account.

Under your profile page you should see the ‘Manage’ tab in the sidebar, on that page click on the option to send a welcome email

If all goes well you should receive an email with a link to setup a password for your account.

Configuring Diffusion

The next critical step in this configuration process is setting up Diffusion so that you can now host your code repositories. For this process we will be accessing git through SSH and to do so we need to create a set of keys (on your own machine) that we can use to authenticate with Phabricator. First make sure that you have resolved the issue of creating a directory to store you git repositories.

Make sure you create a local path for your repositories before moving on

Once you have done that, GitHub provides a guide on how to create SSH keys here. Once you have created the key, go to the ‘Settings’ tab under your profile dropdown and upload the public key to Phabricator.

After creating your SSH key, upload your public key (ending in .pub) to Phabricator with the option under SSH Key Actions

Now that you have setup your SSH keys, we can now go on and configure Diffusion. To do this we will be following some of the steps outlined in these two guides:

◉ Diffusion User Guide: Repository Hosting

Create a hosted repository

First login to your AWS Phabricator instance and enter the following command to add a vcs-user (we will be using ‘git’ as our vcs-user):

sudo adduser git

After filling out (or skipping) the fields for this new user, we need to add some sudo permissions for this user. We can do this by using visudo to add in a new file into our sudoers.d folder. (Note: The next steps are extremely important)

sudo EDITOR=vim visudo -f /etc/sudoers.d/phabricator

Once inside this new file, enter in the following line (we will be using ‘root’ as our daemon-user):

git ALL=(root) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/bin/git-receive-pack

Save and exit; however if you did not enter the following correctly, you may receive a prompt saying that you have a syntax error. DO NOT ignore this error and continue with saving as it may corrupt your sudoers file, address this error accordingly and ensure that this step is done correctly before moving on.

Restart the Phabricator daemons with the command:

sudo ./bin/phd restart

After doing this configure the vcs-user and daemon-user values for Phabricator (remember to cd into the ‘phabricator’ directory).

sudo ./bin/config set phd.user root
sudo ./bin/config set diffusion.ssh-user git

We will then need to change the values for our git user in ‘/etc/shadow’ and ‘/etc/passwd’ directories. This can be done using usermod but can also be done manually if needed.

sudo usermod -p NP git
sudo usermod -s /bin/sh git

Now we need to open a new port in our firewall to serve git, this can be done with the following command:

sudo iptables -A INPUT -p tcp --dport 2222 -j ACCEPT

All of the security rules you should have by now

Also remember to add a new custom rule for port 2222 to AWS security group if you haven’t already done so. Set this as your ssh port in Phabricator with the following command:

sudo ./bin/config set diffusion.ssh-port 2222

Create a new directory name ‘libexec’ under your ‘/usr’ directory if it doesn’t already exist.

sudo mkdir /usr/libexec

Now create a ‘phabricator-ssh-hook.sh’ file by copy the template from the ‘resources’ directory to the ‘/usr/libexec’ one you just made

sudo cp resources/sshd/phabricator-ssh-hook.sh /usr/libexec/

In that file change the template so that it looks something like this:

Now enter the following commands to set ownership:

sudo chown root /usr/libexec/
sudo chown root /usr/libexec/phabricator-ssh-hook.sh
sudo chmod 755 /usr/libexec/phabricator-ssh-hook.sh

Setup the ‘sshd_config.phabricator’ by copying the template to the ‘/etc/ssh’ directory with the command:

sudo cp resources/sshd/sshd_config.phabricator.example /etc/ssh/sshd_config.phabricator

Once copied, change the ‘vcs-user’ values to ‘git’. Now run it with command:

sudo /usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator

You can now test this by going back to your local machine and entering this command:

echo {} | ssh git@phabricator.MYDOMAIN.com conduit conduit.ping

If everything is setup correctly you should get a response that looks similar to this:

{"result":"phabricator.MYDOMAIN.com","error_code":null,"error_info":null}

You should now be able to go into Diffusion and create a new repository. Once created you can activate it with the ‘Active Repository’ button the right

Repository is inactive until button is pressed

Troubleshooting

Error encountered when activating repository

If you get an error when activating you repository that looks similar to this, try the following steps.

Look for the process id on the SSH port with the following command:

sudo lsof -i :2222

You should see something like this:

Find the and kill the process with its id number

Kill the process and restart it

sudo kill 1737
sudo /usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator

This should fix the error and display the following:

Fixed error

Next Step

Part 4 — Configuring Backups