Phabricator on Ubuntu 14.04 - post-install server configuration: SSL, notifications, auto-update, auto-start
I searched around for agile development and code review tools and was very pleasantly surprised with
Phabricator. Used heavily at Facebook, it's got just about everything a development team could want or need.
I followed
this setup guide to get up and running quickly. Nothing I've added below is particularly complex or difficult. I did deviate from this guide in two areas:
- I used Ubuntu 14.04 -- it's solid. No reason to use 12.04 for this.
- I did NOT install phpMyAdmin -- It's a nice tool, but it's also one of the most popular attack vectors for internet facing servers. I don't need it, so I follow the rule of occam's razor - "Everything should be as simple as possible - and no simpler"
Follow above guide and you've got a default phabricator instance up and running. Cool, Huh?
Here's what I think is missing from the above guide:
Enable SSL and force all traffic to SSL
If you have a wildcard SSL cert... you probably want to use it to protect sites containing your source code. If you don't have an SSL certificate, you might want consider getting one.
Deploy your ssl certs in the OS instance:
mkdir -p /etc/nginx/ssl
copy
yoursite.com.crt and
yoursite.com.key to
/etc/nginx/ssl
Update nginx webserver config
edit
/etc/nginx/sites-enabled/phabricator
Add a section that rewrites port 80 (http) traffic to port 443 (https) at the top:
server {
root /opt/phabricator/phabricator/webroot;
location / {
rewrite ^ https://$http_host$request_uri? permanent;
}
}
Add or Modify the second, original server secton below to be rules for our new default port 443 server to look like this:
server {
set $fqdn phabricator.vettersoftware.com;
set $phabWebRoot /opt/phabricator/phabricator/webroot;
listen 443 ssl;
server_name $fqdn;
root $phabWebRoot;
ssl on;
ssl_certificate /etc/nginx/ssl/yoursite.com.crt;
ssl_certificate_key /etc/nginx/ssl/yoursite.com.key;
ssl_session_timeout 30m;
...
Update the internal phabricator settings for base-uri
/opt/phabricator/phabricator/bin/config set phabricator.base-uri 'https://phabricator.yoursite.com/'
Restart nginx
service nginx restart
Enable Phabricator's aphlict notifications
See: https://secure.phabricator.com/book/phabricator/article/notifications/
Install pre-requestites for aphlict
sudo apt-get install nodejs
Set notification config option
/opt/phabricator/phabricator/bin/config set notification.enabled true
Start notification service
/opt/phabricator/phabricator/bin/aphlict start
Start all services on instance boot
This is not included in the guide I used. It's not complex. I include it here in hopes it helps others who haven't been building UNIX systems for decades.
edit
/etc/rc.local and add the following lines:
#start phabricator daemons
/opt/phabricator/phabricator/bin/phd start
#start aphlict notification server
/opt/phabricator/phabricator/bin/aphlict start
Automate phabricator upgrades
Phabricator code gets updated frequently. You want those new features and bug fixes, right? You believe in continuous integration, right? Right!
cd /opt/phabricator
wget http://www.phabricator.com/rsrc/install/update_phabricator.sh
chmod a+x update_phabricator.sh
edit /opt/phabricator/update_phabricator.sh
change line 14: ROOT=`pwd` to:
ROOT='/opt/phabricator'
change all references to
/etc/init.d/httpd to
/etc/init.d/nginx since we're using nginx
uncomment the notification server stop and start lines
Add '--force' option and end of '
$ROOT/phabricator/bin/storage upgrade' line so it looks like this"
$ROOT/phabricator/bin/storage upgrade --force
save
Test the upgrade script.
./update_phabricator.sh
Add cronjob to run upgrade script weekly.
crontab -e
add following lines, season to taste, and save:
# update phabricator every Saturday at 9:35AM
35 9 * * Sat /opt/phabricator/update_phabricator.sh
You're done!