Phabricator (code review) server installation and deployment


Phabricator is an open-source visual code review tool for Facebook. It integrates a series of open-source Web applications, including code review, code (GIT / SVN) hosting, syntax check, unit test, Wiki and other functions. It can also track bugs and directly associate JIRA with code review. It supports two code review workflows: “review” (review before submission) and “audit” (review after submission).

1、 Installation

1. Install via script

Open CentOS installation script (different from Ubuntu):…
Enter / opt to create a new file install_ rhel-derivs. SH, copy script content, save, modify file permissions, execute:

$ chmod 777 
$ ./

The installation contents include: Apache, mysql, PHP;
Then git downloads the phabricator, arcanist and libphutil. If Linux does not support HTTPS mode, you can modify the in the installation scriptHTTPS: / / is Git: / / mode.

If installed on MAC

The script installation can’t work. You can only manually: nginx + PHP + PHP FPM + mysql. MAC comes with PHP and PHP FPM, but you need to install the PHP plug-in PHP pcntl
Nginx configuration:

server {
  listen 8000;
  root      /Users/xxx/phabricator/phabricator/webroot;
  try_files $uri $uri/ /index.php;

  location / {
     index   index.php;
     if ( !-f $request_filename ){
       rewrite ^/(.*)$ /index.php?__path__=/$1 last;

  location /index.php {
    fastcgi_ pass   localhost:9000;    #  Fast CGI needs to be started locally and can be run directly: $PHP FPM
    fastcgi_index   index.php;
    fastcgi_param  REDIRECT_STATUS    200;
    fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
    fastcgi_param  QUERY_STRING       $query_string;
    fastcgi_param  REQUEST_METHOD     $request_method;
    fastcgi_param  CONTENT_TYPE       $content_type;
    fastcgi_param  CONTENT_LENGTH     $content_length;
    fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
    fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
    fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
    fastcgi_param  REMOTE_ADDR        $remote_addr;

2. Move the relevant phabricator files to the release directory of Apache:

Create a new project directory, such as code review:

$ mv /opt/arcanist /var/www/html/code-review
$ mv /opt/libphutil /var/www/html/code-review
$ mv /opt/phabricator /var/www/html/code-review

3. Turn off firewall and SELinux

a. ) turn off the firewall

$service iptables status # view firewall status
$service iptables stop # first temporarily close the firewall
$chkconfig iptables off # and then permanently shut down, boot does not start

b. ) modify the firewall (the firewall needs to be closed)

$service iptables status # view firewall status
$ vi /etc/sysconfig/iptables

If the web service or database cannot be connected, add the following ports:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

$service iptables restart # restart firewall

c. ) close SELinux

$getenforce # view SELinux status or sestatus view details
$setenforce0 # temporarily shuts down SELinux
$VI / etc / SELinux / config # modify SELinux = disabled and shut down permanently after restart

4. Modify Apache configuration:

Add the following two paths to the path variable of the system variable (non user variable) (remember to separate win7 and the following with; in the middle):

$ vi /etc/httpd/conf/httpd.conf
Or create: / etc / httpd / conf.d/vhost Conf # in httpd Include in conf

Add virtual machine:
ServerName localhost
Listen     8800

<VirtualHost *:8800>
  ServerName localhost
  DocumentRoot "/var/www/html/code-review/phabricator/webroot"
  DirectoryIndex index.php index.html index.html.var
  RewriteEngine on
  RewriteRule ^/rsrc/(.*)     -                       [L,QSA]
  RewriteRule ^/favicon.ico   -                       [L,QSA]
  RewriteRule ^(.*)$          /index.php?__path__=$1  [B,L,QSA]

$service httpd restart # restart Apache
$chkconfig httpd on # set boot

If you can’t access any information by starting Apache, it indicates that the listening port is wrong. Find the listen field and modify the corresponding port;
If there is an internal error in starting Apache, there is a problem with rewriteengine;
If an error related to servername is prompted when starting the command, remove the servername localhost comment on the line on the virtual machine;
Apache log path: / var / log / httpd

5. Configuration database:

$service mysqld restart # restart MySQL
$chkconfig mysqld on # set startup

a. ) set the database root password:

$MySQL - U root # if you can't get in, it means that the database has a password. Check the following 2. Related problems
  Mysql> use mysql;
  MySQL > update user set password = password ("new password") where user = "root"# Cannot directly password = "new password"
  Mysql> flush privileges;
  Mysql> quit;

b. ) upgrade database:

The default installed database is 5.1, and the issues prompt rises to 5.6 +:

$more / etc / RedHat release # view the current Linux version
$ rpm -Uvh #Can go Select version
$ yum -y upgrade mysql

c. ) update database:

$ ./bin/storage upgrade

#To delete a database:
$ ./bin/storage destory

d. ) modify the default database code:

$ service mysqld stop
$ vi /etc/my. CNF # modify MySQL configuration file
#Add to the following two items:

collation_server = utf8_general_ci
character_set_server = utf8

$service mysqld restart # restart

PS: when database synchronization or data transmission, remember to remove the character set in Navicat advanced

6. To modify the fabrictor configuration:

The main configurations of phasicator are placed in the project directory/ conf/local/local. JSON, you can configure some database access, automatic mail, etc,
Or under the fabricator directory/ bin/config set mysql. Pass 000000 set one by one.

$ vi ./conf/local/local.json

#Modify the content (pay attention to replace the relevant fields in the configuration):
  "phabricator.base-uri": "http:\/\/\/",
  "mysql.pass": "123456",
  "mysql.user": "root",
  "": "localhost",
  "mysql.port": "3306",
  "differential.require-test-plan-field": false,
  "cluster.mailers": [
      "key": "my-mailer",
      "type": "smtp",
      "options": {
        "host": "",
        "port": 465,
        "user": "[email protected]",
        "password": "123456",
        "protocol": "ssl"
  "metamta.default-address": "[email protected]"

7. Visit web address and deploy mail

After setting the mailbox configuration in the above configuration file, go to the left menu config – > mail on the web page and set the default mailbox metamta Default address value, and then set metadata The mail adapter value is: phabricatormailimplementationphpmaileradapter
Restart mail service:

$ ./bin/phd restart

Try sending mail to check whether the mail is sent normally:

$ ./bin/mail list-outbound

8. Set login authorization method

Left menu – auth, set the login mode of user name / password. If it is not set, you can’t log in after exiting. Execute:

$ ./ Bin / auth recover < administrator account >

Open the website according to the prompt. After logging in, enter the auth menu and add a login authorization method

9. Add Chinese support

Enter the directory of phasiciator / SRC / extensions /, RM – fr readme, execute the following git command, and then select the language Chinese in the client settings

$ git clone ./

9. Resolve issue

Documents mainly involved:

/etc/php. d/apc. Ini #apc related
/etc/php. Ini part PHP settings
/etc/my. CNF #mysql related

After modification, remember to restart the corresponding httpd and mysqld services

2、 Warehouse management

1. Observe the existing remote warehouse

If you don’t want phabricator to host git warehouse, you can import an existing git project in observer mode and set some policies. When the user submits, some audit policies will be triggered to realize code review. The specific creation process is as follows:

1.) create observation warehouse

a. Create a new repository;
b. Click URIs in the menu on the left, add new URI on the right, fill in the URI (existing remote warehouse), and set the I / O mode to observe;
c. If necessary, configure some authentication (private key, etc.);
d. Enable the warehouse in the basics item and click update now to start importing;

2.) create Herald rule

In more applications, add herald to the common menu on the left, enter Herald, and create a rule of “submit” type (non commit hook), for example, create a rule to listen to the submission of merge:

is any of:
Is merge commit: is true
Commit message: does not match regexp: @\sof\[email protected]
email to: ....

2. Hosting git warehouse in SSH mode

1.) account configuration

$useradd git # add a git account with or without a password
$VI / etc / shadow # at the bottom, check whether the second field of GIT user is!!, If yes, change it to empty. It's ok if you have a password, as long as it's not!!
$VI / etc / passwd # find the line corresponding to git user. If there is such a configuration as / bin / false, please modify it to / bin / sh. if not, you don't need to modify it

2.) modify the phabricator configuration

Enter the fabricator Directory:

$ ./bin/config set phd.user root
$ ./ bin/config set diffusion. SSH user git # the settings here will be shown in the URL of clone
$ ./bin/phd restart

3.) configure git account operation authority

Run the visudo command, or VI / etc / sudoers, or there is no sodu. You need to run Yum install sudo to install.
Find the defaults requirement field. If it is not commented, comment it out and add the following code at the end of the file:

git ALL=(root) SETENV: NOPASSWD: /bin/sh, /usr/bin/git-upload-pack, /usr/bin/git-receive-pack

4.) configure SSH port

$ vi /etc/ssh/sshd_config
Modify the port as:
#Port 22 # comment out port 22 and use it in SSH service of GIT project
Port 2222 # change the remote login port to 2222
Do not change other listenaddress fields and keep the comment status

$VI service sshd restart # restart SSH service

If you do not use the default 22 port, you need to add settings in the phasor configuration, or in the local ~ / Add port in SSH / config
$ ./bin/config set diffusion.ssh-port 2222

If all settings are set, or not, consider whether the port is occupied remotely or start the phasor SSH service.

5.) add scripts and SSH services

Enter the resources / sshd / directory under the phasicator
a. ) add the phasor SSH script:

$ cp /usr/libexec/
$ chown root /usr/libexec/
$ chmod 755 /usr/libexec/phabricator-ssh-hook. SH # don't use the wrong chown 755 command
$ vi /usr/libexec/
Modify two fields:
Vcsuser = "git" # SSH account
Root = "/ var / www / HTML / code review / phabricator" # phabricator installation directory path

b. ) add the phasor SSH configuration file:

$ cp sshd_config.phabricator.example  /etc/ssh/sshd_config.phabricator
$ vi /etc/ssh/sshd_config.phabricator
AuthorizedKeysCommand /usr/libexec/phabricator-ssh-hook. SH # the path here should be consistent with the script path in a.) step
AuthorizedKeysCommandRunAs git              # openSSH6. 2 above, this field is authorized keyscommanduser
AllowUsers git

Port 22 # enables SSH default port 22. To avoid conflicts, comment out the SSH default configuration file / etc / SSH / sshd_ Port 22 in config

c. ) start the phasor SSH service:
Start in debug mode first, and check whether the error and port binding are successful:

$ /usr/sbin/sshd -d -d -d -f /etc/ssh/sshd_config.phabricator
Officially enabled:
$ /usr/sbin/sshd -f /etc/ssh/sshd_ config. Phabricator # this SSH service is not the same process as the system default SSH
To restart, just execute the same command above. To shut down the service:
$ ps -ef | grep sshd
$ kill <id>

6.) add SSH public key

a. ) generate SSH key:

$ ssh-keygen -t rsa -f ~/. SSH / phabricator - C < mailbox > # - F can be modified to generate a name

b.) ~/. SSH / config add one:

# phabricator
Port 22                                  
PreferredAuthentications publickey
IdentityFile ~/.ssh/phabricator

c. ) log in to the phabricator audit website, personal management page, and add phabricator in the SSH public keys menu Pub public key

$ cat ~/.ssh/
After completion, test:
$ ssh -T -p 22  [email protected] #- P port can be modified, the default is 22, and no parameters can be added

3. HTTP hosting git warehouse

1.) modify Apache permissions

Run visudo and add the following permissions for Apache (WWW user user) in sudoers:

apache ALL=(root) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/ssh, /usr/libexec/git-core/git-http-backend

2.) phabricator configuration

$ ./ bin/config set diffusion. Allow HTTP auth true # displays the HTTP clone address
$ ./ bin/config set environment. Append paths' ["/ usr / libexec / git core"] '# add environment variables, and the array can hold more than one

Then go to the config menu – > all settings of the website and find diffusion Allow HTTP auth, click on, and the setting value is: allow HTTP basic auth

3.) set git HTTP access password

Set in VCs password menu in settings

4.) save login information locally

Modification~/_ Netrc file, add:

login wangwb
password aym000000  

5.) commissioning

$ GIT_CURL_VERBOSE=1 git clone http://....   

If there is an HTTP / 1.0 500 internal server error, it indicates that the GIT HTTP backend path is wrong (you can go to the warehouse – > status), and you need to add environment For the configuration of append paths, see Step 2 above.)

3. Warehouse management

1.) modify the default storage path of the warehouse:

$ ./ bin/config set repository. Default local path '/ path / repo'

2.) delete a warehouse:

$ ./bin/remove destroy R(n)

Official website documents:…

3、 Related issues

1. MySQL erase root password

$ mysql –skip-grant-table &
  Mysql> use mysql;
  MySQL > update user set password = password ("new password") where user = "root";
  Mysql> flush privileges;
  Mysql> quit;

It should be noted here that each command needs to use a semicolon “;” At the end, after performing the above operations, the root password will be cleared.

Error 1044 (42000): access denied for user ” @’localhost ‘to database’ MySQL ‘error:
Reason: in the user table of MySQL database, there is an account with empty user name, i.e. anonymous account. Although root is used when logging in, it is actually anonymous
Treatment scheme:

# 1. Close MySQL
   $ service mysqld stop
# 2. Shielding authority
   $ mysqld_safe --skip-grant-table
   The screen appears: starting demo from
# 3. Start a new terminal input
   $ mysql -u root mysql
   MySQL > update user set password = password ("new password") where user = "root";
   Mysql> flush privileges;
   Mysql> quit;

2. MySQL remote root account cannot log in

First check:

to grant authorization:

$ mysql -u root -p
  Mysql> use mysql;
  Mysql> select host from user where user='root';  #  First check whether the host has% value. If yes, run flush privileges directly;
  Mysql> GRANT ALL PRIVILEGES ON *.*  To 'root' @ '%' identified by 'MySQL root password';
  Mysql> flush privileges;
  Mysql> quit;

3. MySQL modify default data storage

$mysqladmin - U root - P variables | grep dataDir # view the MySQL database storage directory
$ service mysqld stop
$MV / var / lib / MySQL / path # mobile database file

$ vi /etc/my.cnf
#Modify the dataDir and socket fields and add the following:
Socket = / path / MySQL sock

$ service mysqld start

4. Backup / restore MySQL database

$ mysqldump --all-databases -h127.0.0.1 -u root -p > ./backup/mysql-bak.sql
$ mysqldump --all-databases -h127.0.0.1 -u root -p < ./backup/mysql-bak.sql

5. SSH cannot log in to the root account remotely

Modify SSH configuration:

$ vi /etc/ssh/sshd_ Config # modify: permitrotlogin yes

6. Click Open git warehouse PHP to report an error

Description: SELinux configuration is enabled. Refer to the above to disable startup.

7. Kill process

$kill - s 9 PID # process ID

Official reference:…

Recommended Today

A solution to err: 34 connection failed during Ubuntu apt install

During the recent report, some students reported that something happened when Ubuntu installed the softwareErr: 34 Connection failedWrong words, look at the information that prompts the error. It’s obvious: network error. Look at the detailed information, it’s actually downloading error occurred while accessing resources on. At that time, I felt that this error should not […]