Our group’s project, “Phrogress”, collects projects data from Phabricator and summarize it into visual statistics like graphs and charts. This demands an automated method of fetching Phabricator’s data, which made feasible by Phabricator’s HTTP API, Conduit. Simple HTTP POST request to one of Conduit’s endpoints is all we need to fetch information in reasonable JSON format.
While Peentar provides us with access to their Phabricator, we deem it irresponsible to use theirs while the development is ongoing. The project’s source code along with its configuration might contains secret Conduit API tokens (more about this later) and publishing their confidential information on our Gitlab, which is visible to everyone, is a breach of security.
Our solution to this problem is to deploy our own Phabricator on our own server, so if eventually the project demands us to publish an API token, we simply publish our own. It still is a breach of security, but what can an attacker does to a barren Phabricator which only contains dummy repositories?
Deployment process is actually pretty easy as Phacility already provides a guide. Unfortunately we were met with two obstacles while trying to deploy Phabricator:
- Phabricator needs PHP version equal or newer than 5.0, except 7.0 (5.6 and 7.1 are supported). Our VPS, which was running Ubuntu 16.04, refused to install every PHP versions but 7.0. What are the chances?
- Our VPS is weak. At one point, our Phabricator can’t be accessed because
apache2shuts down because the lack of free RAM. Starting it back somehow killed the mysql service. Apache and MySQL are the only heavy services running on our server.
For some reason the official repositories for Ubuntu 16.04 “xenial” do not contain any PHP versions other than
php7.0-* packages. Our workaround was to add a PHP PPA from launchpad.net maintained by Ondřej Surý. This PPA contains PHP version 5.4, 5.5, 5.6, 7.0, and 7.1 with most of the popular extensions available (most of those extensions are required by Phabricator). Adding the PPA and installing PHP can be done with these commands:
sudo add-apt-repository ppa:ondrej/php sudo apt update sudo apt install php7.1 php7.1-mysql php7.1-gd php7.1-dev \ php7.1-curl php7.1-cli php7.1-json
5.6 if you prefer the older version. When installing with the
install_ubuntu.sh script it might produce an error about missing package called
php-apc, which is fine to ignore because that plugin is optional.
At this point our Phabricator was running fine until one of us noticed that it couldn’t be accessed. Using the
top command we noticed that our server only had 13MB of free memory left. Soon after,
apache2 abruptly stopped.
Phacility’s guide for installing Phabricator mentioned that nginx and lighttpd are also supported as alternatives to Apache. Nginx is regarded as a lighter alternative to Apache, so we thought that it might be suitable for our low-memory setup.
Using nginx to host Phabricator requires additional PHP plugin called
php-fpm. That plugin can be installed with this command:
sudo apt install php7.1-fpm
By the time this post was written, we haven’t noticed any downtime in our server eventhough the free memory stayed below 20 MB. It might be caused by the switch to nginx, or maybe because it is only accessed by the one responsible for developing the Conduit API wrapper (read: me).
Regardless, our own Phabricator is up and running, and we have our own space to experiment with Phabricator’s Conduit API without the fear of messing up our partner’s repository. Now we can start developing Conduit API wrapper which will interact directly with Conduit’s endpoints. This is going to be fun.