Our Own Playground

Phabricator

Our group’s project, “Phrogress”, collects projects data from Phabricator and summarize it into visual statistics like graphs and charts. This demands an automated method of fetching Phabricator’s data, which made feasible by Phabricator’s HTTP API, Conduit. Simple HTTP POST request to one of Conduit’s endpoints is all we need to fetch information in reasonable JSON format.

While Peentar provides us with access to their Phabricator, we deem it irresponsible to use theirs while the development is ongoing. The project’s source code along with its configuration might contains secret Conduit API tokens (more about this later) and publishing their confidential information on our Gitlab, which is visible to everyone, is a breach of security.

Our solution to this problem is to deploy our own Phabricator on our own server, so if eventually the project demands us to publish an API token, we simply publish our own. It still is a breach of security, but what can an attacker does to a barren Phabricator which only contains dummy repositories?


Deploying Phabricator

Deployment process is actually pretty easy as Phacility already provides a guide. Unfortunately we were met with two obstacles while trying to deploy Phabricator:

  1. Phabricator needs PHP version equal or newer than 5.0, except 7.0 (5.6 and 7.1 are supported). Our VPS, which was running Ubuntu 16.04, refused to install every PHP versions but 7.0. What are the chances?
  2.  Our VPS is weak. At one point, our Phabricator can’t be accessed because apache2 shuts down because the lack of free RAM. Starting it back somehow killed the mysql service. Apache and MySQL are the only heavy services running on our server.

For some reason the official repositories for Ubuntu 16.04 “xenial” do not contain any PHP versions other than php7.0-* packages. Our workaround was to add a PHP PPA from launchpad.net maintained by Ondřej Surý. This PPA contains PHP version 5.4, 5.5, 5.6, 7.0, and 7.1 with most of the popular extensions available (most of those extensions are required by Phabricator). Adding the PPA and installing PHP can be done with these commands:

sudo add-apt-repository ppa:ondrej/php
sudo apt update
sudo apt install php7.1 php7.1-mysql php7.1-gd php7.1-dev \
                 php7.1-curl php7.1-cli php7.1-json

Replace 7.1 with 5.6 if you prefer the older version. When installing with the install_ubuntu.sh script it might produce an error about missing package called php-apc, which is fine to ignore because that plugin is optional.

At this point our Phabricator was running fine until one of us noticed that it couldn’t be accessed. Using the top command we noticed that our server only had 13MB of free memory left. Soon after, apache2 abruptly stopped.

Phacility’s guide for installing Phabricator mentioned that nginx and lighttpd are also supported as alternatives to Apache. Nginx is regarded as a lighter alternative to Apache, so we thought that it might be suitable for our low-memory setup.

webserver_memory_graph
Source: https://help.dreamhost.com/hc/en-us/articles/215945987-Web-server-performance-comparison

Using nginx to host Phabricator requires additional PHP plugin called php-fpm. That plugin can be installed with this command:

sudo apt install php7.1-fpm

By the time this post was written, we haven’t noticed any downtime in our server eventhough the free memory stayed below 20 MB. It might be caused by the switch to nginx, or maybe because it is only accessed by the one responsible for developing the Conduit API wrapper (read: me).

Regardless, our own Phabricator is up and running, and we have our own space to experiment with Phabricator’s Conduit API without the fear of messing up our partner’s repository. Now we can start developing Conduit API wrapper which will interact directly with Conduit’s endpoints. This is going to be fun.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s