Hosting multiple Phabricator instances on a single server (Ubuntu 14.04)

Preface:

  • Sorry for the WoT, it’s kind of complex (for me)
  • What you need to do is a mixture of the advanced and the “normal” install guide, and a bit of guesswork
  • Phacility probably does not endorse this installation style, but I hope it will work and survive

 

Sources of information for this topic:

 

Prerequisites:

  • Ubuntu 14.04 LTS installed and updated on phserver
  • MySQL >= 5.5 running on mysqlserver
  • have SSL certificate and corresponding key for phab1.your.domain ready (in your homedir ~)

 

Assumptions:

  • new Phabricator instance will be called phab1
  • MySQL is not on the same machine
  • You’re logged in to phserver as a user with sudo privileges

 

Work steps:

  • install “standard” software (if new server)
  • create an instance directory
  • create an apache site file
  • paste the following content
  • install certificates by copying them to their destinations
  • install Phabricator components
  • this will have created three directories below /var/www/phab1/: arcanist, libphutil and phabricator
  • enable the apache site
  • restart apache
  • create a mysql user phab1 on mysqlserver
  • grant that user full access to all of his (not yet existing) databases
  • working on the console, you must have an environment variable indicating the instance you want to work with
  • create /var/www/phab1/phabricator/conf/custom/phab1.conf.php (no closing php tag is intentional)

  • set the storage namespace for this instance, so that database names start with phab1_. The -E parameter is important for passing environment variables to sudo.
  • the file /var/www/phab1/phabricator/conf/local/local.json should now look like this:
  • make the instance directory owned by the web server
  • install Phabricator databases and schemas
  • this will create all needed databases, and apply patches to them directly. Reply to questions with “y”
  • now visit https://phab1.your.domain/ with your browser and create an admin user
  • after that, Phabricator will show the Setup issues page (/config/issue/) with all tasks that need to be completed before you’re finally ready.
  • one of the tasks says that “Phabricator daemons are not running”. Create /etc/init/phab1-phd.conf:
  • create daemon working directories
  • set Phabricator daemon working directories
  • start Phabricator daemons

After these steps you should have a working instance of Phabricator, that works independantly from other instances on that same machine, except for using the same web server. What I cannot say at the moment, is whether all Phabricator modules will work smoothly this way. I hope they all respect the environament variables and/or the custom settings. One of the most vital things for working with this setup, especially when setting config values on the console, is to use the -E parameter. The path from where scripts or binaries (phd f.e.) are started also plays a role.

We went this way because we didn’t want to throw a new VM at each instance. A different way of addressing this could be to put Phabricator in a container, but this is beyond my scope currently. I hope this will turn out to be a working solution. Comments welcome.

Testing IMAP4 + TLS + AUTH with cygwin (or linux), Thunderbird debug

From time to time I have to do some troubleshooting for the IMAP4 protocol on our Exchange infrastructure. Most of the clients are running Thunderbird. For this purpose you can do two things.

    • Start Thunderbird in debugging mode

As described in this wiki article, create a batch with the following content:

This will generate imap.log on your desktop, which you can monitor while Thunderbird is talking to the mail server.

    • Connect to IMAP on command line

You will need a linux box or have cygwin installed to do this. IMAP4 is listening on port 143.

You will see the certificate exchange passing by, and you will have a blinking cursor. From here you can do IMAP console commands, as described here or here, and elsewhere 🙂
For example, to log in as user123 with password foobar, do this: (important: do not mistype, you cannot backspace and correct!)

Server’s response, in case credentials are correct, will be

You can now let the server show you all available folders:

Server’s reply, as an example:

So, INBOX has 8 subfolders. Select one of the folders.

Server’s reply, with some details about the folder:

Let’s fetch one of the emails:

This will give you the whole of the first email, including headers, ending with

You’ve seen enough, so log out:

Server’s last words (for now 🙂

Testing SMTP + TLS + AUTH communication with cygwin or a linux machine

Ever felt the need to see what a mail server actually does when another mail server or a mail client (Thunderbird f.e.) connects to it? Easy to trace when the connection isn’t encrypted – but rarely happens today. So you will have to “play” mail client yourself from the command line, which turns out to be a bit tricky. An excellent article on the topic can be found here.

Quick summary:

You will either need access to a linux box or have cygwin installed – or have openssl windows binaries, but the Base64 stuff will be hard 😉 (Go ahead, just install cygwin, a serious admin cannot live without…!)

Step 1: create the authentication bits

replace “USERNAME123” and “PASSWORD456” with real data

Step2: connect to the mail server through openssl

Step3: after saying HELO or EHLO to mailserver, you have to authenticate

The part after the “PLAIN” is the token that was returned in Step 1.

If you get back some sort of 200+ return code from the mailserver, you can start babbling SMTP as usual.