View Options

	diff --git a/phab-container/Dockerfile b/phab-container/Dockerfile
	index afd5b2e..e9d8a33 100644
	--- a/phab-container/Dockerfile
	+++ b/phab-container/Dockerfile
	@@ -1,77 +1,80 @@
	FROM ubuntu:22.04 as phabdev_base

	RUN apt-get update && \
	apt-get upgrade -y

	ENV DEBIAN_FRONTEND noninteractive

	ENV PHPVER 8.2

	RUN apt-get install -y sudo netcat-traditional iputils-ping ca-certificates software-properties-common apt-transport-https && \
	apt-get install -y mariadb-client nginx && \
	apt-get install -y --no-install-recommends ssh && \
	apt-get install -y git mercurial && \
	apt-get install -y vim less ripgrep fd-find && \
	apt-get install -y nodejs && \
	apt-get install -y --no-install-recommends npm && \
	add-apt-repository -y ppa:ondrej/php && \
	apt-get update && \
	apt-get install -y php${PHPVER} php${PHPVER}-fpm php${PHPVER}-mysql php${PHPVER}-gd php${PHPVER}-curl php${PHPVER}-apcu php${PHPVER}-cli php${PHPVER}-mbstring php${PHPVER}-zip php${PHPVER}-xdebug php${PHPVER}-iconv && \
	apt-get install -y python3 python3-pip && \
	pip install Pygments

	FROM phabdev_base

	ENV INSTALLDIR=$INSTALLDIR
	ENV HOST=$HOST
	ENV PORT=$PORT

	ADD ./conf/nginx.conf /etc/nginx/
	ADD ./conf/phab.conf /etc/nginx/conf.d/
	ADD ./conf/www.conf /etc/php/$PHPVER/fpm/pool.d/
	ADD ./conf/00-phab.ini /etc/php/$PHPVER/fpm/conf.d/
	ADD ./conf/phab.sshd_config /etc/ssh/sshd_config.d/
	ADD ./conf/phabricator-ssh-hook.sh /usr/libexec/

	# Allow www-data (entrypoint) to sudo as root to run nginx
	-RUN echo "www-data ALL=(root) NOPASSWD: /usr/sbin/nginx" >> /etc/sudoers && \
	- echo "www-data ALL=(root) NOPASSWD: /usr/sbin/php-fpm$PHPVER" >> /etc/sudoers && \
	- echo "www-data ALL=(phab-phd) NOPASSWD: ALL" >> /etc/sudoers && \
	- echo "www-data ALL=(root) NOPASSWD: /usr/bin/sed" >> /etc/sudoers && \
	- echo "www-data ALL=(root) NOPASSWD: /usr/sbin/sshd" >> /etc/sudoers && \
	- echo "phab-phd ALL=(root) NOPASSWD: ALL" >> /etc/sudoers
	+RUN echo "www-data ALL=(root) NOPASSWD: /usr/sbin/nginx" >> /etc/sudoers.d/phab-sudoers && \
	+ echo "www-data ALL=(root) NOPASSWD: /usr/sbin/php-fpm$PHPVER" >> /etc/sudoers.d/phab-sudoers && \
	+ echo "www-data ALL=(phab-phd) NOPASSWD: ALL" >> /etc/sudoers.d/phab-sudoers && \
	+ echo "www-data ALL=(root) NOPASSWD: /usr/bin/sed" >> /etc/sudoers.d/phab-sudoers && \
	+ echo "www-data ALL=(root) NOPASSWD: /usr/sbin/sshd" >> /etc/sudoers.d/phab-sudoers && \
	+ echo "phab-phd ALL=(root) NOPASSWD: ALL" >> /etc/sudoers.d/phab-sudoers && \
	+ echo "wanderer ALL=(phab-phd) SETENV: NOPASSWD: /usr/bin/hg, /usr/bin/git, /usr/bin/git-upload-pack, /usr/bin/git-upload-archive, /usr/bin/git-receive-pack" >> /etc/sudoers.d/phab-sudoers

	RUN useradd --system phab-phd && \
	groupadd phab && \
	usermod -a -G phab phab-phd && \
	usermod -a -G phab www-data

	# The user which accepts incoming SSH
	-RUN useradd --system --create-home wanderer && \
	+RUN useradd --system --create-home --shell /usr/bin/bash wanderer && \
	usermod -a -G phab wanderer && \
	- usermod -p '*' wanderer
	+ usermod -p NP wanderer

	RUN mkdir -p /opt/phabdev/ && \
	mkdir -p /opt/filestore && \
	mkdir -p /opt/repos && \
	mkdir -p /var/log/phabricator && \
	mkdir -p /run/php/ && \
	mkdir -p /run/sshd/ && \
	- touch /var/log/aphlict.log
	+ touch /var/log/aphlict.log && \
	+ touch /var/log/phab-ssh-error.log

	-RUN chown -R phab-phd:phab /opt/ && \
	- chown -R www-data:phab /var/log/phabricator/ && \
	- chown -R www-data:phab /var/www/ && \
	- chown www-data:phab /var/log/aphlict.log && \
	- chmod -R g+rw /opt/ && \
	- chmod -R g+rw /var/log/phabricator/ && \
	- chmod -R 0755 /run/sshd/ && \
	- chmod g+rw /var/log/aphlict.log
	+RUN chown -R phab-phd:phab /opt/ && \
	+ chown -R www-data:phab /var/log/phabricator/ && \
	+ chown -R www-data:phab /var/www/ && \
	+ chown www-data:phab /var/log/aphlict.log && \
	+ chmod -R g+rws /opt/ && \
	+ chmod -R g+rws /var/log/phabricator/ && \
	+ chmod -R 0755 /run/sshd/ && \
	+ chmod g+rw /var/log/aphlict.log && \
	+ chmod g+rw /var/log/phab-ssh-error.log

	# Run entrypoint as the web service account
	USER www-data

	ADD ./conf/local.json /opt/phabdev
	ADD ./conf/entrypoint.sh /opt/phabdev

	ENTRYPOINT ["/opt/phabdev/entrypoint.sh"]
	diff --git a/phab-container/conf/local.json b/phab-container/conf/local.json
	index 9021b02..569e40b 100644
	--- a/phab-container/conf/local.json
	+++ b/phab-container/conf/local.json
	@@ -1,35 +1,36 @@
	{
	"phabricator.developer-mode": true,
	"phabricator.silent": true,
	"log.access.path": "/var/log/phabricator/access.log",
	"repository.default-local-path": "/opt/repos",
	"storage.default-namespace": "phabricator",
	"mysql.pass": "phabricator",
	"mysql.user": "phabricator",
	"mysql.host": "phabdev-db",
	"storage.local-disk.path": "/opt/filestore",
	"phd.user": "phab-phd",
	"auth.lock-config": true,
	"phabricator.base-uri": "BASE_URI",
	"pygments.enabled": true,
	+ "log.ssh-error.path": "/var/log/phab-ssh-error.log",
	"diffusion.ssh-user": "wanderer",
	"notification.servers": [
	{
	"type": "client",
	"host": "HOST",
	"port": 22280,
	"protocol": "http",
	"path": "/ws/"
	},
	{
	"type": "admin",
	"host": "127.0.0.1",
	"port": 22281,
	"protocol": "http"
	}
	],

	"phabricator.timezone": "America/New_York",
	"darkconsole.enabled": true,
	"darkconsole.always-on": true
	}

File Metadata

Mime Type: text/x-diff
Expires: Sun, Jan 19, 14:17 (3 w, 2 d ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 1125416
Default Alt Text: (5 KB)

No OneTemporary
Actions

View Options

File Metadata

Event Timeline

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions