如何为 phabricator 通知正确配置 Web 服务器(或 wss?)(或 ssl?)?
How can I properly configure web server (or wss?) (or ssl?) for phabricator notifications?
如果我问这个问题很糟糕,请告诉我,但这是我的情况。我正尝试在 AWS EC2 上为我的组织设置一个 phabricator 服务器。主 phabricator 服务器很好,但我正在努力让通知 (aphlict) 服务器正常工作。
- 我可以使用
phabricator/.bin/aphlict start 成功启动服务器(或者至少 phabricator/.bin/aphlict status 给出 Aphlict (1461) is running.)
- 虽然奇怪,
phabricator/.bin/aphlict debug 给出了 Error: error:0906D06C:PEM routines:PEM_read_bio:no start line 和一个未捕获的异常 Error: EACCES: permission denied, open '/var/log/aphlict.log'
- 我在 firefox 中的控制台显示
Firefox can’t establish a connection to the server at wss://phabricator.<redacted>.com:22280/.
- 我在 phabricator 上的通知服务器配置页面显示
[cURL/7] (https://phabricator.<redacted>.com:22280/) <CURLE_COULDNT_CONNECT> cURL 库在发出请求时引发错误。您可以在 cURL 站点上找到有关此错误(错误代码:7)的更多信息:http://curl.haxx.se/libcurl/c/libcurl-errors.html#CURLECOULDNTCONNECT`
我拼命地尝试按照 https://phabricator.tbmh.org/book/phabricator/article/notifications/ 的说明进行操作,但我真的不太了解网络套接字、HTTPS、TCP 或 SSL。我正在通过 HTTPS 为我的 phabricator 网站提供服务,我很确定我需要做一些这样的事情:
If you serve Phabricator over HTTPS, you must also serve websockets over HTTPS. Browsers will refuse to connect to ws:// websockets from HTTPS pages.
If a client connects to Phabricator over HTTPS, Phabricator will automatically select an appropriate HTTPS service from notification.servers and instruct the browser to open a websocket connection with wss://.
The simplest way to do this is configure Aphlict with an SSL key and certificate and let it terminate SSL directly.
但不幸的是,我无法确切地弄清楚我应该更改哪些内容才能使其正常工作。
这是我的 sudo ./bin/config get notification.servers:
{
"config": [
{
"key": "notification.servers",
"source": "local",
"value": [
{
"type": "client",
"host": "phabricator.<redacted>.com",
"port": 22280,
"protocol": "https"
},
{
"type": "admin",
"host": "127.0.0.1",
"port": 22281,
"protocol": "http"
}
],
"status": "set",
"errorInfo": null
},
{
"key": "notification.servers",
"source": "database",
"value": null,
"status": "unset",
"errorInfo": null
}
]
}
这是我的 phabricator/conf/aphlict/aphlict.default.json:
{
"servers": [
{
"type": "client",
"port": 22280,
"listen": "0.0.0.0",
"ssl.key": "/etc/letsencrypt/live/phabricator.<redacted>.com/fullchain.pem",
"ssl.cert": "/etc/letsencrypt/live/phabricator.<redacted>.com/privkey.pem",
"ssl.chain": "/etc/letsencrypt/live/phabricator.<redacted>.com/chain.pem"
},
{
"type": "admin",
"port": 22281,
"listen": "127.0.0.1",
"ssl.key": "/etc/letsencrypt/live/phabricator.<redacted>.com/fullchain.pem",
"ssl.cert": "/etc/letsencrypt/live/phabricator.<redacted>.com/privkey.pem",
"ssl.chain": "/etc/letsencrypt/live/phabricator.<redacted>.com/chain.pem"
}
],
"logs": [
{
"path": "/var/log/aphlict.log"
}
],
"pidfile": "/var/tmp/aphlict/pid/aphlict.pid"
}
我还在 AWS 的端口 22281 和 22280 上添加了 TCP 入站 0.0.0.0/0 和 ::/0 规则。
我终于找到了解决方案。最后我只是使用了 .pem 文件的错误排列......它需要是这样的:
"ssl.key": "/etc/letsencrypt/live/phabricator.<redacted>.com/privkey.pem",
"ssl.cert": "/etc/letsencrypt/live/phabricator.<redacted>.com/cert.pem",
"ssl.chain": "/etc/letsencrypt/live/phabricator.<redacted>.com/fullchain.pem"
如果我问这个问题很糟糕,请告诉我,但这是我的情况。我正尝试在 AWS EC2 上为我的组织设置一个 phabricator 服务器。主 phabricator 服务器很好,但我正在努力让通知 (aphlict) 服务器正常工作。
- 我可以使用
phabricator/.bin/aphlict start成功启动服务器(或者至少phabricator/.bin/aphlict status给出Aphlict (1461) is running.) - 虽然奇怪,
phabricator/.bin/aphlict debug给出了Error: error:0906D06C:PEM routines:PEM_read_bio:no start line和一个未捕获的异常Error: EACCES: permission denied, open '/var/log/aphlict.log' - 我在 firefox 中的控制台显示
Firefox can’t establish a connection to the server at wss://phabricator.<redacted>.com:22280/. - 我在 phabricator 上的通知服务器配置页面显示
[cURL/7] (https://phabricator.<redacted>.com:22280/) <CURLE_COULDNT_CONNECT>cURL 库在发出请求时引发错误。您可以在 cURL 站点上找到有关此错误(错误代码:7)的更多信息:http://curl.haxx.se/libcurl/c/libcurl-errors.html#CURLECOULDNTCONNECT`
我拼命地尝试按照 https://phabricator.tbmh.org/book/phabricator/article/notifications/ 的说明进行操作,但我真的不太了解网络套接字、HTTPS、TCP 或 SSL。我正在通过 HTTPS 为我的 phabricator 网站提供服务,我很确定我需要做一些这样的事情:
If you serve Phabricator over HTTPS, you must also serve websockets over HTTPS. Browsers will refuse to connect to ws:// websockets from HTTPS pages.
If a client connects to Phabricator over HTTPS, Phabricator will automatically select an appropriate HTTPS service from notification.servers and instruct the browser to open a websocket connection with wss://.
The simplest way to do this is configure Aphlict with an SSL key and certificate and let it terminate SSL directly.
但不幸的是,我无法确切地弄清楚我应该更改哪些内容才能使其正常工作。
这是我的 sudo ./bin/config get notification.servers:
{
"config": [
{
"key": "notification.servers",
"source": "local",
"value": [
{
"type": "client",
"host": "phabricator.<redacted>.com",
"port": 22280,
"protocol": "https"
},
{
"type": "admin",
"host": "127.0.0.1",
"port": 22281,
"protocol": "http"
}
],
"status": "set",
"errorInfo": null
},
{
"key": "notification.servers",
"source": "database",
"value": null,
"status": "unset",
"errorInfo": null
}
]
}
这是我的 phabricator/conf/aphlict/aphlict.default.json:
{
"servers": [
{
"type": "client",
"port": 22280,
"listen": "0.0.0.0",
"ssl.key": "/etc/letsencrypt/live/phabricator.<redacted>.com/fullchain.pem",
"ssl.cert": "/etc/letsencrypt/live/phabricator.<redacted>.com/privkey.pem",
"ssl.chain": "/etc/letsencrypt/live/phabricator.<redacted>.com/chain.pem"
},
{
"type": "admin",
"port": 22281,
"listen": "127.0.0.1",
"ssl.key": "/etc/letsencrypt/live/phabricator.<redacted>.com/fullchain.pem",
"ssl.cert": "/etc/letsencrypt/live/phabricator.<redacted>.com/privkey.pem",
"ssl.chain": "/etc/letsencrypt/live/phabricator.<redacted>.com/chain.pem"
}
],
"logs": [
{
"path": "/var/log/aphlict.log"
}
],
"pidfile": "/var/tmp/aphlict/pid/aphlict.pid"
}
我还在 AWS 的端口 22281 和 22280 上添加了 TCP 入站 0.0.0.0/0 和 ::/0 规则。
我终于找到了解决方案。最后我只是使用了 .pem 文件的错误排列......它需要是这样的:
"ssl.key": "/etc/letsencrypt/live/phabricator.<redacted>.com/privkey.pem",
"ssl.cert": "/etc/letsencrypt/live/phabricator.<redacted>.com/cert.pem",
"ssl.chain": "/etc/letsencrypt/live/phabricator.<redacted>.com/fullchain.pem"