如何为 phabricator 通知正确配置 Web 服务器(或 wss?)(或 ssl?)?

How can I properly configure web server (or wss?) (or ssl?) for phabricator notifications?

如果我问这个问题很糟糕,请告诉我,但这是我的情况。我正尝试在 AWS EC2 上为我的组织设置一个 phabricator 服务器。主 phabricator 服务器很好,但我正在努力让通知 (aphlict) 服务器正常工作。

我拼命地尝试按照 https://phabricator.tbmh.org/book/phabricator/article/notifications/ 的说明进行操作,但我真的不太了解网络套接字、HTTPS、TCP 或 SSL。我正在通过 HTTPS 为我的 phabricator 网站提供服务,我很确定我需要做一些这样的事情:

If you serve Phabricator over HTTPS, you must also serve websockets over HTTPS. Browsers will refuse to connect to ws:// websockets from HTTPS pages.

If a client connects to Phabricator over HTTPS, Phabricator will automatically select an appropriate HTTPS service from notification.servers and instruct the browser to open a websocket connection with wss://.

The simplest way to do this is configure Aphlict with an SSL key and certificate and let it terminate SSL directly.

但不幸的是,我无法确切地弄清楚我应该更改哪些内容才能使其正常工作。

这是我的 sudo ./bin/config get notification.servers:

{
  "config": [
    {
      "key": "notification.servers",
      "source": "local",
      "value": [
        {
          "type": "client",
          "host": "phabricator.<redacted>.com",
          "port": 22280,
          "protocol": "https"
        },
        {
          "type": "admin",
          "host": "127.0.0.1",
          "port": 22281,
          "protocol": "http"
        }
      ],
      "status": "set",
      "errorInfo": null
    },
    {
      "key": "notification.servers",
      "source": "database",
      "value": null,
      "status": "unset",
      "errorInfo": null
    }
  ]
}

这是我的 phabricator/conf/aphlict/aphlict.default.json:

{
  "servers": [
    {
      "type": "client",
      "port": 22280,
      "listen": "0.0.0.0",
      "ssl.key": "/etc/letsencrypt/live/phabricator.<redacted>.com/fullchain.pem",
      "ssl.cert": "/etc/letsencrypt/live/phabricator.<redacted>.com/privkey.pem",
      "ssl.chain": "/etc/letsencrypt/live/phabricator.<redacted>.com/chain.pem"
    },
    {
      "type": "admin",
      "port": 22281,
      "listen": "127.0.0.1",
      "ssl.key": "/etc/letsencrypt/live/phabricator.<redacted>.com/fullchain.pem",
      "ssl.cert": "/etc/letsencrypt/live/phabricator.<redacted>.com/privkey.pem",
      "ssl.chain": "/etc/letsencrypt/live/phabricator.<redacted>.com/chain.pem"
    }
  ],
  "logs": [
    {
      "path": "/var/log/aphlict.log"
    }
  ],
  "pidfile": "/var/tmp/aphlict/pid/aphlict.pid"
}

我还在 AWS 的端口 22281 和 22280 上添加了 TCP 入站 0.0.0.0/0::/0 规则。

我终于找到了解决方案。最后我只是使用了 .pem 文件的错误排列......它需要是这样的:

      "ssl.key": "/etc/letsencrypt/live/phabricator.<redacted>.com/privkey.pem",
      "ssl.cert": "/etc/letsencrypt/live/phabricator.<redacted>.com/cert.pem",
      "ssl.chain": "/etc/letsencrypt/live/phabricator.<redacted>.com/fullchain.pem"