arcadien
diff --git a/‎ADVANCED-CONFIG.md
+115 b/‎ADVANCED-CONFIG.md
+115
diff --git a/‎BASIC-CONFIG.md
+152 b/‎BASIC-CONFIG.md
+152
diff --git a/‎DOCKER-COMPOSE.md
+51 b/‎DOCKER-COMPOSE.md
+51
diff --git a/‎Dockerfile
+10 b/‎Dockerfile
+10
diff --git a/‎ENV-LIST.md
+53 b/‎ENV-LIST.md
+53
@@ -0,0 +1,115 @@
+# Advanced Configuration
+
+If you want to perform any of the following customizations to Phabricator:
+
+* Using different source repositories (for patched versions of Phabricator)
+* Running custom commands during the boot process, and
+* Baking configuration into your own derived Docker image
+
+then this is the guide to read.
+
+# Using different source repositories
+
+If you have a custom version of Phabricator with patches, you can change the Git URLs and branches that the image uses with the following environment variables:
+
+- `OVERRIDE_PHABRICATOR_URI` - Changes the Git URI to clone Phabricator from.
+- `OVERRIDE_PHABRICATOR_BRANCH` - Changes the Git branch or commit to use for the Phabricator repository.
+- `OVERRIDE_ARCANIST_URI` - Changes the Git URI to clone Arcanist from.
+- `OVERRIDE_ARCANIST_BRANCH` - Changes the Git branch or commit to use for the Arcanist repository.
+- `OVERRIDE_LIBPHUTIL_URI` - Changes the Git URI to clone libphutil from.
+- `OVERRIDE_LIBPHUTIL_BRANCH` - Changes the Git branch or commit to use for the libphutil repository.
+
+For example:
+
+```
+docker run ... \
+    --env OVERRIDE_PHABRICATOR_URI='https://github.com/mycompany/phabricator' \
+    ...
+```
+
+# Running custom commands during the boot process
+
+At various stages of the boot process, you can run custom scripts to insert additional configuration into how Phabricator is set up, such as adding external libraries.  You can use the following environment variables to point to custom scripts:
+
+- `SCRIPT_BEFORE_UPDATE` - Occurs before everything else, including before Phabricator and it's associated repositories are updated.
+- `SCRIPT_BEFORE_MIGRATION` - Occurs after Phabricator is updated, but before the database migration scripts are run.  You can use this to clone additional libphutil libraries next to Phabricator, and you can use this to modify MySQL connection information.
+- `SCRIPT_AFTER_MIGRATION` - Occurs after database scripts have been run.
+- `SCRIPT_AFTER_LETS_ENCRYPT` - Occurs after Let's Encrypt has registered domains.  You can use this script to register additional domains that aren't specified by `PHABRICATOR_HOST` or `PHABRICATOR_CDN`.  This only runs if SSL is set to the Let's Encrypt mode.
+- `SCRIPT_BEFORE_DAEMONS` - Occurs before background daemons are launched.
+- `SCRIPT_AFTER_DAEMONS` - Occurs after background daemons are launched.  You can use this to launch additional daemons.
+
+For example, if you wanted to add an external libphutil library, you might configure the image like this:
+
+```
+docker run ... \
+    --env SCRIPT_BEFORE_MIGRATION=/scripts/beforemig.sh \
+    -v /hostscripts:/scripts \
+    ...
+```
+
+Then inside `/hostscripts` on the host you'd have the following executable shell script:
+
+```
+#!/bin/bash
+
+git clone https://github.com/mycompany/my-extension /srv/phabricator/my-extension
+cd /srv/phabricator/phabricator
+sudo -u "$PHABRICATOR_VCS_USER" ./bin/config set load-libraries '["/srv/phabricator/my-extension"]'
+```
+
+# Baking configuration into an image
+
+You can bake the configuration and initial start-up of this image into your own derived image.  The benefits of doing this are:
+
+* The start-up of the image will be faster, as the one-time processes will have already been done
+* You can push this image to a private repository and use it to run a Phabricator cluster
+
+To bake an image, create a `Dockerfile` like this:
+
+```
+FROM redpointgames/phabricator
+
+ADD my-script /my-script
+RUN /my-script
+```
+
+then create `my-script` like this:
+
+```
+#!/bin/bash
+ 
+set -e
+set -x
+
+export MYSQL_HOST="..."
+# .. export more configuration values here ..
+
+/bake /my-script
+```
+
+You can set the advanced environment variables for hooking scripts as documented in [Full Environment Variable Reference](ENV-LIST.md), and add those
+scripts to your image so they run each time.
+
+When writing custom scripts for your image, you can check if the script is being run during the initial bake process by checking with:
+
+```
+if [ -f /is-baking ]; then
+```
+
+Likewise, you can check if you are not doing an initial bake (non-baked start up, or start up after bake), with:
+
+```
+if [ ! -f /is-baking ]; then
+```
+
+You can check if the script is running after the image has been baked with:
+
+```
+if [ -f /baked ]; then
+```
+
+Likewise, you can check if you are not running in a baked image (non-baked start up, or during initial bake), with:
+
+```
+if [ ! -f /baked ]; then
+```
@@ -0,0 +1,152 @@
+# Basic Configuration
+
+For most basic setups, you can use environment variables to configure the Phabricator image to your liking.  This works well with tools like `docker-compose`.
+
+A full list of all available environment variables can be found in the [Full Environment Variable List](ENV-LIST.md).
+
+# Configuring GIT user
+
+```
+docker run ... \
+    --env GIT_USER="John Doe" \
+    --env GIT_EMAIL="jd@foo.com" \
+    --env GIT_EDITOR=/usr/bin/vim \
+    ...
+```
+
+
+# Configuring MySQL
+
+You need to do this before running the container, or things won't work.  If you have MySQL running in another container, you can use `MYSQL_HOST`, like so:
+
+```
+docker run ... \
+    --env MYSQL_HOST=mysql \
+    --env MYSQL_USER=phabricator \
+    --env MYSQL_PASS=password \
+    --link somecontainer:mysql \
+    ...
+```
+
+If your instance of MySQL is running on the host or some external system, you can connect to it using the `MYSQL_USER` and associated variables like so:
+
+```
+docker run \
+    --env MYSQL_HOST=externalhost.com \
+    --env MYSQL_PORT=3306 \
+    --env MYSQL_USER=phabricator \
+    --env MYSQL_PASS=password \
+    ...
+```
+
+The `MYSQL_PORT` environment variable is set to a sensible default, so normally you don't need to explicitly provide it.
+
+# Configuring Phabricator
+
+Phabricator needs some basic information about how clients will connect to it.  You can provide the base URI for Phabricator with the `PHABRICATOR_HOST` environment variable, like so:
+
+```
+docker run ... \
+    --env PHABRICATOR_HOST=myphabricator.com \
+    ...
+```
+
+It's recommended that you specify an alternate domain to serve files and other user content from.  This will make Phabricator more secure.  You can configure this using the `PHABRICATOR_CDN` option, like so:
+
+```
+docker run ... \
+    --env PHABRICATOR_CDN=altdomain.com \
+    ...
+```
+
+When using the Let's Encrypt SSL configuration, it will automatically register both domains.
+
+You also need to configure a place to store repository data.  This should be a volume mapped from the host, for example:
+
+```
+docker run ... \
+    --env PHABRICATOR_REPOSITORY_PATH=/repos \
+    -v /path/on/host:/repos \
+    ...
+```
+
+To provide SSH access to repositories, you need to set a path to store the SSH host keys in.  If you are not baking a derived image (see [Advanced Configuration](ADVANCED-CONFIG.md)), then you need to map that path to a location on the host.  If you are baking an image, you can omit the mapping and the SSH keys will form part of your derived image.  You can configure SSH access to repositories like so:
+
+```
+docker run ... \
+    --env PHABRICATOR_HOST_KEYS_PATH=/hostkeys/persisted \
+    -v /path/on/host:/hostkeys \
+    ...
+```
+
+By default, Phabricator stores file data in MySQL.  You can change this with the `PHABRICATOR_STORAGE_TYPE` option, which can be either `mysql` (the default), `disk` or `s3`.
+
+You can configure Phabricator to store files on disk by selecting the `disk` option, mapping a volume and configuring the path:
+
+```
+docker run ... \
+    --env PHABRICATOR_STORAGE_TYPE=disk \
+    --env PHABRICATOR_STORAGE_PATH=/files \
+    -v /path/on/host:/files \
+    ...
+```
+
+Alternatively if you want to store file data in S3, you can do so by selecting the `s3` option, configuring the bucket and setting the AWS access and secret keys to use:
+
+```
+docker run ... \
+    --env PHABRICATOR_STORAGE_TYPE=s3 \
+    --env PHABRICATOR_STORAGE_BUCKET=mybucket \
+    --env AWS_S3_ACCESS_KEY=... \
+    --env AWS_S3_SECRET_KEY=... \
+    ...
+```
+
+# Configuring SSL
+
+You can configure SSL in one of three ways: you can omit it entirely, you can turn on the automatic Let's Encrypt registration or you can provide SSL certificates.
+
+## No SSL
+
+This is the default.  If you provide no SSL related options, this image doesn't serve anything on port 443 (HTTPS).
+
+## Load Balancer terminated SSL
+
+If your load balancer is terminating SSL, you should set `SSL_TYPE` to `external` so that Phabricator will render out all links as HTTPS.  Without doing this (i.e. if you left the default of `none`), all of the Phabricator URLs would be prefixed with `http://` instead of `https://`.
+
+**NOTE:** If you use Load Balancer terminated SSL, things like real-time notifications are unlikely to work correctly.  It's recommended that you let the Docker instance terminate the SSL connection, and use TCP forwarding in any load balancer configuration you might have set up.
+
+```
+docker run ... \
+    --env SSL_TYPE=external \
+    ...
+```
+
+## Automatic SSL via Let's Encrypt
+
+For this to work, you need to provide a volume mapped to `/config`, so that the image can store certificates across restarts.  You also need to set `PHABRICATOR_HOST` and optionally `PHABRICATOR_CDN` as documented above.
+
+To enable automated SSL via Let's Encrypt, provide the following environment variables:
+
+```
+docker run ... \
+    --env SSL_TYPE=letsencrypt \
+    --env SSL_EMAIL='youremail@domain.com' \
+    --env PHABRICATOR_HOST=myphabricator.com \
+    --env PHABRICATOR_CDN=altdomain.com \
+    -v /some/host/path:/config \
+    ...
+```
+
+## Manual SSL
+
+If you want to provide your own certificates, map a volume containing your certificates and set the appropriate environment variables:
+
+```
+docker run ... \
+    --env SSL_TYPE=manual \
+    --env SSL_CERTIFICATE=/ssl/cert.pem \
+    --env SSL_PRIVATE_KEY=/ssl/cert.key \
+    -v /host/folder/containing/certs:/ssl \
+    ...
+```
@@ -0,0 +1,51 @@
+# Launch Phabricator with docker-compose command
+
+Docker Compose configuration file supplied in this repository defines a Phabricator service and a MySQL service.
+
+The MySQL service uses official MySQL Docker image mysql:5.7.14 and the Phabricator service uses image redpointgames/phabricator.
+
+
+## Configure `PHABRICATOR_HOST`
+
+Before you start, you should modify the `PHABRICATOR_HOST` inside docker-compose.yml so that `PHABRICATOR_HOST` represents the real domain name you want to use.
+
+If you do not modify the `PHABRICATOR_HOST`, Phabricator will not function correctly.
+
+## Docker Volume
+
+By default, it tries to mount host directory /srv/docker/phabricator/mysql as /var/lib/mysql in MySQL service container and host directory /srv/docker/phabricator/repos as /repo in Phabricator service container.
+
+It mounts host directory /srv/docker/phabricator/extensions as /srv/phabricator/phabricator/src/extensions in Phabricator service.
+
+If you would like to add additional translations for phabricator, you can just drop php files in host directory /srv/docker/phabricator/extensions.
+
+To ensure that MySQL database and code repositories are both persistent, please make sure the following directories exist in your docker host.
+
+```bash
+/srv/docker/phabricator/repos
+/srv/docker/phabricator/mysql
+```
+
+The following directory is optional and can be absent in your docker host.
+
+```bash
+/srv/docker/phabricator/extensions
+```
+
+It is required if you need extra Phabricator translations.
+
+## Launch Phabricator
+
+Once you configure `PHABRICATOR_HOST` and Docker Volume, you can run the following command within the directory where docker-compose.yml resides.
+
+To launch Phabricator in daemon mode
+
+```bash
+docker-compose up -d
+```
+
+To launch Phabricator in interactive mode
+
+```bash
+docker-compose up
+```
@@ -0,0 +1,10 @@
+FROM opensuse/leap:15.0
+
+EXPOSE 80 443 2222 24
+COPY baseline /baseline
+RUN /baseline/repository.sh
+RUN /baseline/setup.sh
+COPY preflight /preflight
+RUN /preflight/setup.sh
+CMD ["/bin/bash", "/app/init.sh"]
+#CMD ["/bin/bash"]
@@ -0,0 +1,53 @@
+# Full Environment Variable Reference
+
+- `PHABRICATOR_HOST` - The FQDN which is served by this Phabricator (standalone setu) of by the whole cluster (cluster setup).
+- `PHABRICATOR_CDN` - The domain name to use for serving files and other user content (optional, but recommended).
+- `PHABRICATOR_REPOSITORY_PATH` - The path to store repository data in.  This directory should be a volume mapped from the host, otherwise repository data will be lost when the container is destroyed.
+- `PHABRICATOR_STORAGE_TYPE` - The type of storage to use for files.  Defaults to `mysql`, but you can set it to `disk` or `s3` for alterate storage options (see [Basic Configuration](BASIC-CONFIG.md)).
+- `PHABRICATOR_STORAGE_PATH` - When using the `disk` type of storage, specifies the path in the container that's been mapped to the host for permanent file storage.  This should be a different path to `PHABRICATOR_REPOSITORY_PATH`.
+- `PHABRICATOR_STORAGE_BUCKET` - When using the `s3` type of storage, specifies the bucket to store files in.
+- `PHABRICATOR_VCS_USER` - The user name for SSH access. Defaults to `git`.
+- `PHABRICATOR_VCS_PORT` - The Docker-exposed port used for SSH access. Sets `diffusion.ssh-port`, which affects the URI displayed in Diffusion.
+- `PHABRICATOR_HOST_KEYS_PATH` - The path to store SSH host keys in.  This directory should be a volume mapped from the host, otherwise clients will be unable to connect after the container is restarted.
+- `AWS_S3_ACCESS_KEY` - The AWS access key to use for S3.  Only needed when the `s3` storage type is selected.
+- `AWS_S3_SECRET_KEY` - The AWS secret key to use for S3.  Only needed when the `s3` storage type is selected.
+- `MYSQL_HOST` - Use this if you want to connect to an external MySQL host (see [Basic Configuration](BASIC-CONFIG.md)).
+- `MYSQL_PORT` - When connecting to an external MySQL host, use this port (optional).
+- `MYSQL_USER` - The user to connect to MySQL as.
+- `MYSQL_PASS` - The password to connect to MySQL.
+- `MYSQL_STORAGE_NAMESPACE` - The prefix to use for database names (optional, defaults to "phabricator").
+- `ENABLE_APCU` - Enable the APCu extension for PHP.  This may improve performance, but is not as stable as regular PHP.
+- `ENABLE_UPDATE_ON_START` - By default this image uses the version of Phabricator baked into the image when it was made.  By setting this to "true", it will fetch the latest version of Phabricator when the image starts.
+- `SSL_TYPE` - One of "none", "manual", "external" or "letsencrypt".  See [Basic Configuration](BASIC-CONFIG.md) for more information (defaults to "none").
+- `SSL_CERTIFICATE` - The path to the SSL certificate chain (manual mode only).
+- `SSL_PRIVATE_KEY` - The path to the SSL private key (manual mode only).
+- `SSL_EMAIL` - The email address to use when registering for an SSL certificate (Let's Encrypt mode only)
+- `SSL_DOMAINS` - An optional comma seperated list of the domains to issue for, in addition to `PHABRICATOR_HOST` (Let's Encrypt mode only)
+- `DISABLE_IOMONITOR` - Disable the I/O monitor, which warns if the image is spending a lot of CPU time waiting on disk I/O.
+
+The following advanced options automatically turn on `ENABLE_UPDATE_ON_START`:
+
+- `OVERRIDE_PHABRICATOR_URI` - Changes the Git URI to clone Phabricator from.
+- `OVERRIDE_PHABRICATOR_BRANCH` - Changes the Git branch or commit to use for the Phabricator repository.
+- `OVERRIDE_ARCANIST_URI` - Changes the Git URI to clone Arcanist from.
+- `OVERRIDE_ARCANIST_BRANCH` - Changes the Git branch or commit to use for the Arcanist repository.
+- `OVERRIDE_LIBPHUTIL_URI` - Changes the Git URI to clone libphutil from.
+- `OVERRIDE_LIBPHUTIL_BRANCH` - Changes the Git branch or commit to use for the libphutil repository.
+
+The following advanced options allow you to run custom scripts during stages of the boot process:
+
+- `SCRIPT_BEFORE_UPDATE` - Occurs before everything else, including before Phabricator and it's associated repositories are updated.
+- `SCRIPT_BEFORE_MIGRATION` - Occurs after Phabricator is updated, but before the database migration scripts are run.  You can use this to clone additional libphutil libraries next to Phabricator, and you can use this to modify MySQL connection information.
+- `SCRIPT_AFTER_MIGRATION` - Occurs after database scripts have been run.
+- `SCRIPT_AFTER_LETS_ENCRYPT` - Occurs after Let's Encrypt has registered domains.  You can use this script to register additional domains that aren't specified by `PHABRICATOR_HOST` or `PHABRICATOR_CDN`.  This only runs if SSL is set to the Let's Encrypt mode.
+- `SCRIPT_BEFORE_DAEMONS` - Occurs before background daemons are launched.
+- `SCRIPT_AFTER_DAEMONS` - Occurs after background daemons are launched.  You can use this to launch additional daemons.
+- `PHABRICATOR_ALLOW_HTTP_AUTH` - Sets the diffusion.allow-http-auth config key
+- `PHABRICATOR_CLUSTER_DATABASE_JSON` - Sets cluster.databases config key. Expects a JSON file.
+- `PHABRICATOR_CLUSTER_MAILER_JSON` - Sets cluster.mailers config key. Expects a JSON file.
+- `PHABRICATOR_CLUSTER_ADDRESSES_JSON` - Sets cluster.addresses config key. Expects a JSON file.
+- `PHABRICATOR_CLUSTER_DEVICE_KEY` - Give path to the private key to be used for this cluster device registration. The key is provided by Almanac application, in Phabricator.
+- `PHABRICATOR_CLUSTER_DEVICE_HOST` - Give the FQDN or ip address of this cluster node.
+- `UPGRADE_STORAGE` - Tell the container to upgrade the storage when booting. Do not activate this in cluster setup.
+- `PHABRICATOR_ENV_APPEND_PATH_JSON` - Sets environment.append-paths config key. Add some paths to the Phabricator environment.
+- `ADD_SSL_TERMINATION_PREAMBLE` - Add PHP preamble when the installation is behind a SSL terminator (reverse proxy, load-balancer). See [Phabricator documentation about this](https://secure.phabricator.com/book/phabricator/article/configuring_preamble/).