Phabricator combines code review, tasks, and repository hosting in one system.
Production configuration should enforce secure auth, policy rules, and repository safety controls.
Key settings are managed through:
config/local/local.jsonbin/config commands- web-based admin config UI
Example local.json baseline:
{
"phabricator.base-uri": "https://phabricator.example.com/",
"mysql.host": "127.0.0.1",
"mysql.port": 3306,
"mysql.user": "phabricator",
"mysql.pass": "replace-with-strong-password",
"metamta.default-address": "phabricator@example.com",
"cluster.mailers": []
}
¶ Security and policy settings
- Disable public registration unless explicitly needed.
- Enforce MFA for privileged roles.
- Set strict default object policies (private by default).
- Restrict Diffusion repository write access to trusted groups only.
¶ Repository and review workflow
- Require reviewer approval before landing changes.
- Define Herald rules for ownership and compliance checks.
- Keep daemon (
phd) process monitored and supervised.
¶ Backup and recovery
Backup scope:
- MySQL database
local.json and service configs- repository storage directories
- file storage backend (if local disk)
Validation steps:
- Restore DB and storage on test host.
- Confirm Maniphest tasks, Differential revisions, and repositories are intact.
- Verify outbound mail and background daemons.
- TLS and proxy headers correctly configured.
phd daemons healthy.- Mail delivery verified.
- Storage growth and DB performance monitored.
Running Phabricator in regulated environments? We assist with:
- 🔐 TLS/SSL configuration
- 🔑 Authentication and authorization setup
- 📋 Audit logging and compliance reporting
- 🛡️ Security hardening benchmarks (CIS, STIG)
Secure your deployment: office@linux-server-admin.com | Contact Page