Thicket data repository for the EEG
anil.recoil.org
1{
2 "id": "https://mort.io/blog/setup-hotcrp/",
3 "title": "Hosting HotCRP",
4 "link": "https://mort.io/blog/setup-hotcrp/",
5 "updated": "2021-10-17T00:00:00",
6 "published": "2021-10-17T00:00:00",
7 "summary": "<p>I once had cause to setup\n<a href=\"https://read.seas.harvard.edu/~kohler/hotcrp/\">HotCRP</a> for local hosting.\nSpecifically on a local Lab-hosted VM image. Some of what follows is specific\nto the CUCL VM hosting service, but I think most of it is HotCRP generic and so\nmay be of use. Anyway, here’s the crib sheet, starting from\n<a href=\"https://mbtech.github.io/Setting-up-hotcrp/\">https://mbtech.github.io/Setting-up-hotcrp/</a>…</p>\n<pre><code><span><span><span>#</span></span><span> setup some variables</span><span>\n</span></span><span><span>YOUR-DOMAIN</span><span>=</span><span><span><span>"</span>hotcrp-test.cl.cam.ac.uk<span>"</span></span></span>\n</span><span><span>YOUR-WORKSHOP</span><span>=</span><span><span><span>"</span>sysws18<span>"</span></span></span>\n</span><span><span>YOUR-PASSWORD</span><span>=</span><span><span><span>"</span>mybestpassword<span>"</span></span></span>\n</span><span><span>YOUR-EMAIL</span><span>=</span><span><span><span>"</span>postmaster@example.com<span>"</span></span></span>\n</span></code></pre>\n<h2><a href=\"https://mort.io/blog/setup-hotcrp/#lab-specifics\">Lab specifics</a></h2>\n<p>Assume we start from a default Ubuntu template VM, and then…</p>\n<ol>\n<li>Configure the VM</li>\n</ol>\n<pre><code><span><span><span>cl-asuser</span></span><span> passwd <span><span>#</span></span><span> set UNIX password for sudo</span><span>\n</span></span></span><span>\n</span><span><span><span>#</span></span><span> create some space</span><span>\n</span></span><span><span>for</span><span> d <span>in</span> /usr/src/<span>*</span></span> <span>;</span> <span>do</span>\n</span><span><span> <span>export</span> <span>K</span><span>=</span><span><span><span>$</span><span>(</span><span><span>uname</span></span><span><span><span> -</span>r</span></span> <span>|</span> <span><span>sed</span></span><span> <span><span>'</span>s/-generic$//<span>'</span></span></span><span>)</span></span></span></span>\n</span><span> <span><span>echo</span></span><span> <span><span>-</span>n</span> <span><span>$</span><span>K</span></span> <span><span>$</span><span>d</span></span> ...</span>\n</span><span> <span><span>case</span> <span><span>$</span><span>d</span></span> <span>in</span>\n</span></span><span><span> </span><span><span><span>"</span>/usr/src/linux-headers-<span><span>$</span><span>K</span></span><span>"</span></span> <span>|</span> <span><span>"</span>/usr/src/linux-headers-<span><span>$</span><span>{</span></span><span><span>K</span></span><span><span>}</span></span>-generic<span>"</span></span> <span><span>)</span></span></span><span>\n</span></span><span><span> <span><span>echo</span></span><span> keep</span>\n</span></span><span><span> </span><span><span>;;</span></span><span>\n</span></span><span><span> </span><span><span>*</span> <span><span>)</span></span></span><span>\n</span></span><span><span> <span><span>echo</span></span><span> remove</span>\n</span></span><span><span> <span><span>sudo</span></span><span> rm<span><span> -</span>rf</span> <span><span>$</span><span>d</span></span></span>\n</span></span><span><span> </span><span><span>;;</span></span><span>\n</span></span><span><span> <span>esac</span></span>\n</span><span><span>done</span>\n</span><span>\n</span><span><span><span>#</span></span><span> THIS IS UNSAFE! BE CAREFUL! IT CALLS `sudo rm -rf`!</span><span>\n</span></span><span><span>for</span><span> d <span>in</span> /lib/modules/<span>*</span></span> <span>;</span> <span>do</span>\n</span><span> <span><span>echo</span></span><span> <span><span>$</span><span>d</span></span> ...</span>\n</span><span> <span><span>case</span> <span><span>$</span><span>d</span></span> <span>in</span>\n</span></span><span><span> </span><span><span><span>"</span>/lib/modules/<span><span>$</span><span>(</span><span><span>uname</span></span><span><span><span> -</span>r</span></span><span>)</span></span><span>"</span></span> <span><span>)</span></span></span><span>\n</span></span><span><span> <span><span>echo</span></span><span> keep</span>\n</span></span><span><span> </span><span><span>;;</span></span><span>\n</span></span><span><span> </span><span><span>*</span> <span><span>)</span></span></span><span>\n</span></span><span><span> <span><span>echo</span></span><span> remove</span>\n</span></span><span><span> <span><span>sudo</span></span><span> rm<span><span> -</span>rf</span> <span><span>$</span><span>d</span></span></span>\n</span></span><span><span> </span><span><span>;;</span></span><span>\n</span></span><span><span> <span>esac</span></span>\n</span><span><span>done</span>\n</span><span>\n</span><span><span><span>#</span></span><span> if necessary, resize the partition. this shouldn't be necessary with the new</span><span>\n</span></span><span><span><span>#</span></span><span> VM image! if you need more than ~1GB space for papers, setup xvdb1</span><span>\n</span></span><span><span><span>sudo</span></span><span> fdisk /dev/xvda <span><span><<</span><span>EOF</span></span><span>\n</span></span></span><span><span><span>p\n</span></span></span><span><span><span>d\n</span></span></span><span><span><span>n\n</span></span></span><span><span><span>\n</span></span></span><span><span><span>\n</span></span></span><span><span><span>\n</span></span></span><span><span><span>\n</span></span></span><span><span><span>w\n</span></span></span><span><span><span><span>EOF</span></span></span>\n</span><span><span><span>sudo</span></span><span> partprobe</span>\n</span><span>\n</span><span><span><span>#</span></span><span> resize the default filesystem to use the entire partition</span><span>\n</span></span><span><span><span>sudo</span></span><span> resize2fs /dev/xvda1 <span><span>#</span></span><span> blank SIZE means use whole partition</span><span>\n</span></span></span></code></pre>\n<ol>\n<li>Install packages</li>\n</ol>\n<pre><code><span><span><span>#</span></span><span> sort out packages</span><span>\n</span></span><span><span><span>export</span> <span>TZ</span><span>=</span><span>Europe/London</span></span>\n</span><span><span><span>sudo</span></span><span> apt update</span> <span>&&</span> <span><span>sudo</span></span><span> apt install<span><span> --</span>no-install-recommends</span><span><span> -</span>qq</span><span><span> -</span>yy</span> <span>\\\n</span></span></span><span><span> apache2 <span>\\\n</span></span></span><span><span> ca-certificates <span>\\\n</span></span></span><span><span> git <span>\\\n</span></span></span><span><span> libapache2-mod-php <span>\\\n</span></span></span><span><span> mailutils <span>\\\n</span></span></span><span><span> mysql-server</span>\n</span><span> <span><span>php-curl</span></span><span> <span>\\\n</span></span></span><span><span> php-json <span>\\\n</span></span></span><span><span> php-mysql <span>\\\n</span></span></span><span><span> poppler-utils <span>\\\n</span></span></span><span><span> postfix <span>\\\n</span></span></span><span><span> zip</span>\n</span></code></pre>\n<ol>\n<li>Configure <code>postfix</code></li>\n</ol>\n<pre><code><span><span><span>#</span></span><span> configure postfix: accept defaults if offered, setup postfix to use ppsw</span><span>\n</span></span><span><span><span>sudo</span></span><span> sed<span><span> -</span>i</span> <span><span>'</span>s/relayhost =/relayhost = ppsw.cam.ac.uk/<span>'</span></span> /etc/postfix/main.cf</span>\n</span><span><span><span>sudo</span></span><span> /etc/init.d/postfix reload</span>\n</span><span><span><span>sudo</span></span><span> systemctl restart postfix.service</span>\n</span><span><span><span>#</span></span><span> test mail sending</span><span>\n</span></span><span><span><span>echo</span></span><span> <span><span>"</span>Test mail from postfix<span>"</span></span></span> <span>|</span> <span><span>mail</span></span><span><span><span> -</span>s</span> <span><span>"</span>Test Postfix<span>"</span></span> <span><span>$</span><span>{</span></span><span><span>YOUR</span></span><span><span>-</span></span><span>EMAIL</span><span><span>}</span></span></span>\n</span></code></pre>\n<p>For more email help, see\n<a href=\"https://help.uis.cam.ac.uk/email-telephony-and-collaboration/email/specialist-email-advice/sending-email\">https://help.uis.cam.ac.uk/email-telephony-and-collaboration/email/specialist-email-advice/sending-email</a>\nusing <code>YOUR-DOMAIN</code> as mail domain, and <code>ppsw.cam.ac.uk</code> as relay host.</p>\n<ol>\n<li>Install HotCRP</li>\n</ol>\n<p>Get latest release:</p>\n<pre><code><span><span><span>git</span></span><span> clone https://github.com/kohler/hotcrp.git</span>\n</span><span><span><span>cd</span></span><span> hotcrp</span>\n</span><span><span><span>git</span></span><span> checkout tags/v2.101<span><span> -</span>b</span> v2.101</span>\n</span></code></pre>\n<ol>\n<li>Setup <code>root</code> account for MySQL</li>\n</ol>\n<pre><code><span><span><span>sudo</span></span><span> /etc/init.d/mysql stop <span><span>#</span></span><span> stop the running service</span><span>\n</span></span></span><span>\n</span><span><span><span>#</span></span><span> configure and run mysql in the console</span><span>\n</span></span><span><span><span>sudo</span></span><span> mkdir<span><span> -</span>p</span> /var/run/mysqld</span>\n</span><span><span><span>sudo</span></span><span> chown mysql:mysql /var/run/mysqld</span>\n</span><span><span><span>sudo</span></span><span> mysqld_safe<span><span> --</span>skip-grant-tables</span></span> <span>&</span> <span><span>sleep</span></span><span> 5</span>\n</span><span>\n</span><span><span><span>#</span></span><span> smash a new `root` password in place </span><span>\n</span></span><span><span><span>sudo</span></span><span> mysql</span>\n</span><span><span><span>ALTER</span></span><span> USER <span><span>'</span>root<span>'</span></span>@<span><span>'</span>localhost<span>'</span></span> IDENTIFIED WITH mysql_native_password BY <span><span>'</span>${YOUR-PASSWORD}<span>'</span></span></span><span>;</span> \n</span><span><span><span>FLUSH</span></span><span> PRIVILEGES</span><span>;</span>\n</span><span><span><span>exit</span></span><span>;</span>\n</span><span>\n</span><span><span><span>#</span></span><span> restart mysql properly as a service</span><span>\n</span></span><span><span><span>mysqladmin</span></span><span><span><span> -</span>uroot</span><span><span> -</span>p<span><span>$</span><span>{</span></span><span><span>YOUR</span></span><span><span>-</span></span><span>PASSWORD</span><span><span>}</span></span></span><span><span> -</span>h127</span>.0.0.1<span><span> --</span>protocol</span><span>=</span>tcp shutdown</span>\n</span><span><span><span>sudo</span></span><span> /etc/init.d/mysql start</span>\n</span></code></pre>\n<p>…alternatively</p>\n<pre><code><span><span><span>mysql</span></span><span><span><span> -</span>uroot</span><span><span><<</span><span>_EOF</span></span><span>\n</span></span></span><span><span><span>USE mysql;\n</span></span></span><span><span><span>\n</span></span></span><span><span><span>UPDATE mysql.user SET authentication_string = PASSWORD('<span><span>$</span><span>{</span></span><span><span>YOUR</span></span><span><span>-</span></span><span>PASSWORD</span><span><span>}</span></span>')\n</span></span></span><span><span><span>WHERE User = 'root' AND Host = 'localhost';\n</span></span></span><span><span><span>FLUSH PRIVILEGES;\n</span></span></span><span><span><span>\n</span></span></span><span><span><span>QUIT\n</span></span></span><span><span><span><span>_EOF</span></span></span>\n</span></code></pre>\n<ol>\n<li>Secure your MySQL installation</li>\n</ol>\n<pre><code><span><span><span>sudo</span></span><span> systemctl stop mysql</span>\n</span><span><span><span>sudo</span></span><span> mkdir<span><span> -</span>p</span> /var/run/mysqld</span>\n</span><span><span><span>sudo</span></span><span> chown mysql:mysql /var/run/mysqld</span>\n</span><span><span><span>sudo</span></span><span> mysqld_safe<span><span> --</span>skip-grant-tables</span><span><span> --</span>skip-networking</span></span> <span>&</span>\n</span><span><span><span>sudo</span></span><span> mysql_secure_installation<span><span> -</span>p<span><span>$</span><span>{</span></span><span><span>YOUR</span></span><span><span>-</span></span><span>PASSWORD</span><span><span>}</span></span></span><span><span><<</span><span>EOF</span></span><span>\n</span></span></span><span><span><span>n\n</span></span></span><span><span><span>n\n</span></span></span><span><span><span>y\n</span></span></span><span><span><span>y\n</span></span></span><span><span><span>y\n</span></span></span><span><span><span>y\n</span></span></span><span><span><span><span>EOF</span></span></span>\n</span></code></pre>\n<ol>\n<li>Setup the HotCRP MySQL tables and config</li>\n</ol>\n<pre><code><span><span><span>lib/createdb.sh</span></span><span><span><span> --</span>user</span><span>=</span>root<span><span> --</span>password</span><span>=</span><span><span>$</span><span>{</span></span><span><span>YOUR</span></span><span><span>-</span></span><span>PASSWORD</span><span><span>}</span></span> <span><span><<</span><span>EOF</span></span><span>\n</span></span></span><span><span><span>ok\n</span></span></span><span><span><span>YOUR-WORKSHOP\n</span></span></span><span><span><span><span>EOF</span></span></span>\n</span><span>\n</span><span><span><span>#</span></span><span> edit conf/options.php</span><span>\n</span></span><span><span><span>#</span></span><span> - contactName</span><span>\n</span></span><span><span><span>#</span></span><span> - contactEmail</span><span>\n</span></span><span><span><span>#</span></span><span> - sendEmail</span><span>\n</span></span><span><span><span>#</span></span><span> - emailFrom</span><span>\n</span></span><span><span><span>#</span></span><span> - emailSender</span><span>\n</span></span><span><span><span>#</span></span><span> - timezone</span><span>\n</span></span><span><span><span>#</span></span><span> - upload_max_filesize [ if you care ]</span><span>\n</span></span></code></pre>\n<ol>\n<li>Turn on the HotCRP site in your Apache configuration</li>\n</ol>\n<pre><code><span><span><span>#</span></span><span> apache2: turn on hotcrp site</span><span>\n</span></span><span><span><span>sudo</span></span><span> sh<span><span> -</span>c</span> <span><span>'</span>cat >>/etc/apache2/conf-available/hotcrp.conf <<_EOF\n</span></span></span><span><span><span><Directory "$(pwd -P)">\n</span></span></span><span><span><span> Options Indexes Includes FollowSymLinks\n</span></span></span><span><span><span> AllowOverride all\n</span></span></span><span><span><span> Require all granted\n</span></span></span><span><span><span></Directory>\n</span></span></span><span><span><span>Alias /YOUR-WORKSHOP $(pwd -P)\n</span></span></span><span><span><span>_EOF\n</span></span></span><span><span><span><span>'</span></span></span>\n</span><span>\n</span><span><span><span>sudo</span></span><span> a2enconf <span><span><<</span><span>EOF</span></span><span>\n</span></span></span><span><span><span>hotcrp\n</span></span></span><span><span><span><span>EOF</span></span></span>\n</span><span>\n</span><span><span><span>sudo</span></span><span> chgrp www-data conf/options.php</span>\n</span><span><span><span>sudo</span></span><span> service apache2 reload</span>\n</span><span><span><span>sudo</span></span><span> apache2ctl graceful</span>\n</span></code></pre>\n<p>…and you should now be able to access your hotcrp site at <a href=\"http://$%7BYOUR-DOMAIN%7D/$%7BYOUR-WORKSHOP%7D\">http://${YOUR-DOMAIN}/${YOUR-WORKSHOP}</a></p>\n<ol>\n<li>Use <a href=\"https://letsencrypt.org/\">Let’s Encrypt</a> to create and configure\ncertificates for HTTPS support</li>\n</ol>\n<pre><code><span><span><span>sudo</span></span><span> apt install<span><span> -</span>yy</span> software-properties-common</span>\n</span><span><span><span>sudo</span></span><span> add-apt-repository ppa:certbot/certbot</span>\n</span><span><span><span>sudo</span></span><span> apt update</span>\n</span><span><span><span>sudo</span></span><span> apt install<span><span> -</span>yy</span> certbot-auto</span>\n</span><span><span><span>wget</span></span><span> https://dl.eff.org/certbot-auto</span>\n</span><span><span><span>chmod</span></span><span> a+x ./certbot-auto</span>\n</span><span><span><span>sudo</span></span><span> ./certbot-auto<span><span> -</span>n</span><span><span> --</span>os-packages-only</span></span>\n</span><span>\n</span><span><span><span>sudo</span></span><span> ./certbot-auto<span><span> -</span>a</span> webroot<span><span> -</span>i</span> apache<span><span> -</span>w</span> <span><span>$</span><span>(</span><span><span>pwd</span></span><span> <span><span>-</span>P</span></span><span>)</span></span> <span>\\\n</span></span></span><span><span><span><span> --</span>agree-tos</span><span><span> --</span>redirect</span><span><span> --</span>uir</span><span><span> --</span>hsts</span><span><span> --</span>staple-ocsp</span> <span>\\\n</span></span></span><span><span><span><span> -</span>d</span> YOUR-DOMAIN<span><span> --</span>email</span> YOUR-EMAIL</span>\n</span><span>\n</span><span><span><span>sudo</span></span><span> ./certbot-auto<span><span> --</span>install-only</span></span>\n</span></code></pre>\n\n<ol>\n<li>Set permissions on the certificate directories</li>\n</ol>\n<pre><code><span><span><span>sudo</span></span><span> chgrp www-data /etc/letsencrypt/live</span>\n</span><span><span><span>sudo</span></span><span> chmod g+rx /etc/letsencrypt/live</span>\n</span><span><span><span>sudo</span></span><span> chgrp www-data /etc/letsencrypt/archive/</span>\n</span><span><span><span>sudo</span></span><span> chmod g+rx /etc/letsencrypt/archive/</span>\n</span></code></pre>\n<p>End state is the Apache config looks something like the following, with\nunindented lines being those I added:</p>\n<pre><code><span><span><span>$</span></span><span> cat /etc/apache2/sites-available/hotcrp.conf</span>\n</span><span><span><</span>IfModule <span><span>mod_ssl.c</span></span><span><span>></span>\n</span></span><span>\n</span><span><span><span>SSLStaplingCache</span></span><span> shmcb:/var/run/apache2/stapling_cache(128000</span><span></span>)\n</span><span>\n</span><span>\t<span><</span>VirtualHost <span><span>_default_:443</span></span><span><span>></span>\n</span></span><span>\t\t<span><span>ServerAdmin</span></span><span> webmaster@localhost</span>\n</span><span>\t\t<span><span>DocumentRoot</span></span><span> /home/hotcrp/hotcrp</span>\n</span><span>\t\t<span><span>ErrorLog</span></span><span> <span><span>$</span><span>{</span></span><span><span>APACHE_LOG_DIR</span></span><span><span>}</span></span>/error.log</span>\n</span><span>\t\t<span><span>CustomLog</span></span><span> <span><span>$</span><span>{</span></span><span><span>APACHE_LOG_DIR</span></span><span><span>}</span></span>/access.log combined</span>\n</span><span>\t\t<span><span>SSLEngine</span></span><span> on</span>\n</span><span>\n</span><span><span><span>SSLCACertificateFile</span></span><span> /etc/letsencrypt/live/hotcrp.sysws.org.uk/fullchain.pem</span>\n</span><span><span><span>SSLUseStapling</span></span><span> on</span>\n</span><span>\n</span><span>\t\t<span><</span>FilesMatch <span><span><span><span>"</span>\\.(cgi|shtml|phtml|php)$<span>"</span></span></span></span><span><span>></span>\n</span></span><span>\t\t\t\t<span><span>SSLOptions</span></span><span> +StdEnvVars</span>\n</span><span>\t\t<span><</span>/FilesMatch<span>></span>\n</span><span>\t\t<span><</span>Directory <span><span>/usr/lib/cgi-bin</span></span><span><span>></span>\n</span></span><span>\t\t\t\t<span><span>SSLOptions</span></span><span> +StdEnvVars</span>\n</span><span>\t\t<span><</span>/Directory<span>></span>\n</span><span>\n</span><span><span><span>ServerName</span></span><span> hotcrp.sysws.org.uk</span>\n</span><span><span><span>SSLCertificateFile</span></span><span> /etc/letsencrypt/live/hotcrp.sysws.org.uk-0001/fullchain.pem</span>\n</span><span><span><span>SSLCertificateKeyFile</span></span><span> /etc/letsencrypt/live/hotcrp.sysws.org.uk-0001/privkey.pem</span>\n</span><span><span><span>Include</span></span><span> /etc/letsencrypt/options-ssl-apache.conf</span>\n</span><span><span><span>Header</span></span><span> always set Strict-Transport-Security <span><span>"</span>max-age=31536000<span>"</span></span></span>\n</span><span><span><span>Header</span></span><span> always set Content-Security-Policy upgrade-insecure-requests</span>\n</span><span>\n</span><span>\t<span><</span>/VirtualHost<span>></span>\n</span><span><span><</span>/IfModule<span>></span>\n</span><span>\n</span><span><span><span>11.</span></span><span> Add DNS entry for the name assigned (in my case, <span><span>`</span><span><span>hotcrp.DOMAIN</span></span><span>`</span></span></span><span></span>)<span><span>.</span></span>\n</span></code></pre>",
8 "content": "<p>I once had cause to setup\n<a href=\"https://read.seas.harvard.edu/~kohler/hotcrp/\">HotCRP</a> for local hosting.\nSpecifically on a local Lab-hosted VM image. Some of what follows is specific\nto the CUCL VM hosting service, but I think most of it is HotCRP generic and so\nmay be of use. Anyway, here’s the crib sheet, starting from\n<a href=\"https://mbtech.github.io/Setting-up-hotcrp/\">https://mbtech.github.io/Setting-up-hotcrp/</a>…</p>\n<pre><code><span><span><span>#</span></span><span> setup some variables</span><span>\n</span></span><span><span>YOUR-DOMAIN</span><span>=</span><span><span><span>"</span>hotcrp-test.cl.cam.ac.uk<span>"</span></span></span>\n</span><span><span>YOUR-WORKSHOP</span><span>=</span><span><span><span>"</span>sysws18<span>"</span></span></span>\n</span><span><span>YOUR-PASSWORD</span><span>=</span><span><span><span>"</span>mybestpassword<span>"</span></span></span>\n</span><span><span>YOUR-EMAIL</span><span>=</span><span><span><span>"</span>postmaster@example.com<span>"</span></span></span>\n</span></code></pre>\n<h2><a href=\"https://mort.io/blog/setup-hotcrp/#lab-specifics\">Lab specifics</a></h2>\n<p>Assume we start from a default Ubuntu template VM, and then…</p>\n<ol>\n<li>Configure the VM</li>\n</ol>\n<pre><code><span><span><span>cl-asuser</span></span><span> passwd <span><span>#</span></span><span> set UNIX password for sudo</span><span>\n</span></span></span><span>\n</span><span><span><span>#</span></span><span> create some space</span><span>\n</span></span><span><span>for</span><span> d <span>in</span> /usr/src/<span>*</span></span> <span>;</span> <span>do</span>\n</span><span><span> <span>export</span> <span>K</span><span>=</span><span><span><span>$</span><span>(</span><span><span>uname</span></span><span><span><span> -</span>r</span></span> <span>|</span> <span><span>sed</span></span><span> <span><span>'</span>s/-generic$//<span>'</span></span></span><span>)</span></span></span></span>\n</span><span> <span><span>echo</span></span><span> <span><span>-</span>n</span> <span><span>$</span><span>K</span></span> <span><span>$</span><span>d</span></span> ...</span>\n</span><span> <span><span>case</span> <span><span>$</span><span>d</span></span> <span>in</span>\n</span></span><span><span> </span><span><span><span>"</span>/usr/src/linux-headers-<span><span>$</span><span>K</span></span><span>"</span></span> <span>|</span> <span><span>"</span>/usr/src/linux-headers-<span><span>$</span><span>{</span></span><span><span>K</span></span><span><span>}</span></span>-generic<span>"</span></span> <span><span>)</span></span></span><span>\n</span></span><span><span> <span><span>echo</span></span><span> keep</span>\n</span></span><span><span> </span><span><span>;;</span></span><span>\n</span></span><span><span> </span><span><span>*</span> <span><span>)</span></span></span><span>\n</span></span><span><span> <span><span>echo</span></span><span> remove</span>\n</span></span><span><span> <span><span>sudo</span></span><span> rm<span><span> -</span>rf</span> <span><span>$</span><span>d</span></span></span>\n</span></span><span><span> </span><span><span>;;</span></span><span>\n</span></span><span><span> <span>esac</span></span>\n</span><span><span>done</span>\n</span><span>\n</span><span><span><span>#</span></span><span> THIS IS UNSAFE! BE CAREFUL! IT CALLS `sudo rm -rf`!</span><span>\n</span></span><span><span>for</span><span> d <span>in</span> /lib/modules/<span>*</span></span> <span>;</span> <span>do</span>\n</span><span> <span><span>echo</span></span><span> <span><span>$</span><span>d</span></span> ...</span>\n</span><span> <span><span>case</span> <span><span>$</span><span>d</span></span> <span>in</span>\n</span></span><span><span> </span><span><span><span>"</span>/lib/modules/<span><span>$</span><span>(</span><span><span>uname</span></span><span><span><span> -</span>r</span></span><span>)</span></span><span>"</span></span> <span><span>)</span></span></span><span>\n</span></span><span><span> <span><span>echo</span></span><span> keep</span>\n</span></span><span><span> </span><span><span>;;</span></span><span>\n</span></span><span><span> </span><span><span>*</span> <span><span>)</span></span></span><span>\n</span></span><span><span> <span><span>echo</span></span><span> remove</span>\n</span></span><span><span> <span><span>sudo</span></span><span> rm<span><span> -</span>rf</span> <span><span>$</span><span>d</span></span></span>\n</span></span><span><span> </span><span><span>;;</span></span><span>\n</span></span><span><span> <span>esac</span></span>\n</span><span><span>done</span>\n</span><span>\n</span><span><span><span>#</span></span><span> if necessary, resize the partition. this shouldn't be necessary with the new</span><span>\n</span></span><span><span><span>#</span></span><span> VM image! if you need more than ~1GB space for papers, setup xvdb1</span><span>\n</span></span><span><span><span>sudo</span></span><span> fdisk /dev/xvda <span><span><<</span><span>EOF</span></span><span>\n</span></span></span><span><span><span>p\n</span></span></span><span><span><span>d\n</span></span></span><span><span><span>n\n</span></span></span><span><span><span>\n</span></span></span><span><span><span>\n</span></span></span><span><span><span>\n</span></span></span><span><span><span>\n</span></span></span><span><span><span>w\n</span></span></span><span><span><span><span>EOF</span></span></span>\n</span><span><span><span>sudo</span></span><span> partprobe</span>\n</span><span>\n</span><span><span><span>#</span></span><span> resize the default filesystem to use the entire partition</span><span>\n</span></span><span><span><span>sudo</span></span><span> resize2fs /dev/xvda1 <span><span>#</span></span><span> blank SIZE means use whole partition</span><span>\n</span></span></span></code></pre>\n<ol>\n<li>Install packages</li>\n</ol>\n<pre><code><span><span><span>#</span></span><span> sort out packages</span><span>\n</span></span><span><span><span>export</span> <span>TZ</span><span>=</span><span>Europe/London</span></span>\n</span><span><span><span>sudo</span></span><span> apt update</span> <span>&&</span> <span><span>sudo</span></span><span> apt install<span><span> --</span>no-install-recommends</span><span><span> -</span>qq</span><span><span> -</span>yy</span> <span>\\\n</span></span></span><span><span> apache2 <span>\\\n</span></span></span><span><span> ca-certificates <span>\\\n</span></span></span><span><span> git <span>\\\n</span></span></span><span><span> libapache2-mod-php <span>\\\n</span></span></span><span><span> mailutils <span>\\\n</span></span></span><span><span> mysql-server</span>\n</span><span> <span><span>php-curl</span></span><span> <span>\\\n</span></span></span><span><span> php-json <span>\\\n</span></span></span><span><span> php-mysql <span>\\\n</span></span></span><span><span> poppler-utils <span>\\\n</span></span></span><span><span> postfix <span>\\\n</span></span></span><span><span> zip</span>\n</span></code></pre>\n<ol>\n<li>Configure <code>postfix</code></li>\n</ol>\n<pre><code><span><span><span>#</span></span><span> configure postfix: accept defaults if offered, setup postfix to use ppsw</span><span>\n</span></span><span><span><span>sudo</span></span><span> sed<span><span> -</span>i</span> <span><span>'</span>s/relayhost =/relayhost = ppsw.cam.ac.uk/<span>'</span></span> /etc/postfix/main.cf</span>\n</span><span><span><span>sudo</span></span><span> /etc/init.d/postfix reload</span>\n</span><span><span><span>sudo</span></span><span> systemctl restart postfix.service</span>\n</span><span><span><span>#</span></span><span> test mail sending</span><span>\n</span></span><span><span><span>echo</span></span><span> <span><span>"</span>Test mail from postfix<span>"</span></span></span> <span>|</span> <span><span>mail</span></span><span><span><span> -</span>s</span> <span><span>"</span>Test Postfix<span>"</span></span> <span><span>$</span><span>{</span></span><span><span>YOUR</span></span><span><span>-</span></span><span>EMAIL</span><span><span>}</span></span></span>\n</span></code></pre>\n<p>For more email help, see\n<a href=\"https://help.uis.cam.ac.uk/email-telephony-and-collaboration/email/specialist-email-advice/sending-email\">https://help.uis.cam.ac.uk/email-telephony-and-collaboration/email/specialist-email-advice/sending-email</a>\nusing <code>YOUR-DOMAIN</code> as mail domain, and <code>ppsw.cam.ac.uk</code> as relay host.</p>\n<ol>\n<li>Install HotCRP</li>\n</ol>\n<p>Get latest release:</p>\n<pre><code><span><span><span>git</span></span><span> clone https://github.com/kohler/hotcrp.git</span>\n</span><span><span><span>cd</span></span><span> hotcrp</span>\n</span><span><span><span>git</span></span><span> checkout tags/v2.101<span><span> -</span>b</span> v2.101</span>\n</span></code></pre>\n<ol>\n<li>Setup <code>root</code> account for MySQL</li>\n</ol>\n<pre><code><span><span><span>sudo</span></span><span> /etc/init.d/mysql stop <span><span>#</span></span><span> stop the running service</span><span>\n</span></span></span><span>\n</span><span><span><span>#</span></span><span> configure and run mysql in the console</span><span>\n</span></span><span><span><span>sudo</span></span><span> mkdir<span><span> -</span>p</span> /var/run/mysqld</span>\n</span><span><span><span>sudo</span></span><span> chown mysql:mysql /var/run/mysqld</span>\n</span><span><span><span>sudo</span></span><span> mysqld_safe<span><span> --</span>skip-grant-tables</span></span> <span>&</span> <span><span>sleep</span></span><span> 5</span>\n</span><span>\n</span><span><span><span>#</span></span><span> smash a new `root` password in place </span><span>\n</span></span><span><span><span>sudo</span></span><span> mysql</span>\n</span><span><span><span>ALTER</span></span><span> USER <span><span>'</span>root<span>'</span></span>@<span><span>'</span>localhost<span>'</span></span> IDENTIFIED WITH mysql_native_password BY <span><span>'</span>${YOUR-PASSWORD}<span>'</span></span></span><span>;</span> \n</span><span><span><span>FLUSH</span></span><span> PRIVILEGES</span><span>;</span>\n</span><span><span><span>exit</span></span><span>;</span>\n</span><span>\n</span><span><span><span>#</span></span><span> restart mysql properly as a service</span><span>\n</span></span><span><span><span>mysqladmin</span></span><span><span><span> -</span>uroot</span><span><span> -</span>p<span><span>$</span><span>{</span></span><span><span>YOUR</span></span><span><span>-</span></span><span>PASSWORD</span><span><span>}</span></span></span><span><span> -</span>h127</span>.0.0.1<span><span> --</span>protocol</span><span>=</span>tcp shutdown</span>\n</span><span><span><span>sudo</span></span><span> /etc/init.d/mysql start</span>\n</span></code></pre>\n<p>…alternatively</p>\n<pre><code><span><span><span>mysql</span></span><span><span><span> -</span>uroot</span><span><span><<</span><span>_EOF</span></span><span>\n</span></span></span><span><span><span>USE mysql;\n</span></span></span><span><span><span>\n</span></span></span><span><span><span>UPDATE mysql.user SET authentication_string = PASSWORD('<span><span>$</span><span>{</span></span><span><span>YOUR</span></span><span><span>-</span></span><span>PASSWORD</span><span><span>}</span></span>')\n</span></span></span><span><span><span>WHERE User = 'root' AND Host = 'localhost';\n</span></span></span><span><span><span>FLUSH PRIVILEGES;\n</span></span></span><span><span><span>\n</span></span></span><span><span><span>QUIT\n</span></span></span><span><span><span><span>_EOF</span></span></span>\n</span></code></pre>\n<ol>\n<li>Secure your MySQL installation</li>\n</ol>\n<pre><code><span><span><span>sudo</span></span><span> systemctl stop mysql</span>\n</span><span><span><span>sudo</span></span><span> mkdir<span><span> -</span>p</span> /var/run/mysqld</span>\n</span><span><span><span>sudo</span></span><span> chown mysql:mysql /var/run/mysqld</span>\n</span><span><span><span>sudo</span></span><span> mysqld_safe<span><span> --</span>skip-grant-tables</span><span><span> --</span>skip-networking</span></span> <span>&</span>\n</span><span><span><span>sudo</span></span><span> mysql_secure_installation<span><span> -</span>p<span><span>$</span><span>{</span></span><span><span>YOUR</span></span><span><span>-</span></span><span>PASSWORD</span><span><span>}</span></span></span><span><span><<</span><span>EOF</span></span><span>\n</span></span></span><span><span><span>n\n</span></span></span><span><span><span>n\n</span></span></span><span><span><span>y\n</span></span></span><span><span><span>y\n</span></span></span><span><span><span>y\n</span></span></span><span><span><span>y\n</span></span></span><span><span><span><span>EOF</span></span></span>\n</span></code></pre>\n<ol>\n<li>Setup the HotCRP MySQL tables and config</li>\n</ol>\n<pre><code><span><span><span>lib/createdb.sh</span></span><span><span><span> --</span>user</span><span>=</span>root<span><span> --</span>password</span><span>=</span><span><span>$</span><span>{</span></span><span><span>YOUR</span></span><span><span>-</span></span><span>PASSWORD</span><span><span>}</span></span> <span><span><<</span><span>EOF</span></span><span>\n</span></span></span><span><span><span>ok\n</span></span></span><span><span><span>YOUR-WORKSHOP\n</span></span></span><span><span><span><span>EOF</span></span></span>\n</span><span>\n</span><span><span><span>#</span></span><span> edit conf/options.php</span><span>\n</span></span><span><span><span>#</span></span><span> - contactName</span><span>\n</span></span><span><span><span>#</span></span><span> - contactEmail</span><span>\n</span></span><span><span><span>#</span></span><span> - sendEmail</span><span>\n</span></span><span><span><span>#</span></span><span> - emailFrom</span><span>\n</span></span><span><span><span>#</span></span><span> - emailSender</span><span>\n</span></span><span><span><span>#</span></span><span> - timezone</span><span>\n</span></span><span><span><span>#</span></span><span> - upload_max_filesize [ if you care ]</span><span>\n</span></span></code></pre>\n<ol>\n<li>Turn on the HotCRP site in your Apache configuration</li>\n</ol>\n<pre><code><span><span><span>#</span></span><span> apache2: turn on hotcrp site</span><span>\n</span></span><span><span><span>sudo</span></span><span> sh<span><span> -</span>c</span> <span><span>'</span>cat >>/etc/apache2/conf-available/hotcrp.conf <<_EOF\n</span></span></span><span><span><span><Directory "$(pwd -P)">\n</span></span></span><span><span><span> Options Indexes Includes FollowSymLinks\n</span></span></span><span><span><span> AllowOverride all\n</span></span></span><span><span><span> Require all granted\n</span></span></span><span><span><span></Directory>\n</span></span></span><span><span><span>Alias /YOUR-WORKSHOP $(pwd -P)\n</span></span></span><span><span><span>_EOF\n</span></span></span><span><span><span><span>'</span></span></span>\n</span><span>\n</span><span><span><span>sudo</span></span><span> a2enconf <span><span><<</span><span>EOF</span></span><span>\n</span></span></span><span><span><span>hotcrp\n</span></span></span><span><span><span><span>EOF</span></span></span>\n</span><span>\n</span><span><span><span>sudo</span></span><span> chgrp www-data conf/options.php</span>\n</span><span><span><span>sudo</span></span><span> service apache2 reload</span>\n</span><span><span><span>sudo</span></span><span> apache2ctl graceful</span>\n</span></code></pre>\n<p>…and you should now be able to access your hotcrp site at <a href=\"http://$%7BYOUR-DOMAIN%7D/$%7BYOUR-WORKSHOP%7D\">http://${YOUR-DOMAIN}/${YOUR-WORKSHOP}</a></p>\n<ol>\n<li>Use <a href=\"https://letsencrypt.org/\">Let’s Encrypt</a> to create and configure\ncertificates for HTTPS support</li>\n</ol>\n<pre><code><span><span><span>sudo</span></span><span> apt install<span><span> -</span>yy</span> software-properties-common</span>\n</span><span><span><span>sudo</span></span><span> add-apt-repository ppa:certbot/certbot</span>\n</span><span><span><span>sudo</span></span><span> apt update</span>\n</span><span><span><span>sudo</span></span><span> apt install<span><span> -</span>yy</span> certbot-auto</span>\n</span><span><span><span>wget</span></span><span> https://dl.eff.org/certbot-auto</span>\n</span><span><span><span>chmod</span></span><span> a+x ./certbot-auto</span>\n</span><span><span><span>sudo</span></span><span> ./certbot-auto<span><span> -</span>n</span><span><span> --</span>os-packages-only</span></span>\n</span><span>\n</span><span><span><span>sudo</span></span><span> ./certbot-auto<span><span> -</span>a</span> webroot<span><span> -</span>i</span> apache<span><span> -</span>w</span> <span><span>$</span><span>(</span><span><span>pwd</span></span><span> <span><span>-</span>P</span></span><span>)</span></span> <span>\\\n</span></span></span><span><span><span><span> --</span>agree-tos</span><span><span> --</span>redirect</span><span><span> --</span>uir</span><span><span> --</span>hsts</span><span><span> --</span>staple-ocsp</span> <span>\\\n</span></span></span><span><span><span><span> -</span>d</span> YOUR-DOMAIN<span><span> --</span>email</span> YOUR-EMAIL</span>\n</span><span>\n</span><span><span><span>sudo</span></span><span> ./certbot-auto<span><span> --</span>install-only</span></span>\n</span></code></pre>\n\n<ol>\n<li>Set permissions on the certificate directories</li>\n</ol>\n<pre><code><span><span><span>sudo</span></span><span> chgrp www-data /etc/letsencrypt/live</span>\n</span><span><span><span>sudo</span></span><span> chmod g+rx /etc/letsencrypt/live</span>\n</span><span><span><span>sudo</span></span><span> chgrp www-data /etc/letsencrypt/archive/</span>\n</span><span><span><span>sudo</span></span><span> chmod g+rx /etc/letsencrypt/archive/</span>\n</span></code></pre>\n<p>End state is the Apache config looks something like the following, with\nunindented lines being those I added:</p>\n<pre><code><span><span><span>$</span></span><span> cat /etc/apache2/sites-available/hotcrp.conf</span>\n</span><span><span><</span>IfModule <span><span>mod_ssl.c</span></span><span><span>></span>\n</span></span><span>\n</span><span><span><span>SSLStaplingCache</span></span><span> shmcb:/var/run/apache2/stapling_cache(128000</span><span></span>)\n</span><span>\n</span><span>\t<span><</span>VirtualHost <span><span>_default_:443</span></span><span><span>></span>\n</span></span><span>\t\t<span><span>ServerAdmin</span></span><span> webmaster@localhost</span>\n</span><span>\t\t<span><span>DocumentRoot</span></span><span> /home/hotcrp/hotcrp</span>\n</span><span>\t\t<span><span>ErrorLog</span></span><span> <span><span>$</span><span>{</span></span><span><span>APACHE_LOG_DIR</span></span><span><span>}</span></span>/error.log</span>\n</span><span>\t\t<span><span>CustomLog</span></span><span> <span><span>$</span><span>{</span></span><span><span>APACHE_LOG_DIR</span></span><span><span>}</span></span>/access.log combined</span>\n</span><span>\t\t<span><span>SSLEngine</span></span><span> on</span>\n</span><span>\n</span><span><span><span>SSLCACertificateFile</span></span><span> /etc/letsencrypt/live/hotcrp.sysws.org.uk/fullchain.pem</span>\n</span><span><span><span>SSLUseStapling</span></span><span> on</span>\n</span><span>\n</span><span>\t\t<span><</span>FilesMatch <span><span><span><span>"</span>\\.(cgi|shtml|phtml|php)$<span>"</span></span></span></span><span><span>></span>\n</span></span><span>\t\t\t\t<span><span>SSLOptions</span></span><span> +StdEnvVars</span>\n</span><span>\t\t<span><</span>/FilesMatch<span>></span>\n</span><span>\t\t<span><</span>Directory <span><span>/usr/lib/cgi-bin</span></span><span><span>></span>\n</span></span><span>\t\t\t\t<span><span>SSLOptions</span></span><span> +StdEnvVars</span>\n</span><span>\t\t<span><</span>/Directory<span>></span>\n</span><span>\n</span><span><span><span>ServerName</span></span><span> hotcrp.sysws.org.uk</span>\n</span><span><span><span>SSLCertificateFile</span></span><span> /etc/letsencrypt/live/hotcrp.sysws.org.uk-0001/fullchain.pem</span>\n</span><span><span><span>SSLCertificateKeyFile</span></span><span> /etc/letsencrypt/live/hotcrp.sysws.org.uk-0001/privkey.pem</span>\n</span><span><span><span>Include</span></span><span> /etc/letsencrypt/options-ssl-apache.conf</span>\n</span><span><span><span>Header</span></span><span> always set Strict-Transport-Security <span><span>"</span>max-age=31536000<span>"</span></span></span>\n</span><span><span><span>Header</span></span><span> always set Content-Security-Policy upgrade-insecure-requests</span>\n</span><span>\n</span><span>\t<span><</span>/VirtualHost<span>></span>\n</span><span><span><</span>/IfModule<span>></span>\n</span><span>\n</span><span><span><span>11.</span></span><span> Add DNS entry for the name assigned (in my case, <span><span>`</span><span><span>hotcrp.DOMAIN</span></span><span>`</span></span></span><span></span>)<span><span>.</span></span>\n</span></code></pre>",
9 "content_type": "html",
10 "author": {
11 "name": "Unknown",
12 "email": null,
13 "uri": null
14 },
15 "categories": [],
16 "source": "https://mort.io/atom.xml"
17}