I once had cause to setup HotCRP for local hosting. Specifically on a local Lab-hosted VM image. Some of what follows is specific to the CUCL VM hosting service, but I think most of it is HotCRP generic and so may be of use. Anyway, here’s the crib sheet, starting from https://mbtech.github.io/Setting-up-hotcrp/…
# setup some variablesYOUR-DOMAIN="hotcrp-test.cl.cam.ac.uk"YOUR-WORKSHOP="sysws18"YOUR-PASSWORD="mybestpassword"YOUR-EMAIL="postmaster@example.com"
Assume we start from a default Ubuntu template VM, and then…
Configure the VM
cl-asuser passwd # set UNIX password for sudo# create some spacefor d in /usr/src/*;doexportK=$(uname -r|sed's/-generic$//')echo-n$K$d ...case$din"/usr/src/linux-headers-$K"|"/usr/src/linux-headers-${K}-generic")echo keep;;*)echo removesudo rm -rf$d;;esacdone# THIS IS UNSAFE! BE CAREFUL! IT CALLS `sudo rm -rf`!for d in /lib/modules/*;doecho$d ...case$din"/lib/modules/$(uname -r)")echo keep;;*)echo removesudo rm -rf$d;;esacdone# if necessary, resize the partition. this shouldn't be necessary with the new# VM image! if you need more than ~1GB space for papers, setup xvdb1sudo fdisk /dev/xvda <<EOFp
d
n
w
EOFsudo partprobe# resize the default filesystem to use the entire partitionsudo resize2fs /dev/xvda1 # blank SIZE means use whole partition
# configure postfix: accept defaults if offered, setup postfix to use ppswsudo sed -i's/relayhost =/relayhost = ppsw.cam.ac.uk/' /etc/postfix/main.cfsudo /etc/init.d/postfix reloadsudo systemctl restart postfix.service# test mail sendingecho"Test mail from postfix"|mail -s"Test Postfix"${YOUR-EMAIL}
sudo /etc/init.d/mysql stop # stop the running service# configure and run mysql in the consolesudo mkdir -p /var/run/mysqldsudo chown mysql:mysql /var/run/mysqldsudo mysqld_safe --skip-grant-tables&sleep 5# smash a new `root` password in place sudo mysqlALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '${YOUR-PASSWORD}';FLUSH PRIVILEGES;exit;# restart mysql properly as a servicemysqladmin -uroot -p${YOUR-PASSWORD} -h127.0.0.1 --protocol=tcp shutdownsudo /etc/init.d/mysql start
…alternatively
mysql -uroot<<_EOFUSE mysql;
UPDATE mysql.user SET authentication_string = PASSWORD('${YOUR-PASSWORD}')
WHERE User = 'root' AND Host = 'localhost';
FLUSH PRIVILEGES;
QUIT
_EOF
Secure your MySQL installation
sudo systemctl stop mysqlsudo mkdir -p /var/run/mysqldsudo chown mysql:mysql /var/run/mysqldsudo mysqld_safe --skip-grant-tables --skip-networking&sudo mysql_secure_installation -p${YOUR-PASSWORD}<<EOFn
n
y
y
y
y
EOF
Setup the HotCRP MySQL tables and config
lib/createdb.sh --user=root --password=${YOUR-PASSWORD}<<EOFok
YOUR-WORKSHOP
EOF# edit conf/options.php# - contactName# - contactEmail# - sendEmail# - emailFrom# - emailSender# - timezone# - upload_max_filesize [ if you care ]
Turn on the HotCRP site in your Apache configuration
# apache2: turn on hotcrp sitesudo sh -c'cat >>/etc/apache2/conf-available/hotcrp.conf <<_EOF
<Directory "$(pwd -P)">
Options Indexes Includes FollowSymLinks
AllowOverride all
Require all granted
</Directory>
Alias /YOUR-WORKSHOP $(pwd -P)
_EOF
'sudo a2enconf <<EOFhotcrp
EOFsudo chgrp www-data conf/options.phpsudo service apache2 reloadsudo apache2ctl graceful
End state is the Apache config looks something like the following, with unindented lines being those I added:
$ cat /etc/apache2/sites-available/hotcrp.conf<IfModule mod_ssl.c>SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
<VirtualHost _default_:443>ServerAdmin webmaster@localhostDocumentRoot /home/hotcrp/hotcrpErrorLog${APACHE_LOG_DIR}/error.logCustomLog${APACHE_LOG_DIR}/access.log combinedSSLEngine onSSLCACertificateFile /etc/letsencrypt/live/hotcrp.sysws.org.uk/fullchain.pemSSLUseStapling on<FilesMatch "\.(cgi|shtml|phtml|php)$">SSLOptions +StdEnvVars</FilesMatch><Directory /usr/lib/cgi-bin>SSLOptions +StdEnvVars</Directory>ServerName hotcrp.sysws.org.ukSSLCertificateFile /etc/letsencrypt/live/hotcrp.sysws.org.uk-0001/fullchain.pemSSLCertificateKeyFile /etc/letsencrypt/live/hotcrp.sysws.org.uk-0001/privkey.pemInclude /etc/letsencrypt/options-ssl-apache.confHeader always set Strict-Transport-Security "max-age=31536000"Header always set Content-Security-Policy upgrade-insecure-requests</VirtualHost></IfModule>11. Add DNS entry for the name assigned (in my case, `hotcrp.DOMAIN`).