From raeburn at msu.edu  Mon Feb 28 15:16:13 2022
From: raeburn at msu.edu (Raeburn, Stuart)
Date: Mon, 28 Feb 2022 20:16:13 +0000
Subject: [LON-CAPA-announce] New version released - LON-CAPA 2.11.4
Message-ID: <CH0PR12MB5138F279D2BACDD20CB9274AB6019@CH0PR12MB5138.namprd12.prod.outlook.com>

New Version 2.11.4 released.

Update of 2.11.3 installations to 2.11.4 is recommended.
Changes from 2.11.3:

Student Interface
- After selecting a course role, progress indicator is displayed while the
  course session is being established. Menu links set to be unclickable
  until session loading is complete.
- When feedback on correctness is disabled an orange background is used
  for "Submission not graded ..." feedback (no try charged) in more cases:
  submission missing an answer or a required unit, or incorrect unit used,
  or unit provided, but not needed.
- Display of chosen foil in submission history in Previous Tries pop-up
  will render LaTeX inside <m></m> in foil if renderer is set to MathJax.
- Toggling via AA control in Safari on iOS 13 and later to enable 
  "Request Mobile Website" for display of a multi-page PDF now supported 
  in LON-CAPA by decoding user's browser agent string at page request time. 
- When a user requests a new account (ReCAPTCHA 2 used to deter bots),
  validation UI is now directly above "Create account" button so validation
  timeout (2 min) is now less likely while user fills out the web form.


Course Management
- Parameter saving for Course Coordinators in courses which (a) contain 
  many resources, and (b) have exam blocking events set should be faster.
- Automated enrollment changes:
  - Checking for institutional section change only applies to users with an
    enrollment type currently set to "auto".
  - Customization in localenroll.pm is supported to eliminate potential 
    ambiguity when extracting institutional section from course section. 
  - People > Users > Automated Enrollment > "Change crosslistings" 
    can use linked select boxes for Year, Semester, Department, Number
    (as used in course request form) to choose institutional course section(s)
    when localenroll.pm has been customized to support it.
- Enrollment history from People > Users > "Change Log" includes an additional
  context type: "Enrollment Type/Lock Change" in search filters.
- Chemical reaction response uses inline preview (new) or pop-up window (old).
  Settings > Course Settings > Display of resources can override domain default.
- Failsafe for automated enrollment can be configured for a specific course to
  use different settings from domain defaults to protect against unwanted drops
  when incomplete data are retrieved from institutional feed for a section.
- The default date shift included in the course request form when specifying
  cloning during course creation is now 364 days (instead of 365).


Grading
- When a problem is hand-graded, decision on its removal from the grading
  queue ignores awarded status of parts with non-handgradeable responses.
- Bubblesheet grading of named or CODEd exams for an exam folder which
  contains sub-folder(s) for which randompick and/or randomorder in use
  is now supported.


Authoring
- New options when publishing a directory:
  - Option to exclude currently unpublished resources (e.g., if only
    change being made is copyright/distribution or source availability
    for already published files).
  - Option to apply a common copyright/distribution and/or apply a common 
    source availability.
  - Option to exclude modified files and/or files with modified metadata
    when publishing directory (e.g., to avoid unwanted changes when updating
    only copyright and/or source availability for an entire directory).
- Pass value of options attribute in organicresponse tag when launching
  JSME Molecular Editor.


Domain Coordination/Domain Settings
- Automated update of user information can be configured to skip checking for 
  changes for users classified as inactive:
  - Set skipping for users without active or future roles.
  - Set skipping for users for whom the last modification to the activity log
    is more than a specified threshold (in days), and time since last role 
    assignment change also exceeds the same threshold.
- Automated enrollment failsafe mechanism to prevent unwanted drops when
  enrollment check for an institutional section can apply either when zero 
  records were retrieved or when a partial set of records were retrieved.   
- New option in Course/Community defaults configuration for previewer used
  for chemical reaction response (can be overridden in a course). Default
  is inline "real-time" preview (new) instead of original pop-up window.
- Domain configuration to allow domain's LON-CAPA nodes to operate behind a
  WAF/Reverse Proxy using aliased hostname (CNAME):
   - Web requests for resource replication from other LON-CAPA nodes bypass 
     the WAF/Proxy as their requests are made directly to the server hostname
     (A record); same for internal LON-CAPA connections for lonc -> lond.
   - Option for selective use of WAF/Reverse Proxy, e.g., allow VPN users to 
     connect directly (no WAF), while non-VPN users connect via WAF.
   - Option for extraction of "real" client IP address: 
     (a) mod_remoteip, (b) headers parsed by LON-CAPA, or (c) neither. 
   - Requests for /adm/dns/hosts and /adm/dns/domain from other nodes in the
     network do not require redirecting to an alias (if in use).
   - Option to set how WAF forwarding handles http and https requests.
   - Option to set use of either alias or real hostname for Shibboleth SP.
- Domain configuration to support dual Single Sign On (SSO) and non-SSO login 
  from /adm/login, for use with Shibboleth SP and other SSO methods.
  - Page will include:  
    (a) Text: "Log-in type" immediately followed by text for current login type
    (b) Link: Change?, below "Login type" to toggle between SSO and non-SSO
    (c) Image (clickable button) with alt text, and a tool-tip to launch SSO, or 
    (d) Standard LON-CAPA log-in box for username, password, domain (non-SSO)
- Domain configuration to limit actions based on user's (real) IP address:
  - Choose which course(s) and/or communities should be exclusively selectable 
    by students when accessing LON-CAPA from an IP address within designated IP 
    range(s). Those same courses will be unavailable from other locations.  
  - Choose communication and/or collaboration functions to block for non-privileged 
    users with in designated range(s). Choose some or all of: Messaging, Chat Room, 
    Discussion, Portfolio, Groups, Blogs, User Information ("About Me" page),
    Printouts, Gradebook, Change Password, Course Search, Stored Links, Annotations
    (domain coordinators and course personnel with "Evade communication blocking"
    privilege are exempt).
  - If 'Messaging' is among blocked functions, then for unprivileged users:
    (a) 'Send Feedback' (in course context), for resource(s) which allow it
        is only messaging mechanism available to users with out 'evb' priv.
    (b) Subject and Content for messages sent to instructor(s) via 'Send Feedback'
        are replaced in user's Sent Folder with: "Not shown due to IP block".
    (c) Critical messages can be viewed, optional receipt sent and moved to Inbox,
        but may not be replied to.
- Domain configuration to allow authentication of an alternate username,
  if username entered differs from real username in a predictable way
  e.g., username entered in log-in page was email address (userid at example.tld)
  instead of just userid.
- Additional perlvars can be set in a loncapa_apache_local<domain>.conf file
  (in /etc/httpd/conf on CentOS/RHEL/Oracle Linux/Rocky Linux/AlmaLinux or
   /etc/apache2 on Ubuntu/SLES:
   - lonOtherAuthenUrl
   Destination URL for Shibboleth SSO (if not specified, default of /adm/sso used).
   - lonSSOEmailOK 
   If set to 1, default removal of @ "internet domain" from username for Shibboleth
   authenticated users is skipped.
   - lonSSOUserLogoutScriptFile
   used to point to a file on the local filesystem containing custom javascript 
   (e.g., an XMLHttpRequest call) to be included in the Switch Server page when
   switching from a load balancer used for SSO authentication to an access server.
- When quotacheck is run on an access node, totals for course disk usage
  retrieved from the course's homeserver need to be converted from KB to MB.


Documentation
- Updated Domain Coordination Manual with documentation for:
  (a) Automated update settings
  (b) IP-based access restrictions on role selection and/or communication.
  (c) Log-in page options for use of /adm/login as a landing page for
      access to both SSO and non-SSO login.
  (d) Configuration for use of WAF/Reverse Proxy
  (e) Use of a LON-CAPA node as a Shibboleth SP.
- Documentation for additional options when publishing a directory.


Third-party modules
 - Update JSME to 2020-12-26 version


Internals
- Speed-ups for students in (i) contents listing, (ii) grades display, and
  (iii) when using page-flip to move between resources in courses with:
  - (a) multiple blocking events triggered by starting the timer and which 
        feature access restrictions for specified content, and
  - (b) contain many unhidden resources. 
- For SAML authentication (Shibboleth) no caching of /adm/sso. Custom error
  pages specified in loncapa_apache.conf for 403 and 500 response codes.
- Support institutional policies which allow a Course Coordinator affiliated
  with a cross-listed course to be automatically listed as a co-owner.
- Replace hostname with alias when creating absolute URLs, if alias in use.
- Use token to store role and/or symb when dual log-in page for 
  SSO (Shibboleth) and non-SSO is in use, and for "log in again" retry
  link for failed login.
- Expire any existing public cookie (and session) when establishing a session
  for a migrated user.
- Handle redirects when a user with a LON-CAPA session switches between access
  via VPN and not via VPN (and vice versa), and WAF/Reverse Proxy is in use, 
  and is configured for direct access for users from VPN IP addresses.
- When digest is used by tmpput handler in lond to generate an id, only use
  id which does not already exist in LON-CAPA's tmp directory.
- Apache::lonpopulate added to modules loaded on start up of Apache.
- Read dns_hosts.tab file from the filesystem instead of using LWP request 
  when current server is listed as an "authoritative" server in hosts.tab.
- Domain Coordinator receives 'evb' (Evade communication blocking) privilege.


Other bug fixes
- Eliminate extra byte (line feed) added to a file with .xlsx, .docx, .pptx, 
  .xlsm, .docm or .pptm extension when uploaded to a user's portfolio. 
- Eliminate missing capaFormulaParser.h error when building capa.so on
  Fedora 34 and later.
- Support case where first URL in course is an external resource and
  encrypturl in use.
- Previous Tries can now be displayed for partIDs containing - or space.
- When generating values for bubbles for numericalresponse in exam mode,
  avoid a "use fewer digits" issue in online exams on 64bit servers when
  the correct answer is >= 1e+16, and when the correct bubble is A. 
- Eliminate "TypeError" in caparesponse_capa_check_answer() for some
  random seeds in bubblesheet grading on Ubuntu 20LTS.
- Explicitly include ORDER BY in SQL query when retrieving ordered scores
  for correct problems plot, as an implicit sort based on GROUP BY was
  eliminated in MySQL 8 (used by Ubuntu 20LTS).
- Prevent Internal Server Error (ISE) when map title contains square 
  brackets.
- Support redirection to originally requested URL after authentication
  with Shibboleth SSO.
- Store wait_timeout value in appropriate MySQL config file for Ubuntu.
- By default, Ubuntu 16LTS and later include "ONLY_FULL_GROUP_BY" in the
  global sql_mode; remove that so Degree of Discrimination can be calculated 
  in Statistics.
- When determining folder to display in Course Editor, checking folderpath 
  has expected format also applies to cached value for last folder visited 
  (retrieved from user's environment.db file).
- Prevent javascript errors in resize_scrollbox() if any standard menu 
  components are absent.
- When verifying selections for uploaded CSV file of users, if internally 
  authenticated is an option, but "Local auth" is the chosen option,
  form validation no longer prompts for initial password for internal auth
  if that field is empty.
- If record(s) in uploaded CSV data contain fewer than 7 characters in the
  column identified as the user's password field, the warning now includes 
  the number 7 when minimum has yet to be specified in domain configuration.
- When printing problems or resources for CODEd assignments in a specified
  folder, randompick and/or randomorder set for included sub-folders is
  now supported.


Supported Linux Distributions
- Rocky Linux 8 added
- AlmaLinux 8 added
- Fedora 34 and 35 added
- CentOS 8 stream added


Specific enhancement requests/bugs addressed: (see http://bugs.loncapa.org)
273, 6750, 6914, 6951, 6953, 6954, 6955, 6956, 6957, 6959, 6961, 6962, 6963,
6965, 6967, 6968

Installation Notes:
 
To use this release you need to have version 1-26 of LONCAPA-prerequisites
installed.

To install this update:

1) You will need to be running CentOS 6, 7 or 8; Scientific Linux 6 or 7;
RHEL 5, 6, 7 or 8; Oracle Linux 6, 7 or 8; SLES 11, 12, or 15;
Ubuntu LTS 14, 16, 18 or 20; Rocky Linux 8; AlmaLinux 8; or Fedora 25 - 35.

(CentOS/Scientific Linux 5, SLES 10, Ubuntu LTS 12, Fedora 16 - 24, and
SuSE 13.1 - 13.2 should continue to work, but are deprecated).

You will need to be root to use the commands listed at steps 1(a) - 1(d) and
2 to 11 below. On Ubuntu LTS servers either prepend sudo for each command, or
use sudo -i.

To accompany the previous (2.11.3) release, the GPG key for LON-CAPA's repositories
was updated to reflect modern standards.  If you are updating from LON-CAPA 2.11.2
or earlier, and have not already updated the GPG key, it is recommended to clear
cached packages previously downloaded from the LON-CAPA repository for your Linux
distro, before removing the old GPG key and importing the new one.

(a) You can display the currently installed LON-CAPA package signing GPG key 
as follows:

(i) CentOS/RHEL/Scientific Linux/Fedora/SLES
rpm -q gpg-pubkey --qf '%{VERSION}\t%{SUMMARY}\n' |grep LON

For CentOS/RHEL/Scientific Linux/Fedora/SLES the GPG key used in 2020 and earlier is:
155cf773    MSU LON-CAPA group (LON-CAPA installer) <lon-capa at lon-capa.org>

For CentOS/RHEL/Scientific Linux/Fedora/SLES the GPG key used in 2021 and beyond is:
c11f2266    LONCAPA Academic Consortium (Package signing) <certificate at loncapa.org>

(ii) Ubuntu
sudo apt-key list

For Ubuntu the GPG key used in 2020 and earlier is:
155CF773    MSU LON-CAPA group (LON-CAPA installer) <lon-capa at lon-capa.org>

For Ubuntu the GPG key used in 2021 and beyond is:
BF2CDADF    MSU LON-CAPA group (LON-CAPA installer) <loncapa at loncapa.org>


(b) If you have a pre-2021 key clear the cache and import the new GPG key as follows:

(i) CentOS
yum clean all --disablerepo="*" --enablerepo=loncapa-updates-basearch --enablerepo=loncapa-updates-noarch
rpm -e gpg-pubkey-155cf773-431738a8
rpm --import 'http://install.loncapa.org/versions/centos/RPM-GPG-KEY-loncapa'

(ii) RHEL
yum clean all --disablerepo="*" --enablerepo=loncapa-updates-basearch --enablerepo=loncapa-updates-noarch
rpm -e gpg-pubkey-155cf773-431738a8
rpm --import 'http://install.loncapa.org/versions/redhat/RPM-GPG-KEY-loncapa'

(iii) Scientific Linux
yum clean all --disablerepo="*" --enablerepo=loncapa-updates-basearch --enablerepo=loncapa-updates-noarch
rpm -e gpg-pubkey-155cf773-431738a8
rpm --import 'http://install.loncapa.org/versions/scientific/RPM-GPG-KEY-loncapa'

(iv) SuSE/SLES
zypper refresh 'LON-CAPA'

(v) Ubuntu
sudo apt-key del 155CF773
sudo apt-get clean
wget -O ~/APT-GPG-KEY-loncapa.asc 'https://install.loncapa.org/versions/ubuntu/APT-GPG-KEY-loncapa.asc'
sudo apt-key add ~/APT-GPG-KEY-loncapa.asc

(vi) Fedora
yum clean all --disablerepo="*" --enablerepo=loncapa-updates-basearch --enablerepo=loncapa-updates-noarch
rpm -e gpg-pubkey-155cf773-431738a8
rpm --import 'http://install.loncapa.org/versions/fedora/RPM-GPG-KEY-loncapa'


(c) After you have imported the new key for 2021 (and beyond)

(i)CentOS/RHEL/Scientific Linux/Fedora/SLES
rpm -q gpg-pubkey --qf '%{VERSION}\t%{SUMMARY}\n' |grep LON

will now report:
c11f2266   LONCAPA Academic Consortium (Package signing) <certificate at loncapa.org>

(ii) Ubuntu
sudo apt-key list

will now report:
BF2CDADF    MSU LON-CAPA group (LON-CAPA installer) <loncapa at loncapa.org>


(d) The EPEL repository is now used by LON-CAPA for CentOS/RHEL/Scientific Linux
6 and 7 (64 bit only), and epel-release is a dependency in LONCAPA-prerequisites 1-26
for CentOS/Scientific Linux 6 and 7 (64 bit only).

On CentOS/Scientific Linux 7 to add the repo you can use:
yum install epel-release

For RHEL use:
wget 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm'
yum install epel-release-latest-7.noarch.rpm

Note: if you are still running CentOS/Scientific Linux 6 (EOL was November 30 2020),
you would need to change the baseurl in /etc/yum.repos.d/epel.repo to point at:

https://archives.fedoraproject.org/pub/archive/epel/6/$basearch

and also change the baseurl in /etc/yum.repos.d/CentOS-Base.repo to point at:
http://vault.centos.org/6.10/os/$basearch/

That said you should update to a newer version of the distro as soon as you can.

If you are still running RHEL 6 (and have a subscription to the Extended Life Cycle Support
(ELS) Add-On, you would add the EPEL repo using:

wget 'https://archives.fedoraproject.org/pub/archive/epel/6/x86_64/epel-release-6-8.noarch.rpm'
yum install epel-release-6-8.noarch.rpm

and would then need to change the baseurl in /etc/yum.repos.d/epel.repo, as described above.

If you previously used EPEL but disabled it, by setting enabled=0 for [epel] in
/etc/yum.repos.d/epel.repo, use a text editor to change that to enabled=1.


2) Update LONCAPA-prerequisites to 1-26

(a) CentOS/RHEL/Oracle Linux/Rocky Linux/AlmaLinux 8

dnf update

(b) CentOS/RHEL/Scientific Linux/Oracle Linux 5 - 7

yum update

Use:

yum repolist enabled 

to display currently enabled repos (which should include epel).

(c) SuSE/SLES

To refresh the LON-CAPA repository use:  zypper refresh -fdb
To update LONCAPA-prerequisites use: zypper update LONCAPA-prerequisites

(d) Ubuntu

sudo apt-get update
sudo apt-get upgrade

(e) Fedora 22 (and newer)

dnf update

(f) Fedora 21 (and older)

yum update


On all distributions, it is recommended that you check that you have
the correct version of LONCAPA-prerequisites installed before proceeding.

(i) CentOS/RHEL/Scientific Linux/Oracle Linux/Fedora/SLES/SuSE
rpm -q LONCAPA-prerequisites

should report:
LONCAPA-prerequisites-1-26.X
(where X is a distro identifier e.g., centos7.lc)

(ii) Ubuntu
sudo dpkg -l loncapa-prerequisites

should report
ii loncapa-prerequisites 1.26-X
(where X is a version number which depends on Ubuntu distro)

Note: unlike its predecessors, LONCAPA-prerequisites 1-26 for
Red Hat/CentOS/Scientific Linux 6 and 7 replaces the dependency on  
R with a dependency on R-core. Accordingly, for those distros,
after updating to 1-26, you can use:

yum remove R R-core-devel R-devel R-java R-java-devel libMath-devel

and you can also use yum to remove java-1.8.0-openjdk and/or 
java-1.7.0-openjdk (which are R-java dependencies), unless you have
modified a standard LON-CAPA installation with packages which
themselves require java.


3) Download the new LON-CAPA tarball from
wget 'http://install.lon-capa.org/versions/loncapa-2.11.4.tar.gz'

and untar it:
tar xzvf loncapa-2.11.4.tar.gz


4) stop the LON-CAPA system services

RHEL/CentOS/Rocky Linux/AlmaLinux 8, Oracle Linux 7 & 8, Ubuntu 18 & 20, 
SLES15, Fedora 26 (and newer)

/home/httpd/perl/loncontrol stop

Other distros/versions:
/etc/init.d/loncontrol stop


5) stop the web server:

RHEL/CentOS/Oracle Linux/Rocky Linux/AlmaLinux/Scientific Linux 7 (and newer)
systemctl stop httpd

Fedora 17 (and newer)
service httpd stop

Fedora 16 (and older), RHEL/CentOS/Scientific Linux/Oracle Linux 6 (and older)
/etc/init.d/httpd stop

SLES15, Ubuntu 18 and newer
systemctl stop apache2

SuSE 13.X, SLES12
service apache2 stop

SLES 11, Ubuntu 16 and older
/etc/init.d/apache2 stop


6) Run the UPDATE script as root
(Note: you will be asked to confirm that you wish to remove files
installed by older versions of LON-CAPA which are no longer used by 2.11.4).

cd loncapa-2.11.4
./UPDATE


7) If you are updating a LON-CAPA library server from LON-CAPA version
2.10.1 or earlier, you will need to run a script to migrate Authoring 
Spaces in domain(s) hosted on the server from their old locations in:
/home/ to their new locations in /home/httpd/html/priv

To do this use the command:
perl /home/httpd/perl/debug/move_construction_spaces.pl move

Note: You can perform a dry-run, which will show what would happen, but will
not actually move anything, by omitting the "move" argument.


8) If your Apache web server has been configured to use SSL, and you have
included rewrite rules to rewrite all requests to http://<yourserver>/
to https://<yourserver>/ it is recommended you modify your rewrite rule to
(a) allow internal HEAD requests to /cgi-bin/mimetex.cgi to be served
http://, in order to support vertical alignment of mimetex images
(one of the options for rendering Math content); (b) allow requests
for certain URLs (external resource, annotations, and syllabus)
to be served http:// under certain conditions.

Starting with LON-CAPA 2.10, a config file containing rewrite
rules -- loncapa_rewrite.conf -- is added to /etc/httpd/conf
(CentOS, Red Hat, Scientific Linux, Oracle Linux, Rocky Linux,
AlmaLinux, Fedora) or /etc/apache2 (SLES, Ubuntu, Debian).
By default, rewrites are set to off (using RewriteEngine off).

If you already have you own rewrite rules in place for http -> https
you should either transfer them to loncapa_rewrite.conf, after
completing the LON-CAPA update, or leave your existing file in place 
and comment out the entries in loncapa_rewrite.conf. Otherwise, if you are 
using SSL with Apache, and would like requests to http://<yourserver>/
to be rewritten to https://<yourserver>/, you should copy
rewrites/loncapa_rewrite_on.conf to loncapa_rewrite.conf to enable this.
The rules included in that config file do not rewrite internal
requests (i.e., from 127.0.0.1) to https://, so vertical alignment
of mimetex images is supported. In 2.11 there are also rules to exclude
certain URLs from rewrites to https:// to avoid issues with 
mixed active content.

The 2.11.3 release included updates to rewrites/loncapa_rewrite_on.conf 
and rewrites/loncapa_rewrite_off.conf.  If you are updating from 2.11.2
or earlier and have customized loncapa_rewrite.conf then you should 
edit that file to incorporate the changes, which include addition of
this condition in a couple of places:

RewriteCond %{QUERY_STRING} (^|&(amp;|))usehttp=1($|&)

If you have not customized the file, then to enable rewrites, copy 
rewrites/loncapa_rewrite_on.conf to loncapa_rewrite.conf 
or copy rewrites/loncapa_rewrite_off.conf to loncapa_rewrite.conf 
to disable rewrites.

If your Apache configuration includes Strict-Transport-Security 
with max-age > 0, then http to https rewrites will apply for all URLs, 
so vertical alignment of mimetex images will not be supported, and 
browsers will block mixed active content for external resources and/or 
an external syllabus that uses http within an iframe on an https page.

Once you have the rules for ^/adm/wrapper/ext/(?!https:) and
^/public/.*/syllabus$ in place in loncapa_rewrite.conf, unless you use
Strict-Transport-Security you should also add the following to your 
<VirtualHost *:443> </VirtualHost> block, (the "*" might be:
 _default_ or an IP address or *):

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTPS} =on
  RewriteCond %{REQUEST_URI} ^/adm/wrapper/ext/(?!https:\/\/)
  RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)
  RewriteRule ^/adm/wrapper/ext/(?!https:\/\/) http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]
  RewriteCond %{REMOTE_ADDR} 127.0.0.1
  RewriteRule (.*) - [L]
  RewriteCond %{REMOTE_ADDR} <Server IP>
  RewriteRule (.*) - [L]
  RewriteCond %{REQUEST_URI} ^/public/.*/syllabus$
  RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)
  RewriteRule ^/public/.*/syllabus$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]
</IfModule>

replacing <Server IP> with the IP address of the server itself.

Note: this is only needed if you are using SSL (i.e., requests to
https://<yourserver>/ are supported) and you want to rewrite external
requests to http://<yourserver>/ to always use https://<yourserver>/
(with the exceptions noted above).


9) Note about /home/httpd/lib/perl/localenroll.pm
When you use UPDATE to update an existing LON-CAPA installation to a newer
version, the customizable localenroll.pm file is not overwritten.  This
is the file which must be customized to support integration of LON-CAPA
with institutional data sources (e.g., for automated update of course
rosters or user information). Whenever new routines are included in
localenroll.pm these will appear in localenroll-std.pm, which is updated
when a new LON-CAPA version is installed.

If you have previously customized localenroll.pm it is recommended that
you compare the contents of localenroll.pm and localenroll-std.pm after
an update to see if there are new subroutines (which exist as stubs in
localenroll-std.pm) which can be copied to your custom localenroll.pm,
and later customized, should you wish to use that functionality.

Recent additions in LON-CAPA 2.11.4 include: (a) instsec_reformat(), used
to eliminate ambiguity in extraction of institutional section from
institutional course section, as used for automated enrollment, and when
compiling information shown for official courses in the course catalog,
(b) validate_crosslist_access(), used to check whether an official
course with the institutional code can have access to enrollment data
from a cross-listed institutional section code, given a co-owner, (c)
unamemap_rules() and unamemap_check() used to support authentication of
an alternate username, e.g., username entered in log-in page was email
address (userid at example.tld) instead of just userid.


10) restart the LON-CAPA system services:

RHEL/CentOS/Rocky/AlmaLinux 8, Oracle Linux 7 & 8, Ubuntu 18 & 20, SLES 15, 
Fedora 26 (and newer)
/home/httpd/perl/loncontrol start

Other distros/versions
/etc/init.d/loncontrol start


11) restart the webserver:

RHEL/CentOS/Oracle/Rocky/AlmaLinux/Scientific Linux 7 (and newer)
systemctl start httpd

Fedora (16 and older)/RHEL/CentOS/Scientific Linux 6 (and older)
/etc/init.d/httpd start

Fedora 17 (and newer)
service httpd start

SLES15/Ubuntu 18 (and newer)
systemctl start apache2

SuSE 12.X, 13.X, SLES12
service apache2 start

SuSE 11.X, SLES 11, Ubuntu 16 (and older)
/etc/init.d/apache2 start


12) It is recommended that loncron is run
(as the www user) after installation/update is complete.
(On Ubuntu LTS servers, first do: sudo -i )

su www
/home/httpd/perl/loncron

This will write to files in /home/httpd/lonTabs used to
store information about LON-CAPA versions on other servers in
the cluster to which the server belongs.  It may take some
minutes to complete as the script will contact other servers
in the LON-CAPA network sequentially.


13) It is also recommended that you check disk usage for courses
and Authoring Spaces, as 2.11 introduced default quotas of 0.5 GB
for each course (content uploaded directly via Course Editor) and
the same for each author.

For courses, log-in as Domain Coordinator and use:
Main Menu -> Status of domain servers -> Display quotas and usage for
Course/Community Content.

For Authoring Spaces, log-in as Domain Coordinator and use:
Main Menu -> Create users or modify the roles and privileges of users
->  Manage Users, and select Author in the "Role" dropdown, then
press the "Display List of Users" button.

The 0.5 GB default quota for Authoring Spaces in domain can be replaced via:
Main Menu -> Set domain configuration -> Blogs, personal web pages,
webDAV/quotas, portfolios

The 0.5 GB default quota for Courses can be replaced via:
Main Menu -> Set domain configuration -> Course/Community defaults

Quotas for individual authors can be set via:
Main Menu -> Create users or modify the roles and privileges of users
-> Add/Modify a User

Quotas for individual courses can be set via:
Main Menu -> View or modify a course or community
then search/select the course and use:
"View/Modify quotas for group portfolio files, and for uploaded content".


----NOTES
1) Defects reports, and enhancements requests can be entered at
         http://bugs.lon-capa.org
2) Mailing lists can be joined and left at http://mail.lon-capa.org
3) Installation/update support is available from helpdesk at loncapa.org

Stuart Raeburn
LON-CAPA Academic Consortium