Apache Web
In the book, the apache user is created with the home directory /dev/null. This default setting works perfectly, until ViewVC is installed. ViewVC tests whether the home directory exists. If so it looks for it, and not finding it makes the program fail.
A quick fix is to change the home directory of user apache to anything non-existant, however an empty directory also works.
Note that a directory named .subversion will be created under the home directory. Make sure the home directory is writable for user apache.
*****
Apache with LDAP (and SSL) support :
(Of course, OpenSSL and OpenLDAP must be on your system. You can follow the instructions on BLFS book.)
patch -Np1 -i ../httpd-2.2.4-config-1.patch
./configure --enable-layout=FHS --enable-mods-shared=all --enable-authnz-ldap --enable-ssl --with-ssl=/etc/ssl --with-ldap --enable-ldap
sed -i -e "s%EXTRA_INCLUDES = -I.%EXTRA_INCLUDES = -I/usr/include -I.%g" build/config_vars.mk
make
make install
chown -v root:root /usr/lib/apache/httpd.exp /usr/sbin/{apxs,apachectl,dbmmanage,envvars{,-std}} /usr/share/man/man1/{dbmmanage,ht{dbm,digest,passwd}}.1 /usr/share/man/man8/{ab,apachectl,apxs,htcacheclean,httpd}.8 /usr/share/man/man8/{logresolve,rotatelogs,suexec}.8 &&
chown -v -R apache:apache /srv/www
During the build, the "/usr/include" directory isn't included, the "sed" command is a small workaround.
Multiple SSL Certificates, one IP and port vi SNI
Yes, contrary to what you've read, it is possible, but only if the client supports it. Fortunately, Firefox-2.x, Opera-7.6+, and IE-7 (on Vista only) do support SNI, or Server Name Indication. This allows the client to send, in addition to the negotiation, the name of the target server during the initial handshake. OpenSSL added the TLS extensions in OpenSSL-0.9.8f and must be enabled by the Configure switch 'enable-tlsext'. Apache will officially have support for SNI in mod_ssl come httpd-2.2.9. I have included the needed changes for mod_ssl in this patch: http://www.linuxfromscratch.org/patches/downloads/httpd/httpd-2.2.8-upstream_SNI-1.patch. Apache has supported SNI for some time via mod_gnutls, so no changes are necessary to your existing config apart from supplying the correct certs for your virtual hosts.
