1 .\" Copyright (c) 2021, 2022 Omar Polo <op@omarpolo.com>
2 .\"
3 .\" Permission to use, copy, modify, and distribute this software for any
4 .\" purpose with or without fee is hereby granted, provided that the above
5 .\" copyright notice and this permission notice appear in all copies.
6 .\"
7 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
10 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14 .Dd $Mdocdate: January 02 2022$
15 .Dt GMID 1
16 .Os
17 .Sh NAME
18 .Nm gmid
19 .Nd simple and secure Gemini server
20 .Sh SYNOPSIS
21 .Nm
22 .Bk -words
23 .Op Fl fnv
24 .Op Fl c Ar config
25 .Op Fl D Ar macro Ns = Ns Ar value
26 .Op Fl P Ar pidfile
27 .Ek
28 .Nm
29 .Bk -words
30 .Op Fl 6hVv
31 .Op Fl d Pa certs-dir
32 .Op Fl H Ar hostname
33 .Op Fl p Ar port
34 .Op Fl x Pa cgi
35 .Op Pa dir
36 .Ek
37 .Sh DESCRIPTION
38 .Nm
39 is a simple and minimal gemini server that can serve static files,
40 execute CGI scripts and talk to FastCGI applications.
41 It can run without a configuration file with a limited set of features
42 available.
43 .Pp
44 .Nm
45 rereads the configuration file when it receives
46 .Dv SIGHUP .
47 .Pp
48 The options are as follows:
49 .Bl -tag -width 14m
50 .It Fl c Pa config
51 Specify the configuration file.
52 .It Fl D Ar macro Ns = Ns Ar value
53 Define
54 .Ar macro
55 to be set to
56 .Ar value
57 on the command line.
58 Overrides the definition of
59 .Ar macro
60 in the config file if present.
61 .It Fl f
62 Stays and logs on the foreground.
63 .It Fl n
64 Check that the configuration is valid, but don't start the server.
65 If specified two or more time, dump the configuration in addition to
66 verify it.
67 .It Fl P Pa pidfile
68 Write daemon's pid to the given location.
69 .Ar pidfile
70 will also act as lock: if another process is holding a lock on that
71 file,
72 .Nm
73 will refuse to start.
74 .El
75 .Pp
76 If no configuration file is given,
77 .Nm
78 runs in
79 .Dq config-less mode
80 .Pq i.e. runs in the foreground to serve a directory from the shell
81 and looks for the following options
82 .Bl -tag -width 14m
83 .It Fl 6
84 Enable IPv6.
85 .It Fl d Pa certs-path
86 Directory where certificates for the config-less mode are stored.
87 By default it is
88 .Pa $XDG_DATA_HOME/gmid ,
89 i.e.
90 .Pa ~/.local/share/gmid .
91 .It Fl H Ar hostname
92 The hostname
93 .Po
94 .Ar localhost
95 by default
96 .Pc .
97 Certificates for the given
98 .Ar hostname
99 are searched inside the
100 .Pa certs-dir
101 directory given with the
102 .Fl d
103 option.
104 They have the form
105 .Pa hostname.cert.pem
106 and
107 .Pa hostname.key.pem .
108 If a certificate or a key doesn't exist for a given hostname, they
109 will be generated automatically.
110 .It Fl h , Fl -help
111 Print the usage and exit.
112 .It Fl p Ar port
113 The port to listen on, by default 1965.
114 .It Fl V , Fl -version
115 Print the version and exit.
116 .It Fl v
117 Verbose mode.
118 Multiple
119 .Fl v
120 options increase the verbosity.
121 .It Fl x Pa path
122 Enable execution of
123 .Sx CGI
124 scripts.
125 See the description of the
126 .Ic cgi
127 option in the
128 .Sq Servers
129 section below to learn how
130 .Pa path
131 is processed.
132 Cannot be provided more than once.
133 .It Pa dir
134 The root directory to serve.
135 By default the current working directory is assumed.
136 .El
137 .Sh CONFIGURATION FILE
138 The configuration file is divided into three sections:
139 .Bl -tag -width xxxx
140 .It Sy Macros
141 User-defined variables may be defined and used later, simplifying the
142 configuration file.
143 .It Sy Global Options
144 Global settings for
145 .Nm .
146 .It Sy Servers
147 Virtual hosts definition.
148 .El
149 .Pp
150 Within the sections, empty lines are ignored and comments can be put
151 anywhere in the file using a hash mark
152 .Pq Sq # ,
153 and extend to the end of the current line.
154 A boolean is either the symbol
155 .Sq on
156 or
157 .Sq off .
158 A string is a sequence of characters wrapped in double quotes,
159 .Dq like this .
160 Multiple strings one next to the other are joined into a single
161 string:
162 .Bd -literal -offset indent
163 # equivalent to "temporary-failure"
164 block return 40 "temporary" "-" "failure"
165 .Ed
166 .Pp
167 Furthermore, quoting is necessary only when a string needs to contain
168 special characters
169 .Pq like spaces or punctuation ,
170 something that looks like a number or a reserved keyword.
171 The last example could have been written also as:
172 .Bd -literal -offset indent
173 block return 40 temporary "-" failure
174 .Ed
175 .Pp
176 Strict ordering of the sections is not enforced, so that is possible
177 to mix macros, options and
178 .Ic server
179 blocks.
180 However, defining all the
181 .Ic server
182 blocks after the macros and the global options is recommended.
183 .Pp
184 Newlines are often optional, except around top-level instructions, and
185 semicolons
186 .Dq \&;
187 can also be optionally used to separate options.
188 .Pp
189 Additional configuration files can be included with the
190 .Ic include
191 keyword, for example:
192 .Bd -literal -offset indent
193 include "/etc/gmid.conf.local"
194 .Ed
195 .Ss Macros
196 Macros can be defined that will later be expanded in context.
197 Macro names must start with a letter, digit or underscore and may
198 contain any of those characters.
199 Macros names may not be reserved words.
200 Macros are not expanded inside quotes.
201 .Pp
202 Two kinds of macros are supported: variable-like and proper macros.
203 When a macro is invoked with a
204 .Dq $
205 before its name its expanded as a string, whereas when it's invoked
206 with a
207 .Dq @
208 its expanded in-place.
209 .Pp
210 For example:
211 .Bd -literal -offset indent
212 dir = "/var/gemini"
213 certdir = "/etc/keys"
214 common = "lang it; auto index on"
215 
216 server "foo" {
217 	root $dir "/foo"         # -> /var/gemini/foo
218 	cert $certdir "/foo.crt" # -> /etc/keys/foo.crt
219 	key  $certdir "/foo.pem" # -> /etc/keys/foo.pem
220 	@common
221 }
222 .Ed
223 .Ss Global Options
224 .Bl -tag -width 12m
225 .It Ic chroot Pa path
226 .Xr chroot 2
227 the process to the given
228 .Pa path .
229 The daemon has to be run with root privileges and thus the option
230 .Ic user
231 needs to be provided, so privileges can be dropped.
232 Note that
233 .Nm
234 will enter the chroot after loading the TLS keys, but before opening
235 the virtual host root directories.
236 It's recommended to keep the TLS keys outside the chroot.
237 Future version of
238 .Nm
239 may enforce this.
240 .It Ic ipv6 Ar bool
241 Enable or disable IPv6 support, off by default.
242 .It Ic map Ar mime-type Cm to-ext Ar file-extension
243 Map
244 .Ar mime-type
245 to the given
246 .Ar file-extension .
247 Both argument are strings.
248 .It Ic port Ar portno
249 The port to listen on.
250 1965 by default.
251 .It Ic prefork Ar number
252 Run the specified number of server processes.
253 This increases the performance and prevents delays when connecting to
254 a server.
255 When not in config-less mode,
256 .Nm
257 runs 3 server processes by default.
258 The maximum number allowed is 16.
259 .It Ic protocols Ar string
260 Specify the TLS protocols to enable.
261 Refer to
262 .Xr tls_config_parse_protocols 3
263 for the valid protocol string values.
264 By default, both TLSv1.3 and TLSv1.2 are enabled.
265 Use
266 .Dq tlsv1.3
267 to enable only TLSv1.3.
268 .It Ic user Ar string
269 Run the daemon as the given user.
270 .El
271 .Ss Servers
272 Every virtual host is defined by a
273 .Ic server
274 block:
275 .Bl -tag -width Ds
276 .It Ic server Ar hostname Brq ...
277 Match the server name using shell globbing rules.
278 It can be an explicit name,
279 .Ar www.example.com ,
280 or a name including a wildcards,
281 .Ar *.example.com .
282 .El
283 .Pp
284 Followed by a block of options that is enclosed in curly brackets:
285 .Bl -tag -width Ds
286 .It Ic alias Ar name
287 Specify an additional alias
288 .Ar name
289 for this server.
290 .It Ic auto Ic index Ar bool
291 If no index file is found, automatically generate a directory listing.
292 Disabled by default.
293 .It Ic block Op Ic return Ar code Op Ar meta
294 Send a reply and close the connection;
295 by default
296 .Ar code
297 is 40
298 and
299 .Ar meta
300 is
301 .Dq temporary failure .
302 If
303 .Ar code
304 is in the 3x range, then
305 .Ar meta
306 is mandatory.
307 Inside
308 .Ar meta ,
309 the following special sequences are supported:
310 .Bl -tag -width Ds -compact
311 .It \&%\&%
312 is replaced with a single
313 .Sq \&% .
314 .It \&%p
315 is replaced with the request path.
316 .It \&%q
317 is replaced with the query string of the request.
318 .It \&%P
319 is replaced with the server port.
320 .It \&%N
321 is replaced with the server name.
322 .El
323 .It Ic cert Pa file
324 Path to the certificate to use for this server.
325 The
326 .Pa file
327 should contain a PEM encoded certificate.
328 This option is mandatory.
329 .It Ic cgi Pa path
330 Execute
331 .Sx CGI
332 scripts that matches
333 .Pa path
334 using shell globbing rules.
335 .It Ic default type Ar string
336 Set the default media type that is used if the media type for a
337 specified extension is not found.
338 If not specified, the
339 .Ic default type
340 is set to
341 .Dq application/octet-stream .
342 .It Ic entrypoint Pa path
343 Handle all the requests for the current virtual host using the
344 .Sx CGI
345 script at
346 .Pa path ,
347 relative to the current document root.
348 .It Ic env Ar name Cm = Ar value
349 Set the environment variable
350 .Ar name
351 to
352 .Ar value
353 when executing CGI scripts.
354 Can be provided more than once.
355 .\" don't document the "spawn <prog>" form because it probably won't
356 .\" be kept.
357 .It Ic fastcgi Oo Ic tcp Oc Pa socket Oo Cm port Ar port Oc
358 Enable
359 .Sx FastCGI
360 instead of serving files.
361 The
362 .Pa socket
363 can either be a UNIX-domain socket or a TCP socket.
364 If the FastCGI application is listening on a UNIX domain socket,
365 .Pa socket
366 is a local path name within the
367 .Xr chroot 2
368 root directory of
369 .Nm .
370 Otherwise, the
371 .Ic tcp
372 keyword must be provided and
373 .Pa socket
374 is interpreted as a hostname or an IP address.
375 .Ar port
376 can be either a port number or the name of a service enclosed in
377 double quotes.
378 If not specified defaults to 9000.
379 .It Ic index Ar string
380 Set the directory index file.
381 If not specified, it defaults to
382 .Pa index.gmi .
383 .It Ic key Pa file
384 Specify the private key to use for this server.
385 The
386 .Pa file
387 should contain a PEM encoded private key.
388 This option is mandatory.
389 .It Ic lang Ar string
390 Specify the language tag for the text/gemini content served.
391 If not specified, no
392 .Dq lang
393 parameter will be added in the response.
394 .It Ic location Pa path Brq ...
395 Specify server configuration rules for a specific location.
396 The
397 .Pa path
398 argument will be matched against the request path with shell globbing
399 rules.
400 In case of multiple location statements in the same context, the first
401 matching location will be put into effect and the later ones ignored.
402 Therefore is advisable to match for more specific paths first and for
403 generic ones later on.
404 A
405 .Ic location
406 section may include most of the server configuration rules
407 except
408 .Ic alias , Ic cert , Ic cgi , Ic entrypoint , Ic env , Ic key ,
409 .Ic location , Ic param No and Ic proxy .
410 .It Ic log Ar bool
411 Enable or disable the logging for the current server or location block.
412 .It Ic param Ar name Cm = Ar value
413 Set the param
414 .Ar name
415 to
416 .Ar value
417 for FastCGI.
418 .It Ic ocsp Ar file
419 Specify an OCSP response to be stapled during TLS handshakes
420 with this server.
421 The
422 .Ar file
423 should contain a DER-format OCSP response retrieved from an
424 OCSP server for the
425 .Ic cert
426 in use.
427 If the OCSP response in
428 .Ar file
429 is empty, OCSP stapling will not be used.
430 The default is to not use OCSP stapling.
431 .It Ic proxy Oo Cm proto Ar name Oc Oo Cm for-host Ar host : Ns Oo Ar port Oc Oc Brq ...
432 Set up a reverse proxy.
433 The optional matching rules
434 .Cm proto
435 and
436 .Cm for-host
437 can be used to enable proxying only for protocols matching
438 .Ar name
439 .Po Dq gemini
440 by default
441 .Pc
442 and/or whose request IRI matches
443 .Ar host
444 and
445 .Ar port
446 .Pq 1965 by default .
447 Matching happens using shell globbing rules.
448 .Pp
449 In case of multiple matching proxy blocks in the same context, the
450 first matching proxy will be put into effect and the later ones
451 ignored.
452 .Pp
453 Valid options are:
454 .Bl -tag -width Ds
455 .It Ic cert Ar file
456 Specify the client certificate to use when making requests.
457 .It Ic key Ar file
458 Specify the client certificate key to use when making requests.
459 .It Ic protocols Ar string
460 Specify the TLS protocols allowed when making remote requests.
461 Refer to the
462 .Xr tls_config_parse_protocols 3
463 function for the valid protocol string values.
464 By default, both TLSv1.2 and TLSv1.3 are enabled.
465 .It Ic relay-to Ar host : Ns Op Ar port
466 Relay the request to the given
467 .Ar host
468 at the given
469 .Ar port ,
470 1965 by default.
471 This is the only mandatory option in a
472 .Ic proxy
473 block.
474 .It Ic use-tls Ar bool
475 Specify whether to use TLS when connecting to the proxied host.
476 Enabled by default.
477 .It Ic verifyname Ar bool
478 Enable or disable the TLS server name verification.
479 Enabled by default.
480 .El
481 .It Ic root Pa directory
482 Specify the root directory for this server
483 .Pq alas the current Dq document root .
484 It's relative to the chroot if enabled.
485 .It Ic require Ic client Ic ca Pa path
486 Allow requests only from clients that provide a certificate signed by
487 the CA certificate in
488 .Pa path .
489 It needs to be a PEM-encoded certificate and it's not relative to the
490 chroot.
491 .It Ic strip Ar number
492 Strip
493 .Ar number
494 components from the beginning of the path before doing a lookup in the
495 root directory.
496 It's also considered for the
497 .Ar meta
498 parameter in the scope of a
499 .Ic block return .
500 .El
501 .Sh CGI
502 When a request for an executable file matches the
503 .Ic cgi
504 rule, that file will be executed and its output fed to the client.
505 .Pp
506 The CGI scripts are executed in the directory they reside and inherit
507 the environment from
508 .Nm
509 with these additional variables set:
510 .Bl -tag -width 24m
511 .It Ev GATEWAY_INTERFACE
512 .Dq CGI/1.1
513 .It Ev GEMINI_DOCUMENT_ROOT
514 The root directory of the virtual host.
515 .It Ev GEMINI_SCRIPT_FILENAME
516 Full path to the CGI script being executed.
517 .It Ev GEMINI_URL
518 The full IRI of the request.
519 .It Ev GEMINI_URL_PATH
520 The path of the request.
521 .It Ev PATH_INFO
522 The portion of the requested path that is derived from the the IRI
523 path hierarchy following the part that identifies the script itself.
524 Can be unset.
525 .It Ev PATH_TRANSLATED
526 Present if and only if
527 .Ev PATH_INFO
528 is set.
529 It represent the translation of the
530 .Ev PATH_INFO .
531 .Nm
532 builds this by appending the
533 .Ev PATH_INFO
534 to the virtual host directory root.
535 .It Ev QUERY_STRING
536 The decoded query string.
537 .It Ev REMOTE_ADDR , Ev REMOTE_HOST
538 Textual representation of the client IP.
539 .It Ev REQUEST_METHOD
540 This is present only for RFC3875 (CGI) compliance.
541 It's always set to the empty string.
542 .It Ev SCRIPT_NAME
543 The part of the
544 .Ev GEMINI_URL_PATH
545 that identifies the current CGI script.
546 .It Ev SERVER_NAME
547 The name of the server
548 .It Ev SERVER_PORT
549 The port the server is listening on.
550 .It Ev SERVER_PROTOCOL
551 .Dq GEMINI
552 .It Ev SERVER_SOFTWARE
553 The name and version of the server, i.e.
554 .Dq gmid/1.7.3
555 .It Ev AUTH_TYPE
556 The string "Certificate" if the client used a certificate, otherwise
557 unset.
558 .It Ev REMOTE_USER
559 The subject of the client certificate if provided, otherwise unset.
560 .It Ev TLS_CLIENT_ISSUER
561 The is the issuer of the client certificate if provided, otherwise
562 unset.
563 .It Ev TLS_CLIENT_HASH
564 The hash of the client certificate if provided, otherwise unset.
565 The format is
566 .Dq ALGO:HASH .
567 .It Ev TLS_VERSION
568 The TLS version negotiated with the peer.
569 .It Ev TLS_CIPHER
570 The cipher suite negotiated with the peer.
571 .It Ev TLS_CIPHER_STRENGTH
572 The strength in bits for the symmetric cipher that is being used with
573 the peer.
574 .It Ev TLS_CLIENT_NOT_AFTER
575 The time corresponding to the end of the validity period of the peer
576 certificate in the ISO 8601 format
577 .Pq e.g. Dq 2021-02-07T20:17:41Z .
578 .It Ev TLS_CLIENT_NOT_BEFORE
579 The time corresponding to the start of the validity period of the peer
580 certificate in the ISO 8601 format.
581 .El
582 .Sh FastCGI
583 .Nm
584 optionally supports FastCGI.
585 A
586 .Ic fastcgi
587 rule must be present in a server or location block.
588 Then, all requests matching that server or location will be handled
589 via the specified FastCGI backend.
590 .Pp
591 By default the following variables
592 .Pq parameters
593 are sent, and carry the same semantics as with CGI.
594 More parameters can be added with the
595 .Ic param
596 option.
597 .Pp
598 .Bl -bullet -compact
599 .It
600 GATEWAY_INTERFACE
601 .It
602 GEMINI_URL_PATH
603 .It
604 QUERY_STRING
605 .It
606 REMOTE_ADDR
607 .It
608 REMOTE_HOST
609 .It
610 REQUEST_METHOD
611 .It
612 SERVER_NAME
613 .It
614 SERVER_PROTOCOL
615 .It
616 SERVER_SOFTWARE
617 .It
618 AUTH_TYPE
619 .It
620 REMOTE_USER
621 .It
622 TLS_CLIENT_ISSUER
623 .It
624 TLS_CLIENT_HASH
625 .It
626 TLS_VERSION
627 .It
628 TLS_CIPHER
629 .It
630 TLS_CIPHER_STRENGTH
631 .It
632 TLS_CLIENT_NOT_BEFORE
633 .It
634 TLS_CLIENT_NOT_AFTER
635 .El
636 .Sh MIME
637 To auto-detect the MIME type of the response
638 .Nm
639 looks at the file extension and consults its internal table.
640 By default the following mappings are loaded, but they can be
641 overridden or extended using the
642 .Ic map
643 configuration option.
644 If no MIME is found, the value of
645 .Ic default type
646 matching the file
647 .Ic location
648 will be used, which is
649 .Dq application/octet-stream
650 by default.
651 .Pp
652 .Bl -tag -offset indent -width 14m -compact
653 .It diff
654 text/x-patch
655 .It gemini, gmi
656 text/gemini
657 .It gif
658 image/gif
659 .It jpeg
660 image/jpeg
661 .It jpg
662 image/jpeg
663 .It markdown, md
664 text/markdown
665 .It patch
666 text/x-patch
667 .It pdf
668 application/pdf
669 .It png
670 image/png
671 .It svg
672 image/svg+xml
673 .It txt
674 text/plain
675 .It xml
676 text/xml
677 .El
678 .Sh LOGGING
679 Messages and requests are logged by
680 .Xr syslog 3
681 using the
682 .Dv DAEMON
683 facility or printed on
684 .Em stderr .
685 .Pp
686 Requests are logged with the
687 .Dv NOTICE
688 severity.
689 Each request log entry has the following fields, separated by
690 whitespace:
691 .Pp
692 .Bl -bullet -compact
693 .It
694 Client IP address and the source port number, separated by a colon
695 .It
696 .Sy GET
697 keyword
698 .It
699 Request URL
700 .It
701 Response status
702 .It
703 Response meta
704 .El
705 .Sh EXAMPLES
706 Serve the current directory
707 .Bd -literal -offset indent
708 $ gmid .
709 .Ed
710 .Pp
711 To serve the directory
712 .Pa docs
713 and enable CGI scripts inside
714 .Pa docs/cgi
715 .Bd -literal -offset indent
716 $ mkdir docs/cgi
717 $ cat <<EOF > docs/cgi/hello
718 #!/bin/sh
719 printf "20 text/plain\er\en"
720 echo "hello world"
721 EOF
722 $ chmod +x docs/cgi/hello
723 $ gmid -x '/cgi/*' docs
724 .Ed
725 .Pp
726 An X.509 certificate must be provided to run
727 .Nm
728 using a configuration file.
729 First, the RSA certificate is created using a wildcard common name:
730 .Bd -literal -offset indent
731 # openssl genrsa \-out /etc/ssl/private/example.com.key 4096
732 # openssl req \-new \-x509 \e
733 	\-key /etc/ssl/private/example.com.key \e
734 	\-out /etc/ssl/example.com.crt \e
735 	\-days 36500 \-nodes \e
736 	\-subj "/CN=example.com"
737 # chmod 600 /etc/ssl/example.com.crt
738 # chmod 600 /etc/ssl/private/example.com.key
739 .Ed
740 .Pp
741 In the example above, a certificate is valid for one hundred years from
742 the date it was created, which is normal for TOFU.
743 .Pp
744 The following is an example of a possible configuration for a site
745 that enables only TLSv1.3, adds a mime type for the file extension
746 .Qq rtf
747 and defines two virtual host:
748 .Bd -literal -offset indent
749 ipv6 on		# enable ipv6
750 
751 protocols "tlsv1.3"
752 
753 map "application/rtf" to-ext "rtf"
754 
755 server "example.com" {
756 	cert "/etc/ssl/example.com.crt"
757 	key  "/etc/ssl/private/example.com.key"
758 	root "/var/gemini/example.com"
759 }
760 
761 server "it.example.com" {
762 	cert "/etc/ssl/example.com.crt"
763 	key  "/etc/ssl/private/example.com.key"
764 	root "/var/gemini/it.example.com"
765 
766 	# enable cgi scripts inside "cgi-bin"
767 	cgi  "/cgi-bin/*"
768 
769 	# set the language for text/gemini files
770 	lang "it"
771 }
772 .Ed
773 .Pp
774 Yet another example, showing how to enable a
775 .Ic chroot
776 and use
777 .Ic location
778 rule
779 .Bd -literal -offset indent
780 chroot "/var/gemini"
781 user "_gmid"
782 
783 server "example.com" {
784 	cert "/path/to/cert.pem" # absolute path
785 	key  "/path/to/key.pem"  # also absolute
786 	root "/example.com"      # relative to the chroot
787 
788 	location "/static/*" {
789 		# load the following rules only for
790 		# requests that matches "/static/*"
791 
792 		auto index on
793 		index "index.gemini"
794 	}
795 }
796 .Ed
797 .Sh ACKNOWLEDGEMENTS
798 .Nm
799 uses the
800 .Dq Flexible and Economical
801 UTF-8 decoder written by
802 .An Bjoern Hoehrmann .
803 .Sh AUTHORS
804 .An -nosplit
805 The
806 .Nm
807 program was written by
808 .An Omar Polo Aq Mt op@omarpolo.com .
809 .Sh CAVEATS
810 .Bl -bullet
811 .It
812 All the root directories are opened during the daemon startup; if a
813 root directory is deleted and then re-created,
814 .Nm
815 won't be able to serve files inside that directory until a restart.
816 This restriction only applies to the root directories and not their
817 content.
818 .It
819 a %2F sequence is indistinguishable from a literal slash: this is not
820 RFC3986-compliant.
821 .It
822 a %00 sequence is treated as invalid character and thus rejected.
823 .El