Commit Briefs
use shell built-in `command' instead of which(1)
it's specified by POSIX AFAIK and requires less redirections.
add type { ... } block to define mime types mapping
The `map' rule is powerful but quite annoying to use if you have/need lots of entries (and clutters the configuration file too.) The `type' block is blatantly stolen from httpd(8) and allows for a way more nice usage: type { include "/usr/share/misc/mime.types" } or even type { text/markdown md markdown text/x-perl pl pm # ... }
don't log errno, it's always zero after libtls returns
The libevent error value is much more interesting! see github issue #13
remove paragraph "locally installed libressl" + some tweaks
libtls is now widely available, it's at least on gentoo, arch, void, alpine, fedora and debian sid; there's no need to show how to compile to a locally installed one.
tightens seccomp filter: allow only openat(O_RDONLY)
be more strict and allow an openat only with the O_RDONLY flag. This is kind of redundant with landlock, but still good to have. Landlock is not yet widely available and won't kill the process upon policy violation; furthermore, landlock can be disabled at boot time. tested on GNU and musl libc on arch and alpine amd64.