From ca852a8c82019c47eae54e23e613222f13a1d8b0 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Thu, 19 Mar 2026 14:46:22 +0000
Subject: [PATCH 01/34] Move to use a workerpool

---
 danode/client.d     |  6 ++--
 danode/filesystem.d |  2 +-
 danode/imports.d    |  2 ++
 danode/router.d     |  3 +-
 danode/server.d     | 85 +++++++++++++++++++++----------------------
 danode/workerpool.d | 88 +++++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 134 insertions(+), 52 deletions(-)
 create mode 100644 danode/workerpool.d

diff --git a/danode/client.d b/danode/client.d
index 99b803b..2d7cd5d 100644
--- a/danode/client.d
+++ b/danode/client.d
@@ -1,4 +1,4 @@
-/** danode/client.d - Per-connection thread: request/response lifecycle, keep-alive, timeouts
+/** danode/client.d - Per-connection handler: request/response lifecycle, keep-alive, timeouts
   * License: GPLv3 (https://github.com/DannyArends/DaNode) - Danny Arends **/
 module danode.client;
 
@@ -20,7 +20,7 @@ immutable size_t MAX_UPLOAD_SIZE  = 1024 * 1024 * 100;  // 100MB Multipart uploa
 immutable size_t MAX_SSE_TIME = 60_000;                 // 60 seconds max SSE lifetime
 
 
-class Client : Thread, ClientInterface {
+class Client : ClientInterface {
   private:
     Router              router;              /// Router class from server
     DriverInterface     driver;              /// Driver
@@ -33,7 +33,6 @@ class Client : Thread, ClientInterface {
       this.router = router;
       this.driver = driver;
       this.maxtime = maxtime;
-      super(&run); // initialize the thread
     }
 
    final void run() {
@@ -85,7 +84,6 @@ class Client : Thread, ClientInterface {
         this.log(request, response);
       } catch(Exception e) { log(Level.Verbose, "Unknown Client Exception: %s", e); stop();
       } catch(Error e) { log(Level.Verbose, "Unknown Client Error: %s", e); stop(); }
-
       log(Level.Verbose, "Connection %s:%s (%s) closed. %d requests %s (%s msecs)", ip, port, (driver.isSecure() ? "SSL" : "HTTP"), 
                                                                                       driver.requests, driver.senddata, starttime);
     }
diff --git a/danode/filesystem.d b/danode/filesystem.d
index b80a1a1..db6ee7b 100644
--- a/danode/filesystem.d
+++ b/danode/filesystem.d
@@ -65,7 +65,7 @@ class FileSystem {
       // Remove files that no longer exist on disk
       foreach (k; domain.files.keys) { if (!exists(dname ~ k)) { domain.files.remove(k); } }
 
-      log(Level.Verbose, "Domain: '%s' files %s|%s", dname, domain.buffered, domain.entries);
+      log(Level.Always, "Domain: '%s' files %s|%s", dname, domain.buffered, domain.entries);
       log(Level.Verbose, "Domain: '%s' size %.2f/%.2f kB", dname, domain.buffersize / 1024.0, domain.size / 1024.0);
       return(domain);
     } }
diff --git a/danode/imports.d b/danode/imports.d
index 023f7cf..1965982 100644
--- a/danode/imports.d
+++ b/danode/imports.d
@@ -8,6 +8,8 @@ public import core.stdc.stdio : fileno;
 
 // Public imported structures and enums from core
 public import core.atomic;
+public import core.memory : GC;
+public import core.sync.semaphore : Semaphore;
 public import core.sync.mutex : Mutex;
 public import core.thread;
 
diff --git a/danode/router.d b/danode/router.d
index 8eb990a..1e3c536 100644
--- a/danode/router.d
+++ b/danode/router.d
@@ -154,8 +154,7 @@ StringDriver runRequest(Router router, string request = "GET /dmd.d HTTP/1.1\nHo
   auto driver = new StringDriver(request);
   auto client = new Client(router, driver, maxtime);
   log(Level.Verbose, "Router: [I] %s:%s %s", client.ip(), client.port(), request.splitLines()[0]);
-  client.start();
-  client.join();
+  client.run();
   return driver;
 }
 
diff --git a/danode/server.d b/danode/server.d
index 298e308..b7a4ee0 100644
--- a/danode/server.d
+++ b/danode/server.d
@@ -8,6 +8,7 @@ import danode.client : Client;
 import danode.interfaces : DriverInterface;
 import danode.http : HTTP;
 import danode.router : Router;
+import danode.workerpool : WorkerPool;
 import danode.log : cv, abort, log, tag, error, Level;
 
 version(SSL) {
@@ -16,18 +17,13 @@ version(SSL) {
   import danode.https : HTTPS;
 }
 
-immutable int MAX_CLIENTS = 2048;
-immutable int MAX_CLIENTS_PER_IP = 32;
-
 class Server : Thread {
   private:
     Socket              socket;                 // The server socket
     SocketSet           set;                    // SocketSet for server socket and client listeners
-    Client[]            clients;                // List of clients
     bool                terminated;             // Server running
     SysTime             starttime;              // Start time of the server
-    Router              router;                 // Router to route requests
-    long[string]        nAlivePerIP;
+    WorkerPool          pool;
 
   public:
     string wwwFolder    = "www/";
@@ -46,7 +42,7 @@ class Server : Thread {
          string sslFolder = ".ssl/", string sslKey = "server.key", string accountKey = "account.key") {
       starttime = Clock.currTime();                             // Start the timer
       socket = initialize(port, backlog);                       // Create the HTTP socket
-      router = new Router(wwwFolder, socket.localAddress());    // Start the router
+      pool = new WorkerPool(new Router(wwwFolder, socket.localAddress()));
       version(SSL) {
         sslPath = sslFolder.resolveFolder();
         ssl = sslKey;
@@ -73,20 +69,22 @@ class Server : Thread {
     }
 
     // Accept an incoming connection and create a client object
-    final void accept(ref Appender!(Client[]) persistent, Socket socket, bool secure = false) {
-      if (set.sISelect(socket, false, 5) <= 0 || nAlive >= MAX_CLIENTS) return;
-      log(Level.Trace, "Accepting %s request", secure ? "HTTPs" : "HTTP");
+    final void accept(Socket socket, bool secure = false) {
+      if (set.sISelect(socket, false, 5) <= 0) return;
       try {
-          DriverInterface driver = null;
-          if (!secure) driver = new HTTP(socket.accept(), false);
-          version(SSL) { if (secure) driver = new HTTPS(socket.accept(), false); }
-          if (driver is null) return;
-          Client client = new Client(router, driver);
-          client.start();
-          if (nAlivePerIP.from(client.ip, 0L) <= MAX_CLIENTS_PER_IP) {
-            persistent.put(client);
-          } else { log(Level.Always, "Rate limit exceeded [%s]", client.ip); client.stop(); }
-      } catch(Exception e) { error("Unable to accept connection: %s", e.msg); }
+        Socket accepted = socket.accept();
+        string ip = accepted.remoteAddress().toAddrString();
+        bool isLoopback = (ip == "127.0.0.1" || ip == "::1");
+        DriverInterface driver = null;
+        if (!secure) driver = new HTTP(accepted, false);
+        version(SSL) { if (secure) driver = new HTTPS(accepted, false); }
+        if (driver is null) { accepted.close(); return; }
+        if (!pool.push(driver, ip, isLoopback)) {
+          log(Level.Always, "Rate limit or capacity exceeded [%s]", ip);
+          driver.closeConnection();
+        }
+      } catch(Exception e) { error("Unable to accept connection, Exception: %s", e.msg);
+      } catch(Error e) { error("Unable to accept connection, Error: %s", e.msg); }
     }
 
     // is the server still running ?
@@ -98,19 +96,15 @@ class Server : Thread {
       }
     } }
 
-    // Stop all clients and shutdown the server
-    final void stop(){ synchronized {
-      foreach(ref Client client; clients){ client.stop(); } terminated = true;
-    } }
-
-    final @property long nAlive() { return nAlivePerIP.byValue.sum; }
+    // Stop the pool and shutdown the server
+    final void stop(){ synchronized { pool.stop(); terminated = true; } }
 
      // Returns a Duration object holding the server uptime
     final @property Duration uptime() const { return(Clock.currTime() - starttime); }
 
-     // Print some server information
-    final @property void info() { log(Level.Always, "Uptime %s, Connections: %d / %d", uptime, nAlive, clients.length); }
-    
+    // Print some server information
+    final @property void info() { log(Level.Always, "Uptime %s, Connections: %d / queued: %d", uptime, pool.nAlive, pool.queued); }
+
     // Hostname of the server
     final @property string hostname() { return(socket.hostName()); }
     version(SSL) {
@@ -119,42 +113,43 @@ class Server : Thread {
     }
 
     final void run() {
-      Appender!(Client[]) persistent;
       SysTime lastScan = Clock.currTime();
       while(running) {
         try {
-          Client[] previous = clients;                            // Slice reference
-          persistent.clear();                                     // Clear the Appender
-          accept(persistent, socket);
-          version (SSL) { accept(persistent, sslsocket, true); }
-
-          nAlivePerIP = null;
-          foreach (Client client; previous) {   // Foreach through the Slice reference
-            if(client.running) { nAlivePerIP[client.ip]++; persistent.put(client); }
-            else if(!client.isRunning) client.join();           // join finished threads
-          }
-          clients = persistent.data;
-          if (Msecs(lastScan) > 86_400_000) {   // Scan for deleted files & expiring certificates every day
-            router.scan();
+          accept(socket);
+          version (SSL) { accept(sslsocket, true); }
+          if (Msecs(lastScan) > 86_400_000) {
+            pool.scan();
             version(SSL) { checkAndRenew(sslPath, sslKey, accountKey); }
             lastScan = Clock.currTime();
           }
         } catch(Exception e) { error("Unspecified top level server exception: %s", e.msg);
         } catch(Error e) { error("Unspecified top level server error: %s", e.msg); }
       }
-      log(Level.Always, "Server socket closed, running: %s", running);
+      pool.stop();
       socket.close();
       version (SSL) { sslsocket.closeSSL(); }
     }
 }
 
-void parseKeyInput(ref Server server){
+void parseKeyInput(ref Server server) {
   string line = chomp(stdin.readln());
   if (line.startsWith("quit")) server.stop();
   if (line.startsWith("info")) server.info();
 }
 
+void setLimit() { version(Posix) {
+  import core.sys.posix.sys.resource;
+
+  rlimit rl;
+  getrlimit(RLIMIT_NOFILE, &rl);
+  rl.rlim_cur = rl.rlim_max;
+  auto res = setrlimit(RLIMIT_NOFILE, &rl);
+  log(Level.Always, "FD limit: %d [%d]", rl.rlim_cur, res);
+} }
+
 void main(string[] args) {
+  setLimit();
   version(unittest){ ushort port = 8080; }else{ ushort port = 80; }
   int    backlog      = 100;
   int    verbose      = Level.Verbose;
diff --git a/danode/workerpool.d b/danode/workerpool.d
new file mode 100644
index 0000000..b4245bc
--- /dev/null
+++ b/danode/workerpool.d
@@ -0,0 +1,88 @@
+/** danode/workerpool.d - Fixed thread pool: connection dispatch, per-IP tracking, worker lifecycle
+  * License: GPLv3 (https://github.com/DannyArends/DaNode) - Danny Arends **/
+module danode.workerpool;
+
+import danode.imports;
+import danode.client     : Client;
+import danode.interfaces : DriverInterface;
+import danode.router     : Router;
+import danode.log        : log, error, Level;
+
+immutable int MAX_CLIENTS = 2048;
+immutable int MAX_CLIENTS_PER_IP = 32;
+immutable int POOL_SIZE = 200;
+
+class WorkerPool {
+  private:
+    Router            router;
+    Thread[]          workers;
+    DriverInterface[] queue;
+    Mutex             mutex;
+    Semaphore         sem;
+    bool              stopped;
+
+  public:
+    long[string]      nAlivePerIP;   // protected by mutex
+
+    this(Router router) {
+      this.router  = router;
+      this.mutex   = new Mutex();
+      this.sem     = new Semaphore(0);
+      foreach (i; 0 .. POOL_SIZE) {
+        auto t = new Thread(&workerLoop, 256 * 1024);
+        t.isDaemon = true;
+        t.start();
+        workers ~= t;
+      }
+      log(Level.Always, "WorkerPool started with %d threads", POOL_SIZE);
+    }
+
+    bool push(DriverInterface driver, string ip, bool isLoopback) {
+      synchronized(mutex) {
+        if (!isLoopback && nAlivePerIP.get(ip, 0L) >= MAX_CLIENTS_PER_IP) return(false);
+        if (queue.length >= MAX_CLIENTS) return(false);
+        queue ~= driver;
+      }
+      sem.notify();
+      return true;
+    }
+
+    @property long nAlive() { synchronized(mutex) { return nAlivePerIP.byValue.sum; } }
+    @property long queued() { synchronized(mutex) { return queue.length; } }
+    void scan() { router.scan(); }
+
+
+    void stop() {
+      synchronized(mutex) { stopped = true; }
+      foreach (i; 0 .. POOL_SIZE) sem.notify();   // wake all workers to exit
+      foreach (t; workers) t.join();
+      log(Level.Always, "WorkerPool stopped");
+    }
+
+  private:
+    void workerLoop() {
+      while (true) {
+        sem.wait();
+
+        DriverInterface driver;
+        synchronized(mutex) {
+          if (stopped) return;
+          if (queue.length == 0) continue;   // spurious notify from stop()
+          driver = queue[0];
+          queue  = queue[1 .. $];
+        }
+
+        string ip = driver.ip;
+        synchronized(mutex) { nAlivePerIP[ip]++; }
+        try {
+          auto client = new Client(router, driver);
+          client.run();
+        } catch(Exception e) { error("WorkerPool: client exception [%s]: %s", ip, e.msg);
+        } catch(Error e) { error("WorkerPool: client error [%s]: %s",     ip, e.msg); }
+        synchronized(mutex) {
+          if (ip in nAlivePerIP && nAlivePerIP[ip] > 0) nAlivePerIP[ip]--;
+          if (nAlivePerIP[ip] == 0) nAlivePerIP.remove(ip);
+        }
+      }
+    }
+}

From 333cb2a197c8c8d32a4cf092321a0995106274b1 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Thu, 19 Mar 2026 14:50:40 +0000
Subject: [PATCH 02/34] Minor fixes

---
 danode/filesystem.d | 2 +-
 danode/imports.d    | 1 -
 danode/server.d     | 1 -
 3 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/danode/filesystem.d b/danode/filesystem.d
index db6ee7b..b80a1a1 100644
--- a/danode/filesystem.d
+++ b/danode/filesystem.d
@@ -65,7 +65,7 @@ class FileSystem {
       // Remove files that no longer exist on disk
       foreach (k; domain.files.keys) { if (!exists(dname ~ k)) { domain.files.remove(k); } }
 
-      log(Level.Always, "Domain: '%s' files %s|%s", dname, domain.buffered, domain.entries);
+      log(Level.Verbose, "Domain: '%s' files %s|%s", dname, domain.buffered, domain.entries);
       log(Level.Verbose, "Domain: '%s' size %.2f/%.2f kB", dname, domain.buffersize / 1024.0, domain.size / 1024.0);
       return(domain);
     } }
diff --git a/danode/imports.d b/danode/imports.d
index 1965982..732f185 100644
--- a/danode/imports.d
+++ b/danode/imports.d
@@ -8,7 +8,6 @@ public import core.stdc.stdio : fileno;
 
 // Public imported structures and enums from core
 public import core.atomic;
-public import core.memory : GC;
 public import core.sync.semaphore : Semaphore;
 public import core.sync.mutex : Mutex;
 public import core.thread;
diff --git a/danode/server.d b/danode/server.d
index b7a4ee0..ca45f3e 100644
--- a/danode/server.d
+++ b/danode/server.d
@@ -126,7 +126,6 @@ class Server : Thread {
         } catch(Exception e) { error("Unspecified top level server exception: %s", e.msg);
         } catch(Error e) { error("Unspecified top level server error: %s", e.msg); }
       }
-      pool.stop();
       socket.close();
       version (SSL) { sslsocket.closeSSL(); }
     }

From 8b19712483f52b4a9af7e280ac7f8c3d9c54dc31 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Thu, 19 Mar 2026 16:12:57 +0000
Subject: [PATCH 03/34] Cleaning up

---
 danode/client.d     |  3 +-
 danode/server.d     | 73 ++++++++++++++-------------------------------
 danode/signals.d    | 19 +++++++++---
 danode/workerpool.d | 42 +++++++++++++++-----------
 4 files changed, 64 insertions(+), 73 deletions(-)

diff --git a/danode/client.d b/danode/client.d
index 2d7cd5d..f8838a6 100644
--- a/danode/client.d
+++ b/danode/client.d
@@ -19,7 +19,6 @@ immutable size_t MAX_REQUEST_SIZE = 1024 * 1024 * 2;    //   2MB Body
 immutable size_t MAX_UPLOAD_SIZE  = 1024 * 1024 * 100;  // 100MB Multipart uploads
 immutable size_t MAX_SSE_TIME = 60_000;                 // 60 seconds max SSE lifetime
 
-
 class Client : ClientInterface {
   private:
     Router              router;              /// Router class from server
@@ -93,7 +92,7 @@ class Client : ClientInterface {
 
     // Stop the client by setting the terminated flag
     final @property void stop() {
-      log(Level.Trace, "connection %s:%s stop called", ip, port);
+      log(Level.Trace, "Connection %s:%s stop called", ip, port);
       atomicStore(terminated, true);
     }
 
diff --git a/danode/server.d b/danode/server.d
index ca45f3e..5fb8840 100644
--- a/danode/server.d
+++ b/danode/server.d
@@ -3,8 +3,7 @@
 module danode.server;
 
 import danode.imports;
-import danode.functions : from, Msecs, sISelect, resolveFolder;
-import danode.client : Client;
+import danode.functions : Msecs, sISelect, resolveFolder;
 import danode.interfaces : DriverInterface;
 import danode.http : HTTP;
 import danode.router : Router;
@@ -25,9 +24,6 @@ class Server : Thread {
     SysTime             starttime;              // Start time of the server
     WorkerPool          pool;
 
-  public:
-    string wwwFolder    = "www/";
-
     version(SSL) {
       private:
         Socket sslsocket;                     // SSL / HTTPs socket
@@ -78,7 +74,7 @@ class Server : Thread {
         DriverInterface driver = null;
         if (!secure) driver = new HTTP(accepted, false);
         version(SSL) { if (secure) driver = new HTTPS(accepted, false); }
-        if (driver is null) { accepted.close(); return; }
+        if (driver is null) { return(accepted.close()); }
         if (!pool.push(driver, ip, isLoopback)) {
           log(Level.Always, "Rate limit or capacity exceeded [%s]", ip);
           driver.closeConnection();
@@ -88,12 +84,9 @@ class Server : Thread {
     }
 
     // is the server still running ?
-    final @property bool running(){ synchronized {
-      version(SSL) {
-        return(socket.isAlive() && sslsocket.isAlive() && !terminated);
-      } else {
-        return(socket.isAlive() && !terminated);
-      }
+    final @property bool running() { synchronized {
+      version(SSL) { return(socket.isAlive() && sslsocket.isAlive() && !terminated);
+      } else { return(socket.isAlive() && !terminated); }
     } }
 
     // Stop the pool and shutdown the server
@@ -137,19 +130,7 @@ void parseKeyInput(ref Server server) {
   if (line.startsWith("info")) server.info();
 }
 
-void setLimit() { version(Posix) {
-  import core.sys.posix.sys.resource;
-
-  rlimit rl;
-  getrlimit(RLIMIT_NOFILE, &rl);
-  rl.rlim_cur = rl.rlim_max;
-  auto res = setrlimit(RLIMIT_NOFILE, &rl);
-  log(Level.Always, "FD limit: %d [%d]", rl.rlim_cur, res);
-} }
-
 void main(string[] args) {
-  setLimit();
-  version(unittest){ ushort port = 8080; }else{ ushort port = 80; }
   int    backlog      = 100;
   int    verbose      = Level.Verbose;
   bool   keyoff       = false;
@@ -157,7 +138,7 @@ void main(string[] args) {
   string sslFolder    = ".ssl/";
   string sslKey       = "server.key";
   string accountKey   = "account.key";
-  
+
   getopt(args, "port|p",      &port,         // Port to listen on
                "backlog|b",   &backlog,      // Backlog of clients supported
                "keyoff|k",    &keyoff,       // Keyboard on or off
@@ -167,32 +148,24 @@ void main(string[] args) {
                "accountKey",  &accountKey,   // Server Let's encrypt account key
                "verbose|v",   &verbose);     // Verbose level (via commandline)
   atomicStore(cv, verbose);
-  version (unittest) {
-    // Do nothing, unittests will run
-  } else {
-    version (Posix) {
-      import core.sys.posix.signal : signal, SIGPIPE;
-      import danode.signals : handle_signal;
-      signal(SIGPIPE, &handle_signal);
-    }
-    version (Windows) {
-      log(Level.Always, "-k was set to true. However, keyboard input under windows is not supported");
-      keyoff = true;
-    }
-    auto server = new Server(port, backlog, wwwFolder, sslFolder, sslKey, accountKey);
-    version (SSL) {
-      loadSSL(server.sslPath, server.sslKey);                             // Load SSL certificates
-      checkAndRenew(server.sslPath, server.sslKey, server.accountKey);    // checkAndRenew SSL certificates
-    }
-    server.start();
-    while (server.running) {
-      if (!keyoff) { server.parseKeyInput(); }
-      stdout.flush();
-      Thread.sleep(dur!"msecs"(250));
-    }
-    log(Level.Always, "Server shutting down: %d", server.running);
-    server.info();
+  version(Posix) setupPosix();
+  version (Windows) {
+    log(Level.Always, "-k was set to true. However, keyboard input under windows is not supported");
+    keyoff = true;
+  }
+  auto server = new Server(port, backlog, wwwFolder, sslFolder, sslKey, accountKey);
+  version (SSL) {
+    loadSSL(server.sslPath, server.sslKey);                             // Load SSL certificates
+    checkAndRenew(server.sslPath, server.sslKey, server.accountKey);    // checkAndRenew SSL certificates
+  }
+  server.start();
+  while (server.running) {
+    if (!keyoff) { server.parseKeyInput(); }
+    stdout.flush();
+    Thread.sleep(dur!"msecs"(250));
   }
+  log(Level.Always, "Server shutting down: %d", server.running);
+  server.info();
 }
 
 unittest {
diff --git a/danode/signals.d b/danode/signals.d
index abc5bef..3864d69 100644
--- a/danode/signals.d
+++ b/danode/signals.d
@@ -3,13 +3,15 @@
 module danode.signals;
 
 version(Posix) {
+  import danode.imports;
+
+  import core.sys.posix.sys.resource;
+  import core.sys.posix.signal : signal, SIGPIPE;
   import core.sys.posix.unistd : write;
-  import core.sys.posix.signal : SIGPIPE;
 
-  import danode.imports;
-  import danode.log : cv;
+  import danode.log : cv, log, Level;
 
-  extern(C) @nogc nothrow void handle_signal(int signal) {
+  extern(C) @nogc nothrow void handleSignal(int signal) {
     switch (signal) {
       case SIGPIPE:
         if(atomicLoad(cv) > 1) write(2, cast(const(void*)) "[SIG]    Broken pipe caught, and ignored\n\0".ptr, 41);
@@ -19,5 +21,14 @@ version(Posix) {
         break;
     }
   }
+
+  void setupPosix() {
+    rlimit rl;
+    getrlimit(RLIMIT_NOFILE, &rl);
+    rl.rlim_cur = rl.rlim_max;
+    auto res = setrlimit(RLIMIT_NOFILE, &rl);
+    log(Level.Always, "FD limit: %d [%d]", rl.rlim_cur, res);
+    signal(SIGPIPE, &handleSignal);
+  }
 }
 
diff --git a/danode/workerpool.d b/danode/workerpool.d
index b4245bc..afc5881 100644
--- a/danode/workerpool.d
+++ b/danode/workerpool.d
@@ -8,22 +8,21 @@ import danode.interfaces : DriverInterface;
 import danode.router     : Router;
 import danode.log        : log, error, Level;
 
-immutable int MAX_CLIENTS = 2048;
-immutable int MAX_CLIENTS_PER_IP = 32;
-immutable int POOL_SIZE = 200;
+immutable int MAX_CLIENTS = 2048;         /// Maximum number of queued connections before dropping
+immutable int MAX_CLIENTS_PER_IP = 32;    /// Maximum concurrent connections per remote IP
+immutable int POOL_SIZE = 200;            /// Number of pre-allocated worker threads
 
 class WorkerPool {
   private:
-    Router            router;
-    Thread[]          workers;
-    DriverInterface[] queue;
-    Mutex             mutex;
-    Semaphore         sem;
-    bool              stopped;
+    Router            router;         /// Shared router instance passed to each Client
+    Thread[]          workers;        /// Fixed array of pre-allocated worker threads
+    Mutex             mutex;          /// Guards queue, stopped, and nAlivePerIP
+    DriverInterface[] queue;          /// Pending connection queue, protected by mutex
+    long[string]      nAlivePerIP;    /// Active connection count per remote IP, protected by mutex
+    bool              stopped;        /// Set to true on shutdown; workers exit their loop when seen
+    Semaphore         sem;            /// Counts pending items in queue; workers block on wait()
 
   public:
-    long[string]      nAlivePerIP;   // protected by mutex
-
     this(Router router) {
       this.router  = router;
       this.mutex   = new Mutex();
@@ -37,6 +36,8 @@ class WorkerPool {
       log(Level.Always, "WorkerPool started with %d threads", POOL_SIZE);
     }
 
+    /* Enqueue a new connection driver for handling by the next available worker.
+       Returns false if the connection should be rejected (rate limit or capacity exceeded). */
     bool push(DriverInterface driver, string ip, bool isLoopback) {
       synchronized(mutex) {
         if (!isLoopback && nAlivePerIP.get(ip, 0L) >= MAX_CLIENTS_PER_IP) return(false);
@@ -47,19 +48,25 @@ class WorkerPool {
       return true;
     }
 
-    @property long nAlive() { synchronized(mutex) { return nAlivePerIP.byValue.sum; } }
-    @property long queued() { synchronized(mutex) { return queue.length; } }
-    void scan() { router.scan(); }
+    // Total number of connections currently being handled across all workers
+    @property long nAlive() { synchronized(mutex) { return(nAlivePerIP.byValue.sum); } }
 
+    // Number of connections waiting in the queue for a free worker
+    @property long queued() { synchronized(mutex) { return(queue.length); } }
 
+    // Trigger a filesystem rescan on the router (called by the server)
+    void scan() { router.scan(); }
+
+    // Signal all workers to exit and join them
     void stop() {
-      synchronized(mutex) { stopped = true; }
+      synchronized(mutex) { if (stopped) { return; } stopped = true; }
       foreach (i; 0 .. POOL_SIZE) sem.notify();   // wake all workers to exit
       foreach (t; workers) t.join();
       log(Level.Always, "WorkerPool stopped");
     }
 
   private:
+    // Worker thread body: blocks on semaphore, dequeues one connection, runs it to completion.
     void workerLoop() {
       while (true) {
         sem.wait();
@@ -77,8 +84,8 @@ class WorkerPool {
         try {
           auto client = new Client(router, driver);
           client.run();
-        } catch(Exception e) { error("WorkerPool: client exception [%s]: %s", ip, e.msg);
-        } catch(Error e) { error("WorkerPool: client error [%s]: %s",     ip, e.msg); }
+        } catch(Exception e) { error("WorkerPool: Client exception [%s]: %s", ip, e.msg);
+        } catch(Error e) { error("WorkerPool: Client error [%s]: %s",     ip, e.msg); }
         synchronized(mutex) {
           if (ip in nAlivePerIP && nAlivePerIP[ip] > 0) nAlivePerIP[ip]--;
           if (nAlivePerIP[ip] == 0) nAlivePerIP.remove(ip);
@@ -86,3 +93,4 @@ class WorkerPool {
       }
     }
 }
+

From bb3eb480a4b5c9ff774afa5951568e054a20ac9b Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Thu, 19 Mar 2026 16:19:16 +0000
Subject: [PATCH 04/34] Updated server main loop

---
 danode/server.d | 40 +++++++++-------------------------------
 1 file changed, 9 insertions(+), 31 deletions(-)

diff --git a/danode/server.d b/danode/server.d
index 5fb8840..bb6b99e 100644
--- a/danode/server.d
+++ b/danode/server.d
@@ -16,11 +16,10 @@ version(SSL) {
   import danode.https : HTTPS;
 }
 
-class Server : Thread {
+class Server {
   private:
     Socket              socket;                 // The server socket
     SocketSet           set;                    // SocketSet for server socket and client listeners
-    bool                terminated;             // Server running
     SysTime             starttime;              // Start time of the server
     WorkerPool          pool;
 
@@ -47,7 +46,6 @@ class Server : Thread {
       }
       set = new SocketSet(1);                       // Create a server socket set
       log(Level.Always, "Server '%s' created backlog: %d", this.hostname(), backlog);
-      super(&run);
     }
 
     // Initialize the listening socket to a certain port and backlog
@@ -83,14 +81,8 @@ class Server : Thread {
       } catch(Error e) { error("Unable to accept connection, Error: %s", e.msg); }
     }
 
-    // is the server still running ?
-    final @property bool running() { synchronized {
-      version(SSL) { return(socket.isAlive() && sslsocket.isAlive() && !terminated);
-      } else { return(socket.isAlive() && !terminated); }
-    } }
-
     // Stop the pool and shutdown the server
-    final void stop(){ synchronized { pool.stop(); terminated = true; } }
+    final void stop(){ pool.stop(); }
 
      // Returns a Duration object holding the server uptime
     final @property Duration uptime() const { return(Clock.currTime() - starttime); }
@@ -107,7 +99,7 @@ class Server : Thread {
 
     final void run() {
       SysTime lastScan = Clock.currTime();
-      while(running) {
+      while(socket.isAlive()) {
         try {
           accept(socket);
           version (SSL) { accept(sslsocket, true); }
@@ -124,16 +116,10 @@ class Server : Thread {
     }
 }
 
-void parseKeyInput(ref Server server) {
-  string line = chomp(stdin.readln());
-  if (line.startsWith("quit")) server.stop();
-  if (line.startsWith("info")) server.info();
-}
-
 void main(string[] args) {
+  ushort port         = 80;
   int    backlog      = 100;
   int    verbose      = Level.Verbose;
-  bool   keyoff       = false;
   string wwwFolder    = "www/";
   string sslFolder    = ".ssl/";
   string sslKey       = "server.key";
@@ -141,31 +127,23 @@ void main(string[] args) {
 
   getopt(args, "port|p",      &port,         // Port to listen on
                "backlog|b",   &backlog,      // Backlog of clients supported
-               "keyoff|k",    &keyoff,       // Keyboard on or off
                "www",         &wwwFolder,    // Server www root folder
                "ssl",         &sslFolder,    // Location of SSL certificates
                "sslKey",      &sslKey,       // Server private key
                "accountKey",  &accountKey,   // Server Let's encrypt account key
                "verbose|v",   &verbose);     // Verbose level (via commandline)
   atomicStore(cv, verbose);
-  version(Posix) setupPosix();
-  version (Windows) {
-    log(Level.Always, "-k was set to true. However, keyboard input under windows is not supported");
-    keyoff = true;
+  version(Posix){ 
+    import danode.signals : setupPosix;
+    setupPosix();
   }
+
   auto server = new Server(port, backlog, wwwFolder, sslFolder, sslKey, accountKey);
   version (SSL) {
     loadSSL(server.sslPath, server.sslKey);                             // Load SSL certificates
     checkAndRenew(server.sslPath, server.sslKey, server.accountKey);    // checkAndRenew SSL certificates
   }
-  server.start();
-  while (server.running) {
-    if (!keyoff) { server.parseKeyInput(); }
-    stdout.flush();
-    Thread.sleep(dur!"msecs"(250));
-  }
-  log(Level.Always, "Server shutting down: %d", server.running);
-  server.info();
+  server.run();
 }
 
 unittest {

From 283830c53bf005df7f04bc06bf041b17b57f133a Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Thu, 19 Mar 2026 16:42:20 +0000
Subject: [PATCH 05/34] Check server.alive

---
 danode/server.d | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/danode/server.d b/danode/server.d
index bb6b99e..e8cade2 100644
--- a/danode/server.d
+++ b/danode/server.d
@@ -97,9 +97,14 @@ class Server {
       final @property string accountKey() { return(sslPath ~ account); }
     }
 
+     @property bool alive() {
+      version(SSL) { return socket.isAlive() && sslsocket.isAlive();
+      } else { return socket.isAlive(); }
+    }
+
     final void run() {
       SysTime lastScan = Clock.currTime();
-      while(socket.isAlive()) {
+      while(alive) {
         try {
           accept(socket);
           version (SSL) { accept(sslsocket, true); }
@@ -133,7 +138,7 @@ void main(string[] args) {
                "accountKey",  &accountKey,   // Server Let's encrypt account key
                "verbose|v",   &verbose);     // Verbose level (via commandline)
   atomicStore(cv, verbose);
-  version(Posix){ 
+  version(Posix) {
     import danode.signals : setupPosix;
     setupPosix();
   }

From 64fccd3a73f21cb845216bf791c8cc4e95589d14 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Thu, 19 Mar 2026 16:44:50 +0000
Subject: [PATCH 06/34] Minor fix

---
 danode/server.d | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/danode/server.d b/danode/server.d
index e8cade2..1499f6d 100644
--- a/danode/server.d
+++ b/danode/server.d
@@ -97,9 +97,9 @@ class Server {
       final @property string accountKey() { return(sslPath ~ account); }
     }
 
-     @property bool alive() {
-      version(SSL) { return socket.isAlive() && sslsocket.isAlive();
-      } else { return socket.isAlive(); }
+    @property bool alive() {
+      version(SSL) { return(socket.isAlive() && sslsocket.isAlive());
+      } else { return(socket.isAlive()); }
     }
 
     final void run() {

From f829b821696b17d290cd0790d78040bdc76a5052 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Thu, 19 Mar 2026 16:55:12 +0000
Subject: [PATCH 07/34] Cleaning and moving code

---
 danode/client.d     | 49 +++++++++-------------------------------
 danode/interfaces.d | 54 +++++++++++++++++++++++----------------------
 2 files changed, 39 insertions(+), 64 deletions(-)

diff --git a/danode/client.d b/danode/client.d
index f8838a6..b461d92 100644
--- a/danode/client.d
+++ b/danode/client.d
@@ -4,20 +4,18 @@ module danode.client;
 
 import danode.imports;
 
-import danode.cgi : CGI;
 import danode.statuscode : StatusCode;
 import danode.functions: htmltime, Msecs;
-import danode.interfaces : DriverInterface, ClientInterface, StringDriver;
+import danode.interfaces : DriverInterface, ClientInterface, StringDriver, sendHeaderTooLarge, sendPayloadTooLarge, sendTimedOut;
 import danode.router : Router, runRequest;
-import danode.response : Response, setPayload;
+import danode.response : Response;
 import danode.request : Request;
-import danode.payload : PayloadType;
 import danode.log : log, tag, Level;
 
-immutable size_t MAX_HEADER_SIZE  = 1024 * 32;          //  32KB Header
-immutable size_t MAX_REQUEST_SIZE = 1024 * 1024 * 2;    //   2MB Body
-immutable size_t MAX_UPLOAD_SIZE  = 1024 * 1024 * 100;  // 100MB Multipart uploads
-immutable size_t MAX_SSE_TIME = 60_000;                 // 60 seconds max SSE lifetime
+immutable size_t MAX_HEADER_SIZE  = 1024 * 32;          ///  32KB Header
+immutable size_t MAX_REQUEST_SIZE = 1024 * 1024 * 2;    ///   2MB Body
+immutable size_t MAX_UPLOAD_SIZE  = 1024 * 1024 * 100;  /// 100MB Multipart uploads
+immutable size_t MAX_SSE_TIME = 60_000;                 /// 60 seconds max SSE lifetime
 
 class Client : ClientInterface {
   private:
@@ -28,7 +26,6 @@ class Client : ClientInterface {
 
   public:
     this(Router router, DriverInterface driver, long maxtime = 5000) {
-      log(Level.Trace, "client constructor");
       this.router = router;
       this.driver = driver;
       this.maxtime = maxtime;
@@ -37,7 +34,7 @@ class Client : ClientInterface {
    final void run() {
       log(Level.Trace, "New connection established %s:%d", ip(), port() );
       try {
-        if (driver.openConnection() == false) { log(Level.Verbose, "WARN: Unable to open connection"); stop(); }
+        if (!driver.openConnection()) { log(Level.Verbose, "WARN: Unable to open connection"); return; }
         Request request;
         Response response;
         scope (exit) {
@@ -48,11 +45,11 @@ class Client : ClientInterface {
         while (running) {
           if (driver.receive(driver.socket) > 0) { // We've received new data
             if (!driver.hasHeader()) {
-              if (driver.inbuffer.data.length > MAX_HEADER_SIZE) { driver.setHeaderTooLarge(response); stop(); continue; }
+              if (driver.inbuffer.data.length > MAX_HEADER_SIZE) { driver.sendHeaderTooLarge(response); stop(); continue; }
             } else {
-              if (driver.endOfHeader > MAX_HEADER_SIZE) { driver.setHeaderTooLarge(response); stop(); continue; }
+              if (driver.endOfHeader > MAX_HEADER_SIZE) { driver.sendHeaderTooLarge(response); stop(); continue; }
               size_t limit = (driver.header.indexOf("multipart/") >= 0) ? MAX_UPLOAD_SIZE : MAX_REQUEST_SIZE;
-              if (driver.inbuffer.data.length > limit) { driver.setPayloadTooLarge(response); stop(); continue; }
+              if (driver.inbuffer.data.length > limit) { driver.sendPayloadTooLarge(response); stop(); continue; }
             }
             // Parse the data and try to create a response (Could fail multiple times)
             if (!response.ready) { router.route(driver, request, response, maxtime); }
@@ -75,7 +72,7 @@ class Client : ClientInterface {
           }
           if (lastmodified >= maxtime) { // Client are not allowed to be silent for more than maxtime
             log(Level.Trace, "inactivity: %s > %s", lastmodified, maxtime);
-            driver.setTimedOut(response);
+            driver.sendTimedOut(response);
             stop(); continue;
           }
           log(Level.Trace, "Connection %s:%s (%s msecs) %s", ip, port, starttime, to!string(driver.inbuffer.data));
@@ -96,15 +93,10 @@ class Client : ClientInterface {
       atomicStore(terminated, true);
     }
 
-    // Number of requests served
     final @property long requests() const { return(driver ? driver.requests : 0); }
-    // Start time of the client in mseconds (stored in the connection driver)
     final @property long starttime() const { return(driver.starttime); }
-    // When was the client last modified in mseconds (stored in the connection driver)
     final @property long lastmodified() const { return(driver.lastmodified); }
-    // Port of the client
     final @property long port() const { return(driver.port()); } 
-    // ip address of the client
     final @property string ip() const { return(driver.ip()); } 
 }
 
@@ -118,25 +110,6 @@ void log(in ClientInterface cl, in Request rq, in Response rs) {
       "%s %s:%s %s%s [%d] %.1fkb in %s ms ", htmltime(), cl.ip, cl.port, rq.shorthost, uri.replace("%", "%%"), cl.requests, bytes/1024f, ms);
 }
 
-// serve a 408 connection timed out page
-void setTimedOut(ref DriverInterface driver, ref Response response) {
-  if(response.payload && response.payload.type == PayloadType.Script){ to!CGI(response.payload).notifyovertime(); }
-  response.setPayload(StatusCode.TimedOut, "408 - Connection Timed Out\n", "text/plain");
-  driver.send(response, driver.socket);
-}
-
-// serve a 431 request header fields too large page
-void setHeaderTooLarge(ref DriverInterface driver, ref Response response) {
-  response.setPayload(StatusCode.HeaderFieldsTooLarge, "431 - Request Header Fields Too Large\n", "text/plain");
-  driver.send(response, driver.socket);
-}
-
-// serve a 413 payload too large page
-void setPayloadTooLarge(ref DriverInterface driver, ref Response response) {
-  response.setPayload(StatusCode.PayloadTooLarge, "413 - Payload Too Large\n", "text/plain");
-  driver.send(response, driver.socket);
-}
-
 unittest {
   tag(Level.Always, "FILE", "%s", __FILE__);
 
diff --git a/danode/interfaces.d b/danode/interfaces.d
index 5015685..2910828 100644
--- a/danode/interfaces.d
+++ b/danode/interfaces.d
@@ -3,8 +3,11 @@
 module danode.interfaces;
 
 import danode.imports;
+
+import danode.cgi : CGI;
 import danode.functions : Msecs, sISelect, bodystart, endofheader, fullheader;
-import danode.response : Response;
+import danode.payload : PayloadType;
+import danode.response : Response, setPayload;
 import danode.statuscode : StatusCode;
 import danode.log : log, error, Level;
 
@@ -62,32 +65,17 @@ abstract class DriverInterface {
     }
 
     long receiveData(ref char[] buffer);
-    bool openConnection(); /// Open the connection
-    void closeConnection(); /// Close the connection
-    @nogc bool isSecure() const nothrow; /// Are we secure ?
+    bool openConnection();
+    void closeConnection();
+    @nogc bool isSecure() const nothrow;
 
     // Send upto maxsize bytes from the response to the client
     void send(ref Response response, Socket conn, ptrdiff_t maxsize = 4096);
 
-    // port being used for communication
-    final @property long port() const { 
-      if (address !is null) return(to!long(address.toPortString())); 
-      return(-1); 
-    }
-
-    // IP address connected to
-    final @property string ip() const {
-      if (address !is null) return(address.toAddrString());
-      return("0.0.0.0"); 
-    }
-
-    // Milliseconds since start of connection
+    final @property long port() const { if (address !is null){ return(to!long(address.toPortString())); } return(-1); }
+    final @property string ip() const { if (address !is null){ return(address.toAddrString()); } return("0.0.0.0"); }
     final @property long starttime() const { return(Msecs(systime)); }
-
-    // Milliseconds since last modified
     final @property long lastmodified() const { return(Msecs(modtime)); }
-
-    // Byte input converted to header as string
     final @property string header() const { return(fullheader(inbuffer.data)); }
 
     // Byte input converted to body as string
@@ -96,16 +84,30 @@ abstract class DriverInterface {
       return(to!string(inbuffer.data[bodyStart() .. $]));
     }
 
-    // Where does the HTTP request header end ?
     final @property ptrdiff_t endOfHeader() const { return(endofheader(inbuffer.data)); }
-
-    // Where does the HTTP request body begin ?
     final @property ptrdiff_t bodyStart() const { return(bodystart(inbuffer.data)); }
-
-    // Do we have a header separator ? "\r\n\r\n" or "\n\n"
     final @property bool hasHeader() const { return(endOfHeader > 0); }
 }
 
+// serve a 408 connection timed out page
+void sendTimedOut(ref DriverInterface driver, ref Response response) {
+  if(response.payload && response.payload.type == PayloadType.Script){ to!CGI(response.payload).notifyovertime(); }
+  response.setPayload(StatusCode.TimedOut, "408 - Connection Timed Out\n", "text/plain");
+  driver.send(response, driver.socket);
+}
+
+// serve a 431 request header fields too large page
+void sendHeaderTooLarge(ref DriverInterface driver, ref Response response) {
+  response.setPayload(StatusCode.HeaderFieldsTooLarge, "431 - Request Header Fields Too Large\n", "text/plain");
+  driver.send(response, driver.socket);
+}
+
+// serve a 413 payload too large page
+void sendPayloadTooLarge(ref DriverInterface driver, ref Response response) {
+  response.setPayload(StatusCode.PayloadTooLarge, "413 - Payload Too Large\n", "text/plain");
+  driver.send(response, driver.socket);
+}
+
 class StringDriver : DriverInterface {
   public:
     StatusCode      lastStatus;

From fe938e71525075caa6f237c818ae047578c753f5 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Thu, 19 Mar 2026 16:56:52 +0000
Subject: [PATCH 08/34] Minor: @property void xyz(){ } is unusual

---
 danode/client.d | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/danode/client.d b/danode/client.d
index b461d92..1d47865 100644
--- a/danode/client.d
+++ b/danode/client.d
@@ -88,7 +88,7 @@ class Client : ClientInterface {
     final @property bool running() const { return(!atomicLoad(terminated) && driver.socketReady()); }
 
     // Stop the client by setting the terminated flag
-    final @property void stop() {
+    final void stop() {
       log(Level.Trace, "Connection %s:%s stop called", ip, port);
       atomicStore(terminated, true);
     }

From 1e04a980533a3358d0c18ed35250e0e185f43e03 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Thu, 19 Mar 2026 17:03:07 +0000
Subject: [PATCH 09/34] Moving log into client, dropping some cl.

---
 danode/client.d     | 28 ++++++++++++++--------------
 danode/interfaces.d | 16 +---------------
 danode/server.d     |  6 +++---
 3 files changed, 18 insertions(+), 32 deletions(-)

diff --git a/danode/client.d b/danode/client.d
index 1d47865..8e35f1e 100644
--- a/danode/client.d
+++ b/danode/client.d
@@ -6,7 +6,7 @@ import danode.imports;
 
 import danode.statuscode : StatusCode;
 import danode.functions: htmltime, Msecs;
-import danode.interfaces : DriverInterface, ClientInterface, StringDriver, sendHeaderTooLarge, sendPayloadTooLarge, sendTimedOut;
+import danode.interfaces : DriverInterface, StringDriver, sendHeaderTooLarge, sendPayloadTooLarge, sendTimedOut;
 import danode.router : Router, runRequest;
 import danode.response : Response;
 import danode.request : Request;
@@ -17,7 +17,7 @@ immutable size_t MAX_REQUEST_SIZE = 1024 * 1024 * 2;    ///   2MB Body
 immutable size_t MAX_UPLOAD_SIZE  = 1024 * 1024 * 100;  /// 100MB Multipart uploads
 immutable size_t MAX_SSE_TIME = 60_000;                 /// 60 seconds max SSE lifetime
 
-class Client : ClientInterface {
+class Client {
   private:
     Router              router;              /// Router class from server
     DriverInterface     driver;              /// Driver
@@ -63,7 +63,7 @@ class Client : ClientInterface {
           }
           if (response.ready && response.completed) {       // We've completed the request, response cycle
             driver.requests++;
-            if(response.keepalive) { this.log(request, response); }
+            if(response.keepalive) { logRR(request, response); }
             request.clearUploadFiles();                     // Clean uploaded files
             driver.inbuffer.clear();                        // Clear the input buffer
             if(!response.keepalive){ stop(); continue; }    // No keep alive, then stop this client
@@ -77,13 +77,23 @@ class Client : ClientInterface {
           }
           log(Level.Trace, "Connection %s:%s (%s msecs) %s", ip, port, starttime, to!string(driver.inbuffer.data));
         }
-        this.log(request, response);
+        logRR(request, response);
       } catch(Exception e) { log(Level.Verbose, "Unknown Client Exception: %s", e); stop();
       } catch(Error e) { log(Level.Verbose, "Unknown Client Error: %s", e); stop(); }
       log(Level.Verbose, "Connection %s:%s (%s) closed. %d requests %s (%s msecs)", ip, port, (driver.isSecure() ? "SSL" : "HTTP"), 
                                                                                       driver.requests, driver.senddata, starttime);
     }
 
+    void logRR(in Request rq, in Response rs) {
+      string uri;
+      try { uri = decodeComponent(rq.uri); } catch (Exception e) { uri = rq.uri; }
+      long bytes = (rs.payload && rs.isRange) ? (rs.rangeEnd - rs.rangeStart + 1) : (rs.payload ? rs.payload.length : 0);
+      int code = cast(int)(rs.payload ? rs.statuscode.code : 0);
+      long ms = rq.starttime == SysTime.init ? -1 : Msecs(rq.starttime);
+      tag(Level.Always, format("%d", code),
+          "%s %s:%s %s%s [%d] %.1fkb in %s ms ", htmltime(), ip, port, rq.shorthost, uri.replace("%", "%%"), requests, bytes/1024f, ms);
+    }
+
     // Is the client still running, if the socket was gone it's not otherwise check the terminated flag
     final @property bool running() const { return(!atomicLoad(terminated) && driver.socketReady()); }
 
@@ -100,16 +110,6 @@ class Client : ClientInterface {
     final @property string ip() const { return(driver.ip()); } 
 }
 
-void log(in ClientInterface cl, in Request rq, in Response rs) {
-  string uri;
-  try { uri = decodeComponent(rq.uri); } catch (Exception e) { uri = rq.uri; }
-  long bytes = (rs.payload && rs.isRange) ? (rs.rangeEnd - rs.rangeStart + 1) : (rs.payload ? rs.payload.length : 0);
-  int code = cast(int)(rs.payload ? rs.statuscode.code : 0);
-  long ms = rq.starttime == SysTime.init ? -1 : Msecs(rq.starttime);
-  tag(Level.Always, format("%d", code),
-      "%s %s:%s %s%s [%d] %.1fkb in %s ms ", htmltime(), cl.ip, cl.port, rq.shorthost, uri.replace("%", "%%"), cl.requests, bytes/1024f, ms);
-}
-
 unittest {
   tag(Level.Always, "FILE", "%s", __FILE__);
 
diff --git a/danode/interfaces.d b/danode/interfaces.d
index 2910828..76cdc08 100644
--- a/danode/interfaces.d
+++ b/danode/interfaces.d
@@ -11,26 +11,12 @@ import danode.response : Response, setPayload;
 import danode.statuscode : StatusCode;
 import danode.log : log, error, Level;
 
-/* Client interface used by the server */
-interface ClientInterface {
-  @property bool    running();          /// Is the client still handling requests
-  @property long    starttime();        /// When was the client last started
-  @property long    lastmodified();     /// When was the client last modified
-  @property void    stop();             /// Stop the client
-
-  @property long requests() const;      /// Number of requests served
-  @property string  ip() const;         /// IP location of the client
-  @property long    port() const;       /// Port at which the client is connected
-
-  void run();                           /// Main client loop and logic
-}
-
 /* Connection/Driver interface available to the client */
 abstract class DriverInterface {
   public:
     Appender!(char[])   inbuffer;            /// Input appender buffer
     Socket              socket;              /// Client socket for reading and writing
-    SocketSet           socketSet;
+    SocketSet           socketSet;           /// SocketSet used for non-blocking select on this connection
     long                requests = 0;        /// Number of requests we handled
     long[long]          senddata;            /// Size of data send per request
     SysTime             systime;             /// Time in ms since this process came alive
diff --git a/danode/server.d b/danode/server.d
index 1499f6d..062be1d 100644
--- a/danode/server.d
+++ b/danode/server.d
@@ -35,8 +35,8 @@ class Server {
   public:
     this(ushort port = 80, int backlog = 100, string wwwFolder = "www/",
          string sslFolder = ".ssl/", string sslKey = "server.key", string accountKey = "account.key") {
-      starttime = Clock.currTime();                             // Start the timer
-      socket = initialize(port, backlog);                       // Create the HTTP socket
+      starttime = Clock.currTime(); // Start the timer
+      socket = initialize(port, backlog); // Create the HTTP socket
       pool = new WorkerPool(new Router(wwwFolder, socket.localAddress()));
       version(SSL) {
         sslPath = sslFolder.resolveFolder();
@@ -44,7 +44,7 @@ class Server {
         account = accountKey;
         sslsocket = initialize(443, backlog);  // Create the SSL / HTTPs socket
       }
-      set = new SocketSet(1);                       // Create a server socket set
+      set = new SocketSet();
       log(Level.Always, "Server '%s' created backlog: %d", this.hostname(), backlog);
     }
 

From 20f98d255fba68a3f051c5cbb3337a19ffd6edca Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Thu, 19 Mar 2026 17:14:55 +0000
Subject: [PATCH 10/34] Clean shutdown, minot code cleaning

---
 danode/client.d  |  6 +++---
 danode/server.d  | 12 ++++++------
 danode/signals.d | 10 +++++++++-
 3 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/danode/client.d b/danode/client.d
index 8e35f1e..764e771 100644
--- a/danode/client.d
+++ b/danode/client.d
@@ -63,7 +63,7 @@ class Client {
           }
           if (response.ready && response.completed) {       // We've completed the request, response cycle
             driver.requests++;
-            if(response.keepalive) { logRR(request, response); }
+            if(response.keepalive) { logConnection(request, response); }
             request.clearUploadFiles();                     // Clean uploaded files
             driver.inbuffer.clear();                        // Clear the input buffer
             if(!response.keepalive){ stop(); continue; }    // No keep alive, then stop this client
@@ -77,14 +77,14 @@ class Client {
           }
           log(Level.Trace, "Connection %s:%s (%s msecs) %s", ip, port, starttime, to!string(driver.inbuffer.data));
         }
-        logRR(request, response);
+        logConnection(request, response);
       } catch(Exception e) { log(Level.Verbose, "Unknown Client Exception: %s", e); stop();
       } catch(Error e) { log(Level.Verbose, "Unknown Client Error: %s", e); stop(); }
       log(Level.Verbose, "Connection %s:%s (%s) closed. %d requests %s (%s msecs)", ip, port, (driver.isSecure() ? "SSL" : "HTTP"), 
                                                                                       driver.requests, driver.senddata, starttime);
     }
 
-    void logRR(in Request rq, in Response rs) {
+    void logConnection(in Request rq, in Response rs) {
       string uri;
       try { uri = decodeComponent(rq.uri); } catch (Exception e) { uri = rq.uri; }
       long bytes = (rs.payload && rs.isRange) ? (rs.rangeEnd - rs.rangeStart + 1) : (rs.payload ? rs.payload.length : 0);
diff --git a/danode/server.d b/danode/server.d
index 062be1d..1693a08 100644
--- a/danode/server.d
+++ b/danode/server.d
@@ -3,12 +3,14 @@
 module danode.server;
 
 import danode.imports;
+
+import danode.log : cv, abort, log, tag, error, Level;
 import danode.functions : Msecs, sISelect, resolveFolder;
 import danode.interfaces : DriverInterface;
 import danode.http : HTTP;
 import danode.router : Router;
+import danode.signals : shutdownSignal;
 import danode.workerpool : WorkerPool;
-import danode.log : cv, abort, log, tag, error, Level;
 
 version(SSL) {
   import danode.acme : checkAndRenew;
@@ -82,14 +84,11 @@ class Server {
     }
 
     // Stop the pool and shutdown the server
-    final void stop(){ pool.stop(); }
+    final void stop() { pool.stop(); socket.close(); version(SSL) { sslsocket.closeSSL(); } }
 
-     // Returns a Duration object holding the server uptime
+    // Returns a Duration object holding the server uptime
     final @property Duration uptime() const { return(Clock.currTime() - starttime); }
 
-    // Print some server information
-    final @property void info() { log(Level.Always, "Uptime %s, Connections: %d / queued: %d", uptime, pool.nAlive, pool.queued); }
-
     // Hostname of the server
     final @property string hostname() { return(socket.hostName()); }
     version(SSL) {
@@ -98,6 +97,7 @@ class Server {
     }
 
     @property bool alive() {
+      if (shutdownSignal) return false;
       version(SSL) { return(socket.isAlive() && sslsocket.isAlive());
       } else { return(socket.isAlive()); }
     }
diff --git a/danode/signals.d b/danode/signals.d
index 3864d69..5bcf6a1 100644
--- a/danode/signals.d
+++ b/danode/signals.d
@@ -2,11 +2,13 @@
   * License: GPLv3 (https://github.com/DannyArends/DaNode) - Danny Arends **/
 module danode.signals;
 
+__gshared bool shutdownSignal = false;
+
 version(Posix) {
   import danode.imports;
 
   import core.sys.posix.sys.resource;
-  import core.sys.posix.signal : signal, SIGPIPE;
+  import core.sys.posix.signal : signal, SIGPIPE, SIGTERM, SIGINT;
   import core.sys.posix.unistd : write;
 
   import danode.log : cv, log, Level;
@@ -16,6 +18,10 @@ version(Posix) {
       case SIGPIPE:
         if(atomicLoad(cv) > 1) write(2, cast(const(void*)) "[SIG]    Broken pipe caught, and ignored\n\0".ptr, 41);
         break;
+     case SIGTERM, SIGINT:
+        if(atomicLoad(cv) > 1) write(2, cast(const(void*)) "[SIG]    SIGTERM/SIGINT\n\0".ptr, 24);
+        atomicStore(shutdownSignal, true);
+        break;
       default:
         if(atomicLoad(cv) > 1) write(2, cast(const(void*)) "[SIG]    Caught\n\0".ptr, 17);
         break;
@@ -29,6 +35,8 @@ version(Posix) {
     auto res = setrlimit(RLIMIT_NOFILE, &rl);
     log(Level.Always, "FD limit: %d [%d]", rl.rlim_cur, res);
     signal(SIGPIPE, &handleSignal);
+    signal(SIGTERM, &handleSignal);
+    signal(SIGINT,  &handleSignal);
   }
 }
 

From fd121f410049bb5b39cf2be5e85a67f175835b57 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Thu, 19 Mar 2026 17:18:58 +0000
Subject: [PATCH 11/34] Call stop(), drain workers, stop socket & sslsocket

---
 danode/server.d  | 5 ++---
 danode/signals.d | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/danode/server.d b/danode/server.d
index 1693a08..bcda6da 100644
--- a/danode/server.d
+++ b/danode/server.d
@@ -97,7 +97,7 @@ class Server {
     }
 
     @property bool alive() {
-      if (shutdownSignal) return false;
+      if (atomicLoad!(shutdownSignal)) return false;
       version(SSL) { return(socket.isAlive() && sslsocket.isAlive());
       } else { return(socket.isAlive()); }
     }
@@ -116,8 +116,7 @@ class Server {
         } catch(Exception e) { error("Unspecified top level server exception: %s", e.msg);
         } catch(Error e) { error("Unspecified top level server error: %s", e.msg); }
       }
-      socket.close();
-      version (SSL) { sslsocket.closeSSL(); }
+      stop();
     }
 }
 
diff --git a/danode/signals.d b/danode/signals.d
index 5bcf6a1..6b40625 100644
--- a/danode/signals.d
+++ b/danode/signals.d
@@ -23,7 +23,7 @@ version(Posix) {
         atomicStore(shutdownSignal, true);
         break;
       default:
-        if(atomicLoad(cv) > 1) write(2, cast(const(void*)) "[SIG]    Caught\n\0".ptr, 17);
+        if(atomicLoad(cv) > 1) write(2, cast(const(void*)) "[SIG]    Caught\n\0".ptr, 16);
         break;
     }
   }

From d8f60c9af13d354329fc88c5d41d1aadc2111da3 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Thu, 19 Mar 2026 17:27:43 +0000
Subject: [PATCH 12/34] Minor tweaks

---
 danode/server.d     | 4 ++--
 danode/signals.d    | 4 ++--
 danode/workerpool.d | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/danode/server.d b/danode/server.d
index bcda6da..478dd3f 100644
--- a/danode/server.d
+++ b/danode/server.d
@@ -97,7 +97,7 @@ class Server {
     }
 
     @property bool alive() {
-      if (atomicLoad!(shutdownSignal)) return false;
+      if (atomicLoad(shutdownSignal)) return false;
       version(SSL) { return(socket.isAlive() && sslsocket.isAlive());
       } else { return(socket.isAlive()); }
     }
@@ -147,7 +147,7 @@ void main(string[] args) {
     loadSSL(server.sslPath, server.sslKey);                             // Load SSL certificates
     checkAndRenew(server.sslPath, server.sslKey, server.accountKey);    // checkAndRenew SSL certificates
   }
-  server.run();
+  return(server.run());
 }
 
 unittest {
diff --git a/danode/signals.d b/danode/signals.d
index 6b40625..57f216f 100644
--- a/danode/signals.d
+++ b/danode/signals.d
@@ -1,8 +1,8 @@
-/** danode/signals.d - POSIX signal handling: SIGPIPE suppression
+/** danode/signals.d - POSIX signal handling: SIGPIPE suppression & clean shutdown via SIGTERM, SIGINT
   * License: GPLv3 (https://github.com/DannyArends/DaNode) - Danny Arends **/
 module danode.signals;
 
-__gshared bool shutdownSignal = false;
+shared bool shutdownSignal = false;
 
 version(Posix) {
   import danode.imports;
diff --git a/danode/workerpool.d b/danode/workerpool.d
index afc5881..f10dec7 100644
--- a/danode/workerpool.d
+++ b/danode/workerpool.d
@@ -62,7 +62,7 @@ class WorkerPool {
       synchronized(mutex) { if (stopped) { return; } stopped = true; }
       foreach (i; 0 .. POOL_SIZE) sem.notify();   // wake all workers to exit
       foreach (t; workers) t.join();
-      log(Level.Always, "WorkerPool stopped");
+      log(Level.Trace, "WorkerPool stopped");
     }
 
   private:

From 0f3be7ca402e4345e288ffd3c4cebef49b55753c Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Thu, 19 Mar 2026 17:30:02 +0000
Subject: [PATCH 13/34] Style

---
 danode/server.d | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/danode/server.d b/danode/server.d
index 478dd3f..8165a0a 100644
--- a/danode/server.d
+++ b/danode/server.d
@@ -74,7 +74,7 @@ class Server {
         DriverInterface driver = null;
         if (!secure) driver = new HTTP(accepted, false);
         version(SSL) { if (secure) driver = new HTTPS(accepted, false); }
-        if (driver is null) { return(accepted.close()); }
+        if (driver is null) { accepted.close(); return; }
         if (!pool.push(driver, ip, isLoopback)) {
           log(Level.Always, "Rate limit or capacity exceeded [%s]", ip);
           driver.closeConnection();

From 4685659adeebc62d431c7d4721d7c4607119efe6 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Thu, 19 Mar 2026 17:35:35 +0000
Subject: [PATCH 14/34] Fix a hypothetical symlink swapping attack on shared
 hosting

---
 danode/functions.d | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/danode/functions.d b/danode/functions.d
index 5d2320e..cc08ebf 100644
--- a/danode/functions.d
+++ b/danode/functions.d
@@ -49,11 +49,14 @@ string safePath(in string root, in string path) {
   if (path.canFind("\0")) return null;
   string full = root ~ (path.startsWith("/") ? path : "/" ~ path);
   try {
+    string absroot = root.resolve();
+    if (!absroot.endsWith("/")) absroot ~= "/";
     if (exists(full)) {
       string resolved = full.resolve();
-      string absroot = root.resolve();
-      if (!absroot.endsWith("/")) absroot ~= "/";
       if (resolved != absroot[0..$-1] && !resolved.startsWith(absroot)) return null;
+    } else {
+      string parent = dirName(full).resolve();
+      if (parent != absroot[0..$-1] && !parent.startsWith(absroot)) return null;
     }
   } catch (Exception e) { return null; }
   return full;

From 1a1836ebaff8ccf1a9e62d55033ab288e7a8fee9 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Thu, 19 Mar 2026 17:37:24 +0000
Subject: [PATCH 15/34] Add a unit test for safePath

---
 danode/functions.d | 1 +
 1 file changed, 1 insertion(+)

diff --git a/danode/functions.d b/danode/functions.d
index cc08ebf..07076b6 100644
--- a/danode/functions.d
+++ b/danode/functions.d
@@ -210,6 +210,7 @@ unittest {
   assert(safePath("www/localhost", "/\0etc/passwd") is null, "null byte must be blocked");
   assert(safePath("www/localhost", "/test.txt") !is null, "valid path must be allowed");
   assert(safePath("www/localhost", "/test/1.txt") !is null, "valid subpath must be allowed");
+  assert(safePath("www/localhost", "/nonexistent.txt") !is null, "non-existent valid path must be allowed");
 
   // htmlEscape - XSS critical
   assert(htmlEscape("<script>") == "&lt;script&gt;", "< and > must be escaped");

From a82ccc16bbe1fb3bd5e125b89feac7101b5614b6 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Fri, 20 Mar 2026 09:28:18 +0000
Subject: [PATCH 16/34] Only one source of email

---
 danode/acme.d | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/danode/acme.d b/danode/acme.d
index e6f7b2d..73ae6e0 100644
--- a/danode/acme.d
+++ b/danode/acme.d
@@ -10,7 +10,8 @@ version(SSL) {
   import danode.ssl : loadSSL, generateKey;
   import danode.functions : writeFile;
 
-  immutable string ACME_DIR_PROD    = "https://acme-v02.api.letsencrypt.org/directory";
+  immutable string USER_EMAIL = "Danny.Arends@gmail.com";
+  immutable string ACME_DIR_PROD = "https://acme-v02.api.letsencrypt.org/directory";
   immutable string ACME_DIR_STAGING = "https://acme-staging-v02.api.letsencrypt.org/directory";
 
   __gshared string[string] acmeChallenges; // Shared challenge store: token -> keyAuthorization
@@ -89,7 +90,7 @@ version(SSL) {
           string chainPath = certDir ~ domain ~ ".chain";
 
           if (!exists(chainPath)) { log(Level.Always, "ACME: no chain found for %s, bootstrapping", domain);
-            if (renewCert(domain, "Danny.Arends@gmail.com", d.name, chainPath, accountKey, staging)) { loadSSL(certDir, keyFile); }
+            if (renewCert(domain, USER_EMAIL, d.name, chainPath, accountKey, staging)) { loadSSL(certDir, keyFile); }
             continue;
           }
 
@@ -105,7 +106,7 @@ version(SSL) {
 
           log(Level.Verbose, "ACME: chain %s expires in %d days", domain, days);
           if (days < 30) { log(Level.Verbose, "ACME: renewing chain for %s", domain);
-            if (renewCert(domain, "Danny.Arends@gmail.com", d.name, chainPath, accountKey, staging)) { loadSSL(certDir, keyFile); }
+            if (renewCert(domain, USER_EMAIL, d.name, chainPath, accountKey, staging)) { loadSSL(certDir, keyFile); }
           }
         }
       }

From b1b71216c1ce1b32846f7039530cde1b6e5ff4bf Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Fri, 20 Mar 2026 09:41:53 +0000
Subject: [PATCH 17/34] Initial draft of server.config

---
 danode/webconfig.d | 67 ++++++++++++++++++++++++++++++----------------
 www/server.config  | 22 +++++++++++++++
 2 files changed, 66 insertions(+), 23 deletions(-)
 create mode 100644 www/server.config

diff --git a/danode/webconfig.d b/danode/webconfig.d
index 0946e9c..56aec4b 100644
--- a/danode/webconfig.d
+++ b/danode/webconfig.d
@@ -8,27 +8,48 @@ import danode.functions : has, from;
 import danode.files : FilePayload;
 import danode.log : log, tag, Level;
 
-struct WebConfig {
+struct Config {
+  string[string] data;
+  SysTime mtime;
+}
+
+Config parseConfig(string content, string def = "no") {
+  Config config;
+  foreach (line; split(content, "\n")) {
+    if (chomp(strip(line)) == "" || line[0] == '#') continue;
+    auto parts = line.split("=");
+    string key = toLower(chomp(strip(parts[0])));
+    if (parts.length == 1) {
+      config.data[key] = def;
+    } else if (parts.length >= 2) {
+      config.data[key] = toLower(chomp(strip(join(parts[1 .. $], "="))));
+    }
+  }
+  return config;
+}
+
+struct ServerConfig {
   private:
-    string[string] data;
-    SysTime mtime;
+    Config config;
+    alias config this;
 
   public:
+    this(string path) {
+      if (!exists(path)) { log(Level.Trace, "No server.config at: '%s'", path); return; }
+      config = parseConfig(readText(path));
+      config.mtime = timeLastModified(path);
+    }
+}
+
+struct WebConfig {
+  private:
+    Config config;
+    alias config this;
 
+  public:
     this(FilePayload file, string def = "no") {
-      mtime = file.mtime;
-      string[] elements;
-      foreach (line; split(file.content, "\n")) {
-        if (chomp(strip(line)) != "" && line[0] != '#') {
-          elements = split(line, "=");
-          string key = toLower(chomp(strip(elements[0])));
-          if (elements.length == 1) {
-            data[key] = def;
-          }else if (elements.length >= 2) {
-            data[key] = toLower(chomp(strip(join(elements[1 .. $], "="))));
-          }
-        }
-      }
+      config = parseConfig(file.content, def);
+      config.mtime = file.mtime;
     }
 
   private @nogc bool flag(string key, string def, string match) const nothrow { return data.from(key, def) == match; }
@@ -89,17 +110,17 @@ unittest {
   WebConfig config = WebConfig(fp);
 
   // localhost web.config has: shorturl=yes, allowcgi=yes, redirect=dmd.d, allowdirs=ddoc/,test/
-  assert(config.allowcgi,                          "allowcgi must be yes");
-  assert(config.redirect(),                        "redirect must be set");
+  assert(config.allowcgi, "allowcgi must be yes");
+  assert(config.redirect(), "redirect must be set");
   assert(config.domain("localhost") == "localhost", "shorturl=yes must return shorthost");
-  assert(config.index() == "/dmd.d",               "index must be /dmd.d");
-  assert(!config.redirectdir(),                    "redirectdir must be no");
+  assert(config.index() == "/dmd.d", "index must be /dmd.d");
+  assert(!config.redirectdir(), "redirectdir must be no");
 
   // dirAllowed
   string localroot = fs.localroot("localhost");
-  assert(config.dirAllowed(localroot, localroot),            "root dir must be allowed");
-  assert(config.dirAllowed(localroot, localroot ~ "test/"),  "test/ must be allowed");
-  assert(!config.dirAllowed(localroot, localroot ~ "etc/"),  "etc/ must not be allowed");
+  assert(config.dirAllowed(localroot, localroot), "root dir must be allowed");
+  assert(config.dirAllowed(localroot, localroot ~ "test/"), "test/ must be allowed");
+  assert(!config.dirAllowed(localroot, localroot ~ "etc/"), "etc/ must not be allowed");
 
   // shorturl=no → www. prefix
   WebConfig noShort = WebConfig(fp);
diff --git a/www/server.config b/www/server.config
new file mode 100644
index 0000000..aed0804
--- /dev/null
+++ b/www/server.config
@@ -0,0 +1,22 @@
+# workerpool.d
+MAX_CLIENTS = 2048
+MAX_CLIENTS_PER_IP = 32
+POOL_SIZE = 200
+
+# client.d
+MAX_HEADER_SIZE = 32768
+MAX_REQUEST_SIZE = 2097152
+MAX_UPLOAD_SIZE = 104857600
+MAX_SSE_TIME = 60000
+
+# process.d
+MAX_CGI_OUTPUT = 10485760
+
+# https.d
+HANDSHAKE_TIMEOUT = 5000
+
+# response.d
+SERVERINFO = DaNode/0.0.3
+
+# acme.d
+USER_EMAIL = Danny.Arends@gmail.com

From c3841fda8adafef107f0b805bcf84563dc41a923 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Fri, 20 Mar 2026 09:56:30 +0000
Subject: [PATCH 18/34] Threadsafe serverConfig. chnaged workerpool.d to use it

---
 danode/server.d     |  2 ++
 danode/webconfig.d  | 28 ++++++++++++++++++++++++++++
 danode/workerpool.d | 21 +++++++++------------
 3 files changed, 39 insertions(+), 12 deletions(-)

diff --git a/danode/server.d b/danode/server.d
index 8165a0a..409ba29 100644
--- a/danode/server.d
+++ b/danode/server.d
@@ -11,6 +11,7 @@ import danode.http : HTTP;
 import danode.router : Router;
 import danode.signals : shutdownSignal;
 import danode.workerpool : WorkerPool;
+import danode.webconfig : serverConfig;
 
 version(SSL) {
   import danode.acme : checkAndRenew;
@@ -137,6 +138,7 @@ void main(string[] args) {
                "accountKey",  &accountKey,   // Server Let's encrypt account key
                "verbose|v",   &verbose);     // Verbose level (via commandline)
   atomicStore(cv, verbose);
+  synchronized(serverConfigMutex) {  ServerConfig(wwwFolder ~ "server.config"); }
   version(Posix) {
     import danode.signals : setupPosix;
     setupPosix();
diff --git a/danode/webconfig.d b/danode/webconfig.d
index 56aec4b..4d1b3fc 100644
--- a/danode/webconfig.d
+++ b/danode/webconfig.d
@@ -8,6 +8,11 @@ import danode.functions : has, from;
 import danode.files : FilePayload;
 import danode.log : log, tag, Level;
 
+__gshared ServerConfig serverConfig;
+__gshared Mutex serverConfigMutex;
+
+shared static this() { serverConfigMutex = new Mutex(); }
+
 struct Config {
   string[string] data;
   SysTime mtime;
@@ -39,6 +44,23 @@ struct ServerConfig {
       config = parseConfig(readText(path));
       config.mtime = timeLastModified(path);
     }
+
+    @property int maxClients() const { return to!int(data.from("max_clients",        "2048")); }
+    @property int maxClientsPerIP() const { return to!int(data.from("max_clients_per_ip", "32")); }
+    @property int poolSize() const { return to!int(data.from("pool_size",          "200")); }
+    @property size_t maxHeaderSize() const { return to!size_t(data.from("max_header_size",  "32768")); }
+    @property size_t maxRequestSize() const { return to!size_t(data.from("max_request_size", "2097152")); }
+    @property size_t maxUploadSize() const { return to!size_t(data.from("max_upload_size",  "104857600")); }
+    @property size_t maxSSETime() const { return to!size_t(data.from("max_sse_time",     "60000")); }
+    @property size_t maxCGIOutput() const { return to!size_t(data.from("max_cgi_output",   "10485760")); }
+    @property long handshakeTimeout() const { return to!long(data.from("handshake_timeout",  "5000")); }
+    @property string serverInfo() const { return data.from("serverinfo", "DaNode/0.0.3"); }
+    @property string userEmail() const { return data.from("user_email", ""); }
+
+    T get(T)(string key, T def) { synchronized(serverConfigMutex) {
+      try { return to!T(data.from(key, to!string(def))); }
+      catch (Exception e) { return def; }
+    } }
 }
 
 struct WebConfig {
@@ -126,5 +148,11 @@ unittest {
   WebConfig noShort = WebConfig(fp);
   noShort.data["shorturl"] = "no";
   assert(noShort.domain("localhost") == "www.localhost", "shorturl=no must add www.");
+
+  ServerConfig sc = ServerConfig("nonexistent.config");
+  assert(sc.maxClients()      == 2048,           "default maxClients must be 2048");
+  assert(sc.maxClientsPerIP() == 32,             "default maxClientsPerIP must be 32");
+  assert(sc.poolSize()        == 200,            "default poolSize must be 200");
+  assert(sc.serverInfo()      == "DaNode/0.0.3", "default serverInfo must be set");
 }
 
diff --git a/danode/workerpool.d b/danode/workerpool.d
index f10dec7..b1befa6 100644
--- a/danode/workerpool.d
+++ b/danode/workerpool.d
@@ -3,14 +3,11 @@
 module danode.workerpool;
 
 import danode.imports;
-import danode.client     : Client;
+import danode.client : Client;
 import danode.interfaces : DriverInterface;
-import danode.router     : Router;
-import danode.log        : log, error, Level;
-
-immutable int MAX_CLIENTS = 2048;         /// Maximum number of queued connections before dropping
-immutable int MAX_CLIENTS_PER_IP = 32;    /// Maximum concurrent connections per remote IP
-immutable int POOL_SIZE = 200;            /// Number of pre-allocated worker threads
+import danode.router : Router;
+import danode.log : log, error, Level;
+import danode.webconfig : serverConfig;
 
 class WorkerPool {
   private:
@@ -27,21 +24,21 @@ class WorkerPool {
       this.router  = router;
       this.mutex   = new Mutex();
       this.sem     = new Semaphore(0);
-      foreach (i; 0 .. POOL_SIZE) {
+      foreach (i; 0 .. serverConfig.get("pool_size", 200)) {
         auto t = new Thread(&workerLoop, 256 * 1024);
         t.isDaemon = true;
         t.start();
         workers ~= t;
       }
-      log(Level.Always, "WorkerPool started with %d threads", POOL_SIZE);
+      log(Level.Always, "WorkerPool started with %d threads", serverConfig.get("pool_size", 200));
     }
 
     /* Enqueue a new connection driver for handling by the next available worker.
        Returns false if the connection should be rejected (rate limit or capacity exceeded). */
     bool push(DriverInterface driver, string ip, bool isLoopback) {
       synchronized(mutex) {
-        if (!isLoopback && nAlivePerIP.get(ip, 0L) >= MAX_CLIENTS_PER_IP) return(false);
-        if (queue.length >= MAX_CLIENTS) return(false);
+        if (!isLoopback && nAlivePerIP.get(ip, 0L) >= serverConfig.get("max_clients_per_ip", 32)) return(false);
+        if (queue.length >= serverConfig.get("max_clients", 2048)) return(false);
         queue ~= driver;
       }
       sem.notify();
@@ -60,7 +57,7 @@ class WorkerPool {
     // Signal all workers to exit and join them
     void stop() {
       synchronized(mutex) { if (stopped) { return; } stopped = true; }
-      foreach (i; 0 .. POOL_SIZE) sem.notify();   // wake all workers to exit
+      foreach (i; 0 .. serverConfig.get("pool_size", 200)) sem.notify();   // wake all workers to exit
       foreach (t; workers) t.join();
       log(Level.Trace, "WorkerPool stopped");
     }

From 8dea92cc81f1206fbf7d2bae18c6ca01bab6dea4 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Fri, 20 Mar 2026 10:33:04 +0000
Subject: [PATCH 19/34] Using serverConfig

---
 danode/client.d | 17 ++++++++---------
 danode/post.d   |  4 ++--
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/danode/client.d b/danode/client.d
index 764e771..6d9582d 100644
--- a/danode/client.d
+++ b/danode/client.d
@@ -11,11 +11,7 @@ import danode.router : Router, runRequest;
 import danode.response : Response;
 import danode.request : Request;
 import danode.log : log, tag, Level;
-
-immutable size_t MAX_HEADER_SIZE  = 1024 * 32;          ///  32KB Header
-immutable size_t MAX_REQUEST_SIZE = 1024 * 1024 * 2;    ///   2MB Body
-immutable size_t MAX_UPLOAD_SIZE  = 1024 * 1024 * 100;  /// 100MB Multipart uploads
-immutable size_t MAX_SSE_TIME = 60_000;                 /// 60 seconds max SSE lifetime
+import danode.webconfig : serverConfig;
 
 class Client {
   private:
@@ -42,13 +38,16 @@ class Client {
           request.clearUploadFiles();                           // Clean uploaded files
           response.kill();                                      // kill any running CGI process
         }
+        size_t headerLimit  = serverConfig.get("max_header_size", 32 * 1024);
+        size_t uploadLimit  = serverConfig.get("max_upload_size",  100 * 1024 * 1024);
+        size_t requestLimit = serverConfig.get("max_request_size", 2   * 1024 * 1024);
         while (running) {
           if (driver.receive(driver.socket) > 0) { // We've received new data
             if (!driver.hasHeader()) {
-              if (driver.inbuffer.data.length > MAX_HEADER_SIZE) { driver.sendHeaderTooLarge(response); stop(); continue; }
+              if (driver.inbuffer.data.length > headerLimit) { driver.sendHeaderTooLarge(response); stop(); continue; }
             } else {
-              if (driver.endOfHeader > MAX_HEADER_SIZE) { driver.sendHeaderTooLarge(response); stop(); continue; }
-              size_t limit = (driver.header.indexOf("multipart/") >= 0) ? MAX_UPLOAD_SIZE : MAX_REQUEST_SIZE;
+              if (driver.endOfHeader > headerLimit) { driver.sendHeaderTooLarge(response); stop(); continue; }
+              size_t limit = (driver.header.indexOf("multipart/") >= 0)? uploadLimit: requestLimit;
               if (driver.inbuffer.data.length > limit) { driver.sendPayloadTooLarge(response); stop(); continue; }
             }
             // Parse the data and try to create a response (Could fail multiple times)
@@ -58,7 +57,7 @@ class Client {
             driver.send(response, driver.socket);           // Send the response, hit multiple times, send what you can and return
             if (response.isSSE) {
               if (response.scriptCompleted) { response.completed = true; stop(); continue; }
-              if (starttime >= MAX_SSE_TIME) { log(Level.Verbose, "SSE max lifetime reached"); stop(); continue; }
+              if (starttime >= serverConfig.get("max_sse_time", 60_000)) { log(Level.Verbose, "SSE max lifetime reached"); stop(); continue; }
             }
           }
           if (response.ready && response.completed) {       // We've completed the request, response cycle
diff --git a/danode/post.d b/danode/post.d
index 64ad99e..5cff7b3 100644
--- a/danode/post.d
+++ b/danode/post.d
@@ -5,7 +5,6 @@ module danode.post;
 import danode.imports;
 
 import danode.cgi : CGI;
-import danode.client : MAX_REQUEST_SIZE;
 import danode.statuscode : StatusCode;
 import danode.interfaces : StringDriver;
 import danode.request : Request, RequestMethod;
@@ -15,6 +14,7 @@ import danode.mimetypes : mime;
 import danode.filesystem : FileSystem;
 import danode.functions : from, writeFile, parseQueryString;
 import danode.log : log, tag, error, Level;
+import danode.webconfig : serverConfig;
 
 immutable string      MPHEADER         = "multipart/form-data";                     /// Multipart header id
 immutable string      XFORMHEADER      = "application/x-www-form-urlencoded";       /// X-form header id
@@ -46,7 +46,7 @@ final bool parsePost(ref Request request, ref Response response, in FileSystem f
   if (expectedlength == 0) {
     log(Level.Trace, "Post: [T] Content-Length not specified (or 0), length: %s", content.length);
     return(response.havepost = true); // When we don't receive any post data it is meaningless to scan for any content
-  } else if (expectedlength > MAX_REQUEST_SIZE) {
+  } else if (expectedlength > serverConfig.get("max_request_size", 2   * 1024 * 1024)) {
     log(Level.Verbose, "Post: [W] Upload too large: %d bytes from %s", expectedlength, request.ip);
     return(response.setPayload(StatusCode.PayloadTooLarge, "413 - Payload Too Large\n", "text/plain"));
   }

From 105aaec36f948f08520664728703c1095e788a29 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Fri, 20 Mar 2026 11:50:12 +0000
Subject: [PATCH 20/34] Using serverConfig

---
 danode/acme.d     | 6 +++---
 danode/https.d    | 7 +++----
 danode/post.d     | 4 ++--
 danode/process.d  | 6 +++---
 danode/response.d | 4 +---
 5 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/danode/acme.d b/danode/acme.d
index 73ae6e0..36cad43 100644
--- a/danode/acme.d
+++ b/danode/acme.d
@@ -9,8 +9,8 @@ version(SSL) {
   import danode.log : log, error, Level;
   import danode.ssl : loadSSL, generateKey;
   import danode.functions : writeFile;
+  import danode.webconfig : serverConfig;
 
-  immutable string USER_EMAIL = "Danny.Arends@gmail.com";
   immutable string ACME_DIR_PROD = "https://acme-v02.api.letsencrypt.org/directory";
   immutable string ACME_DIR_STAGING = "https://acme-staging-v02.api.letsencrypt.org/directory";
 
@@ -90,7 +90,7 @@ version(SSL) {
           string chainPath = certDir ~ domain ~ ".chain";
 
           if (!exists(chainPath)) { log(Level.Always, "ACME: no chain found for %s, bootstrapping", domain);
-            if (renewCert(domain, USER_EMAIL, d.name, chainPath, accountKey, staging)) { loadSSL(certDir, keyFile); }
+            if (renewCert(domain, serverConfig.get("user_email", ""), d.name, chainPath, accountKey, staging)) { loadSSL(certDir, keyFile); }
             continue;
           }
 
@@ -106,7 +106,7 @@ version(SSL) {
 
           log(Level.Verbose, "ACME: chain %s expires in %d days", domain, days);
           if (days < 30) { log(Level.Verbose, "ACME: renewing chain for %s", domain);
-            if (renewCert(domain, USER_EMAIL, d.name, chainPath, accountKey, staging)) { loadSSL(certDir, keyFile); }
+            if (renewCert(domain, serverConfig.get("user_email", ""), d.name, chainPath, accountKey, staging)) { loadSSL(certDir, keyFile); }
           }
         }
       }
diff --git a/danode/https.d b/danode/https.d
index 7153a63..e102fea 100644
--- a/danode/https.d
+++ b/danode/https.d
@@ -10,9 +10,8 @@ version(SSL) {
   import danode.response : Response;
   import danode.log : tag, log, error, Level;
   import danode.interfaces : DriverInterface;
-  import danode.ssl;
-
-  immutable long HANDSHAKE_TIMEOUT = 5000;  // 5 seconds
+  import danode.ssl : checkForError, contexts;
+  import danode.webconfig : serverConfig;
 
   class HTTPS : DriverInterface {
     private:
@@ -26,7 +25,7 @@ version(SSL) {
       bool performHandshake() {
         log(Level.Trace, "Performing handshake");
         int rA, rE;
-        while (starttime < HANDSHAKE_TIMEOUT) {
+        while (starttime < serverConfig.get("handshake_timeout", 5000L)) {
           rA = SSL_accept(ssl);
           if (rA == 1) return(true);    // Success
           if (rA == 0) return(false);   // Controlled failure: Not retryable
diff --git a/danode/post.d b/danode/post.d
index 5cff7b3..b05c4ba 100644
--- a/danode/post.d
+++ b/danode/post.d
@@ -8,7 +8,7 @@ import danode.cgi : CGI;
 import danode.statuscode : StatusCode;
 import danode.interfaces : StringDriver;
 import danode.request : Request, RequestMethod;
-import danode.response : SERVERINFO, Response, setPayload;
+import danode.response : Response, setPayload;
 import danode.webconfig : WebConfig;
 import danode.mimetypes : mime;
 import danode.filesystem : FileSystem;
@@ -146,7 +146,7 @@ final void serverAPI(in FileSystem filesystem, in WebConfig config, in Request r
 
   // Give HTTP_COOKIES to CGI
   foreach (c; request.cookies.split("; ")) { content.put(format("C=%s\n", chomp(c)) ); }
-  content.put(format("S=SERVER_SOFTWARE=%s\n", SERVERINFO));
+  content.put(format("S=SERVER_SOFTWARE=%s\n", serverConfig.get("serverinfo", "DaNode/0.0.3")));
   try{
     content.put(format("S=SERVER_NAME=%s\n", (response.address)? response.address.toHostNameString() : "localhost"));
   }catch(Exception e){
diff --git a/danode/process.d b/danode/process.d
index de924ad..5001124 100644
--- a/danode/process.d
+++ b/danode/process.d
@@ -3,10 +3,10 @@
 module danode.process;
 
 import danode.imports;
+
 import danode.functions : Msecs;
 import danode.log : log, tag, error, Level;
-
-immutable size_t MAX_CGI_OUTPUT = 1024 * 1024 * 10; // 10MB script output limit
+import danode.webconfig : serverConfig;
 
 struct WaitResult {
   bool terminated; /// Is the process terminated
@@ -117,7 +117,7 @@ class Process : Thread {
         char[4096] tmp;
         auto fp = file.getFP();
         ptrdiff_t n;
-        while (lastmodified < maxtime && buffer.data.length < MAX_CGI_OUTPUT) {
+        while (lastmodified < maxtime && buffer.data.length < serverConfig.get("max_cgi_output", 10 * 1024 * 1024)) {
           n = fread(tmp.ptr, 1, tmp.sizeof, fp);
           if (n > 0) {
             modified = Clock.currTime();
diff --git a/danode/response.d b/danode/response.d
index 675e1ff..61df130 100644
--- a/danode/response.d
+++ b/danode/response.d
@@ -16,8 +16,6 @@ import danode.filesystem : FileSystem;
 import danode.post : serverAPI;
 import danode.functions : browseDir;
 
-immutable string SERVERINFO = "DaNode/0.0.3";
-
 struct Response {
   string            protocol = "HTTP/1.1";
   string            connection = "Close";
@@ -128,7 +126,7 @@ bool buildScriptHeader(ref Appender!(char[]) hdr, ref string connection, CGI scr
 Response create(in Request request, Address address, in StatusCode statuscode = StatusCode.Ok, in string mimetype = UNSUPPORTED_FILE){
   Response response = Response(request.protocol);
   response.address = address;
-  response.customheader("Server", SERVERINFO);
+  response.customheader("Server", serverConfig.get("serverinfo", "DaNode/0.0.3"));
   response.customheader("X-Powered-By", format("%s %s.%s", name, version_major, version_minor));
   response.payload = new Message(statuscode, "", mimetype);
   response.connection = request.keepalive ? "Keep-Alive" : "Close";

From 30dc0ca843279fb520b363a4e58b68ccfc437e61 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Fri, 20 Mar 2026 11:53:48 +0000
Subject: [PATCH 21/34] Minor fixes

---
 danode/response.d   | 2 +-
 danode/server.d     | 2 +-
 danode/workerpool.d | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/danode/response.d b/danode/response.d
index 61df130..e183aa8 100644
--- a/danode/response.d
+++ b/danode/response.d
@@ -11,7 +11,7 @@ import danode.request : Request;
 import danode.mimetypes : UNSUPPORTED_FILE;
 import danode.payload : Payload, PayloadType, HeaderType, Message;
 import danode.log : tag, log, Level;
-import danode.webconfig;
+import danode.webconfig : WebConfig, serverConfig;
 import danode.filesystem : FileSystem;
 import danode.post : serverAPI;
 import danode.functions : browseDir;
diff --git a/danode/server.d b/danode/server.d
index 409ba29..4e55239 100644
--- a/danode/server.d
+++ b/danode/server.d
@@ -138,7 +138,7 @@ void main(string[] args) {
                "accountKey",  &accountKey,   // Server Let's encrypt account key
                "verbose|v",   &verbose);     // Verbose level (via commandline)
   atomicStore(cv, verbose);
-  synchronized(serverConfigMutex) {  ServerConfig(wwwFolder ~ "server.config"); }
+  synchronized(serverConfigMutex) { serverConfig = ServerConfig(wwwFolder ~ "server.config"); }
   version(Posix) {
     import danode.signals : setupPosix;
     setupPosix();
diff --git a/danode/workerpool.d b/danode/workerpool.d
index b1befa6..1245dee 100644
--- a/danode/workerpool.d
+++ b/danode/workerpool.d
@@ -57,7 +57,7 @@ class WorkerPool {
     // Signal all workers to exit and join them
     void stop() {
       synchronized(mutex) { if (stopped) { return; } stopped = true; }
-      foreach (i; 0 .. serverConfig.get("pool_size", 200)) sem.notify();   // wake all workers to exit
+      foreach (i; 0 .. workers.length) sem.notify();   // wake all workers to exit
       foreach (t; workers) t.join();
       log(Level.Trace, "WorkerPool stopped");
     }

From 9e71a7855ffe6c0536daf19cb2eeb50e508fc774 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Fri, 20 Mar 2026 12:00:49 +0000
Subject: [PATCH 22/34] Minor fixes

---
 danode/server.d | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/danode/server.d b/danode/server.d
index 4e55239..3b0e78f 100644
--- a/danode/server.d
+++ b/danode/server.d
@@ -11,7 +11,7 @@ import danode.http : HTTP;
 import danode.router : Router;
 import danode.signals : shutdownSignal;
 import danode.workerpool : WorkerPool;
-import danode.webconfig : serverConfig;
+import danode.webconfig : serverConfig, serverConfigMutex;
 
 version(SSL) {
   import danode.acme : checkAndRenew;

From 7dfc82e45af177d09cd9075bd146702a5b7a9771 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Fri, 20 Mar 2026 12:01:23 +0000
Subject: [PATCH 23/34] Minor fixes

---
 danode/server.d | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/danode/server.d b/danode/server.d
index 3b0e78f..924d1f8 100644
--- a/danode/server.d
+++ b/danode/server.d
@@ -11,7 +11,7 @@ import danode.http : HTTP;
 import danode.router : Router;
 import danode.signals : shutdownSignal;
 import danode.workerpool : WorkerPool;
-import danode.webconfig : serverConfig, serverConfigMutex;
+import danode.webconfig : serverConfig, ServerConfig, serverConfigMutex;
 
 version(SSL) {
   import danode.acme : checkAndRenew;

From 129d60f2a2dd4e145bb396087a25b4442201f96c Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Fri, 20 Mar 2026 12:06:08 +0000
Subject: [PATCH 24/34] Minor layout

---
 danode/webconfig.d | 63 ++++++++++++++++------------------------------
 1 file changed, 21 insertions(+), 42 deletions(-)

diff --git a/danode/webconfig.d b/danode/webconfig.d
index 4d1b3fc..c34e0a0 100644
--- a/danode/webconfig.d
+++ b/danode/webconfig.d
@@ -1,4 +1,4 @@
-/** danode/webconfig.d - Per-domain web.config parsing: CGI, redirects, directory access control
+/** danode/webconfig.d - Server configuration and per-domain web.config parsing: CGI, redirects, directory access control
   * License: GPLv3 (https://github.com/DannyArends/DaNode) - Danny Arends **/
 module danode.webconfig;
 
@@ -68,54 +68,33 @@ struct WebConfig {
     Config config;
     alias config this;
 
+    @nogc bool flag(string key, string def, string match) const nothrow { return data.from(key, def) == match; }
+
   public:
     this(FilePayload file, string def = "no") {
       config = parseConfig(file.content, def);
       config.mtime = file.mtime;
     }
 
-  private @nogc bool flag(string key, string def, string match) const nothrow { return data.from(key, def) == match; }
-
-  // Which domain is the prefered domain to be used: http://www.xxx.nl or http://xxx.nl
-  @property string domain(string shorthost) const { return flag("shorturl", "yes", "yes") ? shorthost : format("www.%s", shorthost); }
-
-  // Is CGI allowed ?
-  @property @nogc bool allowcgi()    const nothrow { return flag("allowcgi",    "no", "yes"); }
-
-  // concats localroot with the path specified
-  @property string localpath(in string localroot, in string path) const {
-    return(format("%s%s", localroot, path));
-  }
-
-  // Should redirection be performed ?
-  @property @nogc bool redirect() const nothrow { return !flag("redirect",   "/",  "/"); }
-
-  // Should directories be redirected to the index page ?
-  @property @nogc bool redirectdir() const nothrow { return !flag("redirectdir","no", "no"); }
-
-  // What index page is specified in the 'redirect' option in the web.config file
-  @property string index() const {
-    string to = data.from("redirect", "/");
-    if (to[0] != '/') return(format("/%s", to));
-    return(to);
-  }
-
-  // All directories listed in the allowdirs option in the web.config file
-  @property string[] allowdirs() const nothrow { 
-    return(data.from("allowdirs", "/").split(","));
-  }
-
-  // Is the directory allowed to be viewed ?
-  @property bool dirAllowed(in string localroot, in string path) const {
-    string root = localroot.endsWith("/") ? localroot : localroot ~ "/";
-    string p = path.startsWith(root) ? path : path.replace(localroot, root);
-    if (p.length <= root.length) return true;
-    string npath = p[root.length .. $];
-    foreach (d; allowdirs) {
-      if (indexOf(strip(npath), strip(d)) == 0) return true;
+    @property string domain(string shorthost) const { return flag("shorturl", "yes", "yes") ? shorthost : format("www.%s", shorthost); }
+    @property @nogc bool allowcgi() const nothrow { return flag("allowcgi",    "no", "yes"); }
+    @property string localpath(in string localroot, in string path) const { return(format("%s%s", localroot, path)); }
+    @property @nogc bool redirect() const nothrow { return !flag("redirect",   "/",  "/"); }
+    @property @nogc bool redirectdir() const nothrow { return !flag("redirectdir","no", "no"); }
+    @property string index() const { string to = data.from("redirect", "/"); if (to[0] != '/') { return(format("/%s", to)); } return(to); }
+    @property string[] allowdirs() const nothrow { return(data.from("allowdirs", "/").split(",")); }
+
+    // Is the directory allowed to be viewed ?
+    @property bool dirAllowed(in string localroot, in string path) const {
+      string root = localroot.endsWith("/") ? localroot : localroot ~ "/";
+      string p = path.startsWith(root) ? path : path.replace(localroot, root);
+      if (p.length <= root.length) return true;
+      string npath = p[root.length .. $];
+      foreach (d; allowdirs) {
+        if (indexOf(strip(npath), strip(d)) == 0) return true;
+      }
+      return false;
     }
-    return false;
-  }
 }
 
 WebConfig getConfig(ref WebConfig[string] configs, FilePayload fp, string key) {

From 54fc8b7f622d562d30800dc5f918fb8104da14e8 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Fri, 20 Mar 2026 13:13:13 +0000
Subject: [PATCH 25/34] Fixing a TOCTOU, removing comments that are obvious for
 single line property functions

---
 danode/files.d | 49 +++++++++++++++----------------------------------
 1 file changed, 15 insertions(+), 34 deletions(-)

diff --git a/danode/files.d b/danode/files.d
index 6c44af6..b166bea 100644
--- a/danode/files.d
+++ b/danode/files.d
@@ -106,40 +106,6 @@ class FilePayload : Payload {
       return(buffered = true);
     } }
 
-    /* Whole file content served via the bytes function */
-    final @property string content(){ return( to!string(bytes(0, length)) ); }
-    /* Is the file a real file (i.e. does it exist on disk) */
-    final @property bool realfile() const { return(path.exists()); }
-    /* Do we have a gzip encoded version */
-    final @property bool hasEncodedVersion() const { return(encbuf !is null); }
-    /* Is the file defined as static in mimetypes.d ? */
-    final @property bool isStaticFile() { return(!path.isCGI()); }
-    /* Time the file was last modified ? */
-    final @property SysTime mtime() const { if(!realfile){ return btime; } return path.timeLastModified(); }
-    /* Files are always assumed ready to be handled (unlike Common Gate Way threads)  */
-    final @property long ready() { return(true); }
-    /* Payload type delivered to the client  */
-    final @property PayloadType type() const { return(PayloadType.File); }
-    /* Size of the file, -1 if it does not exist  */
-    final @property ptrdiff_t fileSize() const { if(!realfile){ return -1; } return to!ptrdiff_t(path.getSize()); }
-    /* Length of the buffer  */
-    final @property long buffersize() const { return cast(long)(buf.length); }
-    /* Mimetype of the file  */
-    final @property string mimetype() const { return mime(path); }
-    /* Buffer status of the file  */
-    final @property bool isBuffered() const { return buffered; }
-    /* Path of the file  */
-    final @property string filePath() const { return path; }
-    /* Status code for file is StatusCode.Ok ? */
-    final @property StatusCode statuscode() const { 
-      return realfile ? StatusCode.Ok : StatusCode.NotFound; 
-    }
-    /* Get the number of bytes that the client response has, based on encoding */
-    final @property ptrdiff_t length() const {
-      if(hasEncodedVersion && gzip) return(encbuf.length);
-      return(fileSize());
-    }
-
     /* Get bytes in a lockfree manner from the correct underlying buffer */
     final const(char)[] bytes(ptrdiff_t from, ptrdiff_t maxsize = 4096, bool isRange = false, long start = 0, long end = -1) { synchronized {
       if (!realfile) { return []; }
@@ -154,6 +120,21 @@ class FilePayload : Payload {
       log(Level.Verbose, "FilePayload.bytes() called on unbuffered file '%s', this should not happen", path);
       return([]);
     } }
+
+    final @property string content(){ return( to!string(bytes(0, length)) ); }
+    final @property bool realfile() const { return(path.exists()); }
+    final @property bool hasEncodedVersion() const { return(encbuf !is null); }
+    final @property bool isStaticFile() { return(!path.isCGI()); }
+    final @property SysTime mtime() const { try { return path.timeLastModified(); }catch (Exception e) { return btime; } }
+    final @property long ready() { return(true); }
+    final @property PayloadType type() const { return(PayloadType.File); }
+    final @property ptrdiff_t fileSize() const { if(!realfile){ return -1; } return to!ptrdiff_t(path.getSize()); }
+    final @property long buffersize() const { return cast(long)(buf.length); }
+    final @property string mimetype() const { return mime(path); }
+    final @property bool isBuffered() const { return buffered; }
+    final @property string filePath() const { return path; }
+    final @property StatusCode statuscode() const { return realfile ? StatusCode.Ok : StatusCode.NotFound; }
+    final @property ptrdiff_t length() const { if(hasEncodedVersion && gzip) { return(encbuf.length); } return(fileSize()); }
 }
 
 // Compute the Range

From eba156a4cbf7125f6ab9104bd8fa1c521b462fe8 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Fri, 20 Mar 2026 13:17:00 +0000
Subject: [PATCH 26/34] Layout

---
 danode/webconfig.d | 28 +++++++++++++---------------
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/danode/webconfig.d b/danode/webconfig.d
index c34e0a0..359a32b 100644
--- a/danode/webconfig.d
+++ b/danode/webconfig.d
@@ -45,15 +45,15 @@ struct ServerConfig {
       config.mtime = timeLastModified(path);
     }
 
-    @property int maxClients() const { return to!int(data.from("max_clients",        "2048")); }
+    @property int maxClients() const { return to!int(data.from("max_clients", "2048")); }
     @property int maxClientsPerIP() const { return to!int(data.from("max_clients_per_ip", "32")); }
-    @property int poolSize() const { return to!int(data.from("pool_size",          "200")); }
-    @property size_t maxHeaderSize() const { return to!size_t(data.from("max_header_size",  "32768")); }
+    @property int poolSize() const { return to!int(data.from("pool_size", "200")); }
+    @property size_t maxHeaderSize() const { return to!size_t(data.from("max_header_size", "32768")); }
     @property size_t maxRequestSize() const { return to!size_t(data.from("max_request_size", "2097152")); }
-    @property size_t maxUploadSize() const { return to!size_t(data.from("max_upload_size",  "104857600")); }
-    @property size_t maxSSETime() const { return to!size_t(data.from("max_sse_time",     "60000")); }
-    @property size_t maxCGIOutput() const { return to!size_t(data.from("max_cgi_output",   "10485760")); }
-    @property long handshakeTimeout() const { return to!long(data.from("handshake_timeout",  "5000")); }
+    @property size_t maxUploadSize() const { return to!size_t(data.from("max_upload_size", "104857600")); }
+    @property size_t maxSSETime() const { return to!size_t(data.from("max_sse_time", "60000")); }
+    @property size_t maxCGIOutput() const { return to!size_t(data.from("max_cgi_output", "10485760")); }
+    @property long handshakeTimeout() const { return to!long(data.from("handshake_timeout", "5000")); }
     @property string serverInfo() const { return data.from("serverinfo", "DaNode/0.0.3"); }
     @property string userEmail() const { return data.from("user_email", ""); }
 
@@ -77,9 +77,9 @@ struct WebConfig {
     }
 
     @property string domain(string shorthost) const { return flag("shorturl", "yes", "yes") ? shorthost : format("www.%s", shorthost); }
-    @property @nogc bool allowcgi() const nothrow { return flag("allowcgi",    "no", "yes"); }
+    @property @nogc bool allowcgi() const nothrow { return flag("allowcgi", "no", "yes"); }
     @property string localpath(in string localroot, in string path) const { return(format("%s%s", localroot, path)); }
-    @property @nogc bool redirect() const nothrow { return !flag("redirect",   "/",  "/"); }
+    @property @nogc bool redirect() const nothrow { return !flag("redirect", "/",  "/"); }
     @property @nogc bool redirectdir() const nothrow { return !flag("redirectdir","no", "no"); }
     @property string index() const { string to = data.from("redirect", "/"); if (to[0] != '/') { return(format("/%s", to)); } return(to); }
     @property string[] allowdirs() const nothrow { return(data.from("allowdirs", "/").split(",")); }
@@ -90,9 +90,7 @@ struct WebConfig {
       string p = path.startsWith(root) ? path : path.replace(localroot, root);
       if (p.length <= root.length) return true;
       string npath = p[root.length .. $];
-      foreach (d; allowdirs) {
-        if (indexOf(strip(npath), strip(d)) == 0) return true;
-      }
+      foreach (d; allowdirs) { if (indexOf(strip(npath), strip(d)) == 0) return true; }
       return false;
     }
 }
@@ -129,9 +127,9 @@ unittest {
   assert(noShort.domain("localhost") == "www.localhost", "shorturl=no must add www.");
 
   ServerConfig sc = ServerConfig("nonexistent.config");
-  assert(sc.maxClients()      == 2048,           "default maxClients must be 2048");
-  assert(sc.maxClientsPerIP() == 32,             "default maxClientsPerIP must be 32");
-  assert(sc.poolSize()        == 200,            "default poolSize must be 200");
+  assert(sc.maxClients()      == 2048, "default maxClients must be 2048");
+  assert(sc.maxClientsPerIP() == 32, "default maxClientsPerIP must be 32");
+  assert(sc.poolSize()        == 200, "default poolSize must be 200");
   assert(sc.serverInfo()      == "DaNode/0.0.3", "default serverInfo must be set");
 }
 

From daef70e771d1c1bd25531583bef8efb41213506a Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Fri, 20 Mar 2026 13:34:55 +0000
Subject: [PATCH 27/34] Removing some unused code

---
 danode/response.d  | 12 ++++--------
 danode/router.d    |  4 ++--
 danode/webconfig.d | 13 -------------
 3 files changed, 6 insertions(+), 23 deletions(-)

diff --git a/danode/response.d b/danode/response.d
index e183aa8..58a1888 100644
--- a/danode/response.d
+++ b/danode/response.d
@@ -159,25 +159,21 @@ void domainNotFound(ref Response response) {
 }
 
 // serve a the output of an external script 
-void serveCGI(ref Response response, in Request request, in WebConfig config, in FileSystem fs, bool removeInput = true) {
+void serveCGI(ref Response response, in Request request, in WebConfig config, in FileSystem fs, string localpath, bool removeInput = true) {
   log(Level.Trace, "Requested a cgi file, execution allowed");
-  string localroot = fs.localroot(request.shorthost());
-  string localpath = config.localpath(localroot, request.path);
   if (!response.routed) { // Store POST data (could fail multiple times)
     log(Level.Trace, "Writing server variables");
     fs.serverAPI(config, request, response);
     log(Level.Trace, "Creating CGI payload");
-    response.payload = new CGI(request.command(localpath), request.inputfile(fs), request.environ(localpath), removeInput, request.maxtime-5);
+    response.payload = new CGI(request.command(localpath), request.inputfile(fs), request.environ(localpath), removeInput, request.maxtime);
     response.ready = true;
   }
 }
 
 // serve a directory browsing request, via a message
-void serveDirectory(ref Response response, ref Request request, in WebConfig config, in FileSystem fs) {
+void serveDirectory(ref Response response, ref Request request, in WebConfig config, in FileSystem fs, string localpath) {
   log(Level.Trace, "Sending browse directory");
-  string localroot = fs.localroot(request.shorthost());
-  string localpath = config.localpath(localroot, request.path);
-  response.setPayload(StatusCode.Ok, browseDir(localroot, localpath), "text/html");
+  response.setPayload(StatusCode.Ok, browseDir(fs.localroot(request.shorthost()), localpath), "text/html");
 }
 
 // serve a forbidden page
diff --git a/danode/router.d b/danode/router.d
index 1e3c536..62afc64 100644
--- a/danode/router.d
+++ b/danode/router.d
@@ -87,7 +87,7 @@ class Router {
         log(Level.Trace, "Router: [T] allowcgi: %s, localpath %s exists", config.allowcgi, localpath);
         if (pathIsCGI && config.allowcgi) {
           log(Level.Trace, "Router: [T] localpath %s is a CGI file", localpath);
-          return(response.serveCGI(request, config, filesystem));
+          return(response.serveCGI(request, config, filesystem, localpath));
         }
         if (pathIsFILE && !pathIsCGI && pathAllowed) {
           log(Level.Trace, "Router: [T] localpath %s is a normal file", localpath);
@@ -100,7 +100,7 @@ class Router {
             if (!config.allowcgi) return(response.notFound());
             return(redirectCanonical(config, request, response));
           }
-          return(response.serveDirectory(request, config, filesystem));
+          return(response.serveDirectory(request, config, filesystem, localpath));
         }
         return(response.forbidden());
       }
diff --git a/danode/webconfig.d b/danode/webconfig.d
index 359a32b..9ec043f 100644
--- a/danode/webconfig.d
+++ b/danode/webconfig.d
@@ -45,18 +45,6 @@ struct ServerConfig {
       config.mtime = timeLastModified(path);
     }
 
-    @property int maxClients() const { return to!int(data.from("max_clients", "2048")); }
-    @property int maxClientsPerIP() const { return to!int(data.from("max_clients_per_ip", "32")); }
-    @property int poolSize() const { return to!int(data.from("pool_size", "200")); }
-    @property size_t maxHeaderSize() const { return to!size_t(data.from("max_header_size", "32768")); }
-    @property size_t maxRequestSize() const { return to!size_t(data.from("max_request_size", "2097152")); }
-    @property size_t maxUploadSize() const { return to!size_t(data.from("max_upload_size", "104857600")); }
-    @property size_t maxSSETime() const { return to!size_t(data.from("max_sse_time", "60000")); }
-    @property size_t maxCGIOutput() const { return to!size_t(data.from("max_cgi_output", "10485760")); }
-    @property long handshakeTimeout() const { return to!long(data.from("handshake_timeout", "5000")); }
-    @property string serverInfo() const { return data.from("serverinfo", "DaNode/0.0.3"); }
-    @property string userEmail() const { return data.from("user_email", ""); }
-
     T get(T)(string key, T def) { synchronized(serverConfigMutex) {
       try { return to!T(data.from(key, to!string(def))); }
       catch (Exception e) { return def; }
@@ -78,7 +66,6 @@ struct WebConfig {
 
     @property string domain(string shorthost) const { return flag("shorturl", "yes", "yes") ? shorthost : format("www.%s", shorthost); }
     @property @nogc bool allowcgi() const nothrow { return flag("allowcgi", "no", "yes"); }
-    @property string localpath(in string localroot, in string path) const { return(format("%s%s", localroot, path)); }
     @property @nogc bool redirect() const nothrow { return !flag("redirect", "/",  "/"); }
     @property @nogc bool redirectdir() const nothrow { return !flag("redirectdir","no", "no"); }
     @property string index() const { string to = data.from("redirect", "/"); if (to[0] != '/') { return(format("/%s", to)); } return(to); }

From 91dae1b71a31e7941d25b531297a53b08639ca13 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Fri, 20 Mar 2026 13:43:40 +0000
Subject: [PATCH 28/34] Request and CGI & process timeout

---
 danode/cgi.d      |  4 ++--
 danode/client.d   |  2 +-
 danode/process.d  |  4 ++--
 danode/request.d  |  5 +++--
 danode/response.d |  2 +-
 danode/router.d   |  8 ++++----
 www/server.config | 21 +++++++++++++--------
 7 files changed, 26 insertions(+), 20 deletions(-)

diff --git a/danode/cgi.d b/danode/cgi.d
index 36063cf..6e20194 100644
--- a/danode/cgi.d
+++ b/danode/cgi.d
@@ -18,9 +18,9 @@ class CGI : Payload {
   public:
     string command;
 
-    this(string[] command, string path, string[string] environ, bool removeInput = true, long maxtime = 4500){
+    this(string[] command, string path, string[string] environ, bool removeInput = true){
       this.command = command.join(" ");
-      external = new Process(command, path, environ, removeInput, maxtime); 
+      external = new Process(command, path, environ, removeInput);
       external.start();
     }
 
diff --git a/danode/client.d b/danode/client.d
index 6d9582d..2dc0b9d 100644
--- a/danode/client.d
+++ b/danode/client.d
@@ -51,7 +51,7 @@ class Client {
               if (driver.inbuffer.data.length > limit) { driver.sendPayloadTooLarge(response); stop(); continue; }
             }
             // Parse the data and try to create a response (Could fail multiple times)
-            if (!response.ready) { router.route(driver, request, response, maxtime); }
+            if (!response.ready) { router.route(driver, request, response); }
           }
           if (response.ready && !response.completed) {      // We know what to respond, but haven't send all of it yet
             driver.send(response, driver.socket);           // Send the response, hit multiple times, send what you can and return
diff --git a/danode/process.d b/danode/process.d
index 5001124..87d8224 100644
--- a/danode/process.d
+++ b/danode/process.d
@@ -62,12 +62,12 @@ class Process : Thread {
     Appender!(char[])  errbuffer;           /// Error appender buffer
 
   public:
-    this(string[] command, string inputfile, string[string] environ, bool removeInput = true, long maxtime = 4500) {
+    this(string[] command, string inputfile, string[string] environ, bool removeInput = true) {
       this.command = command;
       this.inputfile = inputfile;
       this.environ = environ;
       this.removeInput = removeInput;
-      this.maxtime = maxtime;
+      this.maxtime = serverConfig.get("cgi_timeout", 4500L);
       this.starttime = Clock.currTime();
       this.modified = Clock.currTime();
       this.outbuffer = appender!(char[])();
diff --git a/danode/request.d b/danode/request.d
index 279af92..0566299 100644
--- a/danode/request.d
+++ b/danode/request.d
@@ -10,6 +10,7 @@ import danode.functions : interpreter, from, parseHtmlDate, parseQueryString;
 import danode.webconfig : WebConfig;
 import danode.post : PostItem, PostType;
 import danode.log : log, tag, error, Level;
+import danode.webconfig : serverConfig;
 
 // The Request-Method indicates which method is to be performed on the specified resource
 enum RequestMethod : string {
@@ -55,13 +56,13 @@ struct Request {
   long maxtime;  /// Maximum time in ms before the request is discarded
 
   // Start a new Request, and parseHeader on the DriverInterface
-  final void initialize(const DriverInterface driver, long maxtime = 4500) {
+  final void initialize(const DriverInterface driver) {
     this.ip = driver.ip;
     this.port = driver.port;
     this.body = driver.body;
     this.isSecure = driver.isSecure;
     this.starttime = Clock.currTime();
-    this.maxtime = maxtime;
+    this.maxtime = serverConfig.get("request_timeout", 5000L);
     this.id = md5UUID(format("%s:%d-%s", driver.ip, driver.port, starttime));
     this.isValid = this.parseHeader(driver.header);
     log(Level.Verbose, "request: %s to %s from %s:%d - %s", method, uri, this.ip, this.port, this.id);
diff --git a/danode/response.d b/danode/response.d
index 58a1888..3613c14 100644
--- a/danode/response.d
+++ b/danode/response.d
@@ -165,7 +165,7 @@ void serveCGI(ref Response response, in Request request, in WebConfig config, in
     log(Level.Trace, "Writing server variables");
     fs.serverAPI(config, request, response);
     log(Level.Trace, "Creating CGI payload");
-    response.payload = new CGI(request.command(localpath), request.inputfile(fs), request.environ(localpath), removeInput, request.maxtime);
+    response.payload = new CGI(request.command(localpath), request.inputfile(fs), request.environ(localpath), removeInput);
     response.ready = true;
   }
 }
diff --git a/danode/router.d b/danode/router.d
index 62afc64..385f90c 100644
--- a/danode/router.d
+++ b/danode/router.d
@@ -33,18 +33,18 @@ class Router {
     }
 
     // Parse the header of a request, or receive additional post data when the user is uploading
-    final bool parse(in DriverInterface driver, ref Request request, ref Response response, long maxtime = 4500) {
+    final bool parse(in DriverInterface driver, ref Request request, ref Response response) {
       if (!driver.hasHeader()) return(false);
       if (!response.created) {
-        request.initialize(driver, maxtime);
+        request.initialize(driver);
         response = request.create(this.address);
       } else { request.update(driver.body); }
       return(true);
     }
 
     // Route a request based on the request header
-    final void route(DriverInterface driver, ref Request request, ref Response response, long maxtime = 4500) {
-      if (!response.routed && parse(driver, request, response, maxtime)) {
+    final void route(DriverInterface driver, ref Request request, ref Response response) {
+      if (!response.routed && parse(driver, request, response)) {
         if (request.parsePost(response, filesystem)) { deliver(request, response); }
       }
     }
diff --git a/www/server.config b/www/server.config
index aed0804..9929e09 100644
--- a/www/server.config
+++ b/www/server.config
@@ -1,7 +1,5 @@
-# workerpool.d
-MAX_CLIENTS = 2048
-MAX_CLIENTS_PER_IP = 32
-POOL_SIZE = 200
+# acme.d
+USER_EMAIL = Danny.Arends@gmail.com
 
 # client.d
 MAX_HEADER_SIZE = 32768
@@ -9,14 +7,21 @@ MAX_REQUEST_SIZE = 2097152
 MAX_UPLOAD_SIZE = 104857600
 MAX_SSE_TIME = 60000
 
+# https.d
+HANDSHAKE_TIMEOUT = 5000
+
 # process.d
 MAX_CGI_OUTPUT = 10485760
+CGI_TIMEOUT = 4500
 
-# https.d
-HANDSHAKE_TIMEOUT = 5000
+# request.d
+REQUEST_TIMEOUT = 5000
 
 # response.d
 SERVERINFO = DaNode/0.0.3
 
-# acme.d
-USER_EMAIL = Danny.Arends@gmail.com
+# workerpool.d
+MAX_CLIENTS = 2048
+MAX_CLIENTS_PER_IP = 32
+POOL_SIZE = 200
+

From 2d1b4f9c6a023ce73a9fda30e8e067d4ec9c6305 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Fri, 20 Mar 2026 13:46:38 +0000
Subject: [PATCH 29/34] Use lowercase

---
 www/server.config | 27 +++++++++++++--------------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/www/server.config b/www/server.config
index 9929e09..14d43a5 100644
--- a/www/server.config
+++ b/www/server.config
@@ -1,27 +1,26 @@
 # acme.d
-USER_EMAIL = Danny.Arends@gmail.com
+user_email = Danny.Arends@gmail.com
 
 # client.d
-MAX_HEADER_SIZE = 32768
-MAX_REQUEST_SIZE = 2097152
-MAX_UPLOAD_SIZE = 104857600
-MAX_SSE_TIME = 60000
+max_header_size = 32768
+max_request_size = 2097152
+max_upload_size = 104857600
+max_sse_time = 60000
 
 # https.d
-HANDSHAKE_TIMEOUT = 5000
+handshake_timeout = 5000
 
 # process.d
-MAX_CGI_OUTPUT = 10485760
-CGI_TIMEOUT = 4500
+max_cgi_output = 10485760
+cgi_timeout = 4500
 
 # request.d
-REQUEST_TIMEOUT = 5000
+request_timeout = 5000
 
 # response.d
-SERVERINFO = DaNode/0.0.3
+serverinfo = DaNode/0.0.3
 
 # workerpool.d
-MAX_CLIENTS = 2048
-MAX_CLIENTS_PER_IP = 32
-POOL_SIZE = 200
-
+max_clients = 2048
+max_clients_per_ip = 32
+pool_size = 200

From 99657653ec08131dcdaa27dddc315e541f2302e1 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Fri, 20 Mar 2026 13:54:31 +0000
Subject: [PATCH 30/34] Minor updates, and removing the tests that depend on
 the removed named accessor properties

---
 danode/process.d   | 7 +++----
 danode/request.d   | 3 +--
 danode/webconfig.d | 6 ------
 3 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/danode/process.d b/danode/process.d
index 87d8224..594f577 100644
--- a/danode/process.d
+++ b/danode/process.d
@@ -117,14 +117,13 @@ class Process : Thread {
         char[4096] tmp;
         auto fp = file.getFP();
         ptrdiff_t n;
-        while (lastmodified < maxtime && buffer.data.length < serverConfig.get("max_cgi_output", 10 * 1024 * 1024)) {
+        auto maxOutput = serverConfig.get("max_cgi_output", 10 * 1024 * 1024);
+        while (lastmodified < maxtime && buffer.data.length < maxOutput) {
           n = fread(tmp.ptr, 1, tmp.sizeof, fp);
           if (n > 0) {
             modified = Clock.currTime();
             buffer.put(tmp[0 .. n]);
-          } else {
-            break;
-          }
+          } else { break; }
         }
       } catch (Exception e) { error("Exception during readpipe command: %s", e); file.close();
       } catch (Error e) { error("Error during readpipe command: %s", e); file.close();
diff --git a/danode/request.d b/danode/request.d
index 0566299..37a49c5 100644
--- a/danode/request.d
+++ b/danode/request.d
@@ -7,10 +7,9 @@ import danode.imports;
 import danode.filesystem : FileSystem;
 import danode.interfaces : DriverInterface;
 import danode.functions : interpreter, from, parseHtmlDate, parseQueryString;
-import danode.webconfig : WebConfig;
+import danode.webconfig : WebConfig, serverConfig;
 import danode.post : PostItem, PostType;
 import danode.log : log, tag, error, Level;
-import danode.webconfig : serverConfig;
 
 // The Request-Method indicates which method is to be performed on the specified resource
 enum RequestMethod : string {
diff --git a/danode/webconfig.d b/danode/webconfig.d
index 9ec043f..fc6ef15 100644
--- a/danode/webconfig.d
+++ b/danode/webconfig.d
@@ -112,11 +112,5 @@ unittest {
   WebConfig noShort = WebConfig(fp);
   noShort.data["shorturl"] = "no";
   assert(noShort.domain("localhost") == "www.localhost", "shorturl=no must add www.");
-
-  ServerConfig sc = ServerConfig("nonexistent.config");
-  assert(sc.maxClients()      == 2048, "default maxClients must be 2048");
-  assert(sc.maxClientsPerIP() == 32, "default maxClientsPerIP must be 32");
-  assert(sc.poolSize()        == 200, "default poolSize must be 200");
-  assert(sc.serverInfo()      == "DaNode/0.0.3", "default serverInfo must be set");
 }
 

From 5c2b139f1f28a44faec678617a3c10a03d1838b3 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Fri, 20 Mar 2026 14:01:17 +0000
Subject: [PATCH 31/34] Adding comment, minor updates

---
 danode/webconfig.d | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/danode/webconfig.d b/danode/webconfig.d
index fc6ef15..23c2124 100644
--- a/danode/webconfig.d
+++ b/danode/webconfig.d
@@ -46,8 +46,7 @@ struct ServerConfig {
     }
 
     T get(T)(string key, T def) { synchronized(serverConfigMutex) {
-      try { return to!T(data.from(key, to!string(def))); }
-      catch (Exception e) { return def; }
+      try { return to!T(data.from(key, to!string(def))); }catch (Exception e) { return def; }
     } }
 }
 
@@ -82,6 +81,8 @@ struct WebConfig {
     }
 }
 
+/* Returns a cached WebConfig for the given domain, reloading from disk if the file has been
+   modified since the last load. Enables hot-reload of per-domain web.config without restart. */
 WebConfig getConfig(ref WebConfig[string] configs, FilePayload fp, string key) {
   if (key !in configs || fp.mtime > configs[key].mtime) { configs[key] = WebConfig(fp); }
   return configs[key];

From 518335754a0bbd4da3867045e7cf7bba8b0356f5 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Fri, 20 Mar 2026 14:16:10 +0000
Subject: [PATCH 32/34] use isFILE

---
 danode/filesystem.d | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/danode/filesystem.d b/danode/filesystem.d
index b80a1a1..e1703b3 100644
--- a/danode/filesystem.d
+++ b/danode/filesystem.d
@@ -7,7 +7,7 @@ import danode.imports;
 import danode.statuscode : StatusCode;
 import danode.payload : PayloadType;
 import danode.files : FilePayload, FileStream;
-import danode.functions : has;
+import danode.functions : has, isFILE;
 import danode.log : log, tag, error, Level;
 
 /* Domain name structure containing files in that domain
@@ -50,18 +50,20 @@ class FileSystem {
     /* Scan a single folder */
     final Domain scan(string dname){ synchronized {
       Domain domain;
-      foreach (DirEntry f; dirEntries(dname, SpanMode.depth)) {
-        if (f.isFile()) {
-          string shortname = replace(f.name[dname.length .. $], "\\", "/");
-          if (shortname.endsWith(".in") || shortname.endsWith(".up")) continue;
-          log(Level.Trace, "File: '%s' as '%s'", f.name, shortname);
-          if (!domain.files.has(shortname)) {
-            domain.files[shortname] = new FilePayload(f.name, maxsize);
-            domain.entries++;
-            if(domain.files[shortname].buffer()) { domain.buffered++; }
+      try {
+        foreach (DirEntry f; dirEntries(dname, SpanMode.depth)) {
+          if (f.isFILE()) {
+            string shortname = replace(f.name[dname.length .. $], "\\", "/");
+            if (shortname.endsWith(".in") || shortname.endsWith(".up")) continue;
+            log(Level.Trace, "File: '%s' as '%s'", f.name, shortname);
+            if (!domain.files.has(shortname)) {
+              domain.files[shortname] = new FilePayload(f.name, maxsize);
+              domain.entries++;
+              if(domain.files[shortname].buffer()) { domain.buffered++; }
+            }
           }
         }
-      }
+      } catch (Exception e) { log(Level.Trace, "scan: directory iteration interrupted: %s", e.msg); }
       // Remove files that no longer exist on disk
       foreach (k; domain.files.keys) { if (!exists(dname ~ k)) { domain.files.remove(k); } }
 

From f5ebaf4ac8bac87aa9c92e33a10a05fff7054b2d Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Fri, 20 Mar 2026 14:21:42 +0000
Subject: [PATCH 33/34] Use isFILE and isDIR

---
 danode/acme.d |  4 ++--
 danode/ssl.d  | 12 ++++++------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/danode/acme.d b/danode/acme.d
index 36cad43..7c4ae00 100644
--- a/danode/acme.d
+++ b/danode/acme.d
@@ -8,7 +8,7 @@ version(SSL) {
 
   import danode.log : log, error, Level;
   import danode.ssl : loadSSL, generateKey;
-  import danode.functions : writeFile;
+  import danode.functions : writeFile, isFILE;
   import danode.webconfig : serverConfig;
 
   immutable string ACME_DIR_PROD = "https://acme-v02.api.letsencrypt.org/directory";
@@ -80,7 +80,7 @@ version(SSL) {
 
     // Check cert expiry and renew if < 30 days remaining
   void checkAndRenew(string certDir = ".ssl/", string keyFile = ".ssl/server.key", string accountKey = ".ssl/account.key", bool staging = false) {
-    if (!exists(accountKey) || !isFile(accountKey)) { accountKey.generateKey(); }
+    if (!isFILE(accountKey)) { accountKey.generateKey(); }
     new Thread({
       try {
         log(Level.Always, "checkAndRenew called on '%s' with key '%s'", certDir, accountKey);
diff --git a/danode/ssl.d b/danode/ssl.d
index a688e03..a236b8a 100644
--- a/danode/ssl.d
+++ b/danode/ssl.d
@@ -6,6 +6,7 @@ version(SSL) {
   import danode.imports;
   import danode.includes;
 
+  import danode.functions : isFILE, isDIR;
   import danode.log : log, tag, error, Level;
 
   // SSL context structure, stored relation between hostname 
@@ -79,7 +80,7 @@ version(SSL) {
     SSL_CTX_set_options(ctx, 0x00400000U); //SSL_OP_CIPHER_SERVER_PREFERENCE
     SSL_CTX_set1_groups_list(ctx, "X25519:P-256:P-384");
 
-    if (exists(chainFile) && isFile(chainFile)) {
+    if (isFILE(chainFile)) {
       log(Level.Verbose, "SSL: [I] Loading certificate+chain from file: %s", chainFile);
       sslAssert(SSL_CTX_use_certificate_chain_file(ctx, cast(const char*) toStringz(chainFile)) > 0);
     } else {
@@ -132,17 +133,16 @@ version(SSL) {
   // Reload all SSL contexts from sslPath without restarting the server
   void loadSSL(string sslPath = ".ssl/", string sslKey = ".ssl/server.key") {
     log(Level.Verbose, "SSL: [I] loading sslPath: %s, sslKey: %s", sslPath, sslKey);
-    if (!exists(sslPath) || !isDir(sslPath)) { error("SSL: sslPath '%s' not found", sslPath); return; }
-    if (!exists(sslKey) || !isFile(sslKey)) { sslKey.generateKey(); }
+    if (!isDIR(sslPath)) { error("SSL: sslPath '%s' not found", sslPath); return; }
+    if (!isFILE(sslKey)) { sslKey.generateKey(); }
 
     SSLcontext[] localContexts;
     foreach (DirEntry d; dirEntries(sslPath, SpanMode.shallow)) {
       if (d.name.endsWith(".chain")) {
         string hostname = baseName(d.name, ".chain");
         if (hostname.length < 254) {
-          string chainFile = d.name;
-          log(Level.Verbose, "SSL: [I] Reloading certificate at: '%s'", chainFile);
-          auto lc = loadContext(chainFile, hostname, sslKey);
+          log(Level.Verbose, "SSL: [I] Reloading certificate at: '%s'", d.name);
+          auto lc = loadContext(d.name, hostname, sslKey);
           if (lc.context !is null) localContexts ~= lc;
         }
       }

From ab3f6cad1625b0c17ad640de96f183027d2baf99 Mon Sep 17 00:00:00 2001
From: DannyArends <Danny.Arends@gmail.com>
Date: Fri, 20 Mar 2026 14:59:38 +0000
Subject: [PATCH 34/34] Use isDIR

---
 danode/filesystem.d | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/danode/filesystem.d b/danode/filesystem.d
index e1703b3..004c82c 100644
--- a/danode/filesystem.d
+++ b/danode/filesystem.d
@@ -7,7 +7,7 @@ import danode.imports;
 import danode.statuscode : StatusCode;
 import danode.payload : PayloadType;
 import danode.files : FilePayload, FileStream;
-import danode.functions : has, isFILE;
+import danode.functions : has, isFILE, isDIR;
 import danode.log : log, tag, error, Level;
 
 /* Domain name structure containing files in that domain
@@ -40,7 +40,7 @@ class FileSystem {
 
     /* Scan the whole filesystem for changes */
     final void scan(){ synchronized {
-      foreach (DirEntry d; dirEntries(root, SpanMode.shallow)){ if(d.isDir()){
+      foreach (DirEntry d; dirEntries(root, SpanMode.shallow)){ if(d.name.isDIR()){
         domains[d.name] = scan(d.name);
       } }
       // Remove domains that no longer exist on disk