Add FIXME for pipe overflow

Fix typo
2023-07-11 02:12:26 +02:00 · 2023-07-11 02:12:12 +02:00 · 2023-07-11 01:57:48 +02:00 · 2023-07-11 01:51:47 +02:00 · 2023-07-11 01:50:36 +02:00 · 2023-07-11 01:50:00 +02:00
93 changed files with 8869 additions and 3127 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,8 +1,12 @@
 *
 !src
 !src/**
-!run.sh
+!res
+!res/**
+!doc
+!doc/**
+!test
+!test/**
 !Makefile
 !.gitignore
-!CppNet
-!CppNet/**
+!*.md
--- a/148
+++ b/148
@@ -1,22 +1,134 @@
-.DEFAULT_GOAL := install

-packages:
-	@echo "Installing packages..."
-	sudo apt-get install g++ libmagic-dev libssl-dev php-cgi
-	@echo "Finished downloading!"
+CC=gcc
+CFLAGS=-std=gnu11 -Wno-unused-but-set-variable -D_DEFAULT_SOURCE -D_GNU_SOURCE -D_BSD_SOURCE -D_SVID_SOURCE -D_POSIX_C_SOURCE=200809L
+LDFLAGS=-pthread -lssl -lcrypto -lmagic -lz -lmaxminddb -lbrotlienc

-update:
-	@echo "Updating imported git repos..."
-	cd CppNet
-	git pull
-	cd ..
-	@echo "Finished updating!"
+DEBIAN_OPTS=-D CACHE_MAGIC_FILE="\"/usr/share/file/magic.mgc\"" -D PHP_FPM_SOCKET="\"/var/run/php/php8.2-fpm.sock\""

-compile:
-	@echo "Compiling..."
-	@mkdir -p bin
-	g++ src/necronda-server.cpp -o bin/necronda-server -std=c++17 -fPIC -pthread -lz -lmagic -lssl -ldl -lcrypto
-	@echo "Finished compiling!"
+.PHONY: all prod debug default debian permit clean test
+all: prod
+default: bin bin/lib bin/worker bin/res bin/sesimos

-install: | packages update compile
-	@echo "Finished!"
+prod: CFLAGS += -O3
+prod: default
+
+debug: CFLAGS += -Wall -pedantic
+debug: default
+
+debian: CFLAGS += $(DEBIAN_OPTS)
+debian: prod
+
+test: CFLAGS += -include test/mock_*.h
+test: bin bin/test
+	bin/test
+
+
+bin:
+	mkdir -p bin
+
+bin/lib:
+	mkdir -p bin/lib
+
+bin/worker:
+	mkdir -p bin/worker
+
+bin/res:
+	mkdir -p bin/res
+
+bin/test: test/mock_*.c test/test_*.c \
+          src/lib/utils.c src/lib/sock.c src/lib/list.c src/lib/http.c src/lib/http_static.c src/logger.c src/lib/error.c
+	$(CC) -o $@ $(CFLAGS) $^ -lcriterion
+
+
+bin/%.o: src/%.c
+	$(CC) -c -o $@ $(CFLAGS) $<
+
+bin/lib/%.o: src/lib/%.c
+	$(CC) -c -o $@ $(CFLAGS) $<
+
+bin/worker/%.o: src/worker/%.c
+	$(CC) -c -o $@ $(CFLAGS) $<
+
+bin/res/%.o: bin/res/%.txt
+	objcopy -I binary --rename-section .data=.rodata -O elf64-x86-64 $^ $@
+
+bin/res/%.txt: res/%.*
+	cp $^ $@
+	/bin/echo -ne "\x00" >> $@
+
+bin/sesimos: bin/server.o bin/logger.o bin/cache_handler.o bin/async.o bin/workers.o \
+             bin/worker/request_handler.o bin/worker/tcp_acceptor.o \
+             bin/worker/fastcgi_handler.o bin/worker/local_handler.o bin/worker/proxy_handler.o \
+             bin/worker/proxy_peer_handler.o \
+             bin/worker/ws_frame_handler.o bin/worker/chunk_handler.o bin/worker/fastcgi_frame_handler.o \
+             bin/lib/http_static.o bin/res/default.o bin/res/proxy.o bin/res/style.o \
+             bin/res/icon_error.o bin/res/icon_info.o bin/res/icon_success.o bin/res/icon_warning.o \
+             bin/res/globe.o \
+             bin/lib/compress.o bin/lib/config.o bin/lib/fastcgi.o bin/lib/geoip.o bin/lib/error.o \
+             bin/lib/http.o  bin/lib/proxy.o bin/lib/sock.o bin/lib/uri.o \
+             bin/lib/utils.o bin/lib/websocket.o bin/lib/mpmc.o bin/lib/list.o
+	$(CC) -o $@ $^ $(CFLAGS) $(LDFLAGS)
+
+
+bin/server.o: src/server.h src/defs.h src/cache_handler.h src/lib/config.h src/lib/sock.h \
+              src/lib/proxy.h src/lib/geoip.h src/lib/utils.h src/logger.h
+
+bin/logger.o: src/logger.h
+
+bin/cache_handler.o: src/cache_handler.h src/lib/utils.h src/lib/uri.h src/lib/compress.h src/logger.h
+
+bin/async.o: src/async.h src/logger.h
+
+bin/workers.o: src/workers.h src/lib/mpmc.h src/worker/func.h
+
+bin/worker/request_handler.o: src/worker/func.h
+
+bin/worker/tcp_acceptor.o: src/worker/func.h
+
+bin/worker/fastcgi_handler.o: src/worker/func.h
+
+bin/worker/local_handler.o: src/worker/func.h
+
+bin/worker/proxy_handler.o: src/worker/func.h
+
+bin/worker/proxy_peer_handler.o: src/worker/func.h
+
+bin/worker/ws_frame_handler.o: src/worker/func.h
+
+bin/worker/fastcgi_frame_handler.o: src/worker/func.h
+
+bin/worker/chunk_handler.o: src/worker/func.h
+
+bin/lib/compress.o: src/lib/compress.h
+
+bin/lib/config.o: src/lib/config.h src/lib/utils.h src/lib/uri.h src/logger.h
+
+bin/lib/fastcgi.o: src/lib/fastcgi.h src/server.h src/lib/utils.h src/lib/compress.h src/lib/http.h \
+                   src/lib/uri.h src/lib/include/fastcgi.h src/logger.h
+
+bin/lib/error.o: src/lib/error.h
+
+bin/lib/geoip.o: src/lib/geoip.h
+
+bin/lib/http.o: src/lib/http.h src/lib/utils.h src/lib/compress.h src/lib/sock.h src/logger.h
+
+bin/lib/list.o: src/lib/list.h
+
+bin/lib/mpmc.o: src/lib/mpmc.h src/logger.h
+
+bin/lib/proxy.o: src/lib/proxy.h src/defs.h src/server.h src/lib/compress.h src/logger.h
+
+bin/lib/sock.o: src/lib/sock.h
+
+bin/lib/uri.o: src/lib/uri.h src/lib/utils.h
+
+bin/lib/utils.o: src/lib/utils.h
+
+bin/lib/websocket.o: src/lib/websocket.h src/defs.h src/lib/utils.h src/lib/sock.h src/logger.h
+
+
+permit:
+	sudo setcap 'cap_net_bind_service=+ep' "$(shell pwd)/bin/sesimos"
+
+clean:
+	rm -rf bin/*
--- a/README.md
+++ b/README.md
@@ -0,0 +1,49 @@
+
+Sesimos – Secure, simple, modern web server
+===========================================
+
+## Features
+
+* Full IPv4 and IPv6 support
+* TLS Server Name Inspection (SNI)
+* Serving local files via HTTP and HTTPS
+  * File compression ([gzip](https://www.gzip.org/), [Brotli](https://www.brotli.org/))
+  * Disk cache for compressed files
+* Reverse proxy for other HTTP and HTTPS servers
+  * Transparent WebSocket reverse proxy
+* FastCGI support (e.g. [PHP-FPM](https://php-fpm.org/))
+  * Automatic path info detection (e.g. `/my/file/extra/path` -> script: `/my/file.php`, path info: `extra/path`)
+* Support for [MaxMind's GeoIP Database](https://www.maxmind.com/en/geoip2-services-and-databases)
+* Optional DNS reverse lookup for connecting hosts
+* Automatic URL rewrite (e.g. `/index.html` -> `/`, `/test.php` -> `/test`)
+* Modern looking and responsive error documents
+
+
+## Configuration
+
+See [doc/example.conf](doc/example.conf) for more details.
+
+
+### Global directives
+
+* `geoip_dir` (optional) - path to a directory containing GeoIP databases
+
+
+### Configuration
+
+* `[cert <cert-name>]` - begins section for a certificate
+  * `certificate` - path to SSL certificate (or certificate chain)
+  * `private_key` - path to SSL private key
+* `[host <host>]` - begins section for the virtual host `<host>`
+  * `cert` - the name of the certificate to use
+  * Local
+      * `webroot` - path to the root directory
+      * `dir_mode` - specify the behaviour for directories without an `index.html` or `index.php`
+          * `forbidden` - the server will respond with `403 Forbidden`
+          * `info` - try passing *path info* to an upper `.php` file.
+          * `list` - list contents of directory (**not implemented yet**)
+  * Reverse proxy
+      * `hostname` - hostname of server to be reverse proxy of
+      * `port` - port to be used
+      * `http` - use HTTP to communicate with server
+      * `https` - use HTTPS to communicate with server
--- a/architecture.md
+++ b/architecture.md
@@ -0,0 +1,22 @@
+
+# Architecture
+
+* logger (1)
+* listener (2) - 80, 443
+* cache_handler (1)
+* connection_initializer
+* request_handler
+* local_handler
+* proxy_handler
+* ws_handler
+* fastcgi_handler
+
+
+* -> logger
+* main -> listener
+* listener -> connection_handler
+* connection_initializer -> request_handler
+* request_handler -> local_handler -> request_handler
+* local_handler -> fastcgi_handler -> request_handler
+* request_handler -> rp_handler -> request_handler
+* proxy_handler -> ws_handler -> request_handler
--- a/doc/example.conf
+++ b/doc/example.conf
@@ -0,0 +1,24 @@
+
+#geoip_dir  /var/dir
+#dns_server 192.168.0.1
+
+[cert cert1]
+certificate /var/cert/cert.pem
+private_key /var/cert/cert.key
+
+[host localhost]
+webroot     /var/www/localhost
+dir_mode    forbidden
+cert        cert1
+
+[host me.local]
+hostname    www.example.com
+port        80
+cert        cert1
+http
+
+[host secure.local]
+hostname    www.example.com
+port        443
+cert        cert1
+https
--- a/res/default.html
+++ b/res/default.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <title>%1$i %2$s - %7$s</title>
+  <meta charset="UTF-8"/>
+  <meta name="theme-color" content="%6$s"/>
+  <meta name="color-scheme" content="light dark"/>
+  <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"/>
+  <meta name="viewport" content="width=device-width,initial-scale=1.0"/>
+  <link rel="shortcut icon" type="image/x-icon" href="/favicon.ico"/>
+  <link rel="stylesheet" type="text/css" href="/.sesimos/res/style.css"/>
+  <link rel="alternate icon" type="image/svg+xml" sizes="any" href="%5$s"/>
+  <style>html{--color:var(--%4$s);}</style>
+</head>
+<body>
+  <main>
+    <section>
+%3$s%9$s      <div class="footer"><a href="https://%7$s/">%7$s</a> - %10$s</div>
+    </section>
+%8$s  </main>
+</body>
+</html>
--- a/res/globe.svg
+++ b/res/globe.svg
@@ -0,0 +1,3 @@
+<svg width="64" height="64" xmlns="http://www.w3.org/2000/svg">
+    <path d="M2,32 a30,30,0,1,0,60,0 a30,30,0,1,0,-60,0 L62,32 M6,16 L58,16 M6,48 L58,48 M32,2 L32,62 a15,30,0,1,0,0,-60 a15,30,0,1,0,0,60 Z" stroke="#008000" stroke-width="2" fill="#00000000"/>
+</svg>
--- a/res/icon_error.svg
+++ b/res/icon_error.svg
@@ -0,0 +1,3 @@
+<svg width="16" height="16" xmlns="http://www.w3.org/2000/svg">
+    <text x="4" y="12" fill="#C00000" style="font-family:'Arial',sans-serif">:(</text>
+</svg>
--- a/res/icon_info.svg
+++ b/res/icon_info.svg
@@ -0,0 +1,3 @@
+<svg width="16" height="16" xmlns="http://www.w3.org/2000/svg">
+    <text x="4" y="12" fill="#606060" style="font-family:'Arial',sans-serif">:)</text>
+</svg>
--- a/res/icon_success.svg
+++ b/res/icon_success.svg
@@ -0,0 +1,3 @@
+<svg width="16" height="16" xmlns="http://www.w3.org/2000/svg">
+    <text x="4" y="12" fill="#008000" style="font-family:'Arial',sans-serif">:)</text>
+</svg>
--- a/res/icon_warning.svg
+++ b/res/icon_warning.svg
@@ -0,0 +1,3 @@
+<svg width="16" height="16" xmlns="http://www.w3.org/2000/svg">
+    <text x="4" y="12" fill="#E0C000" style="font-family:'Arial',sans-serif">:)</text>
+</svg>
--- a/res/proxy.html
+++ b/res/proxy.html
@@ -0,0 +1,31 @@
+    <section class="error-ctx">
+      <div class="box%1$s">
+        <div class="content">
+          <span>Client</span>
+          <img src="/.sesimos/res/globe.svg"/>
+          <span>Your Browser</span>
+        </div>
+        <div class="arrow request%2$s"></div>
+      </div>
+      <div class="border%8$s"></div>
+      <div class="box%3$s">
+        <div class="content">
+          <span>Reverse Proxy</span>
+          <h3>%10$03i</h3>
+          <h4>%11$s</h4>
+          <span>%15$s</span>
+        </div>
+        <div class="arrow request%4$s"></div>
+        <div class="arrow response%5$s"></div>
+      </div>
+      <div class="border%9$s"></div>
+      <div class="box%6$s">
+        <div class="content">
+          <span>Server</span>
+          <h3>%12$s</h3>
+          <h4>%13$s</h4>
+          <span>%14$s</span>
+        </div>
+        <div class="arrow response%7$s"></div>
+      </div>
+    </section>
--- a/res/style.css
+++ b/res/style.css
@@ -0,0 +1,66 @@
+html{
+	font-family:"Arial",sans-serif;
+	--error:#C00000;
+	--warning:#E0C000;
+	--success:#008000;
+	--info:#606060;
+	--soft:#808080;
+}
+
+body{background-color:#F0F0F0;margin:0;}
+main{max-width:650px;margin:2em auto;}
+section{margin:2em 1em;background-color:#FFFFFF;border: 1px solid var(--color);border-radius:4px;padding:1em;}
+h1,h2,h3,h4,h5,h6{text-align:center;color:var(--color);font-weight:normal;}
+h1{font-size:3em;margin:0.125em 0;}
+h2{font-size:1.5em;margin:0.25em 0 1em 0;}
+p{text-align:center;font-size:0.875em;}
+div.footer{color:var(--soft);font-size:0.75em;text-align:center;margin:2em 0 0.5em 0;}
+div.footer a{color:var(--soft);}
+ul,ol{width:fit-content;margin:auto;}
+pre{width:fit-content;margin:2em auto 0 auto;}
+
+section.error-ctx{display:flex;padding:0;border:none;}
+div.box{flex:100% 1 1;border:1px solid var(--info);color:var(--info);position:relative;padding:1em;box-sizing:border-box;text-align:center;}
+div.box.error{border-color:var(--error);color:var(--error);}
+div.box.success{border-color:var(--success);color:var(--success);}
+div.arrow{position:absolute;height:20px;width:30px;z-index:10;background-repeat:no-repeat;background-size:contain;}
+div.arrow.response{left:-17.5px;bottom:calc(33.3333% - 10px);}
+div.arrow.request{right:-17.5px;top:calc(33.3333% - 10px);}
+div.border{flex:1px 0 0;background-color:var(--info);}
+div.border.error{background-color:var(--error);}
+div.border.success{background-color:var(--success);}
+div.content>span{display:block;color:var(--soft);font-size:0.75em;}
+div.content>img{height:3.75rem;margin:0.75rem auto;display:block;}
+h3{font-size:2.25em;margin:0.75rem 0 0 0;color:unset;height:2.5rem;}
+h4{font-size:1em;margin:0 0 0.75rem 0;color:unset;height:1.25rem;}
+
+div.arrow.request.success{background-image:url('data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PHBhdGggZD0iTTEsMSBMMjUsMSBMMjksMTAgTDI1LDE5IEwxLDE5IiBmaWxsPSIjRkZGRkZGIiBzdHJva2U9IiMwMDgwMDAiIHN0cm9rZS13aWR0aD0iMiIvPjwvc3ZnPgo=');}
+div.arrow.request.error{background-image:url('data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PHBhdGggZD0iTTEsMSBMMjUsMSBMMjksMTAgTDI1LDE5IEwxLDE5IiBmaWxsPSIjRkZGRkZGIiBzdHJva2U9IiNDMDAwMDAiIHN0cm9rZS13aWR0aD0iMiIvPjwvc3ZnPgo=');}
+div.arrow.response.success{background-image:url('data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PHBhdGggZD0iTTI5LDE5IEw1LDE5IEwxLDEwIEw1LDEgTDI5LDEiIGZpbGw9IiNGRkZGRkYiIHN0cm9rZT0iIzAwODAwMCIgc3Ryb2tlLXdpZHRoPSIyIi8+PC9zdmc+Cg==');}
+div.arrow.response.error{background-image:url('data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PHBhdGggZD0iTTI5LDE5IEw1LDE5IEwxLDEwIEw1LDEgTDI5LDEiIGZpbGw9IiNGRkZGRkYiIHN0cm9rZT0iI0MwMDAwMCIgc3Ryb2tlLXdpZHRoPSIyIi8+PC9zdmc+Cg==');}
+
+@media(prefers-color-scheme:dark){
+	html{color:#FFFFFF;--soft:#404040;}
+	body{background-color:#101010;}
+	section{background-color:#181818;}
+
+	div.arrow.request.success{background-image:url('data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PHBhdGggZD0iTTEsMSBMMjUsMSBMMjksMTAgTDI1LDE5IEwxLDE5IiBmaWxsPSIjMTgxODE4IiBzdHJva2U9IiMwMDgwMDAiIHN0cm9rZS13aWR0aD0iMiIvPjwvc3ZnPgo=');}
+	div.arrow.request.error{background-image:url('data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PHBhdGggZD0iTTEsMSBMMjUsMSBMMjksMTAgTDI1LDE5IEwxLDE5IiBmaWxsPSIjMTgxODE4IiBzdHJva2U9IiNDMDAwMDAiIHN0cm9rZS13aWR0aD0iMiIvPjwvc3ZnPgo=');}
+	div.arrow.response.success{background-image:url('data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PHBhdGggZD0iTTI5LDE5IEw1LDE5IEwxLDEwIEw1LDEgTDI5LDEiIGZpbGw9IiMxODE4MTgiIHN0cm9rZT0iIzAwODAwMCIgc3Ryb2tlLXdpZHRoPSIyIi8+PC9zdmc+Cg==');}
+	div.arrow.response.error{background-image:url('data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PHBhdGggZD0iTTI5LDE5IEw1LDE5IEwxLDEwIEw1LDEgTDI5LDEiIGZpbGw9IiMxODE4MTgiIHN0cm9rZT0iI0MwMDAwMCIgc3Ryb2tlLXdpZHRoPSIyIi8+PC9zdmc+Cg==');}
+}
+
+@media(min-width:650px){
+	div.box:first-child{border-top-left-radius:4px;border-bottom-left-radius:4px;border-right:none;}
+	div.box:last-child{border-top-right-radius:4px;border-bottom-right-radius:4px;border-left:none;}
+	div.box:not(:last-child):not(:first-child){border-left:none;border-right:none;}
+}
+
+@media(max-width:650px){
+	section.error-ctx{flex-direction:column;height:unset;}
+	div.box:first-child{border-top-left-radius:4px;border-top-right-radius:4px;border-bottom:none;padding-top:1em;}
+	div.box:last-child{border-bottom-right-radius:4px;border-bottom-left-radius:4px;border-top:none;padding-bottom:1em;}
+	div.box:not(:last-child):not(:first-child){border-top:none;border-bottom:none;}
+	div.arrow.response{transform:rotate(90deg);top:-10px;left:calc(33.3333% - 22.5px);right:unset;}
+	div.arrow.request{transform:rotate(90deg);bottom:-10px;right:calc(33.3333% - 22.5px);top:unset;}
+}
--- a/run.sh
+++ b/run.sh
@@ -1,7 +0,0 @@
-#!/bin/bash
-echo "-- Building and starting Necronda Server..."
-make update && make compile && \
- echo -e "-- Successfully finished compiling!\n" && \
- sleep 0.0625 && \
- echo -e "-- Starting Server...\n" && \
- authbind ./bin/necronda-server
--- a/src/URI.cpp
+++ b/src/URI.cpp
@@ -1,196 +0,0 @@
-
-#include "URI.h"
-#include "necronda-server.h"
-#include <utility>
-#include <sys/stat.h>
-
-using namespace std;
-
-string getExtension(string path) {
-    long pos = path.find_last_of('.');
-    if (pos == string::npos) {
-        return "";
-    }
-    return path.substr(pos + 1, path.length() - pos);
-}
-
-string getFilename(string path) {
-    long pos = path.find_last_of('/');
-    if (pos == string::npos) {
-        return "";
-    }
-    return path.substr(pos + 1, path.length() - pos);
-}
-
-bool isDirectory(string path) {
-    struct stat statbuf;
-    return stat(path.c_str(), &statbuf) == 0 && S_ISDIR(statbuf.st_mode) != 0;
-}
-
-bool isFile(string path) {
-    struct stat statbuf;
-    return stat(path.c_str(), &statbuf) == 0 && S_ISDIR(statbuf.st_mode) == 0;
-}
-
-bool fileExists(string path) {
-    struct stat statbuf;
-    return stat(path.c_str(), &statbuf) == 0;
-}
-
-URI::URI() = default;
-
-URI::URI(string webroot, string reqpath) {
-    unsigned long pos = reqpath.find('?');
-    if (pos != string::npos) {
-        queryinit = true;
-        query = reqpath.substr(pos + 1, reqpath.length() - pos);
-        reqpath.erase(pos, reqpath.length() - pos);
-    } else {
-        query = "";
-        queryinit = false;
-    }
-    if (webroot.length() >= 1 && webroot[webroot.length() - 1] == '/') {
-        webroot.erase(webroot.length() - 1);
-    }
-    reqpath = url_decode(reqpath);
-    if (reqpath.find("/../") != string::npos) {
-        throw (char *) "Invalid path";
-    }
-    if (reqpath[0] != '/') {
-        reqpath = '/' + reqpath;
-    }
-    this->webroot = webroot;
-    this->reqpath = reqpath;
-
-    info = "";
-    relpath = reqpath;
-
-    while ((!fileExists(webroot + relpath) || (isDirectory(webroot + relpath) && !fileExists(webroot + relpath + "/index.php")))
-            && (!fileExists(webroot + relpath + ".php") || (isDirectory(webroot + relpath + ".php") && !fileExists(webroot + relpath + ".php/index.php")))
-            && (!fileExists(webroot + relpath + ".html") || (isDirectory(webroot + relpath + ".html") && !fileExists(webroot + relpath + ".html/index.php")))) {
-        long slash = relpath.find_last_of('/');
-        if (slash == string::npos || relpath == "/") {
-            break;
-        }
-        info = relpath.substr(slash) + info;
-        relpath.erase(slash);
-    }
-
-    if (!info.empty() && isDirectory(webroot + relpath)) {
-        relpath.append("/");
-    }
-
-    string abs = relpath;
-    if (fileExists(webroot + abs)) {
-        string ext = getExtension(abs);
-        if (ext == "php" || ext == "html") {
-            abs.erase(abs.length() - ext.length() - 1, abs.length());
-        }
-    }
-
-    string fname = getFilename(abs);
-    if (fname == "index") {
-        abs.erase(abs.length() - fname.length() - 1, abs.length());
-    }
-
-    this->filepath = webroot + relpath;
-
-    if (isDirectory(webroot + abs)) {
-        if (abs[abs.length() - 1] != '/') {
-            abs += "/";
-        }
-        this->relpath = abs;
-        abs += "index";
-        if (fileExists(webroot + abs + ".php")) {
-            this->filepath = webroot + abs + ".php";
-        } else if (fileExists(webroot + abs + ".html")) {
-            this->filepath = webroot + abs + ".html";
-        }
-    } else {
-        if (abs[abs.length() - 1] == '/') {
-            abs.erase(abs.length() - 1, abs.length() - 1);
-        }
-        this->relpath = abs;
-        if (fileExists(webroot + abs + ".php")) {
-            this->filepath = webroot + abs + ".php";
-        } else if (fileExists(webroot + abs + ".html")) {
-            this->filepath = webroot + abs + ".html";
-        }
-    }
-
-    if (isStatic() && !info.empty()) {
-        if (relpath[relpath.length() - 1] == '/') {
-            relpath.erase(relpath.length() - 1);
-        }
-        newpath = relpath + info;
-        filepath = "";
-    } else if (relpath != reqpath) {
-        if (!info.empty() && relpath[relpath.length() - 1] == '/') {
-            info.erase(0,1);
-        }
-        newpath = relpath + info;
-    } else {
-        newpath = "";
-    }
-
-}
-
-string URI::getWebRoot() {
-    return webroot;
-}
-
-string URI::getRelativePath() {
-    return relpath;
-}
-
-string URI::getAbsolutePath() {
-    return webroot + relpath;
-}
-
-string URI::getFilePath() {
-    return filepath;
-}
-
-string URI::getRelativeFilePath() {
-    string str = getFilePath();
-    long len = getWebRoot().length();
-    return str.substr(len, str.length() - len);
-}
-
-string URI::getNewPath() {
-    if (isStatic()) {
-        if (hasQuery()) {
-            return getRelativePath();
-        }
-    }
-    if (!newpath.empty() && newpath != reqpath) {
-        return url_encode(newpath) + (queryinit? "?" + query : "");
-    } else {
-        return "";
-    }
-}
-
-FILE *URI::openFile() {
-    return fopen64(getFilePath().c_str(), "rb");
-}
-
-string URI::getFilePathInfo() {
-    return info; //getAbsolutePath().erase(getFilePath().length(), getAbsolutePath().length());
-}
-
-string URI::getFileType() {
-    return getMimeType(getFilePath());
-}
-
-bool URI::isStatic() {
-    return getExtension(filepath) != "php";
-}
-
-string URI::getQuery() {
-    return query;
-}
-
-bool URI::hasQuery() {
-    return queryinit;
-}
-
--- a/src/URI.h
+++ b/src/URI.h
@@ -1,51 +0,0 @@
-
-#include <iostream>
-
-#ifndef NECRONDA_PATH
-#define NECRONDA_PATH
-
-using namespace std;
-
-class URI {
-private:
-    string webroot;
-    string reqpath;
-    string relpath;
-    string query;
-    string info;
-    string filepath;
-    string newpath;
-    bool queryinit{};
-
-public:
-    URI();
-
-    URI(string webroot, string reqpath);
-
-    string getWebRoot();
-
-    string getRelativePath();
-
-    string getAbsolutePath();
-
-    string getFilePath();
-
-    string getRelativeFilePath();
-
-    string getNewPath();
-
-    FILE *openFile();
-
-    string getFilePathInfo();
-
-    string getFileType();
-
-    bool isStatic();
-
-    string getQuery();
-
-    bool hasQuery();
-
-};
-
-#endif
--- a/src/async.c
+++ b/src/async.c
@@ -0,0 +1,391 @@
+/**
+ * Sesimos - secure, simple, modern web server
+ * @brief Async handler
+ * @file src/async.c
+ * @author Lorenz Stechauner
+ * @date 2022-12-28
+ */
+
+#include "async.h"
+#include "logger.h"
+#include "lib/list.h"
+#include "lib/utils.h"
+
+#include <poll.h>
+#include <sys/epoll.h>
+#include <signal.h>
+#include <errno.h>
+#include <memory.h>
+#include <pthread.h>
+#include <semaphore.h>
+#include <unistd.h>
+
+#define ASYNC_MAX_EVENTS 16
+
+typedef struct {
+    int fd;
+    sock *socket;
+    async_evt_t events;
+    int flags;
+    void *arg;
+    void (*cb)(void *);
+    void (*to_cb)(void *);
+    void (*err_cb)(void *);
+} evt_listen_t;
+
+typedef struct {
+    int n;
+    evt_listen_t *q[ASYNC_MAX_EVENTS];
+} listen_queue_t;
+
+static listen_queue_t listen1, listen2, *listen_q = &listen1;
+static volatile sig_atomic_t alive = 1;
+static pthread_t thread = -1;
+static sem_t lock;
+static int epoll_fd;
+
+static short async_a2p(async_evt_t events) {
+    short ret = 0;
+    if (events & ASYNC_IN)  ret |= POLLIN;
+    if (events & ASYNC_PRI) ret |= POLLPRI;
+    if (events & ASYNC_OUT) ret |= POLLOUT;
+    if (events & ASYNC_ERR) ret |= POLLERR;
+    if (events & ASYNC_HUP) ret |= POLLHUP;
+    if (events & ASYNC_RDNORM) ret |= POLLRDNORM;
+    if (events & ASYNC_RDBAND) ret |= POLLRDBAND;
+    if (events & ASYNC_WRNORM) ret |= POLLWRNORM;
+    if (events & ASYNC_WRBAND) ret |= POLLWRBAND;
+    if (events & ASYNC_MSG) ret |= POLLMSG;
+    return ret;
+}
+
+static unsigned int async_a2e(async_evt_t events) {
+    unsigned int ret = 0;
+    if (events & ASYNC_IN)  ret |= EPOLLIN;
+    if (events & ASYNC_PRI) ret |= EPOLLPRI;
+    if (events & ASYNC_OUT) ret |= EPOLLOUT;
+    if (events & ASYNC_ERR) ret |= EPOLLERR;
+    if (events & ASYNC_HUP) ret |= EPOLLHUP;
+    if (events & ASYNC_RDNORM) ret |= EPOLLRDNORM;
+    if (events & ASYNC_RDBAND) ret |= EPOLLRDBAND;
+    if (events & ASYNC_WRNORM) ret |= EPOLLWRNORM;
+    if (events & ASYNC_WRBAND) ret |= EPOLLWRBAND;
+    if (events & ASYNC_MSG) ret |= EPOLLMSG;
+    return ret;
+}
+
+static async_evt_t async_p2a(short events) {
+    async_evt_t ret = 0;
+    if (events & POLLIN)   ret |= ASYNC_IN;
+    if (events & POLLPRI)  ret |= ASYNC_PRI;
+    if (events & POLLOUT)  ret |= ASYNC_OUT;
+    if (events & POLLERR)  ret |= ASYNC_ERR;
+    if (events & POLLHUP)  ret |= ASYNC_HUP;
+    if (events & POLLRDNORM) ret |= ASYNC_RDNORM;
+    if (events & POLLRDBAND) ret |= ASYNC_RDBAND;
+    if (events & POLLWRNORM) ret |= ASYNC_WRNORM;
+    if (events & POLLWRBAND) ret |= ASYNC_WRBAND;
+    if (events & POLLMSG) ret |= ASYNC_MSG;
+    return ret;
+}
+
+static async_evt_t async_e2a(unsigned int events) {
+    async_evt_t ret = 0;
+    if (events & EPOLLIN)   ret |= ASYNC_IN;
+    if (events & EPOLLPRI)  ret |= ASYNC_PRI;
+    if (events & EPOLLOUT)  ret |= ASYNC_OUT;
+    if (events & EPOLLERR)  ret |= ASYNC_ERR;
+    if (events & EPOLLHUP)  ret |= ASYNC_HUP;
+    if (events & EPOLLRDNORM) ret |= ASYNC_RDNORM;
+    if (events & EPOLLRDBAND) ret |= ASYNC_RDBAND;
+    if (events & EPOLLWRNORM) ret |= ASYNC_WRNORM;
+    if (events & EPOLLWRBAND) ret |= ASYNC_WRBAND;
+    if (events & EPOLLMSG) ret |= ASYNC_MSG;
+    return ret;
+}
+
+static short async_e2p(unsigned int events) {
+    return async_a2p(async_e2a(events));
+}
+
+static unsigned int async_p2e(short events) {
+    return async_a2e(async_p2a(events));
+}
+
+static int async_add_to_queue(evt_listen_t *evt) {
+    while (sem_wait(&lock) != 0) {
+        if (errno == EINTR) {
+            errno = 0;
+            continue;
+        } else {
+            return -1;
+        }
+    }
+
+    evt_listen_t *ptr = malloc(sizeof(evt_listen_t));
+    if (ptr == NULL) {
+        sem_post(&lock);
+        return -1;
+    }
+
+    memcpy(ptr, evt, sizeof(*evt));
+    listen_q->q[listen_q->n++] = ptr;
+
+    sem_post(&lock);
+
+    return 0;
+}
+
+static int async_exec(evt_listen_t *evt, async_evt_t r_events) {
+    int ret, e = errno;
+    if (r_events & evt->events) {
+        // specified event(s) occurred
+        if (!(evt->flags & ASYNC_IGNORE_PENDING) && evt->socket && !sock_has_pending(evt->socket, 0)) {
+            evt->err_cb(evt->arg);
+            ret = 0;
+        } else {
+            evt->cb(evt->arg);
+            ret = (evt->flags & ASYNC_KEEP) ? 1 : 0;
+        }
+    } else if (r_events & (POLLERR | POLLHUP | POLLNVAL)) {
+        // error occurred
+        evt->err_cb(evt->arg);
+        ret = 0;
+    } else {
+        // no event occurred
+        ret = -1;
+    }
+
+    errno = e;
+    return ret;
+}
+
+static int async_check(evt_listen_t *evt) {
+    struct pollfd fds[1] = {{
+        .fd = evt->fd,
+        .events = async_a2p(evt->events)
+    }};
+
+    // check, if fd is already ready
+    switch (poll(fds, 1, 0)) {
+        case 1:
+            // fd already ready
+            if (async_exec(evt, async_p2a(fds[0].revents)) == 0)
+                return 1;
+            break;
+        case -1:
+            error("Unable to poll");
+            return -1;
+    }
+
+    return 0;
+}
+
+static int async_add(evt_listen_t *evt) {
+    if (async_check(evt) == 1)
+        return 0;
+
+    int ret = async_add_to_queue(evt);
+    if (ret == 0 && thread != -1)
+        pthread_kill(thread, SIGUSR1);
+
+    return ret;
+}
+
+int async_fd(int fd, async_evt_t events, int flags, void *arg, void cb(void *), void to_cb(void *), void err_cb(void *)) {
+    evt_listen_t evt = {
+            .fd = fd,
+            .socket = NULL,
+            .events = events,
+            .flags = flags,
+            .arg = arg,
+            .cb = cb,
+            .to_cb = to_cb,
+            .err_cb = err_cb,
+    };
+    return async_add(&evt);
+}
+
+int async(sock *s, async_evt_t events, int flags, void *arg, void cb(void *), void to_cb(void *), void err_cb(void *)) {
+    evt_listen_t evt = {
+            .fd = s->socket,
+            .socket = s,
+            .events = events,
+            .flags = flags,
+            .arg = arg,
+            .cb = cb,
+            .to_cb = to_cb,
+            .err_cb = err_cb,
+    };
+    return async_add(&evt);
+}
+
+int async_init(void) {
+    if (sem_init(&lock, 0, 1) != 0) {
+        return -1;
+    }
+
+    listen1.n = 0;
+    listen2.n = 0;
+
+    if ((epoll_fd = epoll_create1(0)) == -1) {
+        async_free();
+        return -1;
+    }
+
+    return 0;
+}
+
+void async_free(void) {
+    int e = errno;
+    sem_destroy(&lock);
+    close(epoll_fd);
+    errno = e;
+}
+
+void async_thread(void) {
+    struct epoll_event ev, events[ASYNC_MAX_EVENTS];
+    int num_fds;
+    long ts, min_ts, cur_ts;
+    listen_queue_t *l;
+    evt_listen_t **local;
+
+    if ((local = list_create(sizeof(evt_listen_t *), 16)) == NULL) {
+        critical("Unable to create async local list");
+        return;
+    }
+
+    thread = pthread_self();
+
+    // main event loop
+    while (alive) {
+        // swap listen queue
+        l = listen_q;
+        listen_q = (listen_q == &listen1) ? &listen2 : &listen1;
+
+        // fill local list and epoll instance with previously added queue entries
+        for (int i = 0; i < l->n; i++) {
+            evt_listen_t *evt = l->q[i];
+            local = list_append(local, &evt);
+            if (local == NULL) {
+                critical("Unable to resize async local list");
+                return;
+            }
+
+            ev.events = async_a2e(evt->events);
+            ev.data.ptr = evt;
+
+            while (epoll_ctl(epoll_fd, EPOLL_CTL_ADD, evt->fd, &ev) == -1) {
+                if (errno == EEXIST) {
+                    // fd already exists, delete old one
+                    warning("Unable to add file descriptor to epoll instance");
+                    errno = 0;
+                    if (epoll_ctl(epoll_fd, EPOLL_CTL_DEL, evt->fd, NULL) != -1)
+                        continue;
+                } else if (errno == EBADF) {
+                    // fd probably already closed
+                    warning("Unable to add file descriptor to epoll instance");
+                    errno = 0;
+                    local = list_delete(local, &evt);
+                    if (local == NULL) {
+                        critical("Unable to resize async local list");
+                        return;
+                    }
+                    break;
+                }
+                critical("Unable to add file descriptor to epoll instance");
+                return;
+            }
+        }
+        // reset size of queue
+        l->n = 0;
+
+        // TODO timeout calculation = O(n)
+        // calculate wait timeout
+        min_ts = -1000, cur_ts = clock_micros();
+        for (int i = 0; i < list_size(local); i++) {
+            evt_listen_t *evt = local[i];
+            if (!evt->socket || evt->socket->timeout_us < 0) continue;
+
+            ts = evt->socket->ts_last + evt->socket->timeout_us - cur_ts;
+            if (min_ts == -1000 || ts < min_ts) min_ts = ts;
+        }
+
+        // epoll is used in level-triggered mode, so buffers are taken into account
+        if ((num_fds = epoll_wait(epoll_fd, events, ASYNC_MAX_EVENTS, (int) (min_ts / 1000))) == -1) {
+            if (errno == EINTR) {
+                // interrupt
+                errno = 0;
+                continue;
+            } else {
+                // other error
+                critical("Unable to poll for events");
+                return;
+            }
+        }
+
+        for (int i = 0; i < num_fds; i++) {
+            evt_listen_t *evt = events[i].data.ptr;
+            if (!list_contains(local, &evt)) continue;
+
+            if (async_exec(evt, async_e2a(events[i].events)) == 0) {
+                logger_set_prefix("");
+                if (epoll_ctl(epoll_fd, EPOLL_CTL_DEL, evt->fd, NULL) == -1) {
+                    if (errno == EBADF || errno == ENOENT) {
+                        // already closed fd or not found, do not die
+                        warning("Unable to remove file descriptor from epoll instance");
+                        errno = 0;
+                    } else {
+                        critical("Unable to remove file descriptor from epoll instance");
+                        return;
+                    }
+                }
+
+                local = list_delete(local, &evt);
+                if (local == NULL) {
+                    critical("Unable to resize async local list");
+                    return;
+                }
+
+                free(evt);
+            }
+            logger_set_prefix("");
+        }
+
+        // check, if some socket ran into a timeout
+        cur_ts = clock_micros();
+        for (int i = 0; i < list_size(local); i++) {
+            evt_listen_t *evt = local[i];
+            if (!evt->socket) continue;
+
+            if (evt->socket->timeout_us >= 0 && (cur_ts - evt->socket->ts_last) >= evt->socket->timeout_us) {
+                evt->to_cb(evt->arg);
+
+                if (epoll_ctl(epoll_fd, EPOLL_CTL_DEL, evt->fd, NULL) == -1) {
+                    if (errno == EBADF || errno == ENOENT) {
+                        // already closed fd or not found, do not die
+                        warning("Unable to remove file descriptor from epoll instance");
+                        errno = 0;
+                    } else {
+                        critical("Unable to remove file descriptor from epoll instance");
+                        return;
+                    }
+                }
+
+                local = list_remove(local, i--);
+            }
+        }
+        logger_set_prefix("");
+        errno = 0;
+    }
+
+    // cleanup
+    for (int i = 0; i < list_size(local); i++) {
+        free(local[i]);
+    }
+    list_free(local);
+}
+
+void async_stop(void) {
+    alive = 0;
+}
--- a/src/async.h
+++ b/src/async.h
@@ -0,0 +1,45 @@
+/**
+ * Sesimos - secure, simple, modern web server
+ * @brief Async handler (header file)
+ * @file src/async.h
+ * @author Lorenz Stechauner
+ * @date 2022-12-28
+ */
+
+#ifndef SESIMOS_ASYNC_H
+#define SESIMOS_ASYNC_H
+
+#include "lib/sock.h"
+
+#define ASYNC_KEEP 1
+#define ASYNC_IGNORE_PENDING 2
+
+#define ASYNC_IN     0x001
+#define ASYNC_PRI    0x002
+#define ASYNC_OUT    0x004
+#define ASYNC_ERR    0x008
+#define ASYNC_HUP    0x010
+#define ASYNC_RDNORM 0x040
+#define ASYNC_RDBAND 0x080
+#define ASYNC_WRNORM 0x100
+#define ASYNC_WRBAND 0x200
+#define ASYNC_MSG    0x400
+
+#define ASYNC_WAIT_READ  ASYNC_IN
+#define ASYNC_WAIT_WRITE ASYNC_OUT
+
+typedef unsigned int async_evt_t;
+
+int async(sock *s, async_evt_t events, int flags, void *arg, void cb(void *), void to_cb(void *), void err_cb(void *));
+
+int async_fd(int fd, async_evt_t events, int flags, void *arg, void cb(void *), void to_cb(void *), void err_cb(void *));
+
+int async_init(void);
+
+void async_free(void);
+
+void async_thread(void);
+
+void async_stop(void);
+
+#endif //SESIMOS_ASYNC_H
--- a/src/cache_handler.c
+++ b/src/cache_handler.c
@@ -0,0 +1,451 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief File cache implementation
+ * @file src/cache_handler.c
+ * @author Lorenz Stechauner
+ * @date 2020-12-19
+ */
+
+#include "logger.h"
+#include "cache_handler.h"
+#include "lib/utils.h"
+#include "lib/compress.h"
+#include "lib/config.h"
+
+#include <stdio.h>
+#include <magic.h>
+#include <string.h>
+#include <errno.h>
+#include <openssl/evp.h>
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <pthread.h>
+#include <semaphore.h>
+#include <signal.h>
+
+#define CACHE_BUF_SIZE 16
+
+static magic_t magic;
+static pthread_t thread;
+static sem_t sem_free, sem_used, sem_lock, sem_cache, sem_magic;
+volatile sig_atomic_t alive = 1;
+
+typedef struct {
+    int rd;
+    int wr;
+    cache_entry_t *msgs[CACHE_BUF_SIZE];
+} buf_t;
+
+static buf_t buffer;
+
+static int magic_init(void) {
+    if ((magic = magic_open(MAGIC_MIME)) == NULL) {
+        critical("Unable to open magic cookie");
+        return 1;
+    }
+
+    if (magic_load(magic, CACHE_MAGIC_FILE) != 0) {
+        critical("Unable to load magic cookie: %s", magic_error(magic));
+        return 1;
+    }
+
+    return 0;
+}
+
+static void magic_mime_type(const char *restrict filename, char *buf) {
+    while (sem_wait(&sem_magic) != 0) {
+        if (errno == EINTR) {
+            errno = 0;
+            continue;
+        } else {
+            critical("Unable to lock magic semaphore");
+            return;
+        }
+    }
+
+    magic_setflags(magic, MAGIC_MIME_TYPE);
+    const char *type = magic_file(magic, filename);
+
+    if (strstarts(type, "text/")) {
+        if (strends(filename, ".css")) {
+            strcpy(buf, "text/css");
+            sem_post(&sem_magic);
+            return;
+        } else if (strends(filename, ".js")) {
+            strcpy(buf, "application/javascript");
+            sem_post(&sem_magic);
+            return;
+        }
+    }
+
+    strcpy(buf, type);
+    sem_post(&sem_magic);
+}
+
+static void magic_charset(const char *restrict filename, char *buf) {
+    while (sem_wait(&sem_magic) != 0) {
+        if (errno == EINTR) {
+            errno = 0;
+            continue;
+        } else {
+            critical("Unable to lock magic semaphore");
+            return;
+        }
+    }
+
+    magic_setflags(magic, MAGIC_MIME_ENCODING);
+    strcpy(buf, magic_file(magic, filename));
+    sem_post(&sem_magic);
+}
+
+static void cache_free(void) {
+    for (int i = 0; i < CONFIG_MAX_HOST_CONFIG; i++) {
+        host_config_t *hc = &config.hosts[i];
+        if (hc->type == CONFIG_TYPE_UNSET) break;
+        if (hc->type != CONFIG_TYPE_LOCAL) continue;
+
+        munmap(hc->cache, sizeof(cache_t));
+    }
+
+    magic_close(magic);
+
+    sem_destroy(&sem_lock);
+    sem_destroy(&sem_free);
+    sem_destroy(&sem_used);
+    sem_destroy(&sem_cache);
+    sem_destroy(&sem_magic);
+}
+
+static cache_entry_t *cache_get_entry(cache_t *cache, const char *filename) {
+    // search entry
+    cache_entry_t *entry;
+    for (int i = 0; i < CACHE_ENTRIES; i++) {
+        entry = &cache->entries[i];
+        if (entry->filename[0] == 0) break;
+        if (streq(entry->filename, filename)) {
+            // found
+            return entry;
+        }
+    }
+
+    // not found
+    return NULL;
+}
+
+static cache_entry_t *cache_get_new_entry(cache_t *cache) {
+    // globally lock cache
+    while (sem_wait(&sem_cache) != 0) {
+        if (errno == EINTR) {
+            errno = 0;
+            continue;
+        } else {
+            return NULL;
+        }
+    }
+
+    // search empty slot
+    cache_entry_t *entry;
+    for (int i = 0; i < CACHE_ENTRIES; i++) {
+        entry = &cache->entries[i];
+        if (entry->filename[0] == 0) {
+            // unlock cache
+            sem_post(&sem_cache);
+            return entry;
+        }
+    }
+
+    // unlock cache
+    sem_post(&sem_cache);
+
+    // not found
+    return NULL;
+}
+
+static void cache_process_entry(cache_entry_t *entry) {
+    char buf[16384], comp_buf[16384], filename_comp_gz[256], filename_comp_br[256];
+
+    info("Hashing file %s", entry->filename);
+
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    EVP_DigestInit(ctx, EVP_sha256());
+    FILE *file = fopen(entry->filename, "rb");
+    int compress = mime_is_compressible(entry->meta.type);
+
+    compress_ctx comp_ctx;
+    FILE *comp_file_gz = NULL, *comp_file_br = NULL;
+    if (compress) {
+        sprintf(buf, "%.*s/.sesimos", entry->webroot_len, entry->filename);
+        if (mkdir(buf, 0755) != 0 && errno != EEXIST) {
+            error("Unable to create directory %s", buf);
+            goto comp_err;
+        }
+
+        sprintf(buf, "%.*s/.sesimos/cache", entry->webroot_len, entry->filename);
+        if (mkdir(buf, 0700) != 0 && errno != EEXIST) {
+            error("Unable to create directory %s", buf);
+            goto comp_err;
+        }
+        errno = 0;
+
+        char *rel_path = entry->filename + entry->webroot_len + 1;
+        for (int j = 0; j < strlen(rel_path); j++) {
+            buf[j] = (char) ((rel_path[j] == '/') ? '_' : rel_path[j]);
+        }
+        buf[strlen(rel_path)] = 0;
+
+        int p_len_gz = snprintf(filename_comp_gz, sizeof(filename_comp_gz),
+                                "%.*s/.sesimos/cache/%s.gz",
+                                entry->webroot_len, entry->filename, buf);
+        int p_len_br = snprintf(filename_comp_br, sizeof(filename_comp_br),
+                                "%.*s/.sesimos/cache/%s.br",
+                                entry->webroot_len, entry->filename, buf);
+        if (p_len_gz < 0 || p_len_gz >= sizeof(filename_comp_gz) || p_len_br < 0 || p_len_br >= sizeof(filename_comp_br)) {
+            error("Unable to open cached file: File name for compressed file too long");
+            goto comp_err;
+        }
+
+        info("Compressing file %s", entry->filename);
+
+        comp_file_gz = fopen(filename_comp_gz, "wb");
+        comp_file_br = fopen(filename_comp_br, "wb");
+        if (comp_file_gz == NULL || comp_file_br == NULL) {
+            error("Unable to open cached file");
+            comp_err:
+            compress = 0;
+        } else {
+            if ((compress_init(&comp_ctx, COMPRESS_GZ | COMPRESS_BR | (mime_is_text(entry->meta.type) ? COMPRESS_UTF8 : 0))) != 0) {
+                error("Unable to init compression");
+                compress = 0;
+                fclose(comp_file_gz);
+                fclose(comp_file_br);
+            }
+        }
+    }
+
+    for (unsigned long read, avail_in, avail_out; (read = fread(buf, 1, sizeof(buf), file)) > 0;) {
+        EVP_DigestUpdate(ctx, buf, read);
+        if (compress) {
+            avail_in = read;
+            do {
+                avail_out = sizeof(comp_buf);
+                compress_compress_mode(&comp_ctx, COMPRESS_GZ, buf + read - avail_in, &avail_in, comp_buf, &avail_out, feof(file));
+                fwrite(comp_buf, 1, sizeof(comp_buf) - avail_out, comp_file_gz);
+            } while (avail_in != 0 || avail_out != sizeof(comp_buf));
+            avail_in = read;
+            do {
+                avail_out = sizeof(comp_buf);
+                compress_compress_mode(&comp_ctx, COMPRESS_BR, buf + read - avail_in, &avail_in, comp_buf, &avail_out, feof(file));
+                fwrite(comp_buf, 1, sizeof(comp_buf) - avail_out, comp_file_br);
+            } while (avail_in != 0 || avail_out != sizeof(comp_buf));
+        }
+    }
+
+    if (compress) {
+        compress_free(&comp_ctx);
+        fclose(comp_file_gz);
+        fclose(comp_file_br);
+        info("Finished compressing file %s", entry->filename);
+        strcpy(entry->meta.filename_comp_gz, filename_comp_gz);
+        strcpy(entry->meta.filename_comp_br, filename_comp_br);
+    } else {
+        memset(entry->meta.filename_comp_gz, 0, sizeof(entry->meta.filename_comp_gz));
+        memset(entry->meta.filename_comp_br, 0, sizeof(entry->meta.filename_comp_br));
+    }
+
+    unsigned int md_len;
+    unsigned char hash[EVP_MAX_MD_SIZE];
+    EVP_DigestFinal(ctx, hash, &md_len);
+    EVP_MD_CTX_free(ctx);
+
+    memset(entry->meta.etag, 0, sizeof(entry->meta.etag));
+    for (int j = 0; j < md_len; j++) {
+        sprintf(entry->meta.etag + j * 2, "%02x", hash[j]);
+    }
+    fclose(file);
+    entry->flags &= !CACHE_DIRTY;
+
+    info("Finished hashing file %s", entry->filename);
+}
+
+static void *cache_thread(void *arg) {
+    logger_set_name("cache");
+
+    while (alive) {
+        pthread_testcancel();
+        if (sem_wait(&sem_used) != 0) {
+            if (errno == EINTR) {
+                errno = 0;
+                continue;
+            } else {
+                error("Unable to lock semaphore");
+                errno = 0;
+                break;
+            }
+        }
+
+        cache_entry_t *entry = buffer.msgs[buffer.wr];
+        buffer.wr = (buffer.wr + 1) % CACHE_BUF_SIZE;
+
+        cache_process_entry(entry);
+
+        // unlock slot in buffer
+        sem_post(&sem_free);
+    }
+
+    cache_free();
+
+    return NULL;
+}
+
+int cache_init(void) {
+    char buf[512];
+    int ret, fd;
+    if ((ret = magic_init()) != 0)
+        return ret;
+
+    for (int i = 0; i < CONFIG_MAX_HOST_CONFIG; i++) {
+        host_config_t *hc = &config.hosts[i];
+        if (hc->type == CONFIG_TYPE_UNSET) break;
+        if (hc->type != CONFIG_TYPE_LOCAL) continue;
+
+        sprintf(buf, "%s/.sesimos", hc->local.webroot);
+        if (mkdir(buf, 0755) != 0 && errno != EEXIST) {
+            critical("Unable to create directory %s", buf);
+            return 1;
+        }
+        errno = 0;
+
+        sprintf(buf, "%s/.sesimos/metadata", hc->local.webroot);
+        if ((fd = open(buf, O_CREAT | O_RDWR, 0600)) == -1) {
+            critical("Unable to open file %s", buf);
+            return 1;
+        }
+
+        if (ftruncate(fd, sizeof(cache_t)) == -1) {
+            critical("Unable to truncate file %s", buf);
+            return 1;
+        }
+
+        if ((hc->cache = mmap(NULL, sizeof(cache_t), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0)) == NULL) {
+            critical("Unable to map file %s", buf);
+            close(fd);
+            return 1;
+        }
+
+        close(fd);
+        errno = 0;
+    }
+
+    // try to initialize all three semaphores
+    if (sem_init(&sem_lock, 0, 1) != 0 ||
+        sem_init(&sem_free, 0, 1) != 0 ||
+        sem_init(&sem_used, 0, 0) != 0 ||
+        sem_init(&sem_cache, 0, 1) != 0 ||
+        sem_init(&sem_magic, 0, 1) != 0)
+    {
+        critical("Unable to initialize semaphore");
+        return -1;
+    }
+
+    // initialize read/write heads
+    buffer.rd = 0;
+    buffer.wr = 0;
+
+    pthread_create(&thread, NULL, cache_thread, NULL);
+
+    return 0;
+}
+
+void cache_stop(void) {
+    alive = 0;
+    pthread_kill(thread, SIGUSR1);
+}
+
+int cache_join(void) {
+    return pthread_join(thread, NULL);
+}
+
+static void cache_mark_entry_dirty(cache_entry_t *entry) {
+    if (entry->flags & CACHE_DIRTY)
+        return;
+
+    entry->flags |= CACHE_DIRTY;
+    memset(entry->meta.etag, 0, sizeof(entry->meta.etag));
+    memset(entry->meta.filename_comp_gz, 0, sizeof(entry->meta.filename_comp_gz));
+    memset(entry->meta.filename_comp_br, 0, sizeof(entry->meta.filename_comp_br));
+
+    while (sem_wait(&sem_free) != 0) {
+        if (errno == EINTR) {
+            errno = 0;
+            continue;
+        } else {
+            error("Unable to lock semaphore");
+            errno = 0;
+        }
+        return;
+    }
+
+    // try to lock buffer
+    while (sem_wait(&sem_lock) != 0) {
+        if (errno == EINTR) {
+            errno = 0;
+            continue;
+        } else {
+            error("Unable to lock semaphore");
+            errno = 0;
+        }
+        return;
+    }
+
+    // write to buffer
+    buffer.msgs[buffer.rd] = entry;
+    buffer.rd = (buffer.rd + 1) % CACHE_BUF_SIZE;
+
+    // unlock buffer
+    sem_post(&sem_lock);
+
+    // unlock slot in buffer for logger
+    sem_post(&sem_used);
+}
+
+static void cache_update_entry(cache_entry_t *entry, const char *filename, const char *webroot) {
+    entry->meta.mtime = stat_mtime(filename);
+    entry->webroot_len = (unsigned char) strlen(webroot);
+    strcpy(entry->filename, filename);
+
+    magic_mime_type(filename, entry->meta.type);
+    magic_charset(filename, entry->meta.charset);
+
+    cache_mark_entry_dirty(entry);
+}
+
+void cache_mark_dirty(cache_t *cache, const char *filename) {
+    cache_entry_t *entry = cache_get_entry(cache, filename);
+    if (entry) cache_mark_entry_dirty(entry);
+}
+
+void cache_init_uri(cache_t *cache, http_uri *uri) {
+    if (!uri->filename)
+        return;
+
+    cache_entry_t *entry = cache_get_entry(cache, uri->filename);
+    if (!entry) {
+        // no entry found -> create new entry
+        if ((entry = cache_get_new_entry(cache))) {
+            cache_update_entry(entry, uri->filename, uri->webroot);
+            uri->meta = &entry->meta;
+        } else {
+            warning("No empty cache entry slot found");
+        }
+    } else {
+        uri->meta = &entry->meta;
+        if (entry->flags & CACHE_DIRTY)
+            return;
+
+        // check, if file has changed
+        if (uri->meta->mtime != stat_mtime(uri->filename)) {
+            // modify time has changed
+            cache_update_entry(entry, uri->filename, uri->webroot);
+        }
+    }
+}
--- a/src/cache_handler.h
+++ b/src/cache_handler.h
@@ -0,0 +1,46 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief File cache implementation (header file)
+ * @file src/cache_handler.h
+ * @author Lorenz Stechauner
+ * @date 2020-12-19
+ */
+
+#ifndef SESIMOS_CACHE_HANDLER_H
+#define SESIMOS_CACHE_HANDLER_H
+
+#include "lib/uri.h"
+
+#define CACHE_ENTRIES 1024
+
+#define CACHE_DIRTY 1
+
+#ifndef CACHE_MAGIC_FILE
+#   define CACHE_MAGIC_FILE "/usr/share/file/misc/magic.mgc"
+#endif
+
+
+typedef struct {
+    char filename[256];
+    unsigned char webroot_len;
+    unsigned char flags;
+    metadata_t meta;
+} cache_entry_t;
+
+typedef struct {
+    char sig[6];
+    unsigned char ver;
+    cache_entry_t entries[CACHE_ENTRIES];
+} cache_t;
+
+int cache_init(void);
+
+void cache_stop(void);
+
+int cache_join(void);
+
+void cache_mark_dirty(cache_t *cache, const char *filename);
+
+void cache_init_uri(cache_t *cache, http_uri *uri);
+
+#endif //SESIMOS_CACHE_HANDLER_H
--- a/src/client.cpp
+++ b/src/client.cpp
@@ -1,673 +0,0 @@
-#include <utility>
-
-#include <utility>
-
-/**
- * Necronda Web Server 3.0
- * client.cpp - Client and Connection handler
- * Lorenz Stechauner, 2018-05-16
- */
-
-
-#include <string>
-#include <iostream>
-#include <zlib.h>
-#include <cassert>
-#include <fstream>
-#include <openssl/md5.h>
-#include <cstring>
-#include <fcntl.h>
-#include <sstream>
-#include <netinet/in.h>
-#include <netinet/tcp.h>
-
-#include "network/Socket.h"
-#include "network/http/HttpRequest.h"
-#include "network/http/HttpConnection.h"
-#include "necronda-server.h"
-#include "network/http/HttpStatusCode.h"
-#include "URI.h"
-#include "procopen.h"
-#include "network/Address.h"
-
-
-typedef struct {
-    string host;
-    string cc;
-    string country;
-    string prov;
-    string provname;
-    string city;
-    string timezone;
-    string localdate;
-} IpAddressInfo;
-
-
-void log_to_file(const char *prefix, const string &str, string host) {
-    //FILE *file = fopen((getWebRoot(std::move(host)) + ".access.log").c_str(), "a");
-    //fprintf(file, "%s%s\r\n", prefix, str.c_str());
-    //fflush(file);
-    //fclose(file);
-}
-
-void log_error_to_file(const char *prefix, const string &str, string host) {
-    log_to_file(prefix, "\x1B[1;31m" + str + "\x1B[0m", std::move(host));
-}
-
-/**
- * Writes log messages to the console
- * @param prefix The connection prefix
- * @param str The string to be written
- */
-void log(const char *prefix, const string &str) {
-    printf("%s%s\r\n", prefix, str.c_str());
-    flush(cout);
-}
-
-void log_error(const char *prefix, const string &str) {
-    log(prefix, "\x1B[1;31m" + str + "\x1B[0m");
-}
-
-void php_error_handler(const char *prefix, FILE *stderr) {
-    string line;
-    while (!(line = read_line(stderr)).empty()) {
-        log_error(prefix, line);
-    }
-    fclose(stderr);
-}
-
-IpAddressInfo get_ip_address_info(Address* addr) {
-    FILE *name = popen(("/opt/ipinfo/ipinfo.py " + addr->toString()).c_str(), "r");
-    char hostbuffer[1024];
-    memset(hostbuffer, 0, 1024);
-    size_t size = fread(hostbuffer, 1, 1024, name);
-    istringstream buffer(hostbuffer);
-    string line;
-
-    IpAddressInfo info;
-    int num = 0;
-    while (std::getline(buffer, line)) {
-        switch (num) {
-            case 0: info.host = line; break;
-            case 1: info.cc = line; break;
-            case 2: info.country = line; break;
-            case 3: info.prov = line; break;
-            case 4: info.provname = line; break;
-            case 5: info.city = line; break;
-            case 6: info.timezone = line; break;
-            case 7: info.localdate = line; break;
-        }
-        num++;
-    }
-    return info;
-}
-
-string get_os_info(int fd) {
-    struct tcp_info ti;
-    socklen_t tisize = sizeof(ti);
-    getsockopt(fd, IPPROTO_TCP, TCP_INFO, &ti, &tisize);
-
-    int ttl;
-    socklen_t ttlsize = sizeof(ttl);
-    getsockopt(fd, IPPROTO_IP, IP_TTL, &ttl, &ttlsize);
-
-    return "win_size=" + to_string(ti.tcpi_rcv_space) + ", ttl=" + to_string(ttl);
-}
-
-string getETag(string filename) {
-    ifstream etags = ifstream("/var/necronda/ETags");
-
-    ifstream a = ifstream();
-    string line;
-    int index = 0;
-    int i = 0;
-    string timestamp = getTimestamp(filename);
-    long size = getFileSize(filename);
-    while (getline(etags, line)) {
-        i++;
-        if (line == filename) {
-            index = i;
-            break;
-        }
-        long p1 = line.find(':');
-        if (p1 == string::npos) continue;
-        long p2 = line.find(':', (unsigned) p1 + 1);
-        if (p2 == string::npos) continue;
-        long p3 = line.find(':', (unsigned) p2 + 1);
-        if (p3 == string::npos) continue;
-        string FILENAME = line.substr(0, (unsigned) p1);
-        string HASH = line.substr((unsigned) p1 + 1, (unsigned) (p2 - p1));
-        string TIMESTAMP = line.substr((unsigned) p2 + 1, (unsigned) (p3 - p2));
-        long SIZE = strtol(line.substr((unsigned) p3 + 1, line.length() - p3).c_str(), nullptr, 10);
-        if (FILENAME == filename) {
-            index = i;
-            if (timestamp != TIMESTAMP || size != SIZE) {
-                break;
-            } else {
-                etags.close();
-                return HASH;
-            }
-        }
-    }
-    etags.close();
-
-    MD5_CTX mdContext;
-    MD5_Init(&mdContext);
-    size_t bytes;
-    char buffer[4096];
-    FILE *file = fopen(filename.c_str(), "rb");
-    if (file == nullptr) {
-        throw (char *) "Invalid file";
-    }
-    while ((bytes = fread(buffer, 1, 4096, file)) != 0) {
-        MD5_Update(&mdContext, buffer, bytes);
-    }
-    fclose(file);
-    unsigned char md[16];
-    MD5_Final(md, &mdContext);
-    char md5buff[32];
-    for (int i = 0; i < 16; i++) {
-        sprintf(md5buff + i * 2, "%02x", md[i]);
-    }
-    string md5 = string(md5buff);
-
-    if (index == 0) {
-        char buff[256];
-        sprintf(buff, "%s:%s:%s:%ld\n", filename.c_str(), md5.c_str(), timestamp.c_str(), size);
-        FILE *f = fopen("/var/necronda/ETags", "a");
-        if (f == nullptr) {
-            throw (char *) strerror(errno);
-        }
-        fseek(f, 0, SEEK_END);
-        fwrite(buff, 1, strlen(buff), f);
-        fflush(f);
-        fclose(f);
-    } else {
-
-    }
-
-    return md5;
-}
-
-#include <iostream>
-#include <wait.h>
-#include <thread>
-
-
-long getPosition(std::string str, char c, int occurence) {
-    int tempOccur = 0;
-    int num = 0;
-    for (auto it : str) {
-        num++;
-        if (it == c) {
-            if (++tempOccur == occurence) {
-                return num;
-            }
-        }
-    }
-
-    return -1;
-}
-
-int websocket_handler(Socket *socket, stds *pipes) {
-    fd_set readfd;
-    int maxfd = (socket->getFd() > pipes->stdout->_fileno) ? socket->getFd() : pipes->stdout->_fileno;
-    FD_ZERO(&readfd);
-    FD_SET(socket->getFd(), &readfd);
-    FD_SET(pipes->stdout->_fileno, &readfd);
-
-    /*while (true) {
-        int ret = ::select(maxfd + 1, &readfd, nullptr, nullptr, nullptr);
-        if (ret < 0) {
-            throw (char *) strerror(errno);
-        }
-
-        int c = fgetc(pipes->stdout);
-        if (c == -1) {
-            long rec = socket->receive(pipes->stdin);
-        } else {
-            ungetc(c, pipes->stdout);
-            socket->send(pipes->stdout);
-        }
-    }*/
-}
-
-/**
- * Handles (keep-alive) HTTP connections
- * @param prefix The connection prefix
- * @param socket The socket
- * @param id The client ID
- * @param num The Connection Number in the client
- * @return Should the server wait for another header?
- */
-bool connection_handler(const char *preprefix, const char *col1, const char *col2, Socket *socket, long id, long num, IpAddressInfo *info) {
-    bool error = false;
-    char buffer[1024];
-    char *prefix = (char *) preprefix;
-
-    HttpConnection req;
-    try {
-        req = HttpConnection(socket);
-    } catch (char *msg) {
-        try {
-            if (msg == "Malformed header") {
-                log(prefix, "Unable to parse header: Malformed header");
-                socket->send("HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n");
-                return false;
-            } else if (msg == "timeout") {
-                log(prefix, "Timeout!");
-                socket->send("HTTP/1.1 408 Request Timeout\r\nConnection: close\r\n\r\n");
-                return false;
-            } else {
-                log(prefix, (string) "Unable to receive from socket: " + msg);
-                return false;
-            }
-        } catch (char *msg2) {
-            return false;
-        }
-    }
-
-    try {
-        bool noRedirect, redir, invalidMethod, etag, compress, wantsWebsocket, websocket = false;
-        URI path;
-        pid_t childpid;
-        FILE *file;
-        int statuscode;
-        string hash, type, host;
-        thread *t;
-        long pos;
-        stds pipes;
-
-        if (req.isExistingField("Connection") && req.getField("Connection") == "keep-alive") {
-            req.setField("Connection", "keep-alive");
-            req.setField("Keep-Alive", "timeout=3600, max=100");
-        } else {
-            req.setField("Connection", "close");
-            error = true;
-        }
-
-        host = "";
-
-        if (!req.isExistingField("Host")) {
-            req.respond(400);
-            goto respond;
-        }
-        host = req.getField("Host");
-        pos = host.find(':');
-        if (pos != string::npos) {
-            host.erase(pos, host.length() - pos);
-        }
-
-        /*
-        FILE *name = popen(("dig @8.8.8.8 +time=1 -x " + socket->getPeerAddress()->toString() +
-                            " | grep -oP \"^[^;].*\\t\\K([^ ]*)\\w\"").c_str(), "r");
-        char hostbuffer[1024];
-        memset(hostbuffer, 0, 1024);
-        size_t size = fread(hostbuffer, 1, 1024, name);
-        hostbuffer[size - 1] = 0; // remove \n
-        if (size <= 1) {
-            sprintf(hostbuffer, "%s", socket->getPeerAddress()->toString().c_str());
-        }
-        */
-
-        sprintf(buffer, "[\x1B[1m%s\x1B[0m][%i]%s[%s][%i]%s ", host.c_str(), socket->getSocketPort(), col1,
-                info->host.c_str(), socket->getPeerPort(), col2);
-        prefix = buffer;
-
-        log(prefix, "\x1B[1m" + req.getMethod() + " " + req.getPath() + "\x1B[0m");
-        log_to_file(prefix, "\x1B[1m" + req.getMethod() + " " + req.getPath() + "\x1B[0m", host);
-
-        noRedirect = req.getPath().find("/.well-known/") == 0 || (req.getPath().find("/files/") == 0);
-        redir = true;
-        if (!noRedirect) {
-            if (getWebRoot(host).empty()) {
-                req.redirect(303, "https://www.necronda.net" + req.getPath());
-            } else if (socket->getSocketPort() != 443) {
-                req.redirect(302, "https://" + host + req.getPath());
-            } else {
-                redir = false;
-            }
-        } else {
-            redir = false;
-        }
-
-        path = URI(getWebRoot(host), req.getPath());
-        childpid = 0;
-
-        if (redir) {
-            goto respond;
-        } else if (!path.getNewPath().empty() && req.getMethod() != "POST") {
-            req.redirect(303, path.getNewPath());
-            goto respond;
-        }
-
-        file = path.openFile();
-        if (file == nullptr) {
-            req.setField("Cache-Control", "public, max-age=60");
-            req.respond(404);
-            goto respond;
-        }
-        type = path.getFileType();
-
-        if (type.find("inode/") == 0 || (path.getRelativeFilePath().find("/.") != string::npos && !noRedirect)) {
-            req.respond(403);
-            goto respond;
-        }
-
-        req.setField("Content-Type", type);
-        req.setField("Last-Modified", getHttpDate(path.getFilePath()));
-
-        invalidMethod = false;
-        etag = false;
-
-        if (path.isStatic()) {
-            hash = getETag(path.getFilePath());
-            req.setField("ETag", hash);
-            req.setField("Accept-Ranges", "bytes");
-            if (type.find("text/") == 0) {
-                req.setField("Cache-Control", "public, max-age=3600");
-            } else {
-                req.setField("Cache-Control", "public, max-age=86400");
-            }
-            req.setField("Allow", "GET");
-            if (req.getMethod() != "GET") {
-                invalidMethod = true;
-            }
-            if (req.isExistingField("If-None-Match") && req.getField("If-None-Match") == hash) {
-                etag = true;
-            }
-        } else {
-            req.setField("Accept-Ranges", "none");
-            req.setField("Cache-Control", "private, no-cache");
-            req.setField("Allow", "GET, POST, PUT");
-            if (req.getMethod() != "GET" && req.getMethod() != "POST" && req.getMethod() != "PUT") {
-                invalidMethod = true;
-            }
-        }
-
-        if (invalidMethod) {
-            req.respond(405);
-            goto respond;
-        } else if (etag) {
-            req.respond(304);
-            goto respond;
-        }
-
-        statuscode = 0;
-        if (!path.isStatic()) {
-            string cmd = (string) "env -i" +
-                         " REDIRECT_STATUS=" + cli_encode("CGI") +
-                         " DOCUMENT_ROOT=" + cli_encode(getWebRoot(host)) +
-                         " " + req.cgiExport() +
-                         (req.isExistingField("Content-Length") ? " CONTENT_LENGTH=" +
-                                                                  cli_encode(req.getField(
-                                                                          "Content-Length"))
-                                                                : "") +
-                         (req.isExistingField("Content-Type") ? " CONTENT_TYPE=" + cli_encode(
-                                 req.getField("Content-Type")) : "") +
-                         ((socket->isSecured()) ? " HTTPS=on" : "") +
-                         " PATH_INFO=" + cli_encode(path.getFilePathInfo()) +
-                         " PATH_TRANSLATED=" + cli_encode(path.getAbsolutePath()) +
-                         " QUERY_STRING=" + cli_encode(path.getQuery()) +
-                         " REMOTE_ADDR=" + cli_encode(socket->getPeerAddress()->toString()) +
-                         " REMOTE_HOST=" + cli_encode(info->host) +
-                         " REMOTE_PORT=" + cli_encode(to_string(socket->getPeerPort())) +
-                         " REQUEST_METHOD=" + cli_encode(req.getMethod()) +
-                         " REQUEST_URI=" + cli_encode(req.getPath()) +
-                         " SCRIPT_FILENAME=" + cli_encode(path.getFilePath()) +
-                         " SCRIPT_NAME=" + cli_encode(path.getRelativePath()) +
-                         " SERVER_ADMIN=" + cli_encode("lorenz.stechauner@gmail.com") +
-                         " SERVER_NAME=" + cli_encode(host) +
-                         " SERVER_PORT=" + cli_encode(to_string(socket->getSocketPort())) +
-                         " SERVER_SOFTWARE=" + cli_encode("Necronda 3.0") +
-                         " SERVER_PROTOCOL=" + cli_encode("HTTP/1.1") +
-                         " GATEWAY_INTERFACE=" + cli_encode("CGI/1.1") +
-                         " /usr/bin/php-cgi";
-
-            pipes = procopen(cmd.c_str());
-            childpid = pipes.pid;
-
-            long len = req.isExistingField("Content-Length")
-                    ? strtol(req.getField("Content-Length").c_str(), nullptr, 10)
-                    : ((req.getMethod() == "POST" || req.getMethod() == "PUT") ? -1 : 0);
-
-            socket->receive(pipes.stdin, len);
-            wantsWebsocket = req.getMethod() == "GET" &&
-                    req.isExistingResponseField("Connection") && req.getField("Connection") == "Upgrade" &&
-                    req.isExistingResponseField("Upgrade") && req.getField("Upgrade") == "websocket";
-            if (!wantsWebsocket) {
-                // Close only if no Websocket upgrade is possible
-                fclose(pipes.stdin);
-            }
-            t = new thread(php_error_handler, prefix, pipes.stderr);
-
-            string line;
-            while (!(line = read_line(pipes.stdout)).empty()) {
-                pos = line.find(':');
-                string index = line.substr(0, pos);
-                string data = line.substr(pos + 1, line.length() - pos);
-
-                while (index[0] == ' ') index.erase(index.begin() + 0);
-                while (index[index.length() - 1] == ' ') index.erase(index.end() - 1);
-                while (data[0] == ' ') data.erase(data.begin() + 0);
-                while (data[data.length() - 1] == ' ') data.erase(data.end() - 1);
-
-                if (index == "Status") {
-                    statuscode = (int) strtol(data.substr(0, 3).c_str(), nullptr, 10);
-                } else {
-                    if (index == "Location" && statuscode == 0) {
-                        statuscode = 303;
-                    } else if (index == "Content-Type") {
-                        type = data;
-                    }
-                    req.setField(index, data);
-                }
-            }
-
-            websocket = statuscode == 101 &&
-                    req.isExistingResponseField("Connection") && req.getResponseField("Connection") == "Upgrade" &&
-                    req.isExistingResponseField("Upgrade") && req.getResponseField("Upgrade") == "websocket";
-
-            fclose(file);
-            file = pipes.stdout;
-            if (websocket) {
-                log(prefix, "Upgrade to WebSocket!");
-                req.respond(statuscode);
-                goto respond;
-            } else {
-                int c = fgetc(pipes.stdout);
-                if (c == -1) {
-                    // No Data -> Error
-                    req.respond((statuscode == 0) ? 500 : statuscode);
-                    goto respond;
-                } else {
-                    ungetc(c, pipes.stdout);
-                }
-            }
-        }
-
-        statuscode = (statuscode == 0) ? 200 : statuscode;
-
-        compress = (type.find("text/") == 0 ||
-                            (type.find("application/") == 0 && type.find("+xml") != string::npos) ||
-                            type == "application/json" ||
-                            type == "application/javascript") &&
-                        req.isExistingField("Accept-Encoding") &&
-                        req.getField("Accept-Encoding").find("deflate") != string::npos;
-
-        if (compress) {
-            req.setField("Accept-Ranges", "none");
-        }
-
-        if (compress && req.isExistingField("Range")) {
-            req.respond(416);
-        } else if (req.isExistingField("Range")) {
-            string range = req.getField("Range");
-            if (range.find("bytes=") != 0 || !path.isStatic()) {
-                req.respond(416);
-            } else {
-                fseek(file, 0L, SEEK_END);
-                long len = ftell(file);
-                fseek(file, 0L, SEEK_SET);
-                long p = range.find('-');
-                if (p == string::npos) {
-                    req.respond(416);
-                } else {
-                    string part1 = range.substr(6, (unsigned long) (p - 6));
-                    string part2 = range.substr((unsigned long) (p + 1),
-                                                range.length() - p - 1);
-                    long num1 = stol(part1, nullptr, 10);
-                    long num2 = len - 1;
-                    if (!part2.empty()) {
-                        num2 = stol(part2, nullptr, 10);
-                    }
-                    if (num1 < 0 || num1 >= len || num2 < 0 || num2 >= len) {
-                        req.respond(416);
-                    } else {
-                        req.setField("Content-Range",
-                                     (string) "bytes " + to_string(num1) + "-" +
-                                     to_string(num2) +
-                                     "/" + to_string(len));
-                        req.respond(206, file, compress, num1, num2);
-                    }
-                }
-            }
-        } else {
-            req.respond(statuscode, file, compress);
-        }
-
-        fclose(file);
-        if (childpid > 0) {
-            waitpid(childpid, nullptr, 0);
-        }
-
-        respond:
-
-        HttpStatusCode status = req.getStatusCode();
-        int code = status.code;
-        string color;
-        string comment;
-        if ((code >= 200 && code < 300) || code == 304 || code == 101) {
-            color = "\x1B[1;32m"; // Success (Cached, Switching Protocols): Green
-        } else if (code >= 100 && code < 200) {
-            color = "\x1B[1;93m"; // Continue: Yellow
-        } else if (code >= 300 && code < 400) {
-            color = "\x1B[1;93m"; // Redirect: Yellow
-            comment = " -> " +
-                      (req.isExistingResponseField("Location") ? req.getResponseField("Location") : "<invalid>");
-        } else if (code >= 400 && code < 500) {
-            color = "\x1B[1;31m"; // Client Error: Red
-            //comment = " -> " + req.getPath();
-        } else if (code >= 500 & code < 600) {
-            color = "\x1B[1;31m"; // Server Error: Red
-            //comment = " -> " + req.getPath();
-        }
-        string msg = color + to_string(status.code) + " " + status.message + comment + " (" + formatTime(req.getDuration()) + ")\x1B[0m";
-        log(prefix, msg);
-        if (!host.empty()) {
-            log_to_file(prefix, msg, host);
-        }
-
-        if (websocket) {
-            websocket_handler(socket, &pipes);
-            log(prefix, "\x1B[1mClosing WebSocket (" + formatTime(req.getDuration()) + ")\x1B[0m");
-        }
-    } catch (char *msg) {
-        HttpStatusCode status = req.getStatusCode();
-        log(prefix, to_string(status.code) + " " + status.message + " (" + formatTime(req.getDuration()) + ")");
-        try {
-            if (strncmp(msg, "timeout", strlen(msg)) == 0) {
-                log(prefix, "Timeout!");
-                req.setField("Connection", "close");
-                req.respond(408);
-                error = true;
-            } else if (strncmp(msg, "Invalid path", strlen(msg)) == 0) {
-                log(prefix, "Timeout!");
-                req.setField("Connection", "close");
-                req.respond(400);
-            } else {
-                log(prefix, (string) "Unable to receive from socket: " + msg);
-                error = true;
-            }
-        } catch (char *msg2) {
-
-        }
-    }
-    return !error;
-}
-
-/**
- * Handles HTTP clients
- * @param socket The socket
- * @param id The client ID
- */
-void client_handler(Socket *socket, long id, bool ssl) {
-    const char *prefix;
-    char const *col1;
-    char const *col2 = "\x1B[0m";
-    IpAddressInfo info = get_ip_address_info(socket->getPeerAddress());
-    auto os = get_os_info(socket->getFd());
-    {
-        auto group = (int) (id % 6);
-        if (group == 0) {
-            col1 = "\x1B[0;31m"; // Red
-        } else if (group == 1) {
-            col1 = "\x1B[0;32m"; // Green
-        } else if (group == 2) {
-            col1 = "\x1B[0;34m"; // Blue
-        } else if (group == 3) {
-            col1 = "\x1B[0;33m"; // Yellow
-        } else if (group == 4) {
-            col1 = "\x1B[0;35m"; // Magenta
-        } else {
-            col1 = "\x1B[0;36m"; // Cyan
-        }
-
-        string *a = new string("[" + socket->getSocketAddress()->toString() + "][" +
-                               to_string(socket->getSocketPort()) + "]" + col1 +
-                               "[" + info.host + "][" + to_string(socket->getPeerPort()) +
-                               "]" + col2 + " ");
-        prefix = a->c_str();
-    }
-
-    log(prefix, "Connection established");
-    log(prefix, string("Host: ") + info.host + " (" + socket->getPeerAddress()->toString() + ")");
-    log(prefix, string("OS: ") + os);
-    log(prefix, string("Location: ") + info.cc + "/" + info.country + ", " + info.prov + "/" + info.provname + ", " + info.city);
-    log(prefix, string("Local Date: ") + info.localdate + " (" + info.timezone + ")");
-
-
-    bool err = false;
-    try {
-        socket->setReceiveTimeout(3600000);
-        socket->setSendTimeout(36000000);
-    } catch (char *msg) {
-        log(prefix, (string) "Unable to set timeout on socket: " + msg);
-        err = true;
-    }
-
-    try {
-        if (ssl) {
-            //socket->sslHandshake("/home/lorenz/Documents/Projects/Necronda-Server/necronda-server-3.0/privkey.pem",
-            //                     "/home/lorenz/Documents/Projects/Necronda-Server/necronda-server-3.0/fullchain.pem");
-            socket->sslHandshake("/cert/necronda.net/privkey.pem",
-                                 "/cert/necronda.net/fullchain.pem");
-        }
-    } catch (char *msg) {
-        log(prefix, (string) "Unable to perform handshake: " + msg);
-        err = true;
-    }
-
-    long reqnum = 0;
-    if (!err) {
-        while (connection_handler(prefix, col1, col2, socket, id, ++reqnum, &info));
-        reqnum--;
-    }
-
-    log(prefix,
-        "Connection terminated (#:" + to_string(reqnum) + ", R: " + formatSize(socket->getBytesReceived()) + ", S: " +
-        formatSize(socket->getBytesSent()) + ", T: " + formatTime(socket->getDuration()) + ")");
-    socket->close();
-}
-
-
--- a/src/defs.h
+++ b/src/defs.h
@@ -0,0 +1,28 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Definitions
+ * @file src/defs.h
+ * @author Lorenz Stechauner
+ * @date 2021-05-04
+ */
+
+#ifndef SESIMOS_DEF_H
+#define SESIMOS_DEF_H
+
+#define SERVER_VERSION "5.0-wip"
+#define SERVER_STR "sesimos/" SERVER_VERSION
+#define SERVER_STR_HTML "sesimos&nbsp;web&nbsp;server&nbsp;" SERVER_VERSION
+
+#define CHUNK_SIZE 8192
+#define MAX_PROXY_CNX_PER_HOST 16
+#define ADDRSTRLEN 39
+
+#ifndef DEFAULT_HOST
+#   define DEFAULT_HOST "www.necronda.net"
+#endif
+
+#ifndef SERVER_NAME
+#   define SERVER_NAME DEFAULT_HOST
+#endif
+
+#endif //SESIMOS_DEF_H
--- a/src/lib/compress.c
+++ b/src/lib/compress.c
@@ -0,0 +1,88 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Compression interface
+ * @file src/lib/compress.c
+ * @author Lorenz Stechauner
+ * @date 2021-05-05
+ */
+
+#include "compress.h"
+
+#include <errno.h>
+
+
+int compress_init(compress_ctx *ctx, int mode) {
+    ctx->brotli = NULL;
+
+    if (mode & COMPRESS_GZ) {
+        ctx->mode |= COMPRESS_GZ;
+        ctx->gzip.zalloc = Z_NULL;
+        ctx->gzip.zfree = Z_NULL;
+        ctx->gzip.opaque = Z_NULL;
+        ctx->gzip.data_type = (mode & COMPRESS_UTF8) ? Z_TEXT : Z_UNKNOWN;
+        if (deflateInit2(&ctx->gzip, COMPRESS_LEVEL_GZIP, Z_DEFLATED, 15 + 16, 9, Z_DEFAULT_STRATEGY) != Z_OK)
+            return -1;
+    }
+
+    if (mode & COMPRESS_BR) {
+        ctx->mode |= COMPRESS_BR;
+        if ((ctx->brotli = BrotliEncoderCreateInstance(NULL, NULL, NULL)) == NULL)
+            return -1;
+        BrotliEncoderSetParameter(ctx->brotli, BROTLI_PARAM_MODE, (mode & COMPRESS_UTF8) ? BROTLI_MODE_TEXT : ((mode & COMPRESS_WOFF) ? BROTLI_MODE_FONT : BROTLI_MODE_GENERIC));
+        BrotliEncoderSetParameter(ctx->brotli, BROTLI_PARAM_QUALITY, COMPRESS_LEVEL_BROTLI);
+    }
+
+    return 0;
+}
+
+int compress_compress(compress_ctx *ctx, const char *in, unsigned long *in_len, char *out, unsigned long *out_len, int finish) {
+    if ((ctx->mode & COMPRESS_GZ) && (ctx->mode & COMPRESS_BR)) {
+        errno = EINVAL;
+        return -1;
+    }
+    return compress_compress_mode(ctx, ctx->mode, in, in_len, out, out_len, finish);
+}
+
+static int compress_brotli(BrotliEncoderState *ctx, const char *in, unsigned long *in_len, char *out, unsigned long *out_len, int finish) {
+    int ret = BrotliEncoderCompressStream(
+            ctx, finish ? BROTLI_OPERATION_FINISH : BROTLI_OPERATION_PROCESS,
+            in_len, (const unsigned char**) &in, out_len, (unsigned char **) &out, NULL);
+    return (ret == BROTLI_TRUE) ? 0 : -1;
+}
+
+static int compress_gzip(z_stream *gzip, const char *in, unsigned long *in_len, char *out, unsigned long *out_len, int finish) {
+    gzip->next_in = (unsigned char*) in;
+    gzip->avail_in = *in_len;
+    gzip->next_out = (unsigned char*) out;
+    gzip->avail_out = *out_len;
+    int ret = deflate(gzip, finish ? Z_FINISH : Z_NO_FLUSH);
+    *in_len = gzip->avail_in;
+    *out_len = gzip->avail_out;
+    return ret;
+}
+
+int compress_compress_mode(compress_ctx *ctx, int mode, const char *in, unsigned long *in_len, char *out, unsigned long *out_len, int finish) {
+    if ((mode & COMPRESS_GZ) && (mode & COMPRESS_BR)) {
+        errno = EINVAL;
+        return -1;
+    } else if (mode & COMPRESS_GZ) {
+        return compress_gzip(&ctx->gzip, in, in_len, out, out_len, finish);
+    } else if (mode & COMPRESS_BR) {
+        return compress_brotli(ctx->brotli, in, in_len, out, out_len, finish);
+    } else {
+        errno = EINVAL;
+        return -1;
+    }
+}
+
+int compress_free(compress_ctx *ctx) {
+    if (ctx->brotli != NULL) {
+        BrotliEncoderDestroyInstance(ctx->brotli);
+        ctx->brotli = NULL;
+    }
+    if (ctx->mode & COMPRESS_GZ) {
+        deflateEnd(&ctx->gzip);
+    }
+    ctx->mode = 0;
+    return 0;
+}
--- a/src/lib/compress.h
+++ b/src/lib/compress.h
@@ -0,0 +1,38 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Compression interface (header file)
+ * @file src/lib/compress.h
+ * @author Lorenz Stechauner
+ * @date 2021-05-05
+ */
+
+#ifndef SESIMOS_COMPRESS_H
+#define SESIMOS_COMPRESS_H
+
+#include <zlib.h>
+#include <brotli/encode.h>
+
+#define COMPRESS_LEVEL_GZIP 9
+#define COMPRESS_LEVEL_BROTLI BROTLI_MAX_QUALITY
+
+#define COMPRESS_GZ 1
+#define COMPRESS_BR 2
+#define COMPRESS 3
+#define COMPRESS_UTF8 4
+#define COMPRESS_WOFF 8
+
+typedef struct {
+    int mode;
+    z_stream gzip;
+    BrotliEncoderState *brotli;
+} compress_ctx;
+
+int compress_init(compress_ctx *ctx, int mode);
+
+int compress_compress(compress_ctx *ctx, const char *in, unsigned long *in_len, char *out, unsigned long *out_len, int finish);
+
+int compress_compress_mode(compress_ctx *ctx, int mode, const char *in, unsigned long *in_len, char *out, unsigned long *out_len, int finish);
+
+int compress_free(compress_ctx *ctx);
+
+#endif //SESIMOS_COMPRESS_H
--- a/src/lib/config.c
+++ b/src/lib/config.c
@@ -0,0 +1,228 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Configuration file loader
+ * @file src/lib/config.c
+ * @author Lorenz Stechauner
+ * @date 2021-01-05
+ */
+
+#include "../logger.h"
+#include "config.h"
+#include "utils.h"
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+config_t config;
+
+static int config_parse_line(char *line, char *section, int *i, int *j) {
+    int mode = 0;
+    char *source, *target;
+
+    char *ptr = line;
+    char *comment = strpbrk(ptr, "#\r\n");
+    if (comment != NULL) comment[0] = 0;
+
+    unsigned long len = strlen(ptr);
+    char *end_ptr = (len > 0) ? ptr + len - 1 : ptr;
+    while (end_ptr[0] == ' ' || end_ptr[0] == '\t') {
+        end_ptr[0] = 0;
+        end_ptr--;
+    }
+    len = strlen(ptr);
+    if (len == 0) return 0;
+
+    if (ptr[0] == '[') {
+        if (ptr[len - 1] != ']') return -1;
+        ptr++;
+        int l = 0;
+        if (strncmp(ptr, "host", 4) == 0 && (ptr[4] == ' ' || ptr[4] == '\t')) {
+            ptr += 4;
+            while (ptr[0] == ' ' || ptr[0] == '\t' || ptr[0] == ']') ptr++;
+            while (ptr[l] != ' ' && ptr[l] != '\t' && ptr[l] != ']') l++;
+            if (l == 0) return -1;
+            snprintf(config.hosts[*i].name, sizeof(config.hosts[*i].name), "%.*s", l, ptr);
+            ++(*i);
+            *section = 'h';
+        } else if (strncmp(ptr, "cert", 4) == 0 && (ptr[4] == ' ' || ptr[4] == '\t')) {
+            ptr += 4;
+            while (ptr[0] == ' ' || ptr[0] == '\t' || ptr[0] == ']') ptr++;
+            while (ptr[l] != ' ' && ptr[l] != '\t' && ptr[l] != ']') l++;
+            if (l == 0) return -1;
+            snprintf(config.certs[*j].name, sizeof(config.certs[*j].name), "%.*s", l, ptr);
+            ++(*j);
+            *section = 'c';
+        } else {
+            return -1;
+        }
+        return 0;
+    } else if (*section == 0) {
+        if (len > 10 && strncmp(ptr, "geoip_dir", 9) == 0 && (ptr[9] == ' ' || ptr[9] == '\t')) {
+            source = ptr + 9;
+            target = config.geoip_dir;
+        } else {
+            return -1;
+        }
+    } else if (*section == 'c') {
+        cert_config_t *cc = &config.certs[*j - 1];
+        if (len > 12 && strncmp(ptr, "certificate", 11) == 0 && (ptr[11] == ' ' || ptr[11] == '\t')) {
+            source = ptr + 11;
+            target = cc->full_chain;
+        } else if (len > 12 && strncmp(ptr, "private_key", 11) == 0 && (ptr[11] == ' ' || ptr[11] == '\t')) {
+            source = ptr + 11;
+            target = cc->priv_key;
+        } else {
+            return -1;
+        }
+    } else if (*section == 'h') {
+        host_config_t *hc = &config.hosts[*i - 1];
+        if (len > 8 && strncmp(ptr, "webroot", 7) == 0 && (ptr[7] == ' ' || ptr[7] == '\t')) {
+            source = ptr + 7;
+            target = hc->local.webroot;
+            if (hc->type != 0 && hc->type != CONFIG_TYPE_LOCAL) {
+                return -1;
+            } else {
+                hc->type = CONFIG_TYPE_LOCAL;
+            }
+        } else if (len > 5 && strncmp(ptr, "cert", 4) == 0 && (ptr[4] == ' ' || ptr[4] == '\t')) {
+            source = ptr + 4;
+            target = hc->cert_name;
+        } else if (len > 9 && strncmp(ptr, "dir_mode", 8) == 0 && (ptr[8] == ' ' || ptr[8] == '\t')) {
+            source = ptr + 8;
+            target = NULL;
+            mode = 1;
+            if (hc->type != 0 && hc->type != CONFIG_TYPE_LOCAL) {
+                return -1;
+            } else {
+                hc->type = CONFIG_TYPE_LOCAL;
+            }
+        } else if (len > 9 && strncmp(ptr, "hostname", 8) == 0 && (ptr[8] == ' ' || ptr[8] == '\t')) {
+            source = ptr + 8;
+            target = hc->proxy.hostname;
+            if (hc->type != 0 && hc->type != CONFIG_TYPE_REVERSE_PROXY) {
+                return -1;
+            } else {
+                hc->type = CONFIG_TYPE_REVERSE_PROXY;
+            }
+        } else if (len > 5 && strncmp(ptr, "port", 4) == 0 && (ptr[4] == ' ' || ptr[4] == '\t')) {
+            source = ptr + 4;
+            target = NULL;
+            mode = 2;
+            if (hc->type != 0 && hc->type != CONFIG_TYPE_REVERSE_PROXY) {
+                return -1;
+            } else {
+                hc->type = CONFIG_TYPE_REVERSE_PROXY;
+            }
+        } else if (streq(ptr, "http")) {
+            if (hc->type != 0 && hc->type != CONFIG_TYPE_REVERSE_PROXY) {
+                return -1;
+            } else {
+                hc->type = CONFIG_TYPE_REVERSE_PROXY;
+                hc->proxy.enc = 0;
+            }
+            return 0;
+        } else if (streq(ptr, "https")) {
+            if (hc->type != 0 && hc->type != CONFIG_TYPE_REVERSE_PROXY) {
+                return -1;
+            } else {
+                hc->type = CONFIG_TYPE_REVERSE_PROXY;
+                hc->proxy.enc = 1;
+            }
+            return 0;
+        } else {
+            return -1;
+        }
+    } else {
+        return -1;
+    }
+
+    while (source[0] == ' ' || source[0] == '\t') source++;
+    if (strlen(source) == 0) return -1;
+
+    if (target != NULL) {
+        strcpy(target, source);
+    } else if (mode == 1) {
+        if (streq(source, "forbidden")) {
+            config.hosts[*i - 1].local.dir_mode = URI_DIR_MODE_FORBIDDEN;
+        } else if (streq(source, "info")) {
+            config.hosts[*i - 1].local.dir_mode = URI_DIR_MODE_INFO;
+        } else if (streq(source, "list")) {
+            config.hosts[*i - 1].local.dir_mode = URI_DIR_MODE_LIST;
+        } else {
+            return -1;
+        }
+    } else if (mode == 2) {
+        config.hosts[*i - 1].proxy.port = (unsigned short) strtoul(source, NULL, 10);
+    }
+
+    return 0;
+}
+
+int config_load(const char *filename) {
+    FILE *file = fopen(filename, "r");
+    if (file == NULL) {
+        critical("Unable to open config file");
+        return -1;
+    }
+
+    memset(&config, 0, sizeof(config));
+
+    int i = 0, j = 0;
+    char section = 0;
+
+    char *line = NULL;
+    size_t line_len = 0;
+    for (int line_num = 1; getline(&line, &line_len, file) != -1; line_num++) {
+        if (config_parse_line(line, &section, &i, &j) != 0) {
+            critical("Unable to parse config file (line %i)", line_num);
+            free(line);
+            fclose(file);
+            return -2;
+        }
+    }
+
+    free(line);
+    fclose(file);
+
+    for (int k = 0; k < i; k++) {
+        host_config_t *hc = &config.hosts[k];
+        if (hc->type == CONFIG_TYPE_LOCAL) {
+            char *webroot = config.hosts[k].local.webroot;
+            while (webroot[strlen(webroot) - 1] == '/') webroot[strlen(webroot) - 1] = 0;
+        }
+
+        if (hc->cert_name[0] == 0) {
+            critical("Unable to parse config file: host config (%s) does not contain a certificate", hc->name);
+            return -2;
+        }
+
+        int found = 0;
+        for (int m = 0; m < j; m++) {
+            if (streq(config.certs[m].name, hc->cert_name)) {
+                hc->cert = m;
+                found = 1;
+                break;
+            }
+        }
+        if (!found) {
+            critical("Unable to parse config file: certificate (%s) for host config (%s) not found", hc->cert_name, hc->name);
+            return -2;
+        }
+    }
+
+    return 0;
+}
+
+host_config_t *get_host_config(const char *host) {
+    for (int i = 0; i < CONFIG_MAX_HOST_CONFIG; i++) {
+        host_config_t *hc = &config.hosts[i];
+        if (hc->type == CONFIG_TYPE_UNSET) break;
+        if (streq(hc->name, host)) return hc;
+        if (hc->name[0] == '*' && hc->name[1] == '.') {
+            const char *pos = strstr(host, hc->name + 1);
+            if (pos != NULL && strlen(pos) == strlen(hc->name + 1)) return hc;
+        }
+    }
+    return NULL;
+}
--- a/src/lib/config.h
+++ b/src/lib/config.h
@@ -0,0 +1,64 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Configuration file loader (header file)
+ * @file src/lib/config.h
+ * @author Lorenz Stechauner
+ * @date 2021-01-05
+ */
+
+#ifndef SESIMOS_CONFIG_H
+#define SESIMOS_CONFIG_H
+
+#include "uri.h"
+#include "../cache_handler.h"
+
+#define CONFIG_MAX_HOST_CONFIG 64
+#define CONFIG_MAX_CERT_CONFIG 64
+
+#define CONFIG_TYPE_UNSET 0
+#define CONFIG_TYPE_LOCAL 1
+#define CONFIG_TYPE_REVERSE_PROXY 2
+
+#ifndef DEFAULT_CONFIG_FILE
+#   define DEFAULT_CONFIG_FILE "/etc/sesimos/server.conf"
+#endif
+
+
+typedef struct {
+    int type;
+    char name[256];
+    char cert_name[256];
+    int cert;
+    cache_t *cache;
+    union {
+        struct {
+            char hostname[256];
+            unsigned short port;
+            unsigned char enc:1;
+        } proxy;
+        struct {
+            char webroot[256];
+            unsigned char dir_mode:2;
+        } local;
+    };
+} host_config_t;
+
+typedef struct {
+    char name[256];
+    char full_chain[256];
+    char priv_key[256];
+} cert_config_t;
+
+typedef struct {
+    host_config_t hosts[CONFIG_MAX_HOST_CONFIG];
+    cert_config_t certs[CONFIG_MAX_CERT_CONFIG];
+    char geoip_dir[256];
+} config_t;
+
+extern config_t config;
+
+int config_load(const char *filename);
+
+host_config_t *get_host_config(const char *host);
+
+#endif //SESIMOS_CONFIG_H
--- a/src/lib/error.c
+++ b/src/lib/error.c
@@ -0,0 +1,87 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Error interface
+ * @file src/lib/error.c
+ * @author Lorenz Stechauner
+ * @date 2023-01-08
+ */
+
+#include "error.h"
+#include "../logger.h"
+
+#include <errno.h>
+#include <string.h>
+#include <netdb.h>
+
+extern const char *sock_error_str(unsigned long err);
+extern const char *http_error_str(int err);
+extern const char *MMDB_strerror(int err);
+extern const char *ERR_reason_error_string(unsigned long err);
+
+static int error_compress(unsigned long err) {
+    int comp = ((int) err & 0xFFFF) | (((int) err >> 8) & 0xFF0000);
+    if (err & 0xFF0000) warning("Lossy error code compression! (%08lX -> %08X)", err, comp);
+    return comp;
+}
+
+static unsigned long error_decompress(int err) {
+    return (err & 0xFFFF) | ((err << 8) & 0xFF000000);
+}
+
+const char *error_str(int err_no, char *buf, int buf_len) {
+    buf[0] = 0;
+    int e = err_no & 0x00FFFFFF;
+    switch (err_no >> 24) {
+        case 0x00: return strerror_r(e, buf, buf_len);
+        case 0x01: return sock_error_str(error_decompress(e));
+        case 0x02: return ERR_reason_error_string(error_decompress(e));
+        case 0x03: return MMDB_strerror(e);
+        case 0x04: return http_error_str(e);
+        case 0x05: return gai_strerror(e);
+    }
+    return buf;
+}
+
+void error_ssl(unsigned long err) {
+    errno = 0x01000000 | error_compress(err);
+}
+
+void error_ssl_err(unsigned long err) {
+    errno = 0x02000000 | error_compress(err);
+}
+
+void error_mmdb(int err) {
+    errno = 0x03000000 | err;
+}
+
+void error_http(int err) {
+    errno = 0x04000000 | err;
+}
+
+void error_gai(int err) {
+    errno = 0x05000000 | err;
+}
+
+static int error_get(unsigned char prefix) {
+    return (errno >> 24 != prefix) ? 0 : errno & 0x00FFFFFF;
+}
+
+int error_get_sys() {
+    return error_get(0x00);
+}
+
+int error_get_ssl() {
+    return error_get(0x01);
+}
+
+int error_get_ssl_err() {
+    return error_get(0x02);
+}
+
+int error_get_mmdb() {
+    return error_get(0x03);
+}
+
+int error_get_http() {
+    return error_get(0x04);
+}
--- a/src/lib/error.h
+++ b/src/lib/error.h
@@ -0,0 +1,32 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Error interface (header fie)
+ * @file src/lib/error.h
+ * @author Lorenz Stechauner
+ * @date 2023-01-08
+ */
+
+#ifndef SESIMOS_ERROR_H
+#define SESIMOS_ERROR_H
+
+const char *error_str(int err_no, char *buf, int buf_len);
+
+void error_ssl(unsigned long err);
+
+void error_ssl_err(unsigned long err);
+
+void error_mmdb(int err);
+
+void error_http(int err);
+
+void error_gai(int err);
+
+int error_get_sys();
+
+int error_get_ssl();
+
+int error_get_mmdb();
+
+int error_get_http();
+
+#endif //SESIMOS_ERROR_H
--- a/src/lib/fastcgi.c
+++ b/src/lib/fastcgi.c
@@ -0,0 +1,454 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief FastCGI interface implementation
+ * @file src/lib/fastcgi.c
+ * @author Lorenz Stechauner
+ * @date 2020-12-26
+ */
+
+#include "../defs.h"
+#include "fastcgi.h"
+#include "utils.h"
+#include "../logger.h"
+#include "list.h"
+#include "../workers.h"
+
+#include <sys/un.h>
+#include <sys/socket.h>
+#include <string.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <errno.h>
+
+char *fastcgi_add_param(char *buf, const char *key, const char *value) {
+    char *ptr = buf;
+    unsigned long key_len = strlen(key);
+    unsigned long val_len = strlen(value);
+
+    if (key_len <= 127) {
+        ptr[0] = (char) (key_len & 0x7F);
+        ptr++;
+    } else {
+        *((int *) ptr) = htonl(0x80000000 | key_len);
+        ptr += 4;
+    }
+    if (val_len <= 127) {
+        ptr[0] = (char) (val_len & 0x7F);
+        ptr++;
+    } else {
+        *((int *) ptr) = htonl(0x80000000 | val_len);
+        ptr += 4;
+    }
+
+    memcpy(ptr, key, key_len);
+    ptr += key_len;
+    memcpy(ptr, value, val_len);
+    ptr += val_len;
+
+    return ptr;
+}
+
+int fastcgi_send_data(fastcgi_cnx_t *cnx, unsigned char type, unsigned short len, void *data) {
+    // build header
+    FCGI_Header header = {
+            .version = FCGI_VERSION_1,
+            .type = type,
+            .requestId = htons(cnx->req_id),
+            .contentLength = htons(len),
+            .paddingLength = 0,
+            .reserved = 0,
+    };
+
+    // send FastCGI header with MSG_MORE flag
+    if (sock_send_x(&cnx->socket, &header, sizeof(header), (len != 0) ? MSG_MORE : 0) == -1) {
+        error("Unable to send to FastCGI socket");
+        return -1;
+    }
+
+    // send data (if available)
+    if (sock_send_x(&cnx->socket, data, len, 0) == -1) {
+        error("Unable to send to FastCGI socket");
+        return -1;
+    }
+
+    // return bytes sent totally
+    return len + (int) sizeof(header);
+}
+
+int fastcgi_init(fastcgi_cnx_t *conn, int mode, unsigned int req_num, const sock *client, const http_req *req, const http_uri *uri) {
+    conn->mode = mode;
+    conn->header_sent = 0;
+    conn->req_id = (req_num + 1) & 0xFFFF;
+    conn->webroot = uri->webroot;
+    conn->err = NULL;
+    conn->fd_err_bytes = 0;
+    conn->fd_out = -1;
+    conn->fd_err = -1;
+    sock_init(&conn->out, -1, SOCK_PIPE);
+
+    conn->socket.enc = 0;
+    if ((conn->socket.socket = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
+        error("Unable to create unix socket");
+        return -1;
+    }
+
+    struct sockaddr_un sock_addr = { AF_UNIX };
+    if (conn->mode == FASTCGI_BACKEND_PHP) {
+        strcpy(sock_addr.sun_path, PHP_FPM_SOCKET);
+    }
+
+    if (connect(conn->socket.socket, (struct sockaddr *) &sock_addr, sizeof(sock_addr)) != 0) {
+        error("Unable to connect to FastCGI (unix) socket");
+        return -1;
+    }
+
+    FCGI_BeginRequestBody begin = {
+            .role = htons(FCGI_RESPONDER),
+            .flags = 0,
+            .reserved = {0},
+    };
+
+    if (fastcgi_send_data(conn, FCGI_BEGIN_REQUEST, sizeof(begin), &begin) == -1)
+        return -1;
+
+    char param_buf[4096], buf0[256], *param_ptr = param_buf;
+    param_ptr = fastcgi_add_param(param_ptr, "REDIRECT_STATUS", "CGI");
+    param_ptr = fastcgi_add_param(param_ptr, "DOCUMENT_ROOT", uri->webroot);
+    param_ptr = fastcgi_add_param(param_ptr, "GATEWAY_INTERFACE", "CGI/1.1");
+    param_ptr = fastcgi_add_param(param_ptr, "SERVER_SOFTWARE", SERVER_STR);
+    param_ptr = fastcgi_add_param(param_ptr, "SERVER_PROTOCOL", "HTTP/1.1");
+    param_ptr = fastcgi_add_param(param_ptr, "SERVER_NAME", http_get_header_field(&req->hdr, "Host"));
+    if (client->enc) {
+        param_ptr = fastcgi_add_param(param_ptr, "HTTPS", "on");
+    }
+
+    struct sockaddr_storage addr_storage;
+    struct sockaddr_in6 *addr;
+    socklen_t len = sizeof(addr_storage);
+    getsockname(client->socket, (struct sockaddr *) &addr_storage, &len);
+    addr = (struct sockaddr_in6 *) &addr_storage;
+    sprintf(buf0, "%i", ntohs(addr->sin6_port));
+    param_ptr = fastcgi_add_param(param_ptr, "SERVER_PORT", buf0);
+
+    len = sizeof(addr_storage);
+    getpeername(client->socket, (struct sockaddr *) &addr_storage, &len);
+    addr = (struct sockaddr_in6 *) &addr_storage;
+    sprintf(buf0, "%i", ntohs(addr->sin6_port));
+    param_ptr = fastcgi_add_param(param_ptr, "REMOTE_PORT", buf0);
+    param_ptr = fastcgi_add_param(param_ptr, "REMOTE_ADDR", conn->r_addr);
+    param_ptr = fastcgi_add_param(param_ptr, "REMOTE_HOST", conn->r_host != NULL ? conn->r_host : conn->r_addr);
+    //param_ptr = fastcgi_add_param(param_ptr, "REMOTE_IDENT", "");
+    //param_ptr = fastcgi_add_param(param_ptr, "REMOTE_USER", "");
+
+    param_ptr = fastcgi_add_param(param_ptr, "REQUEST_METHOD", req->method);
+    param_ptr = fastcgi_add_param(param_ptr, "REQUEST_URI", req->uri);
+    param_ptr = fastcgi_add_param(param_ptr, "SCRIPT_NAME", uri->filename + strlen(uri->webroot));
+    param_ptr = fastcgi_add_param(param_ptr, "SCRIPT_FILENAME", uri->filename);
+    //param_ptr = fastcgi_add_param(param_ptr, "PATH_TRANSLATED", uri->filename);
+
+    param_ptr = fastcgi_add_param(param_ptr, "QUERY_STRING", uri->query != NULL ? uri->query : "");
+    if (uri->pathinfo != NULL && strlen(uri->pathinfo) > 0) {
+        sprintf(buf0, "/%s", uri->pathinfo);
+    } else {
+        buf0[0] = 0;
+    }
+    param_ptr = fastcgi_add_param(param_ptr, "PATH_INFO", buf0);
+
+    //param_ptr = fastcgi_add_param(param_ptr, "AUTH_TYPE", "");
+    const char *content_length = http_get_header_field(&req->hdr, "Content-Length");
+    param_ptr = fastcgi_add_param(param_ptr, "CONTENT_LENGTH", content_length != NULL ? content_length : "");
+    const char *content_type = http_get_header_field(&req->hdr, "Content-Type");
+    param_ptr = fastcgi_add_param(param_ptr, "CONTENT_TYPE", content_type != NULL ? content_type : "");
+    //if (conn->ctx->geoip[0] != 0) {
+    //    param_ptr = fastcgi_add_param(param_ptr, "REMOTE_INFO", conn->ctx->geoip);
+    //}
+
+    for (int i = 0; i < list_size(req->hdr.fields); i++) {
+        const http_field *f = &req->hdr.fields[i];
+        const char *name = http_field_get_name(f);
+        char *ptr = buf0;
+        ptr += sprintf(ptr, "HTTP_");
+        for (int j = 0; j < strlen(name); j++, ptr++) {
+            char ch = name[j];
+            if ((ch >= 'A' && ch <= 'Z') || (ch >= '0' && ch <= '9')) {
+                ch = ch;
+            } else if (ch >= 'a' && ch <= 'z') {
+                ch &= 0x5F;
+            } else {
+                ch = '_';
+            }
+            ptr[0] = ch;
+            ptr[1] = 0;
+        }
+        param_ptr = fastcgi_add_param(param_ptr, buf0, http_field_get_value(f));
+    }
+
+    if (fastcgi_send_data(conn, FCGI_PARAMS, param_ptr - param_buf, param_buf) == -1)
+        return -1;
+
+    if (fastcgi_send_data(conn, FCGI_PARAMS, 0, NULL) == -1)
+        return -1;
+
+    int pipes[2][2];
+    if (pipe(pipes[0]) == -1 || pipe(pipes[1]) == -1)
+        return -1;
+
+    conn->fd_out = pipes[1][1];
+    conn->out.socket = pipes[1][0];
+    sock_set_timeout(&conn->out, FASTCGI_TIMEOUT);
+
+    conn->fd_err = pipes[0][1];
+    conn->err = fdopen(pipes[0][0], "r");
+
+    return 0;
+}
+
+int fastcgi_close_cnx(fastcgi_cnx_t *cnx) {
+    int e = errno;
+
+    if (cnx->err) fclose(cnx->err);
+    cnx->err = NULL;
+    sock_close(&cnx->socket);
+
+    sock_close(&cnx->out);
+    if (cnx->fd_err != -1) close(cnx->fd_err);
+    if (cnx->fd_out != -1) close(cnx->fd_out);
+
+    errno = e;
+    return 0;
+}
+
+int fastcgi_close_stdin(fastcgi_cnx_t *cnx) {
+    return (fastcgi_send_data(cnx, FCGI_STDIN, 0, NULL) == -1) ? -1 : 0;
+}
+
+int fastcgi_php_error(fastcgi_cnx_t *cnx, char *err_msg) {
+    char *line = NULL, *line_ptr = NULL;
+    size_t line_len = 0;
+    int err = 0;
+
+    log_lvl_t msg_type = LOG_INFO;
+
+    for (long ret; cnx->fd_err_bytes > 0 && (ret = getline(&line, &line_len, cnx->err)) != -1; cnx->fd_err_bytes -= ret) {
+        if (ret > 0) line[ret - 1] = 0;
+        line_ptr = line;
+
+        if (strstarts(line_ptr, "PHP message: ")) {
+            line_ptr += 13;
+            if (strstarts(line_ptr, "PHP Warning:  ")) {
+                msg_type = LOG_WARNING;
+            } else if (strstarts(line_ptr, "PHP Fatal error:  ")) {
+                msg_type = LOG_ERROR;
+            } else if (strstarts(line_ptr, "PHP Parse error:  ")) {
+                msg_type = LOG_ERROR;
+            } else if (strstarts(line_ptr, "PHP Notice:  ")) {
+                msg_type = LOG_NOTICE;
+            }
+        }
+
+        logmsgf(msg_type, "%s", line_ptr);
+
+        if (err_msg && msg_type <= LOG_ERROR && line_ptr != line) {
+            strcpy_rem_webroot(err_msg, line_ptr, cnx->webroot);
+            err = 1;
+        }
+    }
+
+    // cleanup
+    free(line);
+    return err;
+}
+
+int fastcgi_recv_frame(fastcgi_cnx_t *cnx) {
+    FCGI_Header header;
+    unsigned short req_id, content_len;
+
+    if (sock_recv_x(&cnx->socket, &header, sizeof(header), 0) == -1)
+        return -1;
+
+    req_id = ntohs(header.requestId);
+    content_len = ntohs(header.contentLength);
+
+    if (req_id != cnx->req_id) {
+        warning("Invalid request id from FastCGI socket");
+        char content[256 * 256];
+        sock_recv_x(&cnx->socket, content, content_len + header.paddingLength, 0);
+        return -1;
+    }
+
+    if (header.type == FCGI_STDOUT || header.type == FCGI_STDERR) {
+        char buf[256];
+
+        if (header.type == FCGI_STDOUT && !cnx->header_sent) {
+            char content[256 * 256];
+
+            if (sock_recv_x(&cnx->socket, content, content_len + header.paddingLength, 0) == -1)
+                return -1;
+
+            char *h_pos = strstr(content, "\r\n\r\n");
+            long header_len = h_pos - content + 4;
+            if (h_pos != NULL) {
+                uint64_t len;
+
+                len = header_len;
+                if (write(cnx->fd_out, &len, sizeof(len)) == -1)
+                    return -1;
+                if (write(cnx->fd_out, content, len) == -1)
+                    return -1;
+                cnx->header_sent = 1;
+
+                len = content_len - header_len;
+                if (len > 0) {
+                    if (write(cnx->fd_out, &len, sizeof(len)) == -1)
+                        return -1;
+                    if (write(cnx->fd_out, content + header_len, len) == -1)
+                        return -1;
+                }
+
+                return header.type;
+            }
+        } else if (header.type == FCGI_STDOUT) {
+            uint64_t len = content_len;
+            if (write(cnx->fd_out, &len, sizeof(len)) == -1)
+                return -1;
+        }
+
+        int fd = cnx->fd_out;
+        if (header.type == FCGI_STDERR) {
+            fd = cnx->fd_err;
+            cnx->fd_err_bytes += content_len + 1;
+        }
+        for (long ret, sent = 0; sent < content_len; sent += ret) {
+            // FIXME if pipe is full thread gets stuck
+            if ((ret = splice(cnx->socket.socket, 0, fd, 0, content_len - sent, 0)) == -1) {
+                if (errno == EINTR) {
+                    errno = 0, ret = 0;
+                    continue;
+                } else {
+                    return -1;
+                }
+            }
+        }
+        if (header.type == FCGI_STDERR) write(fd, "\n", 1);
+
+        if (sock_recv_x(&cnx->socket, buf, header.paddingLength, 0) == -1)
+            return -1;
+
+        return header.type;
+    }
+
+    char content[256 * 256];
+    if (sock_recv_x(&cnx->socket, content, content_len + header.paddingLength, 0) == -1)
+        return -1;
+
+    if (header.type == FCGI_END_REQUEST) {
+        FCGI_EndRequestBody *body = (FCGI_EndRequestBody *) content;
+        cnx->app_status = ntohl(body->appStatus);
+        if (body->protocolStatus != FCGI_REQUEST_COMPLETE)
+            error("FastCGI protocol error: %i", body->protocolStatus);
+    } else {
+        warning("Unknown FastCGI type: %i", header.type);
+        return -1;
+    }
+
+    return header.type;
+}
+
+long fastcgi_send(fastcgi_cnx_t *cnx, sock *client) {
+    char buf[CHUNK_SIZE];
+    return sock_splice_all(client, &cnx->out, buf, sizeof(buf));
+}
+
+int fastcgi_header(fastcgi_cnx_t *cnx, http_res *res, char *err_msg) {
+    long ret, len;
+    char content[CLIENT_MAX_HEADER_SIZE];
+
+    if ((len = sock_recv_chunk_header(&cnx->out)) == -1) {
+        res->status = http_get_status(500);
+        sprintf(err_msg, "Unable to communicate with FastCGI socket.");
+        error("Unable to receive from FastCGI socket (1)");
+        return -1;
+    }
+
+    if ((ret = sock_recv_x(&cnx->out, content, len, 0)) == -1) {
+        res->status = http_get_status(500);
+        sprintf(err_msg, "Unable to communicate with FastCGI socket.");
+        error("Unable to receive from FastCGI socket (2)");
+        return -1;
+    }
+    content[ret] = 0;
+
+    char *buf = content;
+    char *h_pos = strstr(content, "\r\n\r\n");
+    if (h_pos == NULL) {
+        error("Unable to parse header: End of header not found");
+        return -1;
+    }
+    long header_len = h_pos - content + 4;
+
+    for (int i = 0; i < header_len; i++) {
+        if ((buf[i] >= 0x00 && buf[i] <= 0x1F && buf[i] != '\r' && buf[i] != '\n') || buf[i] == 0x7F) {
+            error("Unable to parse header: Header contains illegal characters");
+            return -1;
+        }
+    }
+
+    if (fastcgi_php_error(cnx, err_msg) != 0) {
+        res->status = http_get_status(500);
+        return 1;
+    }
+
+    char *ptr = buf;
+    while (header_len != (ptr - buf)) {
+        char *pos0 = strstr(ptr, "\r\n");
+        if (pos0 == NULL) {
+            error("Unable to parse header: Invalid header format");
+            return -1;
+        }
+
+        ret = http_parse_header_field(&res->hdr, ptr, pos0, 0);
+        if (ret != 0) return (int) ret;
+
+        if (pos0[2] == '\r' && pos0[3] == '\n') {
+            return 0;
+        }
+        ptr = pos0 + 2;
+    }
+
+    return 0;
+}
+
+int fastcgi_dump(fastcgi_cnx_t *cnx, char *buf, long len) {
+    return sock_recv_x(&cnx->socket, buf, len, 0) == -1 ? -1 : 0;
+}
+
+int fastcgi_receive(fastcgi_cnx_t *cnx, sock *client, unsigned long len) {
+    char buf[CHUNK_SIZE];
+
+    for (long to_send = (long) len, ret; to_send > 0; to_send -= ret) {
+        if ((ret = sock_recv(client, buf, (to_send > sizeof(buf)) ? sizeof(buf) : to_send, 0)) <= 0) {
+            error("Unable to receive");
+            return -1;
+        }
+
+        if (fastcgi_send_data(cnx, FCGI_STDIN, ret, buf) == -1)
+            return -1;
+    }
+
+    return 0;
+}
+
+int fastcgi_receive_chunked(fastcgi_cnx_t *cnx, sock *client) {
+    for (long ret;;) {
+        if ((ret = sock_recv_chunk_header(client)) < 0) {
+            return (int) ret;
+        } else if (ret == 0) {
+            break;
+        }
+
+        if ((ret = fastcgi_receive(cnx, client, ret)) < 0)
+            return (int) ret;
+    }
+
+    return 0;
+}
--- a/src/lib/fastcgi.h
+++ b/src/lib/fastcgi.h
@@ -0,0 +1,62 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief FastCGI interface implementation (header file)
+ * @file src/lib/fastcgi.h
+ * @author Lorenz Stechauner
+ * @date 2020-12-26
+ */
+
+#ifndef SESIMOS_FASTCGI_H
+#define SESIMOS_FASTCGI_H
+
+#include "include/fastcgi.h"
+#include "http.h"
+#include "uri.h"
+
+#define FASTCGI_TIMEOUT 3600
+
+#define FASTCGI_BACKEND_PHP 1
+
+#ifndef PHP_FPM_SOCKET
+#   define PHP_FPM_SOCKET "/var/run/php-fpm/php-fpm.sock"
+#endif
+
+typedef struct {
+    int mode;
+    unsigned char header_sent:1;
+    sock socket, out;
+    int fd_err, fd_out;
+    long fd_err_bytes;
+    FILE *err;
+    unsigned short req_id;
+    int app_status;
+    const char *webroot;
+    char *r_addr;
+    char *r_host;
+} fastcgi_cnx_t;
+
+char *fastcgi_add_param(char *buf, const char *key, const char *value);
+
+int fastcgi_init(fastcgi_cnx_t *conn, int mode, unsigned int req_num, const sock *client, const http_req *req, const http_uri *uri);
+
+int fastcgi_close_cnx(fastcgi_cnx_t *cnx);
+
+int fastcgi_close_stdin(fastcgi_cnx_t *cnx);
+
+int fastcgi_php_error(fastcgi_cnx_t *cnx, char *err_msg);
+
+int fastcgi_recv_frame(fastcgi_cnx_t *cnx);
+
+int fastcgi_header(fastcgi_cnx_t *cnx, http_res *res, char *err_msg);
+
+long fastcgi_send(fastcgi_cnx_t *cnx, sock *client);
+
+int fastcgi_dump(fastcgi_cnx_t *cnx, char *buf, long len);
+
+int fastcgi_receive(fastcgi_cnx_t *cnx, sock *client, unsigned long len);
+
+int fastcgi_receive_chunked(fastcgi_cnx_t *cnx, sock *client);
+
+
+
+#endif //SESIMOS_FASTCGI_H
--- a/src/lib/geoip.c
+++ b/src/lib/geoip.c
@@ -0,0 +1,208 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief MaxMind GeoIP Database interface
+ * @file src/lib/geoip.c
+ * @author Lorenz Stechauner
+ * @date 2021-05-04
+ */
+
+#include "geoip.h"
+#include "../logger.h"
+#include "error.h"
+#include "utils.h"
+
+#include <memory.h>
+#include <dirent.h>
+#include <errno.h>
+
+static MMDB_s mmdbs[GEOIP_MAX_MMDB];
+
+static void mmdb_error(int err) {
+    if (err == MMDB_SUCCESS) {
+        errno = 0;
+    } else if (err == MMDB_IO_ERROR) {
+        // errno already set
+    } else {
+        error_mmdb(err);
+    }
+}
+
+static MMDB_entry_data_list_s *geoip_json(MMDB_entry_data_list_s *list, char *str, long *str_off, long str_len) {
+    switch (list->entry_data.type) {
+        case MMDB_DATA_TYPE_MAP:
+            *str_off += sprintf(str + *str_off, "{");
+            break;
+        case MMDB_DATA_TYPE_ARRAY:
+            *str_off += sprintf(str + *str_off, "[");
+            break;
+        case MMDB_DATA_TYPE_UTF8_STRING:
+            *str_off += sprintf(str + *str_off, "\"%.*s\"", list->entry_data.data_size, list->entry_data.utf8_string);
+            break;
+        case MMDB_DATA_TYPE_UINT16:
+            *str_off += sprintf(str + *str_off, "%u", list->entry_data.uint16);
+            break;
+        case MMDB_DATA_TYPE_UINT32:
+            *str_off += sprintf(str + *str_off, "%u", list->entry_data.uint32);
+            break;
+        case MMDB_DATA_TYPE_UINT64:
+            *str_off += sprintf(str + *str_off, "%lu", list->entry_data.uint64);
+            break;
+        case MMDB_DATA_TYPE_UINT128:
+            *str_off += sprintf(str + *str_off, "%llu", (unsigned long long) list->entry_data.uint128);
+            break;
+        case MMDB_DATA_TYPE_INT32:
+            *str_off += sprintf(str + *str_off, "%i", list->entry_data.int32);
+            break;
+        case MMDB_DATA_TYPE_BOOLEAN:
+            *str_off += sprintf(str + *str_off, "%s", list->entry_data.boolean ? "true" : "false");
+            break;
+        case MMDB_DATA_TYPE_FLOAT:
+            *str_off += sprintf(str + *str_off, "%f", list->entry_data.float_value);
+            break;
+        case MMDB_DATA_TYPE_DOUBLE:
+            *str_off += sprintf(str + *str_off, "%f", list->entry_data.double_value);
+            break;
+    }
+
+    if (list->entry_data.type != MMDB_DATA_TYPE_MAP && list->entry_data.type != MMDB_DATA_TYPE_ARRAY)
+        return list->next;
+
+    MMDB_entry_data_list_s *next = list->next;
+    int stat = 0;
+    for (int i = 0; i < list->entry_data.data_size; i++) {
+        next = geoip_json(next, str, str_off, str_len);
+        if (list->entry_data.type == MMDB_DATA_TYPE_MAP) {
+            stat = !stat;
+            if (stat) {
+                i--;
+                *str_off += sprintf(str + *str_off, ":");
+                continue;
+            }
+        }
+        if (i != list->entry_data.data_size - 1)
+            *str_off += sprintf(str + *str_off, ",");
+    }
+
+    *str_off += sprintf(str + *str_off, (list->entry_data.type == MMDB_DATA_TYPE_MAP) ? "}" : "]");
+
+    return next;
+}
+
+int geoip_init(const char *directory) {
+    char buf[512];
+
+    memset(mmdbs, 0, sizeof(mmdbs));
+
+    if (directory[0] == 0)
+        return 0;
+
+    DIR *geoip_dir;
+    if ((geoip_dir = opendir(directory)) == NULL)
+        return -1;
+
+    struct dirent *entry;
+    int i = 0, status;
+    while ((entry = readdir(geoip_dir)) != NULL) {
+        if (!strends(entry->d_name, ".mmdb"))
+            continue;
+
+        if (i >= GEOIP_MAX_MMDB) {
+            critical("Unable to initialize geoip: Too many .mmdb files");
+            closedir(geoip_dir);
+            return 1;
+        }
+
+        sprintf(buf, "%s/%s", directory, entry->d_name);
+        if ((status = MMDB_open(buf, 0, &mmdbs[i])) != MMDB_SUCCESS) {
+            mmdb_error(status);
+            critical("Unable to initialize geoip: Unable to open .mmdb file");
+            closedir(geoip_dir);
+            return 1;
+        }
+        i++;
+    }
+
+    closedir(geoip_dir);
+
+    if (i == 0) {
+        critical("Unable to initialize geoip: No .mmdb files found in %s", directory);
+        return 1;
+    }
+
+    return 0;
+}
+
+void geoip_free() {
+    for (int i = 0; i < GEOIP_MAX_MMDB && mmdbs[i].file_content != NULL; i++) {
+        MMDB_close(&mmdbs[i]);
+    }
+}
+
+int geoip_lookup_country(struct sockaddr *addr, char *str) {
+    for (int i = 0; i < GEOIP_MAX_MMDB && mmdbs[i].file_content != NULL; i++) {
+        // lookup
+        int mmdb_res;
+        MMDB_lookup_result_s result = MMDB_lookup_sockaddr(&mmdbs[i], addr, &mmdb_res);
+        if (mmdb_res != MMDB_SUCCESS) {
+            return -1;
+        } else if (!result.found_entry) {
+            continue;
+        }
+
+        // get country iso code
+        MMDB_entry_data_s data;
+        int status;
+        if ((status = MMDB_get_value(&result.entry, &data, "country", "iso_code", NULL)) != MMDB_SUCCESS) {
+            if (status == MMDB_IO_ERROR) {
+
+            }
+            return -1;
+        }
+
+        // no, or invalid data
+        if (!data.has_data || data.type != MMDB_DATA_TYPE_UTF8_STRING)
+            continue;
+
+        // return country code
+        sprintf(str, "%.2s", data.utf8_string);
+        return 0;
+    }
+
+    // not found
+    return 1;
+}
+
+int geoip_lookup_json(struct sockaddr *addr, char *json, long len) {
+    long str_off = 0;
+    for (int i = 0; i < GEOIP_MAX_MMDB && mmdbs[i].filename != NULL; i++) {
+        int mmdb_res;
+        MMDB_lookup_result_s result = MMDB_lookup_sockaddr(&mmdbs[i], addr, &mmdb_res);
+        if (mmdb_res != MMDB_SUCCESS) {
+            mmdb_error(mmdb_res);
+            error("Unable to lookup geoip info");
+            continue;
+        } else if (!result.found_entry) {
+            continue;
+        }
+
+        MMDB_entry_data_list_s *list;
+        if ((mmdb_res = MMDB_get_entry_data_list(&result.entry, &list)) != MMDB_SUCCESS) {
+            mmdb_error(mmdb_res);
+            error("Unable to lookup geoip info");
+            continue;
+        }
+
+        long prev = str_off;
+        if (str_off != 0) {
+            str_off--;
+        }
+        geoip_json(list, json, &str_off, len);
+        if (prev != 0) {
+            json[prev - 1] = ',';
+        }
+
+        MMDB_free_entry_data_list(list);
+    }
+
+    return 0;
+}
--- a/src/lib/geoip.h
+++ b/src/lib/geoip.h
@@ -0,0 +1,24 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief MaxMind GeoIP Database interface (header file)
+ * @file src/lib/geoip.h
+ * @author Lorenz Stechauner
+ * @date 2021-05-04
+ */
+
+
+#ifndef SESIMOS_GEOIP_H
+#define SESIMOS_GEOIP_H
+
+#include <maxminddb.h>
+
+#define GEOIP_MAX_JSON_SIZE 8192
+#define GEOIP_MAX_MMDB 3
+
+int geoip_init(const char *directory);
+
+void geoip_free();
+
+int geoip_lookup_country(struct sockaddr *addr, char *str);
+
+#endif //SESIMOS_GEOIP_H
--- a/src/lib/http.c
+++ b/src/lib/http.c
@@ -0,0 +1,470 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief HTTP implementation
+ * @file src/lib/http.c
+ * @author Lorenz Stechauner
+ * @date 2020-12-09
+ */
+
+#include "http.h"
+#include "utils.h"
+#include "compress.h"
+#include "list.h"
+#include "error.h"
+
+#include <string.h>
+#include <errno.h>
+
+void http_append_to_header_field(http_field *field, const char *value, unsigned long len);
+
+static int http_error(int err) {
+    if (err == 0) {
+        errno = 0;
+    } else if (err == HTTP_ERROR_SYSCALL) {
+        // errno already set
+    } else {
+        error_http(err);
+    }
+    return -1;
+}
+
+const char *http_error_str(int err) {
+    switch (err) {
+        case HTTP_ERROR_TOO_MANY_HEADER_FIELDS:
+            return "too many header fields";
+        case HTTP_ERROR_EOH_NOT_FOUND:
+            return "end of http header not found";
+        case HTTP_ERROR_HEADER_MALFORMED:
+            return "http header malformed";
+        case HTTP_ERROR_INVALID_VERSION:
+            return "invalid http version";
+        case HTTP_ERROR_URI_TOO_LONG:
+            return "uri too long";
+        case HTTP_ERROR_GENERAL:
+        default:
+            return "unknown error";
+    }
+}
+
+void http_to_camel_case(char *str, int mode) {
+    if (mode == HTTP_PRESERVE)
+        return;
+
+    char ch, last = '-';
+    for (int i = 0; i < strlen(str); i++) {
+        ch = str[i];
+        if (mode == HTTP_CAMEL && last == '-' && ch >= 'a' && ch <= 'z') {
+            str[i] = (char) ((int) ch & 0x5F);
+        } else if (mode == HTTP_LOWER && ch >= 'A' && ch <= 'Z') {
+            str[i] = (char) ((int) ch | 0x20);
+        }
+        last = str[i];
+    }
+}
+
+const char *http_field_get_name(const http_field *field) {
+    if (field->type == HTTP_FIELD_NORMAL) {
+        return field->normal.name;
+    } else if (field->type == HTTP_FIELD_EX_VALUE) {
+        return field->ex_value.name;
+    } else if (field->type == HTTP_FIELD_EX_NAME) {
+        return field->ex_name.name;
+    }
+    return NULL;
+}
+
+const char *http_field_get_value(const http_field *field) {
+    if (field->type == HTTP_FIELD_NORMAL) {
+        return field->normal.value;
+    } else if (field->type == HTTP_FIELD_EX_VALUE) {
+        return field->ex_value.value;
+    } else if (field->type == HTTP_FIELD_EX_NAME) {
+        return field->ex_name.value;
+    }
+    return NULL;
+}
+
+void http_free_field(http_field *f) {
+    if (f->type == HTTP_FIELD_NORMAL) {
+        f->normal.name[0] = 0;
+        f->normal.value[0] = 0;
+    } else if (f->type == HTTP_FIELD_EX_VALUE) {
+        f->ex_value.name[0] = 0;
+        free(f->ex_value.value);
+        f->ex_value.value = NULL;
+    } else if (f->type == HTTP_FIELD_EX_NAME) {
+        free(f->ex_name.name);
+        free(f->ex_name.value);
+        f->ex_name.name = NULL;
+        f->ex_name.value = NULL;
+    }
+}
+
+void http_free_hdr(http_hdr *hdr) {
+    for (int i = 0; i < list_size(hdr->fields); i++) {
+        http_free_field(&hdr->fields[i]);
+    }
+    list_free(hdr->fields);
+    hdr->last_field_num = -1;
+}
+
+void http_free_req(http_req *req) {
+    if (req->uri != NULL) free(req->uri);
+    req->uri = NULL;
+    http_free_hdr(&req->hdr);
+}
+
+void http_free_res(http_res *res) {
+    http_free_hdr(&res->hdr);
+}
+
+int http_init_hdr(http_hdr *hdr) {
+    hdr->last_field_num = -1;
+    hdr->fields = list_create(sizeof(http_field), HTTP_INIT_HEADER_FIELD_NUM);
+    if (hdr->fields == NULL)
+        return http_error(HTTP_ERROR_SYSCALL);
+
+    return 0;
+}
+
+int http_parse_header_field(http_hdr *hdr, const char *buf, const char *end_ptr, int flags) {
+    if (hdr->last_field_num > list_size(hdr->fields))
+        return http_error(HTTP_ERROR_GENERAL);
+
+    char *pos1 = (char *) buf, *pos2 = (char *) end_ptr;
+    if (buf[0] == ' ' || buf[0] == '\t') {
+        if (hdr->last_field_num == -1)
+            return http_error(HTTP_ERROR_GENERAL);
+
+        http_field *f = &hdr->fields[(int) hdr->last_field_num];
+
+        str_trim_lws(&pos1, &pos2);
+        http_append_to_header_field(f, pos1, pos2 - pos1);
+
+        return 0;
+    }
+
+    pos1 = memchr(buf, ':', end_ptr - buf);
+    if (pos1 == NULL)
+        return http_error(HTTP_ERROR_GENERAL);
+
+    long len1 = pos1 - buf;
+
+    pos1++;
+    str_trim_lws(&pos1, &pos2);
+    long len2 = pos2 - pos1;
+
+    char header_name[256];
+    sprintf(header_name, "%.*s", (int) len1, buf);
+
+    int field_num = list_size(hdr->fields);
+    int found = http_get_header_field_num(hdr, header_name);
+    if (!(flags & HTTP_MERGE_FIELDS) || found == -1) {
+        if (http_add_header_field_len(hdr, buf, len1, pos1, len2 < 0 ? 0 : len2) != 0)
+            return http_error(HTTP_ERROR_TOO_MANY_HEADER_FIELDS);
+    } else {
+        field_num = found;
+        http_append_to_header_field(&hdr->fields[found], ", ", 2);
+        http_append_to_header_field(&hdr->fields[found], pos1, len2);
+    }
+
+    hdr->last_field_num = field_num;
+    return 0;
+}
+
+int http_parse_request(char *buf, http_req *req) {
+    char *ptr, *pos0 = buf, *pos1, *pos2;
+    long len;
+
+    unsigned long header_len = strstr(buf, "\r\n\r\n") - buf + 4;
+    if (header_len <= 0)
+        return http_error(HTTP_ERROR_EOH_NOT_FOUND);
+
+    for (int i = 0; i < header_len; i++) {
+        if ((buf[i] >= 0x00 && buf[i] <= 0x1F && buf[i] != '\r' && buf[i] != '\n') || buf[i] == 0x7F)
+            return http_error(HTTP_ERROR_HEADER_MALFORMED);
+    }
+
+    ptr = buf;
+    while (header_len > (ptr - buf + 2)) {
+        pos0 = strstr(ptr, "\r\n");
+        if (pos0 == NULL)
+            return http_error(HTTP_ERROR_HEADER_MALFORMED);
+
+        if (req->version[0] == 0) {
+            pos1 = (char *) strchr(ptr, ' ') + 1;
+            if (pos1 == NULL)
+                return http_error(HTTP_ERROR_HEADER_MALFORMED);
+
+            if (pos1 - ptr - 1 >= sizeof(req->method))
+                return http_error(HTTP_ERROR_HEADER_MALFORMED);
+
+            for (int i = 0; i < (pos1 - ptr - 1); i++) {
+                if (ptr[i] < 'A' || ptr[i] > 'Z')
+                    return http_error(HTTP_ERROR_HEADER_MALFORMED);
+            }
+            snprintf(req->method, sizeof(req->method), "%.*s", (int) (pos1 - ptr - 1), ptr);
+
+            pos2 = (char *) strchr(pos1, ' ') + 1;
+            if (pos2 == NULL)
+                return http_error(HTTP_ERROR_HEADER_MALFORMED);
+
+            if (memcmp(pos2, "HTTP/", 5) != 0 || memcmp(pos2 + 8, "\r\n", 2) != 0)
+                return http_error(HTTP_ERROR_INVALID_VERSION);
+
+            len = pos2 - pos1 - 1;
+            if (len >= 2048)
+                return http_error(HTTP_ERROR_URI_TOO_LONG);
+
+            req->uri = malloc(len + 1);
+            sprintf(req->uri, "%.*s", (int) len, pos1);
+            sprintf(req->version, "%.3s", pos2 + 5);
+        } else {
+            if (http_parse_header_field(&req->hdr, ptr, pos0, HTTP_MERGE_FIELDS) != 0)
+                return -1;
+        }
+        ptr = pos0 + 2;
+    }
+
+    if (pos0[2] == '\r' && pos0[3] == '\n') {
+        return (int) header_len;
+    }
+
+    return http_error(HTTP_ERROR_GENERAL);
+}
+
+int http_receive_request(sock *client, http_req *req) {
+    long rcv_len;
+    char buf[CLIENT_MAX_HEADER_SIZE];
+    memset(buf, 0, sizeof(buf));
+    memset(req->method, 0, sizeof(req->method));
+    memset(req->version, 0, sizeof(req->version));
+    req->uri = NULL;
+    http_init_hdr(&req->hdr);
+
+    rcv_len = sock_recv(client, buf, CLIENT_MAX_HEADER_SIZE - 1, MSG_PEEK);
+    if (rcv_len <= 0)
+        return -1;
+
+    buf[rcv_len] = 0;
+
+    long header_len = http_parse_request(buf, req);
+    if (header_len < 0)
+        return (int) -header_len;
+
+    if (sock_recv_x(client, buf, header_len, 0) == -1)
+        return -1;
+
+    return 0;
+}
+
+const char *http_get_header_field(const http_hdr *hdr, const char *field_name) {
+    int num = http_get_header_field_num(hdr, field_name);
+    return (num >= 0 && num < list_size(hdr->fields)) ? http_field_get_value(&hdr->fields[num]) : NULL;
+}
+
+int http_get_header_field_num(const http_hdr *hdr, const char *field_name) {
+    for (int i = 0; i < list_size(hdr->fields); i++) {
+        if (strcasecmp(field_name, http_field_get_name(&hdr->fields[i])) == 0)
+            return i;
+    }
+
+    return -1;
+}
+
+int http_add_header_field(http_hdr *hdr, const char *field_name, const char *field_value) {
+    return http_add_header_field_len(hdr, field_name, strlen(field_name), field_value, strlen(field_value));
+}
+
+int http_add_header_field_len(http_hdr *hdr, const char *name, unsigned long name_len, const char *value, unsigned long value_len) {
+    http_field *f;
+    hdr->fields = list_append_ptr(hdr->fields, (void **) &f);
+
+    if (name_len < sizeof(f->normal.name) && value_len < sizeof(f->normal.value)) {
+        f->type = HTTP_FIELD_NORMAL;
+        memcpy(f->normal.name, name, name_len);
+        memcpy(f->normal.value, value, value_len);
+        f->normal.name[name_len] = 0;
+        f->normal.value[value_len] = 0;
+        http_to_camel_case(f->normal.name, HTTP_PRESERVE);
+    } else if (name_len < sizeof(f->ex_value.name)) {
+        f->type = HTTP_FIELD_EX_VALUE;
+        f->ex_value.value = malloc(value_len + 1);
+        memcpy(f->ex_value.name, name, name_len);
+        memcpy(f->ex_value.value, value, value_len);
+        f->ex_value.name[name_len] = 0;
+        f->ex_value.value[value_len] = 0;
+        http_to_camel_case(f->ex_value.name, HTTP_PRESERVE);
+    } else {
+        f->type = HTTP_FIELD_EX_NAME;
+        f->ex_name.name = malloc(name_len + 1);
+        f->ex_name.value = malloc(value_len + 1);
+        memcpy(f->ex_name.name, name, name_len);
+        memcpy(f->ex_name.value, value, value_len);
+        f->ex_name.name[name_len] = 0;
+        f->ex_name.value[value_len] = 0;
+        http_to_camel_case(f->ex_name.name, HTTP_PRESERVE);
+    }
+
+    return 0;
+}
+
+int http_add_to_header_field(http_hdr *hdr, const char *field_name, const char *field_value) {
+    int field_num = http_get_header_field_num(hdr, field_name);
+    if (field_num == -1)
+        return http_add_header_field(hdr, field_name, field_value);
+
+    http_append_to_header_field(&hdr->fields[field_num], field_value, strlen(field_value));
+    return 0;
+}
+
+void http_append_to_header_field(http_field *field, const char *value, unsigned long len) {
+    if (field->type == HTTP_FIELD_NORMAL) {
+        unsigned long total_len = strlen(field->normal.value) + len + 1;
+        if (total_len < sizeof(field->normal.value)) {
+            strncat(field->normal.value, value, len);
+        } else {
+            field->type = HTTP_FIELD_EX_VALUE;
+            char *new = malloc(total_len);
+            strcpy(new, field->normal.value);
+            strncat(new, value, len);
+            field->ex_value.value = new;
+        }
+    } else if (field->type == HTTP_FIELD_EX_VALUE) {
+        field->ex_value.value = realloc(field->ex_value.value, strlen(field->ex_value.value) + len + 1);
+        strncat(field->ex_value.value, value, len);
+    } else if (field->type == HTTP_FIELD_EX_NAME) {
+        field->ex_name.value = realloc(field->ex_name.value, strlen(field->ex_name.value) + len + 1);
+        strncat(field->ex_name.value, value, len);
+    }
+}
+
+void http_remove_header_field(http_hdr *hdr, const char *field_name, int mode) {
+    int i = 0;
+    int diff = 1;
+    if (mode == HTTP_REMOVE_LAST) {
+        i = list_size(hdr->fields) - 1;
+        diff = -1;
+    }
+    for (; i < list_size(hdr->fields) && i >= 0; i += diff) {
+        if (strcasecmp(field_name, http_field_get_name(&hdr->fields[i])) == 0) {
+            http_free_field(&hdr->fields[i]);
+            list_remove(hdr->fields, i);
+            if (mode == HTTP_REMOVE_ALL) {
+                i -= diff;
+            } else {
+                return;
+            }
+        }
+    }
+}
+
+int http_send_response(sock *client, http_res *res) {
+    char buf[CLIENT_MAX_HEADER_SIZE];
+    long off = sprintf(buf, "HTTP/%s %03i %s\r\n", res->version, res->status->code, res->status->msg);
+    for (int i = 0; i < list_size(res->hdr.fields); i++) {
+        const http_field *f = &res->hdr.fields[i];
+        off += sprintf(buf + off, "%s: %s\r\n", http_field_get_name(f), http_field_get_value(f));
+    }
+    off += sprintf(buf + off, "\r\n");
+    if (sock_send_x(client, buf, off, 0) != off)
+        return -1;
+
+    return 0;
+}
+
+int http_send_request(sock *server, http_req *req) {
+    char buf[CLIENT_MAX_HEADER_SIZE];
+    long off = sprintf(buf, "%s %s HTTP/%s\r\n", req->method, req->uri, req->version);
+    for (int i = 0; i < list_size(req->hdr.fields); i++) {
+        const http_field *f = &req->hdr.fields[i];
+        off += sprintf(buf + off, "%s: %s\r\n", http_field_get_name(f), http_field_get_value(f));
+    }
+    off += sprintf(buf + off, "\r\n");
+    if (sock_send_x(server, buf, off, 0) != off)
+        return -1;
+
+    return 0;
+}
+
+const http_status *http_get_status(status_code_t status_code) {
+    for (int i = 0; i < http_statuses_size; i++) {
+        if (http_statuses[i].code == status_code) {
+            return &http_statuses[i];
+        }
+    }
+    return NULL;
+}
+
+const http_status_msg *http_get_error_msg(status_code_t status_code) {
+    for (int i = 0; i < http_status_messages_size; i++) {
+        if (http_status_messages[i].code == status_code) {
+            return &http_status_messages[i];
+        }
+    }
+    return NULL;
+}
+
+const char *http_get_status_color(status_code_t status_code) {
+    if (status_code == 304) return HTTP_2XX_STR;
+    switch (status_code / 100) {
+        case 1: return HTTP_1XX_STR;
+        case 2: return HTTP_2XX_STR;
+        case 3: return HTTP_3XX_STR;
+        case 4: return HTTP_4XX_STR;
+        case 5: return HTTP_5XX_STR;
+        default: return "";
+    }
+}
+
+char *http_format_date(time_t ts, char *buf, size_t size) {
+    struct tm time_info;
+    strftime(buf, size, "%a, %d %b %Y %H:%M:%S GMT", gmtime_r(&ts, &time_info));
+    return buf;
+}
+
+char *http_get_date(char *buf, size_t size) {
+    time_t raw_time;
+    time(&raw_time);
+    return http_format_date(raw_time, buf, size);
+}
+
+const http_doc_info *http_get_status_info(status_code_t status_code) {
+    static const http_doc_info info[] = {
+            {"info",    HTTP_COLOR_INFO,    "/.sesimos/res/icon-info.svg",    http_info_doc},
+            {"success", HTTP_COLOR_SUCCESS, "/.sesimos/res/icon-success.svg", http_success_doc},
+            {"warning", HTTP_COLOR_WARNING, "/.sesimos/res/icon-warning.svg", http_warning_doc},
+            {"error",   HTTP_COLOR_ERROR,   "/.sesimos/res/icon-error.svg",   http_error_doc}
+    };
+    if (status_code == 304) return &info[1];
+    switch (status_code / 100) {
+        case 1: return &info[0];
+        case 2: return &info[1];
+        case 3: return &info[2];
+        case 4: // see case 5
+        case 5: return &info[3];
+        default: return NULL;
+    }
+}
+
+int http_get_compression(const http_req *req, const http_res *res) {
+    const char *accept_encoding = http_get_header_field(&req->hdr, "Accept-Encoding");
+    const char *content_type = http_get_header_field(&res->hdr, "Content-Type");
+    const char *content_encoding = http_get_header_field(&res->hdr, "Content-Encoding");
+    if (mime_is_compressible(content_type) && content_encoding == NULL && accept_encoding != NULL) {
+        if (strcontains(accept_encoding, "br")) {
+            return COMPRESS_BR;
+        } else if (strcontains(accept_encoding, "gzip")) {
+            return COMPRESS_GZ;
+        }
+    }
+    return 0;
+}
+
+long http_get_keep_alive_timeout(http_hdr *hdr) {
+    const char *keep_alive = http_get_header_field(hdr, "Keep-Alive");
+    if (!keep_alive) return -1;
+    const char *timeout = strstr(keep_alive, "timeout=");
+    if (!timeout) return -1;
+    return strtol(timeout + 8, NULL, 10);
+}
--- a/src/lib/http.h
+++ b/src/lib/http.h
@@ -0,0 +1,193 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief HTTP implementation (header file)
+ * @file src/lib/http.h
+ * @author Lorenz Stechauner
+ * @date 2020-12-09
+ */
+
+#ifndef SESIMOS_HTTP_H
+#define SESIMOS_HTTP_H
+
+#include "sock.h"
+
+#define HTTP_PRESERVE 0
+#define HTTP_LOWER 1
+#define HTTP_CAMEL 2
+
+#define HTTP_REMOVE_ONE 0
+#define HTTP_REMOVE_ALL 1
+#define HTTP_REMOVE_LAST 2
+
+#define HTTP_FIELD_NORMAL 0
+#define HTTP_FIELD_EX_VALUE 1
+#define HTTP_FIELD_EX_NAME 2
+
+#define HTTP_MERGE_FIELDS 1
+
+#define HTTP_1XX_STR "\x1B[1;32m"
+#define HTTP_2XX_STR "\x1B[1;32m"
+#define HTTP_3XX_STR "\x1B[1;33m"
+#define HTTP_4XX_STR "\x1B[1;31m"
+#define HTTP_5XX_STR "\x1B[1;31m"
+
+#define HTTP_COLOR_SUCCESS "#008000"
+#define HTTP_COLOR_INFO    "#606060"
+#define HTTP_COLOR_WARNING "#E0C000"
+#define HTTP_COLOR_ERROR   "#C00000"
+
+#define CLIENT_MAX_HEADER_SIZE 8192
+#define HTTP_INIT_HEADER_FIELD_NUM 16
+
+#define HTTP_TYPE_INFORMATIONAL 1
+#define HTTP_TYPE_SUCCESS       2
+#define HTTP_TYPE_REDIRECTION   3
+#define HTTP_TYPE_CLIENT_ERROR  4
+#define HTTP_TYPE_SERVER_ERROR  5
+
+#define HTTP_ERROR_GENERAL 1
+#define HTTP_ERROR_SYSCALL 2
+#define HTTP_ERROR_TOO_MANY_HEADER_FIELDS 3
+#define HTTP_ERROR_EOH_NOT_FOUND 4
+#define HTTP_ERROR_HEADER_MALFORMED 5
+#define HTTP_ERROR_INVALID_VERSION 6
+#define HTTP_ERROR_URI_TOO_LONG 7
+
+#ifndef SERVER_STR
+#   define SERVER_STR "sesimos"
+#endif
+
+#ifndef SERVER_STR_HTML
+#   define SERVER_STR_HTML "sesimos&nbsp;web&nbsp;server"
+#endif
+
+typedef unsigned short status_code_t;
+
+typedef struct {
+    status_code_t code:10;
+    unsigned char type:3;
+    char msg[64];
+} http_status;
+
+typedef struct {
+    status_code_t code:10;
+    const char *msg;
+} http_status_msg;
+
+typedef struct {
+    char mode[8];
+    char color[8];
+    const char *icon;
+    const char *doc;
+} http_doc_info;
+
+typedef struct {
+    char type;
+    union {
+        struct {
+            char name[32];
+            char value[32];
+        } normal;
+        struct {
+            char name[64 - sizeof(char *)];
+            char *value;
+        } ex_value;
+        struct {
+            char *name;
+            char *value;
+        } ex_name;
+    };
+} http_field;
+
+typedef struct {
+    int last_field_num;
+    http_field *fields;
+} http_hdr;
+
+typedef struct {
+    char method[16];
+    char *uri;
+    char version[4];
+    http_hdr hdr;
+} http_req;
+
+typedef struct {
+    const http_status *status;
+    char version[4];
+    http_hdr hdr;
+} http_res;
+
+typedef enum {
+    NONE, INTERNAL, CLIENT_REQ, SERVER_REQ, SERVER, SERVER_RES, CLIENT_RES
+} http_error_origin;
+
+typedef struct {
+    status_code_t status;
+    http_error_origin origin;
+    const char* ws_key;
+} http_status_ctx;
+
+extern const http_status http_statuses[];
+extern const http_status_msg http_status_messages[];
+extern const int http_statuses_size;
+extern const int http_status_messages_size;
+
+extern const char http_error_doc[], http_warning_doc[], http_success_doc[], http_info_doc[];
+
+const char *http_error_str(int err);
+
+void http_to_camel_case(char *str, int mode);
+
+const char *http_field_get_name(const http_field *field);
+
+const char *http_field_get_value(const http_field *field);
+
+int http_init_hdr(http_hdr *hdr);
+
+void http_free_field(http_field *f);
+
+void http_free_hdr(http_hdr *hdr);
+
+void http_free_req(http_req *req);
+
+void http_free_res(http_res *res);
+
+int http_parse_request(char *buf, http_req *req);
+
+int http_receive_request(sock *client, http_req *req);
+
+int http_parse_header_field(http_hdr *hdr, const char *buf, const char *end_ptr, int flags);
+
+const char *http_get_header_field(const http_hdr *hdr, const char *field_name);
+
+int http_get_header_field_num(const http_hdr *hdr, const char *field_name);
+
+int http_add_header_field(http_hdr *hdr, const char *field_name, const char *field_value);
+
+int http_add_header_field_len(http_hdr *hdr, const char *name, unsigned long name_len, const char *value, unsigned long value_len);
+
+int http_add_to_header_field(http_hdr *hdr, const char *field_name, const char *field_value);
+
+void http_remove_header_field(http_hdr *hdr, const char *field_name, int mode);
+
+int http_send_response(sock *client, http_res *res);
+
+int http_send_request(sock *server, http_req *req);
+
+const http_status *http_get_status(status_code_t status_code);
+
+const http_status_msg *http_get_error_msg(status_code_t status_code);
+
+const char *http_get_status_color(status_code_t status_code);
+
+char *http_format_date(time_t time, char *buf, size_t size);
+
+char *http_get_date(char *buf, size_t size);
+
+const http_doc_info *http_get_status_info(status_code_t status_code);
+
+int http_get_compression(const http_req *req, const http_res *res);
+
+long http_get_keep_alive_timeout(http_hdr *hdr);
+
+#endif //SESIMOS_HTTP_H
--- a/src/lib/http_static.c
+++ b/src/lib/http_static.c
@@ -0,0 +1,212 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief HTTP static implementation
+ * @file src/lib/http_static.c
+ * @author Lorenz Stechauner
+ * @date 2021-05-03
+ * @details https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
+ */
+
+#include "http.h"
+
+const http_status http_statuses[] = {
+        {100, HTTP_TYPE_INFORMATIONAL, "Continue"},
+        {101, HTTP_TYPE_INFORMATIONAL, "Switching Protocols"},
+        {102, HTTP_TYPE_INFORMATIONAL, "Processing"},
+        {103, HTTP_TYPE_INFORMATIONAL, "Early Hints"},
+
+        {200, HTTP_TYPE_SUCCESS,       "OK"},
+        {201, HTTP_TYPE_SUCCESS,       "Created"},
+        {202, HTTP_TYPE_SUCCESS,       "Accepted"},
+        {203, HTTP_TYPE_SUCCESS,       "Non-Authoritative Information"},
+        {204, HTTP_TYPE_SUCCESS,       "No Content"},
+        {205, HTTP_TYPE_SUCCESS,       "Reset Content"},
+        {206, HTTP_TYPE_SUCCESS,       "Partial Content"},
+        {207, HTTP_TYPE_SUCCESS,       "Multi-Status"},
+        {208, HTTP_TYPE_SUCCESS,       "Already Reported"},
+        {226, HTTP_TYPE_SUCCESS,       "Instance Manipulation Used"},
+
+        {300, HTTP_TYPE_REDIRECTION,   "Multiple Choices"},
+        {301, HTTP_TYPE_REDIRECTION,   "Moved Permanently"},
+        {302, HTTP_TYPE_REDIRECTION,   "Found"},
+        {303, HTTP_TYPE_REDIRECTION,   "See Other"},
+        {304, HTTP_TYPE_SUCCESS,       "Not Modified"},
+        {305, HTTP_TYPE_REDIRECTION,   "Use Proxy"},
+        {307, HTTP_TYPE_REDIRECTION,   "Temporary Redirect"},
+        {308, HTTP_TYPE_REDIRECTION,   "Permanent Redirect"},
+
+        {400, HTTP_TYPE_CLIENT_ERROR,  "Bad Request"},
+        {401, HTTP_TYPE_CLIENT_ERROR,  "Unauthorized"},
+        {402, HTTP_TYPE_CLIENT_ERROR,  "Payment Required"},
+        {403, HTTP_TYPE_CLIENT_ERROR,  "Forbidden"},
+        {404, HTTP_TYPE_CLIENT_ERROR,  "Not Found"},
+        {405, HTTP_TYPE_CLIENT_ERROR,  "Method Not Allowed"},
+        {406, HTTP_TYPE_CLIENT_ERROR,  "Not Acceptable"},
+        {407, HTTP_TYPE_CLIENT_ERROR,  "Proxy Authentication Required"},
+        {408, HTTP_TYPE_CLIENT_ERROR,  "Request Timeout"},
+        {409, HTTP_TYPE_CLIENT_ERROR,  "Conflict"},
+        {410, HTTP_TYPE_CLIENT_ERROR,  "Gone"},
+        {411, HTTP_TYPE_CLIENT_ERROR,  "Length Required"},
+        {412, HTTP_TYPE_CLIENT_ERROR,  "Precondition Failed"},
+        {413, HTTP_TYPE_CLIENT_ERROR,  "Request Entity Too Large"},
+        {414, HTTP_TYPE_CLIENT_ERROR,  "Request-URI Too Long"},
+        {415, HTTP_TYPE_CLIENT_ERROR,  "Unsupported Media Type"},
+        {416, HTTP_TYPE_CLIENT_ERROR,  "Range Not Satisfiable"},
+        {417, HTTP_TYPE_CLIENT_ERROR,  "Expectation Failed"},
+        {421, HTTP_TYPE_CLIENT_ERROR,  "Misdirected Request"},
+        {422, HTTP_TYPE_CLIENT_ERROR,  "Unprocessable Content"},
+        {423, HTTP_TYPE_CLIENT_ERROR,  "Locked"},
+        {424, HTTP_TYPE_CLIENT_ERROR,  "Failed Dependency"},
+        {425, HTTP_TYPE_CLIENT_ERROR,  "Too Early"},
+        {426, HTTP_TYPE_CLIENT_ERROR,  "Upgrade Required"},
+        {428, HTTP_TYPE_CLIENT_ERROR,  "Precondition Required"},
+        {429, HTTP_TYPE_CLIENT_ERROR,  "Too Many Requests"},
+        {431, HTTP_TYPE_CLIENT_ERROR,  "Request Header Fields Too Large"},
+        {451, HTTP_TYPE_CLIENT_ERROR,  "Unavailable For Legal Reasons"},
+
+        {500, HTTP_TYPE_SERVER_ERROR,  "Internal Server Error"},
+        {501, HTTP_TYPE_SERVER_ERROR,  "Not Implemented"},
+        {502, HTTP_TYPE_SERVER_ERROR,  "Bad Gateway"},
+        {503, HTTP_TYPE_SERVER_ERROR,  "Service Unavailable"},
+        {504, HTTP_TYPE_SERVER_ERROR,  "Gateway Timeout"},
+        {505, HTTP_TYPE_SERVER_ERROR,  "HTTP Version Not Supported"},
+        {506, HTTP_TYPE_SERVER_ERROR,  "Variant Also Negotiates"},
+        {507, HTTP_TYPE_SERVER_ERROR,  "Insufficient Storage"},
+        {508, HTTP_TYPE_SERVER_ERROR,  "Loop Detected"},
+        {511, HTTP_TYPE_SERVER_ERROR,  "Network Authentication Required"},
+};
+
+const http_status_msg http_status_messages[] = {
+        {100, "The client SHOULD continue with its request. The server MUST send a final response after the request "
+              "has been completed."},
+        {101, "The server understands and is willing to comply with the clients request, via the Upgrade message "
+              "header field, for a change in the application protocol being used on this connection."},
+        {102, "The server has a reasonable expectation that the request will take significant time to complete. The "
+              "server MUST send a final response after the request has been completed."},
+        {103, "The client can speculatively evaluate the header fields included in the response while waiting for the "
+              "final response. The server MUST send a final response after the request has been completed."},
+
+        {200, "The request has succeeded."},
+        {201, "The request has been fulfilled and resulted in a new resource being created."},
+        {202, "The request has been accepted for processing, but the processing has not been completed."},
+        {203, "The returned meta information in the entity-header is not the definitive set as available from the "
+              "origin server, but is gathered from a local or a third-party copy."},
+        {204, "The server has fulfilled the request but does not need to return an entity-body, and might want to "
+              "return updated meta information."},
+        {205, "The server has fulfilled the request and the user agent SHOULD reset the document view which caused the "
+              "request to be sent."},
+        {206, "The server has fulfilled the partial GET request for the resource."},
+        {207, "The response provides status for multiple independent operations."},
+        {208, "The response is used to avoid enumerating the internal members of multiple bindings to the same "
+              "collection repeatedly."},
+        {226, "The server has fulfilled a GET request for the resource, and the response is a representation of the "
+              "result of one or more instance-manipulations applied to the current instance."},
+
+        {300, "The requested resource corresponds to any one of a set of representations, each with its own specific "
+              "location, and agent-driven negotiation information is being provided so that the user (or user agent) "
+              "can select a preferred representation and redirect its request to that location."},
+        {301, "The requested resource has been assigned a new permanent URI and any future references to this resource "
+              "SHOULD use one of the returned URIs."},
+        {302, "The requested resource resides temporarily under a different URI."},
+        {303, "The response to the request can be found under a different URI and SHOULD be retrieved using a GET "
+              "method on that resource."},
+        {304, "The request has been fulfilled and the requested resource has not been modified."},
+        {305, "The requested resource MUST be accessed through the proxy given by the Location field."},
+        {307, "The requested resource resides temporarily under a different URI."},
+        {308, "The requested resource has been assigned a new permanent URI and any future references to this resource "
+              "ought to use one of the enclosed URIs."},
+
+        {400, "The request could not be understood by the server due to malformed syntax."},
+        {401, "The request requires user authentication."},
+        {403, "The server understood the request, but is refusing to fulfill it."},
+        {404, "The server has not found anything matching the Request-URI."},
+        {405, "The method specified in the Request-Line is not allowed for the resource identified by the "
+              "Request-URI."},
+        {406, "The resource identified by the request is only capable of generating response entities which have "
+              "content characteristics not acceptable according to the accept headers sent in the request."},
+        {407, "The request requires user authentication on the proxy."},
+        {408, "The client did not produce a request within the time that the server was prepared to wait."},
+        {409, "The request could not be completed due to a conflict with the current state of the resource."},
+        {410, "The requested resource is no longer available at the server and no forwarding address is known."},
+        {411, "The server refuses to accept the request without a defined Content-Length."},
+        {412, "The precondition given in one or more of the request-header fields evaluated to false when it was "
+              "tested on the server."},
+        {413, "The server is refusing to process a request because the request entity is larger than the server is "
+              "willing or able to process."},
+        {414, "The server is refusing to service the request because the Request-URI is longer than the server is "
+              "willing to interpret."},
+        {415, "The server is refusing to service the request because the entity of the request is in a format not "
+              "supported by the requested resource for the requested method."},
+        {416, "None of the ranges in the requests Range header field overlap the current extent of the selected "
+              "resource or that the set of ranges requested has been rejected due to invalid ranges or an excessive "
+              "request of small or overlapping ranges."},
+        {417, "The expectation given in an Expect request-header field could not be met by this server, or, if the "
+              "server is a proxy, the server has unambiguous evidence that the request could not be met by the "
+              "next-hop server."},
+        {421, "The server is not able to produce a response. The client MAY retry the request over a different "
+              "connection."},
+        {422, "The server understands the content type of the request content, and the syntax of the request content "
+              "is correct, but the server was unable to process the contained information."},
+        {423, "The source or destination resource of a method is locked."},
+        {424, "The method could not be performed on the resource because the requested action depended on another "
+              "action and that action failed."},
+        {425, "The server is unwilling to risk processing a request that might be replayed."},
+        {426, "The server refuses to perform the request using the current protocol but might be willing to do so "
+              "after the client upgrades to a different protocol. The server MUST send an Upgrade header field to"
+              "indicate the required protocol(s)."},
+        {428, "The origin server requires the request to be conditional. By requiring requests to be conditional, the "
+              "server can assure that clients are working with the correct copies and thus avoiding a lost update."},
+        {429, "The client has sent too many requests in a given amount of time."},
+        {431, "The server is unwilling to process the request because its header fields are too large. The request MAY "
+              "be resubmitted after reducing the size of the request header fields."},
+        {451, "The server is denying access to the resource as a consequence of a legal demand."},
+
+        {500, "The server encountered an unexpected condition which prevented it from fulfilling the request."},
+        {501, "The server does not support the functionality required to fulfill the request."},
+        {502, "The server, while acting as a gateway or proxy, received an invalid response from the upstream server "
+              "it accessed in attempting to fulfill the request."},
+        {503, "The server is currently unable to handle the request due to a temporary overloading or maintenance of "
+              "the server."},
+        {504, "The server, while acting as a gateway or proxy, did not receive a timely response from the upstream "
+              "server specified by the URI or some other auxiliary server it needed to access in attempting to "
+              "complete the request."},
+        {505, "The server does not support, or refuses to support, the HTTP protocol version that was used in the "
+              "request message."},
+        {506, "The server has an internal configuration error: the chosen variant resource is configured to engage in "
+              "transparent content negotiation itself, and is therefore not a proper end point in the negotiation "
+              "process."},
+        {507, "The method could not be performed on the resource because the server is unable to store the "
+              "representation needed to successfully complete the request. This condition is considered to be "
+              "temporary."},
+        {508, "The server terminated an operation because it encountered an infinite loop while processing the "
+              "request."},
+        {511, "The client needs to authenticate to gain network access. The response representation SHOULD contain a "
+              "link to a resource that allows the user to submit credentials."},
+};
+
+const int http_statuses_size = sizeof(http_statuses) / sizeof(http_status);
+const int http_status_messages_size = sizeof(http_status_messages) / sizeof(http_status_msg);
+
+const char http_error_doc[] =
+        "      <h1>%1$i</h1>\n"
+        "      <h2>%2$s :&#xFEFF;(</h2>\n"
+        "      <p>%3$s</p>\n"
+        "      <p>%4$s</p>\n";
+
+const char http_warning_doc[] =
+        "      <h1>%1$i</h1>\n"
+        "      <h2>%2$s :&#xFEFF;)</h2>\n"
+        "      <p>%3$s</p>\n"
+        "      <p>%4$s</p>\n";
+
+const char http_success_doc[] =
+        "      <h1>%1$i</h1>\n"
+        "      <h2>%2$s :&#xFEFF;)</h2>\n"
+        "      <p>%3$s</p>\n"
+        "      <p>%4$s</p>\n";
+
+const char http_info_doc[] =
+        "      <h1>%1$i</h1>\n"
+        "      <h2>%2$s :&#xFEFF;)</h2>\n"
+        "      <p>%3$s</p>\n"
+        "      <p>%4$s</p>\n";
--- a/src/lib/include/fastcgi.h
+++ b/src/lib/include/fastcgi.h
@@ -0,0 +1,115 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief FastCGI header file
+ * @file src/lib/include/fastcgi.h
+ */
+
+#ifndef SESIMOS_EXTERN_FASTCGI_H
+#define SESIMOS_EXTERN_FASTCGI_H
+
+/*
+ * Listening socket file number
+ */
+#define FCGI_LISTENSOCK_FILENO 0
+
+typedef struct {
+    unsigned char version;
+    unsigned char type;
+    unsigned short requestId;
+    unsigned short contentLength;
+    unsigned char paddingLength;
+    unsigned char reserved;
+} FCGI_Header;
+
+/*
+ * Number of bytes in a FCGI_Header.  Future versions of the protocol
+ * will not reduce this number.
+ */
+#define FCGI_HEADER_LEN  8
+
+/*
+ * Value for version component of FCGI_Header
+ */
+#define FCGI_VERSION_1           1
+
+/*
+ * Values for type component of FCGI_Header
+ */
+#define FCGI_BEGIN_REQUEST       1
+#define FCGI_ABORT_REQUEST       2
+#define FCGI_END_REQUEST         3
+#define FCGI_PARAMS              4
+#define FCGI_STDIN               5
+#define FCGI_STDOUT              6
+#define FCGI_STDERR              7
+#define FCGI_DATA                8
+#define FCGI_GET_VALUES          9
+#define FCGI_GET_VALUES_RESULT  10
+#define FCGI_UNKNOWN_TYPE       11
+#define FCGI_MAXTYPE (FCGI_UNKNOWN_TYPE)
+
+/*
+ * Value for requestId component of FCGI_Header
+ */
+#define FCGI_NULL_REQUEST_ID     0
+
+typedef struct {
+    unsigned short role;
+    unsigned char flags;
+    unsigned char reserved[5];
+} FCGI_BeginRequestBody;
+
+typedef struct {
+    FCGI_Header header;
+    FCGI_BeginRequestBody body;
+} FCGI_BeginRequestRecord;
+
+/*
+ * Mask for flags component of FCGI_BeginRequestBody
+ */
+#define FCGI_KEEP_CONN  1
+
+/*
+ * Values for role component of FCGI_BeginRequestBody
+ */
+#define FCGI_RESPONDER  1
+#define FCGI_AUTHORIZER 2
+#define FCGI_FILTER     3
+
+typedef struct {
+    unsigned int appStatus;
+    unsigned char protocolStatus;
+    unsigned char reserved[3];
+} FCGI_EndRequestBody;
+
+typedef struct {
+    FCGI_Header header;
+    FCGI_EndRequestBody body;
+} FCGI_EndRequestRecord;
+
+/*
+ * Values for protocolStatus component of FCGI_EndRequestBody
+ */
+#define FCGI_REQUEST_COMPLETE 0
+#define FCGI_CANT_MPX_CONN    1
+#define FCGI_OVERLOADED       2
+#define FCGI_UNKNOWN_ROLE     3
+
+/*
+ * Variable names for FCGI_GET_VALUES / FCGI_GET_VALUES_RESULT records
+ */
+#define FCGI_MAX_CONNS  "FCGI_MAX_CONNS"
+#define FCGI_MAX_REQS   "FCGI_MAX_REQS"
+#define FCGI_MPXS_CONNS "FCGI_MPXS_CONNS"
+
+typedef struct {
+    unsigned char type;
+    unsigned char reserved[7];
+} FCGI_UnknownTypeBody;
+
+typedef struct {
+    FCGI_Header header;
+    FCGI_UnknownTypeBody body;
+} FCGI_UnknownTypeRecord;
+
+#endif //SESIMOS_EXTERN_FASTCGI_H
--- a/src/lib/list.c
+++ b/src/lib/list.c
@@ -0,0 +1,150 @@
+
+#include "list.h"
+
+#include <malloc.h>
+#include <memory.h>
+#include <errno.h>
+
+#define FACTOR 4
+#define meta(ptr) ((list_meta_t *) ((unsigned char *) (ptr) - sizeof(list_meta_t)))
+#define data(ptr) ((unsigned char *) (ptr) + sizeof(list_meta_t))
+
+typedef struct {
+    int init_size, elem_size, max_size, size;
+} list_meta_t;
+
+static void *list_resize(list_meta_t *list, int new_size) {
+    if (new_size <= 0) {
+        return NULL;
+    } else if (new_size == list->max_size) {
+        return list;
+    }
+
+    list_meta_t *new_ptr = realloc(list, sizeof(list_meta_t) + list->elem_size * new_size);
+    if (new_ptr == NULL)
+        return NULL;
+
+    new_ptr->max_size = new_size;
+    return new_ptr;
+}
+
+void *list_create(int elem_size, int init_elem_n) {
+    if (elem_size <= 0 || init_elem_n <= 0) {
+        errno = EINVAL;
+        return NULL;
+    }
+
+    void *list_ptr = malloc(sizeof(list_meta_t) + elem_size * init_elem_n);
+    if (list_ptr == NULL)
+        return NULL;
+
+    memset(list_ptr, 0, sizeof(list_meta_t) + elem_size * init_elem_n);
+    list_meta_t *list = list_ptr;
+    list->init_size = init_elem_n;
+    list->elem_size = elem_size;
+    list->max_size = init_elem_n;
+    list->size = 0;
+    return data(list_ptr);
+}
+
+int list_size(const void *list_ptr) {
+    return meta(list_ptr)->size;
+}
+
+int list_find(void *list_ptr, void *elem) {
+    list_meta_t *list = meta(list_ptr);
+    unsigned char *array = list_ptr;
+
+    for (int i = 0; i < list->size; i++) {
+        if (memcmp(array + i * list->elem_size, elem, list->elem_size) == 0) {
+            return i;
+        }
+    }
+
+    return -1;
+}
+
+int list_contains(void *list_ptr, void *elem) {
+    return list_find(list_ptr, elem) != -1;
+}
+
+void *list_insert(void *list_ptr, void *elem, int n) {
+    void *ptr = NULL;
+    list_ptr = list_insert_ptr(list_ptr, &ptr, n);
+    if (list_ptr != NULL && ptr != NULL) {
+        memcpy(ptr, elem, meta(list_ptr)->elem_size);
+    }
+
+    return list_ptr;
+}
+
+void *list_insert_ptr(void *list_ptr, void **elem, int n) {
+    list_meta_t *list = meta(list_ptr);
+    if (n < 0)
+        n = list->size + n + 1;
+
+    if (list->size >= list->max_size) {
+        if ((list = list_resize(list, list->max_size * FACTOR)) == NULL)
+            return NULL;
+    }
+
+    unsigned char *array = data(list);
+
+    if (n < list->size)
+        memmove(array + (n + 1) * list->elem_size, array + n * list->elem_size, (list->size - n) * list->elem_size);
+    *elem = array + n * list->elem_size;
+    memset(*elem, 0, list->elem_size);
+
+    list->size++;
+    return array;
+}
+
+void *list_append(void *list_ptr, void *elem) {
+    return list_insert(list_ptr, elem, -1);
+}
+
+void *list_append_ptr(void *list_ptr, void **elem) {
+    return list_insert_ptr(list_ptr, elem, -1);
+}
+
+void *list_remove(void *list_ptr, int n) {
+    list_meta_t *list = meta(list_ptr);
+    if (n < 0)
+        n = list->size + n;
+
+    unsigned char *array = list_ptr;
+
+    if (list->size > 1 && n < list->size)
+        memmove(array + n * list->elem_size, array + (n + 1) * list->elem_size, (list->size - n - 1) * list->elem_size);
+
+    list->size--;
+    memset(array + list->size * list->elem_size, 0, list->elem_size);
+
+    if (list->size <= list->max_size / FACTOR * 3 / 4 && list->max_size / FACTOR >= list->init_size) {
+        if ((list = list_resize(list, list->max_size / FACTOR)) == NULL) {
+            return NULL;
+        }
+    }
+
+    return data(list);
+}
+
+void *list_delete(void *list_ptr, void *elem) {
+    int idx = list_find(list_ptr, elem);
+    if (idx == -1) {
+        return list_ptr;
+    } else {
+        return list_remove(list_ptr, idx);
+    }
+}
+
+void *list_clear(void *list_ptr) {
+    list_meta_t *list = meta(list_ptr);
+    list->size = 0;
+    memset(list_ptr, 0, list->max_size * list->elem_size);
+    return data(list_resize(list, list->init_size));
+}
+
+void list_free(void *list_ptr) {
+    free(meta(list_ptr));
+}
--- a/src/lib/list.h
+++ b/src/lib/list.h
@@ -0,0 +1,29 @@
+
+#ifndef SESIMOS_LIST_H
+#define SESIMOS_LIST_H
+
+void *list_create(int elem_size, int init_elem_n);
+
+int list_size(const void *list_ptr);
+
+int list_find(void *list_ptr, void *elem);
+
+int list_contains(void *list_ptr, void *elem);
+
+void *list_insert(void *list_ptr, void *elem, int n);
+
+void *list_insert_ptr(void *list_ptr, void **elem, int n);
+
+void *list_append(void *list_ptr, void *elem);
+
+void *list_append_ptr(void *list_ptr, void **elem);
+
+void *list_remove(void *list_ptr, int n);
+
+void *list_delete(void *list_ptr, void *elem);
+
+void *list_clear(void *list_ptr);
+
+void list_free(void *list_ptr);
+
+#endif //SESIMOS_LIST_H
--- a/src/lib/mpmc.c
+++ b/src/lib/mpmc.c
@@ -0,0 +1,167 @@
+
+#include "mpmc.h"
+#include "../logger.h"
+
+#include <errno.h>
+#include <malloc.h>
+#include <memory.h>
+#include <pthread.h>
+#include <signal.h>
+
+static void *mpmc_worker(void *arg);
+
+int mpmc_init(mpmc_t *ctx, int n_workers, int buf_size, void (*consumer)(void *obj), const char *name) {
+    ctx->alive = 1;
+    ctx->n_workers = n_workers;
+    ctx->size = buf_size, ctx->max_size = buf_size;
+    ctx->rd = 0, ctx->wr = 0;
+    ctx->buffer = NULL, ctx->workers = NULL;
+    ctx->consumer = consumer;
+    ctx->name = name;
+
+    if (sem_init(&ctx->free, 0, ctx->size) != 0 ||
+        sem_init(&ctx->used, 0, 0)         != 0 ||
+        sem_init(&ctx->lck_rd, 0, 1)       != 0 ||
+        sem_init(&ctx->lck_wr, 0, 1)       != 0)
+    {
+        mpmc_destroy(ctx);
+        return -1;
+    }
+
+    if ((ctx->buffer  = malloc(ctx->size      * sizeof(void *)))    == NULL ||
+        (ctx->workers = malloc(ctx->n_workers * sizeof(pthread_t))) == NULL)
+    {
+        mpmc_destroy(ctx);
+        return -1;
+    }
+
+    memset(ctx->buffer,   0, ctx->size      * sizeof(void *));
+    memset(ctx->workers, -1, ctx->n_workers * sizeof(pthread_t));
+
+    for (int i = 0; i < ctx->n_workers; i++) {
+        int ret;
+        if ((ret = pthread_create(&ctx->workers[i], NULL, mpmc_worker, ctx)) != 0) {
+            mpmc_destroy(ctx);
+            errno = ret;
+            return -1;
+        }
+    }
+
+    return 0;
+}
+
+int mpmc_queue(mpmc_t *ctx, void *obj) {
+    // wait for buffer to be emptied
+    while (sem_wait(&ctx->free) != 0) {
+        if (errno == EINTR) {
+            errno = 0;
+            continue;
+        } else {
+            return -1;
+        }
+    }
+
+    // lock wr field
+    while (sem_wait(&ctx->lck_wr) != 0) {
+        if (errno == EINTR) {
+            errno = 0;
+            continue;
+        } else {
+            sem_post(&ctx->free);
+            return -1;
+        }
+    }
+
+    int p = ctx->wr;
+    ctx->wr = (ctx->wr + 1) % ctx->size;
+
+    // unlock wr field
+    sem_post(&ctx->lck_wr);
+
+    // fill buffer with object
+    ctx->buffer[p] = obj;
+
+    // inform worker
+    sem_post(&ctx->used);
+
+    return 0;
+}
+
+static void *mpmc_worker(void *arg) {
+    mpmc_t *ctx = arg;
+
+    int id;
+    for (id = 0; id < ctx->n_workers && ctx->workers[id] != pthread_self(); id++);
+    logger_set_name("%s/%i", ctx->name, id);
+
+    while (ctx->alive) {
+        // wait for buffer to be filled
+        if (sem_wait(&ctx->used) != 0) {
+            if (errno == EINTR) {
+                errno = 0;
+                continue;
+            } else {
+                critical("Unable to lock semaphore");
+                errno = 0;
+                break;
+            }
+        }
+
+        // lock rd field
+        if (sem_wait(&ctx->lck_rd) != 0) {
+            if (errno == EINTR) {
+                errno = 0;
+                sem_post(&ctx->used);
+                continue;
+            } else {
+                critical("Unable to lock semaphore");
+                errno = 0;
+                sem_post(&ctx->used);
+                break;
+            }
+        }
+
+        int p = ctx->rd;
+        ctx->rd = (ctx->rd + 1) % ctx->size;
+
+        // unlock rd field
+        sem_post(&ctx->lck_rd);
+
+        // consume object
+        ctx->consumer(ctx->buffer[p]);
+        logger_set_prefix("");
+
+        // unlock slot in buffer
+        sem_post(&ctx->free);
+    }
+
+    return NULL;
+}
+
+void mpmc_stop(mpmc_t *ctx) {
+    ctx->alive = 0;
+}
+
+void mpmc_destroy(mpmc_t *ctx) {
+    int e = errno;
+
+    // stop threads, if running
+    mpmc_stop(ctx);
+    for (int i = 0; i < ctx->n_workers; i++) {
+        if (ctx->workers[i] == -1) break;
+        debug("Waiting for worker %s/%i to finish...", ctx->name, i);
+        pthread_kill(ctx->workers[i], SIGUSR1);
+        pthread_join(ctx->workers[i], NULL);
+    }
+
+    sem_destroy(&ctx->free);
+    sem_destroy(&ctx->used);
+    sem_destroy(&ctx->lck_rd);
+    sem_destroy(&ctx->lck_wr);
+    free(ctx->buffer);
+    free(ctx->workers);
+
+    // reset errno
+    errno = e;
+}
+
--- a/src/lib/mpmc.h
+++ b/src/lib/mpmc.h
@@ -0,0 +1,27 @@
+
+#ifndef SESIMOS_MPMC_H
+#define SESIMOS_MPMC_H
+
+#include <semaphore.h>
+
+typedef struct {
+    unsigned char alive;
+    int n_workers;
+    int rd, wr;
+    sem_t free, used, lck_rd, lck_wr;
+    int size, max_size;
+    void **buffer;
+    pthread_t *workers;
+    void (*consumer)(void *obj);
+    const char* name;
+} mpmc_t;
+
+int mpmc_init(mpmc_t *ctx, int n_workers, int buf_size, void (*consumer)(void *obj), const char *name);
+
+int mpmc_queue(mpmc_t *ctx, void *obj);
+
+void mpmc_stop(mpmc_t *ctx);
+
+void mpmc_destroy(mpmc_t *ctx);
+
+#endif //SESIMOS_MPMC_H
--- a/src/lib/proxy.c
+++ b/src/lib/proxy.c
@@ -0,0 +1,612 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Reverse proxy
+ * @file src/lib/proxy.c
+ * @author Lorenz Stechauner
+ * @date 2021-01-07
+ */
+
+#include "../defs.h"
+#include "../server.h"
+#include "../logger.h"
+#include "proxy.h"
+#include "utils.h"
+#include "config.h"
+#include "error.h"
+
+#include <openssl/ssl.h>
+#include <string.h>
+#include <errno.h>
+#include <openssl/err.h>
+#include <arpa/inet.h>
+#include <semaphore.h>
+
+static SSL_CTX *proxy_ctx = NULL;
+static proxy_ctx_t *proxies = NULL;
+static sem_t *available = NULL;
+static sem_t lock;
+static int num_proxy_hosts = -1;
+
+int proxy_preload(void) {
+    int n = 0;
+    for (int i = 0; i < CONFIG_MAX_HOST_CONFIG; i++) {
+        host_config_t *hc = &config.hosts[i];
+        if (hc->type == CONFIG_TYPE_UNSET) break;
+        if (hc->type != CONFIG_TYPE_REVERSE_PROXY) continue;
+        n++;
+    }
+
+    proxy_ctx = SSL_CTX_new(TLS_client_method());
+    if (proxy_ctx == NULL) {
+        return -1;
+    }
+
+    proxies = malloc(n * MAX_PROXY_CNX_PER_HOST * sizeof(proxy_ctx_t));
+    if (proxies == NULL) {
+        proxy_unload();
+        return -1;
+    }
+    memset(proxies, 0, n * MAX_PROXY_CNX_PER_HOST * sizeof(proxy_ctx_t));
+
+    available = malloc(n * sizeof(*available));
+    if (available == NULL) {
+        proxy_unload();
+        return -1;
+    }
+    for (int i = 0; i < n; i++) {
+        if (sem_init(&available[i], 0, MAX_PROXY_CNX_PER_HOST) != 0) {
+            proxy_unload();
+            return -1;
+        }
+    }
+
+    if (sem_init(&lock, 0, 1) != 0) {
+        proxy_unload();
+        return -1;
+    }
+
+    num_proxy_hosts = n;
+
+    return 0;
+}
+
+void proxy_unload(void) {
+    int e = errno;
+    SSL_CTX_free(proxy_ctx);
+    sem_destroy(&lock);
+    if (num_proxy_hosts != -1) {
+        for (int i = 0; i < num_proxy_hosts; i++) {
+            sem_destroy(&available[i]);
+        }
+    }
+    free(available);
+    free(proxies);
+    errno = e;
+}
+
+void proxy_close_all(void) {
+    proxy_ctx_t *ptr = proxies;
+    for (int i = 0; i < MAX_PROXY_CNX_PER_HOST * num_proxy_hosts; i++, ptr++) {
+        if (ptr->initialized) {
+            proxy_close(ptr);
+            logger_set_prefix("");
+        }
+    }
+}
+
+proxy_ctx_t *proxy_get_by_conf(host_config_t *conf) {
+    int n = 0;
+    for (int i = 0; i < CONFIG_MAX_HOST_CONFIG; i++) {
+        host_config_t *hc = &config.hosts[i];
+        if (hc->type == CONFIG_TYPE_UNSET) break;
+        if (hc->type != CONFIG_TYPE_REVERSE_PROXY) continue;
+        if (hc == conf) break;
+        n++;
+    }
+
+    while (sem_wait(&available[n]) != 0) {
+        if (errno == EINTR) {
+            errno = 0;
+            continue;
+        } else {
+            return NULL;
+        }
+    }
+
+    while (sem_wait(&lock) != 0) {
+        if (errno == EINTR) {
+            errno = 0;
+            continue;
+        } else {
+            sem_post(&available[n]);
+            return NULL;
+        }
+    }
+
+    proxy_ctx_t *ptr = proxies + n * MAX_PROXY_CNX_PER_HOST;
+    for (int i = 0; i < MAX_PROXY_CNX_PER_HOST; i++, ptr++) {
+        if (!ptr->in_use) {
+            ptr->in_use = 1;
+            sem_post(&lock);
+            return ptr;
+        }
+    }
+
+    sem_post(&lock);
+    sem_post(&available[n]);
+    return NULL;
+}
+
+int proxy_unlock_ctx(proxy_ctx_t *ctx) {
+    int n = (int) ((ctx - proxies) / MAX_PROXY_CNX_PER_HOST);
+    if (ctx->close) proxy_close(ctx);
+
+    debug("Released proxy connection slot %i/%i", (ctx - proxies) % MAX_PROXY_CNX_PER_HOST, MAX_PROXY_CNX_PER_HOST);
+    ctx->in_use = 0;
+    ctx->client = NULL;
+    sem_post(&available[n]);
+    if (!ctx->close) {
+        return 1;
+    } else {
+        ctx->close = 0;
+        return 0;
+    }
+}
+
+int proxy_request_header(http_req *req, sock *sock) {
+    char buf1[256], buf2[256];
+    int p_len;
+
+    const char *via = http_get_header_field(&req->hdr, "Via");
+    sprintf(buf1, "HTTP/%s %s", req->version, SERVER_NAME);
+    if (via == NULL) {
+        http_add_header_field(&req->hdr, "Via", buf1);
+    } else {
+        p_len = snprintf(buf2, sizeof(buf2), "%s, %s", via, buf1);
+        if (p_len < 0 || p_len >= sizeof(buf2)) {
+            error("Header field 'Via' too long");
+            return -1;
+        }
+        http_remove_header_field(&req->hdr, "Via", HTTP_REMOVE_ALL);
+        http_add_header_field(&req->hdr, "Via", buf2);
+    }
+
+    int client_ipv6 = strchr(sock->addr, ':') != NULL;
+    int server_ipv6 = strchr(sock->s_addr, ':') != NULL;
+
+    p_len = snprintf(buf1, sizeof(buf1), "by=%s%s%s;for=%s%s%s;host=%s;proto=%s",
+                     server_ipv6 ? "\"[" : "", sock->s_addr, server_ipv6 ? "]\"" : "",
+                     client_ipv6 ? "\"[" : "", sock->addr, client_ipv6 ? "]\"" : "",
+                     http_get_header_field(&req->hdr, "Host"), sock->enc ? "https" : "http");
+    if (p_len < 0 || p_len >= sizeof(buf1)) {
+        error("Appended part of header field 'Forwarded' too long");
+        return -1;
+    }
+
+    const char *forwarded = http_get_header_field(&req->hdr, "Forwarded");
+    if (forwarded == NULL) {
+        http_add_header_field(&req->hdr, "Forwarded", buf1);
+    } else {
+        p_len = snprintf(buf2, sizeof(buf2), "%s, %s", forwarded, buf1);
+        if (p_len < 0 || p_len >= sizeof(buf2)) {
+            error("Header field 'Forwarded' too long");
+            return -1;
+        }
+        http_remove_header_field(&req->hdr, "Forwarded", HTTP_REMOVE_ALL);
+        http_add_header_field(&req->hdr, "Forwarded", buf2);
+    }
+
+    const char *xff = http_get_header_field(&req->hdr, "X-Forwarded-For");
+    if (xff == NULL) {
+        http_add_header_field(&req->hdr, "X-Forwarded-For", sock->addr);
+    } else {
+        sprintf(buf1, "%s, %s", xff, sock->addr);
+        http_remove_header_field(&req->hdr, "X-Forwarded-For", HTTP_REMOVE_ALL);
+        http_add_header_field(&req->hdr, "X-Forwarded-For", buf1);
+    }
+
+    const char *xfh = http_get_header_field(&req->hdr, "X-Forwarded-Host");
+    forwarded = http_get_header_field(&req->hdr, "Forwarded");
+    if (xfh == NULL) {
+        if (forwarded == NULL) {
+            http_add_header_field(&req->hdr, "X-Forwarded-Host", http_get_header_field(&req->hdr, "Host"));
+        } else {
+            char *ptr = strchr(forwarded, ',');
+            unsigned long len;
+            if (ptr != NULL) len = ptr - forwarded;
+            else len = strlen(forwarded);
+            ptr = strstr(forwarded, "host=");
+            if ((ptr - forwarded) < len) {
+                char *end = strchr(ptr, ';');
+                if (end == NULL) len -= (ptr - forwarded);
+                else len = (end - ptr);
+                len -= 5;
+                sprintf(buf1, "%.*s", (int) len, ptr + 5);
+                http_add_header_field(&req->hdr, "X-Forwarded-Host", buf1);
+            }
+        }
+    }
+
+    const char *xfp = http_get_header_field(&req->hdr, "X-Forwarded-Proto");
+    forwarded = http_get_header_field(&req->hdr, "Forwarded");
+    if (xfp == NULL) {
+        if (forwarded == NULL) {
+            http_add_header_field(&req->hdr, "X-Forwarded-Proto", sock->enc ? "https" : "http");
+        } else {
+            char *ptr = strchr(forwarded, ',');
+            unsigned long len;
+            if (ptr != NULL) len = ptr - forwarded;
+            else len = strlen(forwarded);
+            ptr = strstr(forwarded, "proto=");
+            if ((ptr - forwarded) < len) {
+                char *end = strchr(ptr, ';');
+                if (end == NULL) len -= (ptr - forwarded);
+                else len = (end - ptr);
+                len -= 6;
+                sprintf(buf1, "%.*s", (int) len, ptr + 6);
+                http_add_header_field(&req->hdr, "X-Forwarded-Proto", buf1);
+            }
+        }
+    }
+
+    return 0;
+}
+
+int proxy_response_header(http_req *req, http_res *res, host_config_t *conf) {
+    char buf1[256], buf2[256];
+    int p_len;
+
+    const char *via = http_get_header_field(&res->hdr, "Via");
+    p_len = snprintf(buf1, sizeof(buf1), "HTTP/%s %s", req->version, SERVER_NAME);
+    if (p_len < 0 || p_len >= sizeof(buf1)) {
+        error("Appended part of header field 'Via' too long");
+        return -1;
+    }
+    if (via == NULL) {
+        http_add_header_field(&res->hdr, "Via", buf1);
+    } else {
+        p_len = snprintf(buf2, sizeof(buf2), "%s, %s", via, buf1);
+        if (p_len < 0 || p_len >= sizeof(buf2)) {
+            error("Header field 'Via' too long");
+            return -1;
+        }
+        http_remove_header_field(&res->hdr, "Via", HTTP_REMOVE_ALL);
+        http_add_header_field(&res->hdr, "Via", buf2);
+    }
+
+    const char *location = http_get_header_field(&res->hdr, "Location");
+    if (location != NULL) {
+        char *hostnames[] = {conf->name, conf->proxy.hostname};
+        int found = 0;
+
+        for (int i = 0; i < sizeof(hostnames) / sizeof(hostnames[0]); i++) {
+            char *hostname = hostnames[i];
+            found = 1;
+
+            p_len = snprintf(buf1, sizeof(buf1), "http://%s/", hostname);
+            if (strstarts(location, buf1)) break;
+
+            p_len = snprintf(buf1, sizeof(buf1), "https://%s/", hostname);
+            if (strstarts(location, buf1)) break;
+
+            p_len = snprintf(buf1, sizeof(buf1), "http://%s:%i/", hostname, conf->proxy.port);
+            if (strstarts(location, buf1)) break;
+
+            p_len = snprintf(buf1, sizeof(buf1), "https://%s:%i/", hostname, conf->proxy.port);
+            if (strstarts(location, buf1)) break;
+
+            found = 0;
+        }
+
+        if (found) {
+            strcpy(buf1, location + p_len - 1);
+            http_remove_header_field(&res->hdr, "Location", HTTP_REMOVE_ALL);
+            http_add_header_field(&res->hdr, "Location", buf1);
+        }
+    }
+
+    return 0;
+}
+
+static int proxy_connect(proxy_ctx_t *proxy, host_config_t *conf, http_res *res, http_status_ctx *ctx, char *err_msg) {
+    char err_buf[256], addr_buf[1024];
+
+    info(BLUE_STR "Connecting to " BLD_STR "[%s]:%i" CLR_STR BLUE_STR "...", conf->proxy.hostname, conf->proxy.port);
+
+    int fd;
+    if ((fd = sock_connect(conf->proxy.hostname, conf->proxy.port, SERVER_TIMEOUT_INIT, addr_buf, sizeof(addr_buf))) == -1) {
+        if (errno == ETIMEDOUT || errno == EINPROGRESS || errno == EHOSTDOWN || errno == EHOSTUNREACH) {
+            res->status = http_get_status(504);
+            ctx->origin = SERVER_REQ;
+        } else if (errno == ECONNREFUSED) {
+            res->status = http_get_status(502);
+            ctx->origin = SERVER_REQ;
+        } else if (errno == ECONNABORTED || errno == ECONNRESET) {
+            res->status = http_get_status(502);
+            ctx->origin = SERVER_RES;
+        } else {
+            res->status = http_get_status(500);
+            ctx->origin = INTERNAL;
+        }
+        error("Unable to connect to [%s]:%i", addr_buf, conf->proxy.port);
+        sprintf(err_msg, "Unable to connect to server: %s.", error_str(errno, err_buf, sizeof(err_buf)));
+        return -1;
+    }
+
+    sock_init(&proxy->proxy, fd, 0);
+
+    if (sock_set_timeout(&proxy->proxy, SERVER_TIMEOUT) != 0) {
+        res->status = http_get_status(500);
+        ctx->origin = INTERNAL;
+        error("Unable to set timeout for reverse proxy socket");
+        sprintf(err_msg, "Unable to set timeout for reverse proxy socket: %s", error_str(errno, err_buf, sizeof(err_buf)));
+        return -1;
+    }
+
+    if (conf->proxy.enc) {
+        proxy->proxy.ssl = SSL_new(proxy_ctx);
+        SSL_set_fd(proxy->proxy.ssl, proxy->proxy.socket);
+        SSL_set_connect_state(proxy->proxy.ssl);
+
+        int ret;
+        if ((ret = SSL_do_handshake(proxy->proxy.ssl)) != 1) {
+            sock_error(&proxy->proxy, (int) ret);
+            SSL_free(proxy->proxy.ssl);
+            proxy->proxy.ssl = NULL;
+            res->status = http_get_status(502);
+            ctx->origin = SERVER_REQ;
+            error("Unable to perform handshake");
+            sprintf(err_msg, "Unable to perform handshake: %s.", error_str(errno, err_buf, sizeof(err_buf)));
+            return -1;
+        }
+        proxy->proxy.enc = 1;
+    }
+
+    proxy->initialized = 1;
+    proxy->cnx_s = clock_micros();
+    proxy->host = conf->name;
+    proxy->http_timeout = 0;
+
+    info(BLUE_STR "Established new connection with " BLD_STR "[%s]:%i" CLR_STR BLUE_STR " (slot %i/%i)",
+         addr_buf, conf->proxy.port, (proxy - proxies) % MAX_PROXY_CNX_PER_HOST, MAX_PROXY_CNX_PER_HOST);
+
+    return 0;
+}
+
+int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_status_ctx *ctx, host_config_t *conf, sock *client, http_status *custom_status, char *err_msg) {
+    char buffer[CHUNK_SIZE], err_buf[256];
+    long ret;
+
+    *proxy_ptr = proxy_get_by_conf(conf);
+    proxy_ctx_t *proxy = *proxy_ptr;
+    proxy->client = NULL;
+    debug("Selected proxy connection slot %i/%i", (proxy - proxies) % MAX_PROXY_CNX_PER_HOST, MAX_PROXY_CNX_PER_HOST);
+
+    const char *connection = http_get_header_field(&req->hdr, "Connection");
+    if (strcontains(connection, "upgrade") || strcontains(connection, "Upgrade")) {
+        const char *upgrade = http_get_header_field(&req->hdr, "Upgrade");
+        const char *ws_version = http_get_header_field(&req->hdr, "Sec-WebSocket-Version");
+        if (streq(upgrade, "websocket") && streq(ws_version, "13")) {
+            ctx->ws_key = http_get_header_field(&req->hdr, "Sec-WebSocket-Key");
+        } else {
+            res->status = http_get_status(501);
+            ctx->origin = INTERNAL;
+            return -1;
+        }
+    } else {
+        http_remove_header_field(&req->hdr, "Connection", HTTP_REMOVE_ALL);
+        http_add_header_field(&req->hdr, "Connection", "keep-alive");
+    }
+
+    ret = proxy_request_header(req, client);
+    if (ret != 0) {
+        res->status = http_get_status(500);
+        ctx->origin = INTERNAL;
+        return -1;
+    }
+
+    for (int retry = 1, srv_error = 0, tries = 0;; tries++) {
+        errno = 0;
+        if (!retry)
+            return -1;
+
+        // honor server timeout with one second buffer
+        if (!proxy->initialized || srv_error ||
+            (proxy->http_timeout > 0 && (clock_micros() - proxy->proxy.ts_last_send) >= proxy->http_timeout) ||
+            sock_has_pending(&proxy->proxy, SOCK_DONTWAIT))
+        {
+            if (proxy->initialized)
+                proxy_close(proxy);
+
+            retry = 0;
+            srv_error = 0;
+            tries++;
+
+            if (proxy_connect(proxy, conf, res, ctx, err_msg) != 0)
+                continue;
+        }
+
+        ret = http_send_request(&proxy->proxy, req);
+        if (ret < 0) {
+            res->status = http_get_status(502);
+            ctx->origin = SERVER_REQ;
+            error("Unable to send request to server (1)");
+            sprintf(err_msg, "Unable to send request to server: %s.", error_str(errno, err_buf, sizeof(err_buf)));
+            retry = tries < 4;
+            srv_error = 1;
+            continue;
+        }
+
+        break;
+    }
+
+    const char *content_length = http_get_header_field(&req->hdr, "Content-Length");
+    unsigned long content_len = content_length != NULL ? strtoul(content_length, NULL, 10) : 0;
+    const char *transfer_encoding = http_get_header_field(&req->hdr, "Transfer-Encoding");
+
+    ret = 0;
+    if (content_len > 0) {
+        ret = sock_splice(&proxy->proxy, client, buffer, sizeof(buffer), content_len);
+    } else if (strcontains(transfer_encoding, "chunked")) {
+        ret = sock_splice_chunked(&proxy->proxy, client, buffer, sizeof(buffer), SOCK_CHUNKED);
+    }
+
+    if (ret < 0 || (content_len != 0 && ret != content_len)) {
+        if (ret == -1 && errno != EPROTO) {
+            res->status = http_get_status(502);
+            ctx->origin = SERVER_REQ;
+            error("Unable to send request to server (2)");
+            sprintf(err_msg, "Unable to send request to server: %s.", error_str(errno, err_buf, sizeof(err_buf)));
+            return -1;
+        } else if (ret == -1) {
+            res->status = http_get_status(400);
+            ctx->origin = CLIENT_REQ;
+            error("Unable to receive request from client");
+            sprintf(err_msg, "Unable to receive request from client: %s.", error_str(errno, err_buf, sizeof(err_buf)));
+            return -1;
+        }
+        res->status = http_get_status(500);
+        ctx->origin = INTERNAL;
+        error("Unknown Error");
+        return -1;
+    }
+
+    ret = sock_recv(&proxy->proxy, buffer, sizeof(buffer) - 1, MSG_PEEK);
+    if (ret <= 0) {
+        int e_sys = error_get_sys(), e_ssl = error_get_ssl();
+        if (e_sys == EAGAIN || e_sys == EINPROGRESS || e_ssl == SSL_ERROR_WANT_READ || e_ssl == SSL_ERROR_WANT_WRITE) {
+            res->status = http_get_status(504);
+            ctx->origin = SERVER_RES;
+        } else {
+            res->status = http_get_status(502);
+            ctx->origin = SERVER_RES;
+        }
+        error("Unable to receive response from server");
+        sprintf(err_msg, "Unable to receive response from server: %s.", error_str(errno, err_buf, sizeof(err_buf)));
+        return -1;
+    }
+    buffer[ret] = 0;
+
+    char *buf = buffer;
+    unsigned short header_len = (unsigned short) (strstr(buffer, "\r\n\r\n") - buffer + 4);
+
+    if (header_len <= 0) {
+        res->status = http_get_status(502);
+        ctx->origin = SERVER_RES;
+        error("Unable to parse header: End of header not found");
+        sprintf(err_msg, "Unable to parser header: End of header not found.");
+        return -2;
+    }
+
+    for (int i = 0; i < header_len; i++) {
+        if ((buf[i] >= 0x00 && buf[i] <= 0x1F && buf[i] != '\r' && buf[i] != '\n') || buf[i] == 0x7F) {
+            res->status = http_get_status(502);
+            ctx->origin = SERVER_RES;
+            error("Unable to parse header: Header contains illegal characters");
+            sprintf(err_msg, "Unable to parse header: Header contains illegal characters.");
+            return -2;
+        }
+    }
+
+    char *ptr = buf;
+    while (header_len != (ptr - buf)) {
+        char *pos0 = strstr(ptr, "\r\n");
+        if (pos0 == NULL) {
+            res->status = http_get_status(502);
+            ctx->origin = SERVER_RES;
+            error("Unable to parse header: Invalid header format");
+            sprintf(err_msg, "Unable to parse header: Invalid header format.");
+            return -2;
+        }
+        if (ptr == buf) {
+            if (!strstarts(ptr, "HTTP/")) {
+                res->status = http_get_status(502);
+                ctx->origin = SERVER_RES;
+                error("Unable to parse header: Invalid header format");
+                sprintf(err_msg, "Unable to parse header: Invalid header format.");
+                return -2;
+            }
+            int status_code = (int) strtol(ptr + 9, NULL, 10);
+            res->status = http_get_status(status_code);
+            if (res->status == NULL && status_code >= 100 && status_code <= 999) {
+                custom_status->code = status_code;
+                custom_status->type = 0;
+                snprintf(custom_status->msg, sizeof(custom_status->msg), "%.*s",
+                         (int) (strchr(ptr, '\r') - ptr - 13), ptr + 13);
+                res->status = custom_status;
+            } else if (res->status == NULL) {
+                res->status = http_get_status(502);
+                ctx->origin = SERVER_RES;
+                error("Unable to parse header: Invalid or unknown status code");
+                sprintf(err_msg, "Unable to parse header: Invalid or unknown status code.");
+                return -2;
+            }
+        } else {
+            if (http_parse_header_field(&res->hdr, ptr, pos0, 0) != 0) {
+                res->status = http_get_status(502);
+                ctx->origin = SERVER_RES;
+                error("Unable to parse header");
+                sprintf(err_msg, "Unable to parse header.");
+                return -2;
+            }
+        }
+        if (pos0[2] == '\r' && pos0[3] == '\n') {
+            break;
+        }
+        ptr = pos0 + 2;
+    }
+    if (sock_recv_x(&proxy->proxy, buffer, header_len, 0) == -1)
+        return -1;
+
+    long keep_alive_timeout = http_get_keep_alive_timeout(&res->hdr);
+    proxy->http_timeout = (keep_alive_timeout > 0) ? keep_alive_timeout * 1000000 : 0;
+
+    connection = http_get_header_field(&res->hdr, "Connection");
+    proxy->close = !streq(res->version, "1.1") || strcontains(connection, "close") || strcontains(connection, "Close");
+
+    ret = proxy_response_header(req, res, conf);
+    if (ret != 0) {
+        res->status = http_get_status(500);
+        ctx->origin = INTERNAL;
+        return -1;
+    }
+
+    return 0;
+}
+
+int proxy_send(proxy_ctx_t *proxy, sock *client, unsigned long len_to_send, int flags) {
+    char buffer[CHUNK_SIZE];
+    if (sock_splice(client, &proxy->proxy, buffer, sizeof(buffer), len_to_send) == -1)
+        return -1;
+    return 0;
+}
+
+int proxy_dump(proxy_ctx_t *proxy, char *buf, long len) {
+    long ret = sock_recv(&proxy->proxy, buf, len, 0);
+    if (ret == -1) return -1;
+    buf[ret] = 0;
+    return 0;
+}
+
+void proxy_close(proxy_ctx_t *ctx) {
+    client_ctx_t *cctx = ctx->client;
+    if (cctx) {
+        logger_set_prefix("[%s%*s%s]%s", BLD_STR, ADDRSTRLEN, cctx->req_host, CLR_STR, cctx->log_prefix);
+    }
+
+    if (ctx->initialized) {
+        ctx->cnx_e = clock_micros();
+        char buf[32];
+        info(BLUE_STR "Closing proxy connection %i/%i (%s)",
+             (ctx - proxies) % MAX_PROXY_CNX_PER_HOST, MAX_PROXY_CNX_PER_HOST,
+             format_duration(ctx->cnx_e - ctx->cnx_s, buf));
+    }
+
+    sock_close(&ctx->proxy);
+    ctx->initialized = 0;
+    ctx->http_timeout = 0;
+    ctx->cnx_e = 0, ctx->cnx_s = 0;
+    ctx->client = NULL;
+    ctx->host = NULL;
+    errno = 0;
+}
--- a/src/lib/proxy.h
+++ b/src/lib/proxy.h
@@ -0,0 +1,52 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Reverse proxy (header file)
+ * @file src/lib/proxy.h
+ * @author Lorenz Stechauner
+ * @date 2021-01-07
+ */
+
+#ifndef SESIMOS_PROXY_H
+#define SESIMOS_PROXY_H
+
+#define PROXY_CHUNKED 1
+
+#ifndef SERVER_NAME
+#   define SERVER_NAME "reverse proxy"
+#endif
+
+#include "http.h"
+#include "config.h"
+
+typedef struct {
+    volatile unsigned char initialized:1, in_use:1, close:1;
+    sock proxy;
+    long cnx_s, cnx_e;
+    long http_timeout;
+    char *host;
+    void *client;
+} proxy_ctx_t;
+
+int proxy_preload(void);
+
+void proxy_unload(void);
+
+void proxy_close_all(void);
+
+proxy_ctx_t *proxy_get_by_conf(host_config_t *conf);
+
+int proxy_unlock_ctx(proxy_ctx_t *ctx);
+
+int proxy_request_header(http_req *req, sock *sock);
+
+int proxy_response_header(http_req *req, http_res *res, host_config_t *conf);
+
+int proxy_init(proxy_ctx_t **proxy, http_req *req, http_res *res, http_status_ctx *ctx, host_config_t *conf, sock *client, http_status *custom_status, char *err_msg);
+
+int proxy_send(proxy_ctx_t *proxy, sock *client, unsigned long len_to_send, int flags);
+
+int proxy_dump(proxy_ctx_t *proxy, char *buf, long len);
+
+void proxy_close(proxy_ctx_t *ctx);
+
+#endif //SESIMOS_PROXY_H
--- a/src/lib/res.h
+++ b/src/lib/res.h
@@ -0,0 +1,62 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief HTTP resources (header file)
+ * @file src/lib/res.h
+ * @author Lorenz Stechauner
+ * @date 2022-12-31
+ */
+
+#ifndef SESIMOS_RES_H
+#define SESIMOS_RES_H
+
+#define http_default_doc        _binary_bin_res_default_txt_start
+#define http_default_doc_size   ((unsigned int) (_binary_bin_res_default_txt_end - _binary_bin_res_default_txt_start) - 1)
+#define http_proxy_doc          _binary_bin_res_proxy_txt_start
+#define http_proxy_doc_size     ((unsigned int) (_binary_bin_res_proxy_txt_end - _binary_bin_res_proxy_txt_start) - 1)
+#define http_style_doc          _binary_bin_res_style_txt_start
+#define http_style_doc_size     ((unsigned int) (_binary_bin_res_style_txt_end - _binary_bin_res_style_txt_start) - 1)
+
+#define http_icon_error         _binary_bin_res_icon_error_txt_start
+#define http_icon_error_size    ((unsigned int) (_binary_bin_res_icon_error_txt_end - _binary_bin_res_icon_error_txt_start) - 1)
+#define http_icon_info          _binary_bin_res_icon_info_txt_start
+#define http_icon_info_size     ((unsigned int) (_binary_bin_res_icon_info_txt_end - _binary_bin_res_icon_info_txt_start) - 1)
+#define http_icon_success       _binary_bin_res_icon_success_txt_start
+#define http_icon_success_size  ((unsigned int) (_binary_bin_res_icon_success_txt_end - _binary_bin_res_icon_success_txt_start) - 1)
+#define http_icon_warning       _binary_bin_res_icon_warning_txt_start
+#define http_icon_warning_size  ((unsigned int) (_binary_bin_res_icon_warning_txt_end - _binary_bin_res_icon_warning_txt_start) - 1)
+
+#define http_icon_globe         _binary_bin_res_globe_txt_start
+#define http_icon_globe_size    ((unsigned int) (_binary_bin_res_globe_txt_end - _binary_bin_res_globe_txt_start) - 1)
+
+typedef struct {
+    const char *name;
+    const char *type;
+    const char *content;
+    const unsigned int size;
+} res_t;
+
+extern const char _binary_bin_res_default_txt_start[];
+extern const char _binary_bin_res_default_txt_end[];
+
+extern const char _binary_bin_res_proxy_txt_start[];
+extern const char _binary_bin_res_proxy_txt_end[];
+
+extern const char _binary_bin_res_style_txt_start[];
+extern const char _binary_bin_res_style_txt_end[];
+
+extern const char _binary_bin_res_icon_error_txt_start[];
+extern const char _binary_bin_res_icon_error_txt_end[];
+
+extern const char _binary_bin_res_icon_info_txt_start[];
+extern const char _binary_bin_res_icon_info_txt_end[];
+
+extern const char _binary_bin_res_icon_success_txt_start[];
+extern const char _binary_bin_res_icon_success_txt_end[];
+
+extern const char _binary_bin_res_icon_warning_txt_start[];
+extern const char _binary_bin_res_icon_warning_txt_end[];
+
+extern const char _binary_bin_res_globe_txt_start[];
+extern const char _binary_bin_res_globe_txt_end[];
+
+#endif //SESIMOS_RES_H
--- a/src/lib/sock.c
+++ b/src/lib/sock.c
@@ -0,0 +1,486 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Basic TCP and TLS socket
+ * @file src/lib/sock.c
+ * @author Lorenz Stechauner
+ * @date 2021-01-07
+ */
+
+#include "sock.h"
+#include "utils.h"
+#include "error.h"
+#include "../logger.h"
+
+#include <errno.h>
+#include <openssl/ssl.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <unistd.h>
+#include <openssl/err.h>
+#include <sys/ioctl.h>
+#include <fcntl.h>
+#include <netdb.h>
+
+static void sock_ssl_error(unsigned long err) {
+    if (err == SSL_ERROR_NONE) {
+        errno = 0;
+    } else if (err == SSL_ERROR_SYSCALL) {
+        // errno already set
+    } else if (err == SSL_ERROR_SSL) {
+        error_ssl_err(ERR_get_error());
+    } else {
+        error_ssl(err);
+    }
+}
+
+void sock_error(sock *s, int ret) {
+    sock_ssl_error(SSL_get_error(s->ssl, ret));
+}
+
+int sock_gai_error(int ret) {
+    if (ret == 0) {
+        errno = 0;
+    } else if (ret == EAI_SYSTEM) {
+        // errno already set
+    } else {
+        error_gai(ret);
+    }
+    return -1;
+}
+
+const char *sock_error_str(unsigned long err) {
+    switch (err) {
+        case SSL_ERROR_ZERO_RETURN:
+            return "closed";
+        case SSL_ERROR_WANT_READ:
+            return "want read";
+        case SSL_ERROR_WANT_WRITE:
+            return "want write";
+        case SSL_ERROR_WANT_CONNECT:
+            return "want connect";
+        case SSL_ERROR_WANT_ACCEPT:
+            return "want accept";
+        case SSL_ERROR_WANT_X509_LOOKUP:
+            return "want x509 lookup";
+        case SSL_ERROR_WANT_ASYNC:
+            return "want async";
+        case SSL_ERROR_WANT_ASYNC_JOB:
+            return "want async job";
+        case SSL_ERROR_WANT_CLIENT_HELLO_CB:
+            return "want client hello callback";
+            //case SSL_ERROR_WANT_RETRY_VERIFY:
+            //    return "want retry verify";
+        default:
+            return "unknown error";
+    }
+}
+
+int sock_init(sock *s, int fd, int flags) {
+    if ((flags & SOCK_ENCRYPTED) && (flags & SOCK_PIPE)) {
+        errno = EINVAL;
+        return -1;
+    }
+
+    s->socket = fd;
+    s->enc = !!(flags & SOCK_ENCRYPTED);
+    s->pipe = !!(flags & SOCK_PIPE);
+    s->ts_start = clock_micros();
+    s->ts_last = s->ts_start;
+    s->ts_last_send = s->ts_last;
+    s->timeout_us = -1;
+    s->ssl = NULL;
+    s->addr = NULL;
+    s->s_addr = NULL;
+
+    return 0;
+}
+
+int sock_connect(const char *hostname, unsigned short port, double timeout_sec, char *addr_buf, size_t addr_buf_size) {
+    char buf[INET6_ADDRSTRLEN + 1];
+    int ret, fd, e = 0;
+    long timeout_micros = (long) (timeout_sec * 1000000L);
+    struct addrinfo *result, *rp,
+            hints = {
+                .ai_family = AF_UNSPEC,
+                .ai_socktype = SOCK_STREAM,
+                .ai_protocol = 0,
+                .ai_flags = 0,
+            };
+
+    if (addr_buf && addr_buf_size > 1)
+        addr_buf[0] = 0;
+
+    if ((ret = getaddrinfo(hostname, NULL, &hints, &result)) != 0)
+        return sock_gai_error(ret);
+
+    for (rp = result; rp != NULL; rp = rp->ai_next) {
+        switch (rp->ai_family) {
+            case AF_INET:
+                ((struct sockaddr_in *) rp->ai_addr)->sin_port = htons(port);
+                inet_ntop(rp->ai_family, &((struct sockaddr_in *) rp->ai_addr)->sin_addr, buf, addr_buf_size);
+                break;
+            case AF_INET6:
+                ((struct sockaddr_in6 *) rp->ai_addr)->sin6_port = htons(port);
+                inet_ntop(rp->ai_family, &((struct sockaddr_in6 *) rp->ai_addr)->sin6_addr, buf, addr_buf_size);
+                break;
+        }
+
+        debug("Trying [%s]:%i", buf, port);
+
+        if ((fd = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol)) == -1) {
+            if (e == 0) {
+                e = errno;
+            } else if (e != errno) {
+                e = -1;
+            }
+            continue;
+        }
+
+        if (sock_set_socket_timeout_micros(fd, timeout_micros, timeout_micros) == -1) {
+            close(fd);
+            return -1;
+        }
+
+        if (connect(fd, rp->ai_addr, rp->ai_addrlen) == -1) {
+            e = errno;
+            close(fd);
+            continue;
+        }
+
+        break;
+    }
+
+    freeaddrinfo(result);
+
+    if (addr_buf && addr_buf_size > 1 && addr_buf[0] == 0)
+        strncpy(addr_buf, buf, addr_buf_size);
+
+    errno = e;
+    return (e == 0) ? fd : -1;
+}
+
+int sock_reverse_lookup(const sock *s, char *host, size_t host_size) {
+    memset(host, 0, host_size);
+
+    int ret;
+    if ((ret = getnameinfo(&s->_addr.sock, sizeof(s->_addr), host, host_size, NULL, 0, 0)) != 0) {
+        if (ret == EAI_NONAME) {
+            return 0;
+        } else {
+            return sock_gai_error(ret);
+        }
+    }
+
+    return 0;
+}
+
+int sock_set_socket_timeout_micros(int fd, long recv_micros, long send_micros) {
+    struct timeval recv_to = {.tv_sec = recv_micros / 1000000, .tv_usec = recv_micros % 1000000},
+                   send_to = {.tv_sec = send_micros / 1000000, .tv_usec = send_micros % 1000000};
+
+    if (setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &recv_to, sizeof(recv_to)) != 0)
+        return -1;
+
+    if (setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &send_to, sizeof(send_to)) != 0)
+        return -1;
+
+    return 0;
+}
+
+int sock_set_socket_timeout(sock *s, double sec) {
+    return sock_set_socket_timeout_micros(s->socket, (long) (sec * 1000000L), (long) (sec * 1000000L));
+}
+
+int sock_set_timeout_micros(sock *s, long micros) {
+    if (micros < 0)
+        return -1;
+
+    s->timeout_us = micros;
+    return 0;
+}
+
+int sock_set_timeout(sock *s, double sec) {
+    return sock_set_timeout_micros(s, (long) (sec * 1000000));
+}
+
+long sock_send(sock *s, void *buf, unsigned long len, int flags) {
+    if (s->socket < 0) {
+        errno = ENOTCONN;
+        return -1;
+    }
+
+    long ret;
+    if (s->enc) {
+        ret = SSL_write(s->ssl, buf, (int) len);
+        if (ret <= 0) sock_error(s, (int) ret);
+    } else if (s->pipe) {
+        if (flags & ~MSG_MORE) {
+            errno = EINVAL;
+            return -1;
+        }
+        ret = write(s->socket, buf, len);
+    } else {
+        ret = send(s->socket, buf, len, flags);
+    }
+
+    if (ret >= 0) {
+        s->ts_last = clock_micros();
+        s->ts_last_send = s->ts_last;
+        return ret;
+    } else {
+        return -1;
+    }
+}
+
+long sock_send_x(sock *s, void *buf, unsigned long len, int flags) {
+    for (long ret, sent = 0; sent < len; sent += ret) {
+        if ((ret = sock_send(s, (unsigned char *) buf + sent, len - sent, flags)) <= 0) {
+            if (errno == EINTR) {
+                errno = 0, ret = 0;
+                continue;
+            } else {
+                return -1;
+            }
+        }
+    }
+    return (long) len;
+}
+
+long sock_recv(sock *s, void *buf, unsigned long len, int flags) {
+    if (s->socket < 0) {
+        errno = ENOTCONN;
+        return -1;
+    }
+
+    long ret;
+    if (s->enc) {
+        int (*func)(SSL *, void *, int) = (flags & MSG_PEEK) ? SSL_peek : SSL_read;
+        ret = func(s->ssl, buf, (int) len);
+        if (ret <= 0) sock_error(s, (int) ret);
+    } else  if (s->pipe) {
+        if (flags & ~MSG_WAITALL) {
+            errno = EINVAL;
+            return -1;
+        }
+        ret = read(s->socket, buf, len);
+    } else {
+        ret = recv(s->socket, buf, len, flags);
+    }
+
+    if (ret >= 0) {
+        s->ts_last = clock_micros();
+        return ret;
+    } else {
+        return -1;
+    }
+}
+
+long sock_recv_x(sock *s, void *buf, unsigned long len, int flags) {
+    for (long ret, rcv = 0; rcv < len; rcv += ret) {
+        if ((ret = sock_recv(s, (unsigned char *) buf + rcv, len - rcv, flags | MSG_WAITALL)) <= 0) {
+            if (errno == EINTR) {
+                errno = 0, ret = 0;
+                continue;
+            } else {
+                return -1;
+            }
+        }
+    }
+    return (long) len;
+}
+
+long sock_splice(sock *dst, sock *src, void *buf, unsigned long buf_len, unsigned long len) {
+    long send_len = 0;
+
+    if ((src->pipe || dst->pipe) && !src->enc && !dst->enc) {
+        for (long ret; send_len < len; send_len += ret) {
+            if ((ret = splice(src->socket, 0, dst->socket, 0, len, 0)) == -1) {
+                if (errno == EINTR) {
+                    errno = 0, ret = 0;
+                    continue;
+                } else {
+                    return -1;
+                }
+            }
+        }
+    } else {
+        for (long ret, next_len; send_len < len; send_len += ret) {
+            next_len = (long) ((buf_len < (len - send_len)) ? buf_len : (len - send_len));
+
+            if ((ret = sock_recv(src, buf, next_len, MSG_WAITALL)) <= 0) {
+                if (errno == EINTR) {
+                    errno = 0, ret = 0;
+                    continue;
+                } else {
+                    return -1;
+                }
+            }
+
+            if (sock_send_x(dst, buf, ret, send_len + ret < len ? MSG_MORE : 0) == -1)
+                return -1;
+        }
+    }
+
+    return send_len;
+}
+
+long sock_splice_all(sock *dst, sock *src, void *buf, unsigned long buf_len) {
+    long send_len = 0;
+    for (long ret;; send_len += ret) {
+        if ((ret = sock_recv(src, buf, buf_len, 0)) <= 0) {
+            if (errno == EINTR) {
+                errno = 0, ret = 0;
+                continue;
+            } else if (ret == 0) {
+                break;
+            } else {
+                return -1;
+            }
+        }
+
+        if (sock_send_x(dst, buf, ret, 0) == -1)
+            return -1;
+    }
+    return send_len;
+}
+
+long sock_splice_chunked(sock *dst, sock *src, void *buf, unsigned long buf_len, int flags) {
+    long ret;
+    unsigned long send_len = 0, next_len;
+
+    do {
+        if ((ret = sock_recv_chunk_header(src)) == -1)
+            return -1;
+
+        next_len = ret;
+
+        if (flags & SOCK_CHUNKED)
+            if (sock_send_chunk_header(dst, next_len) == -1)
+                return -1;
+
+        if ((ret = sock_splice(dst, src, buf, buf_len, next_len)) == -1)
+            return ret;
+
+        send_len += ret;
+
+        if (sock_recv_chunk_trailer(src) == -1)
+            return -1;
+
+        if (flags & SOCK_CHUNKED)
+            if (sock_send_chunk_trailer(dst) == -1)
+                return -1;
+    } while (!(flags & SOCK_SINGLE_CHUNK) && next_len != 0);
+
+    return (long) send_len;
+}
+
+int sock_close(sock *s) {
+    int e = errno;
+    if (s->ssl != NULL) {
+        SSL_shutdown(s->ssl);
+        SSL_free(s->ssl);
+        s->ssl = NULL;
+    }
+    if (s->socket != -1) close(s->socket);
+    s->socket = -1;
+    s->enc = 0, s->pipe = 0;
+    errno = e;
+    return 0;
+}
+
+int sock_has_pending(sock *s, int flags) {
+    int e = errno;
+    long ret;
+    if (s->pipe) {
+        int arg;
+        ioctl(s->socket, FIONREAD, &arg);
+        ret = arg;
+    } else if (s->enc && (flags & SOCK_DONTWAIT)) {
+        ret = SSL_pending(s->ssl);
+    } else {
+        char buf[1];
+        ret = sock_recv(s, &buf, sizeof(buf), MSG_PEEK | ((flags & SOCK_DONTWAIT) ? MSG_DONTWAIT : 0));
+    }
+    errno = e;
+    return ret > 0;
+}
+
+long sock_recv_chunk_header(sock *s) {
+    if (s->pipe) {
+        uint64_t len;
+        if (sock_recv_x(s, &len, sizeof(len), 0) == -1)
+            return -1;
+        return (long) len;
+    }
+
+    long ret;
+    size_t len = 0;
+    char buf[20];
+
+    do {
+        if ((ret = sock_recv(s, buf, sizeof(buf) - 1, MSG_PEEK)) <= 0) {
+            if (errno == EINTR) {
+                errno = 0;
+                continue;
+            } else {
+                return -1;
+            }
+        } else if (ret < 2) {
+            continue;
+        }
+        buf[ret] = 0;
+
+        if ((ret = parse_chunk_header(buf, ret, &len)) == -1 && errno == EPROTO)
+            return -1;
+    } while (ret < 0);
+
+    if (sock_recv_x(s, buf, len, 0) == -1)
+        return -1;
+
+    return ret;
+}
+
+int sock_send_chunk_header(sock *s, unsigned long size) {
+    if (s->pipe) {
+        uint64_t len = size;
+        if (sock_send_x(s, &len, sizeof(len), 0) == -1)
+            return -1;
+    } else {
+        char buf[20];
+        if (sock_send_x(s, buf, sprintf(buf, "%lX\r\n", size), 0) == -1)
+            return -1;
+    }
+    return 0;
+}
+
+int sock_recv_chunk_trailer(sock *s) {
+    if (s->pipe) return 0;
+
+    char buf[2];
+    if (sock_recv_x(s, buf, sizeof(buf), MSG_PEEK) == -1)
+        return -1;
+
+    if (buf[0] != '\r' || buf[1] != '\n') {
+        errno = EPROTO;
+        return -1;
+    }
+
+    if (sock_recv_x(s, buf, sizeof(buf), 0) == -1)
+        return -1;
+
+    return 0;
+}
+
+int sock_send_chunk_trailer(sock *s) {
+    if (s->pipe) return 0;
+    if (sock_send_x(s, "\r\n", 2, 0) == -1)
+        return -1;
+    return 0;
+}
+
+int sock_send_last_chunk(sock *s) {
+    if (s->pipe) return sock_send_chunk_header(s, 0);
+    if (sock_send_x(s, "0\r\n\r\n", 5, 0) == -1)
+        return -1;
+    return 0;
+}
--- a/src/lib/sock.h
+++ b/src/lib/sock.h
@@ -0,0 +1,85 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Basic TCP and TLS socket (header file)
+ * @file src/lib/sock.h
+ * @author Lorenz Stechauner
+ * @date 2021-01-07
+ */
+
+#ifndef SESIMOS_SOCK_H
+#define SESIMOS_SOCK_H
+
+#include <openssl/crypto.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+
+#define SOCK_CHUNKED 1
+#define SOCK_SINGLE_CHUNK 2
+
+#define SOCK_ENCRYPTED 1
+#define SOCK_PIPE 2
+
+#define SOCK_DONTWAIT 1
+
+typedef struct {
+    unsigned int enc:1, pipe:1;
+    int socket;
+    union {
+        struct sockaddr sock;
+        struct sockaddr_in6 ipv6;
+    } _addr;
+    char *addr, *s_addr;
+    SSL_CTX *ctx;
+    SSL *ssl;
+    long ts_start, ts_last, ts_last_send, timeout_us;
+} sock;
+
+void sock_error(sock *s, int ret);
+
+const char *sock_error_str(unsigned long err);
+
+int sock_init(sock *s, int fd, int flags);
+
+int sock_connect(const char *hostname, unsigned short port, double timeout_sec, char *addr_buf, size_t addr_buf_size);
+
+int sock_reverse_lookup(const sock *s, char *host, size_t host_size);
+
+int sock_init_addr_str(const sock *s, char *c_addr, size_t c_addr_size, char *s_addr, size_t s_addr_size);
+
+int sock_set_socket_timeout_micros(int fd, long recv_micros, long send_micros);
+
+int sock_set_socket_timeout(sock *s, double sec);
+
+int sock_set_timeout_micros(sock *s, long micros);
+
+int sock_set_timeout(sock *s, double sec);
+
+long sock_send(sock *s, void *buf, unsigned long len, int flags);
+
+long sock_send_x(sock *s, void *buf, unsigned long len, int flags);
+
+long sock_recv(sock *s, void *buf, unsigned long len, int flags);
+
+long sock_recv_x(sock *s, void *buf, unsigned long len, int flags);
+
+long sock_splice(sock *dst, sock *src, void *buf, unsigned long buf_len, unsigned long len);
+
+long sock_splice_all(sock *dst, sock *src, void *buf, unsigned long buf_len);
+
+long sock_splice_chunked(sock *dst, sock *src, void *buf, unsigned long buf_len, int flags);
+
+int sock_close(sock *s);
+
+int sock_has_pending(sock *s, int flags);
+
+long sock_recv_chunk_header(sock *s);
+
+int sock_send_chunk_header(sock *s, unsigned long size);
+
+int sock_recv_chunk_trailer(sock *s);
+
+int sock_send_chunk_trailer(sock *s);
+
+int sock_send_last_chunk(sock *s);
+
+#endif //SESIMOS_SOCK_H
--- a/src/lib/uri.c
+++ b/src/lib/uri.c
@@ -0,0 +1,207 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief URI and path handlers
+ * @file src/lib/uri.c
+ * @author Lorenz Stechauner
+ * @date 2020-12-13
+ */
+
+#include "uri.h"
+#include "utils.h"
+
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+
+
+int path_is_directory(const char *path) {
+    int e = errno;
+    struct stat stat_buf;
+    int ret = stat(path, &stat_buf);
+    errno = e;
+    return ret == 0 && S_ISDIR(stat_buf.st_mode) != 0;
+}
+
+int path_is_file(const char *path) {
+    int e = errno;
+    struct stat stat_buf;
+    int ret = stat(path, &stat_buf);
+    errno = e;
+    return ret == 0 && S_ISDIR(stat_buf.st_mode) == 0;
+}
+
+int path_exists(const char *path) {
+    int e = errno;
+    struct stat stat_buf;
+    int ret = stat(path, &stat_buf);
+    errno = e;
+    return ret == 0;
+}
+
+int uri_init(http_uri *uri, const char *webroot, const char *uri_str, int dir_mode) {
+    char buf0[1024], buf1[1024], buf2[1024], buf3[1024];
+    int p_len;
+
+    uri->webroot = NULL;
+    uri->req_path = NULL;
+    uri->path = NULL;
+    uri->pathinfo = NULL;
+    uri->query = NULL;
+    uri->filename = NULL;
+    uri->uri = NULL;
+    uri->meta = NULL;
+    uri->is_static = 1;
+    uri->is_dir = 0;
+
+    if (uri_str[0] != '/')
+        return 1;
+
+    uri->webroot = malloc(strlen(webroot) + 1);
+    strcpy(uri->webroot, webroot);
+
+    char *query = strchr(uri_str, '?');
+    if (query == NULL) {
+        uri->query = NULL;
+    } else {
+        query[0] = 0;
+        query++;
+        long size = (long) strlen(query) + 1;
+        uri->query = malloc(size);
+        strcpy(uri->query, query);
+    }
+
+    long size = (long) strlen(uri_str) + 1;
+    uri->req_path = malloc(size);
+    url_decode(uri_str, uri->req_path, &size);
+    if (query != NULL) query[-1] = '?';
+
+    if (strcontains(uri->req_path, "/../") || strcontains(uri->req_path, "/./"))
+        return 2;
+
+    size = (long) strlen(uri->req_path) + 1;
+    uri->path = malloc(size);
+    uri->pathinfo = malloc(size);
+
+    char last = 0;
+    for (int i = 0, j = 0; i < size - 1; i++) {
+        char ch = uri->req_path[i];
+        if (last != '/' || ch != '/') {
+            uri->path[j++] = ch;
+            uri->path[j] = 0;
+        }
+        last = ch;
+    }
+
+    if (dir_mode == URI_DIR_MODE_NO_VALIDATION)
+        return 0;
+
+    if (uri->path[strlen(uri->path) - 1] == '/') {
+        uri->path[strlen(uri->path) - 1] = 0;
+        strcpy(uri->pathinfo, "/");
+    } else {
+        strcpy(uri->pathinfo, "");
+    }
+
+    if (!path_exists(uri->webroot))
+        return 3;
+
+    while (1) {
+        sprintf(buf0, "%s%s", uri->webroot, uri->path);
+        p_len = snprintf(buf1, sizeof(buf1), "%s.php", buf0);
+        if (p_len < 0 || p_len >= sizeof(buf1)) return -1;
+        p_len = snprintf(buf2, sizeof(buf2), "%s.html", buf0);
+        if (p_len < 0 || p_len >= sizeof(buf2)) return -1;
+
+        if (strlen(uri->path) <= 1 || path_exists(buf0) || path_is_file(buf1) || path_is_file(buf2))
+            break;
+
+        char *ptr;
+        parent_dir:
+        ptr = strrchr(uri->path, '/');
+        size = (long) strlen(ptr);
+        sprintf(buf3, "%.*s%s", (int) size, ptr, uri->pathinfo);
+        strcpy(uri->pathinfo, buf3);
+        ptr[0] = 0;
+    }
+    if (uri->pathinfo[0] != 0) {
+        sprintf(buf3, "%s", uri->pathinfo + 1);
+        strcpy(uri->pathinfo, buf3);
+    }
+
+    if (path_is_file(buf0)) {
+        uri->filename = malloc(strlen(buf0) + 1);
+        strcpy(uri->filename, buf0);
+        long len = (long) strlen(uri->path);
+        if (strends(uri->path, ".php")) {
+            uri->path[len - 4] = 0;
+            uri->is_static = 0;
+        } else if (strends(uri->path, ".html")) {
+            uri->path[len - 5] = 0;
+        }
+    } else if (path_is_file(buf1)) {
+        uri->is_static = 0;
+        uri->filename = malloc(strlen(buf1) + 1);
+        strcpy(uri->filename, buf1);
+    } else if (path_is_file(buf2)) {
+        uri->is_static = 0;
+        uri->filename = malloc(strlen(buf2) + 1);
+        strcpy(uri->filename, buf2);
+    } else {
+        uri->is_dir = 1;
+        strcpy(uri->path + strlen(uri->path), "/");
+        sprintf(buf1, "%s%s" "index.php", uri->webroot, uri->path);
+        sprintf(buf2, "%s%s" "index.html", uri->webroot, uri->path);
+        if (path_is_file(buf1)) {
+            uri->filename = malloc(strlen(buf1) + 1);
+            strcpy(uri->filename, buf1);
+            uri->is_static = 0;
+        } else if (path_is_file(buf2)) {
+            uri->filename = malloc(strlen(buf2) + 1);
+            strcpy(uri->filename, buf2);
+        } else {
+            if (dir_mode == URI_DIR_MODE_FORBIDDEN) {
+                uri->is_static = 1;
+            } else if (dir_mode == URI_DIR_MODE_LIST) {
+                uri->is_static = 0;
+            } else if (dir_mode == URI_DIR_MODE_INFO) {
+                if (strlen(uri->path) > 1) {
+                    uri->path[strlen(uri->path) - 1] = 0;
+                    sprintf(buf0, "/%s", uri->pathinfo);
+                    strcpy(uri->pathinfo, buf0);
+                    goto parent_dir;
+                }
+            }
+        }
+    }
+
+    if (strends(uri->path + strlen(uri->path), "index"))
+        uri->path[strlen(uri->path) - 5] = 0;
+
+    if (streq(uri->pathinfo, "index.php") || streq(uri->pathinfo, "index.html"))
+        uri->pathinfo[0] = 0;
+
+    sprintf(buf0, "%s%s%s%s%s", uri->path,
+            (strlen(uri->pathinfo) == 0 || uri->path[strlen(uri->path) - 1] == '/') ? "" : "/",
+            uri->pathinfo, uri->query != NULL ? "?" : "", uri->query != NULL ? uri->query : "");
+    uri->uri = malloc(strlen(buf0) + 1);
+    strcpy(uri->uri, buf0);
+
+    return 0;
+}
+
+void uri_free(http_uri *uri) {
+    if (uri->webroot != NULL) free(uri->webroot);
+    if (uri->req_path != NULL) free(uri->req_path);
+    if (uri->path != NULL) free(uri->path);
+    if (uri->pathinfo != NULL) free(uri->pathinfo);
+    if (uri->query != NULL) free(uri->query);
+    if (uri->filename != NULL) free(uri->filename);
+    if (uri->uri != NULL) free(uri->uri);
+    uri->webroot = NULL;
+    uri->req_path = NULL;
+    uri->path = NULL;
+    uri->pathinfo = NULL;
+    uri->query = NULL;
+    uri->filename = NULL;
+    uri->uri = NULL;
+}
--- a/src/lib/uri.h
+++ b/src/lib/uri.h
@@ -0,0 +1,51 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief URI and path handlers (header file)
+ * @file src/lib/uri.h
+ * @author Lorenz Stechauner
+ * @date 2020-12-13
+ */
+
+#ifndef SESIMOS_URI_H
+#define SESIMOS_URI_H
+
+#include <sys/stat.h>
+
+#define URI_DIR_MODE_NO_VALIDATION 0
+#define URI_DIR_MODE_FORBIDDEN 1
+#define URI_DIR_MODE_LIST 2
+#define URI_DIR_MODE_INFO 3
+
+#define URI_ETAG_SIZE 65  // SHA256 size (hex)
+#define URI_TYPE_SIZE 64
+#define URI_CHARSET_SIZE 16
+
+typedef struct {
+    char etag[URI_ETAG_SIZE];
+    char type[URI_TYPE_SIZE];
+    char charset[URI_CHARSET_SIZE];
+    char filename_comp_gz[256];
+    char filename_comp_br[256];
+    long mtime;
+} metadata_t;
+
+typedef struct {
+    char *webroot;        // "/srv/www/www.test.org"
+    char *req_path;       // "/account/login"
+    char *path;           // "/account/"
+    char *pathinfo;       // "login"
+    char *query;          // "username=test"
+    char *filename;       // "/account/index.php"
+    char *uri;            // "/account/login?username=test"
+    metadata_t *meta;
+    unsigned int is_static:1, is_dir:1;
+} http_uri;
+
+
+int uri_init(http_uri *uri, const char *webroot, const char *uri_str, int dir_mode);
+
+int uri_init_cache(http_uri *uri);
+
+void uri_free(http_uri *uri);
+
+#endif //SESIMOS_URI_H
--- a/src/lib/utils.c
+++ b/src/lib/utils.c
@@ -0,0 +1,400 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Utilities
+ * @file src/lib/utils.c
+ * @author Lorenz Stechauner
+ * @date 2020-12-03
+ */
+
+#include "utils.h"
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <time.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <unistd.h>
+#include <dirent.h>
+
+
+static const char base64_encode_table[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+static const int base64_mod_table[3] = {0, 2, 1};
+
+
+char *format_duration(unsigned long micros, char *buf) {
+    if (micros < 10000) {
+        sprintf(buf, "%.1f ms", (double) micros / 1000);
+    } else if (micros < 1000000 - 1000) {
+        sprintf(buf, "%.0f ms", (double) micros / 1000);
+    } else if (micros < 60000000 - 1000000) {
+        sprintf(buf, "%.1f s", (double) micros / 1000000);
+    } else if (micros < 6000000000) {
+        sprintf(buf, "%li:%02li min", micros / 1000000 / 60, micros / 1000000 % 60);
+    } else {
+        sprintf(buf, "%.0f min", (double) micros / 1000000 / 60);
+    }
+    return buf;
+}
+
+int url_encode_component(const void *in, size_t size_in, char *out, size_t size_out) {
+    int size = 0;
+
+    // Encode control characters
+    for (int i = 0; i < size_in; i++) {
+        unsigned char ch = ((unsigned char *) in)[i];
+        if (ch == ' ') {
+            ch = '+';
+        } else if (
+                ch <= 0x20 || ch >= 0x7F ||
+                !((ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z') || (ch >= '0' && ch <= '9') ||
+                  ch == '-' || ch == '_' || ch == '.' || ch == '!' || ch == '~' || ch == '*' || ch == '\'' ||
+                  ch == '(' || ch == ')')
+        ) {
+            size += 3;
+            if (size < size_out) sprintf(out + size - 3, "%%%02X", ch);
+            ch = 0;
+        }
+
+        if (ch != 0) {
+            size++;
+            if (size < size_out) out[size - 1] = (char) ch;
+        }
+    }
+
+    // Set terminating null byte
+    if (size_out > 0) out[size < size_out ? size : size_out - 1] = 0;
+
+    // Return theoretical size
+    return size;
+}
+
+int url_encode(const void *in, size_t size_in, char *out, size_t size_out) {
+    int size = 0;
+
+    // Encode control characters
+    for (int i = 0; i < size_in; i++) {
+        unsigned char ch = ((unsigned char *) in)[i];
+        if (ch <= 0x20 || ch >= 0x7F) {
+            size += 3;
+            if (size < size_out) sprintf(out + size - 3, "%%%02X", ch);
+        } else {
+            size++;
+            if (size < size_out) out[size - 1] = (char) ch;
+        }
+    }
+
+    // Set terminating null byte
+    if (size_out > 0) out[size < size_out ? size : size_out - 1] = 0;
+
+    // Return theoretical size
+    return size;
+}
+
+int url_decode(const char *str, char *dec, long *size) {
+    char *ptr = dec;
+    char ch, buf[3];
+    memset(dec, 0, *size);
+    for (int i = 0; i < strlen(str); i++, ptr++) {
+        if ((ptr - dec) >= *size) {
+            return -1;
+        }
+        ch = str[i];
+        if (ch == '+') {
+            ch = ' ';
+        } else if (ch == '%') {
+            memcpy(buf, str + i + 1, 2);
+            buf[2] = 0;
+            ch = (char) strtol(buf, NULL, 16);
+            i += 2;
+        } else if (ch == '?') {
+            strcpy(ptr, str + i);
+            break;
+        }
+        ptr[0] = ch;
+    }
+    *size = ptr - dec;
+    return 0;
+}
+
+int mime_is_compressible(const char *restrict type) {
+    if (type == NULL) return 0;
+    char type_parsed[64];
+    snprintf(type_parsed, sizeof(type_parsed), "%s", type);
+    char *pos = strchr(type_parsed, ';');
+    if (pos != NULL) pos[0] = 0;
+    return
+        mime_is_text(type) ||
+        streq(type_parsed, "application/vnd.ms-fontobject") ||
+        streq(type_parsed, "application/x-font-ttf") ||
+        streq(type_parsed, "font/eot") ||
+        streq(type_parsed, "font/opentype") ||
+        streq(type_parsed, "image/bmp") ||
+        streq(type_parsed, "image/gif") ||
+        streq(type_parsed, "image/vnd.microsoft.icon") ||
+        streq(type_parsed, "image/vnd.microsoft.iconbinary") ||
+        streq(type_parsed, "image/x-icon");
+}
+
+int mime_is_text(const char *restrict type) {
+    if (type == NULL) return 0;
+    char type_parsed[64];
+    snprintf(type_parsed, sizeof(type_parsed), "%s", type);
+    char *pos = strchr(type_parsed, ';');
+    if (pos != NULL) pos[0] = 0;
+    return
+        strstarts(type_parsed, "text/") ||
+        strstarts(type_parsed, "message/") ||
+        strends(type_parsed, "+xml") ||
+        strends(type_parsed, "+json") ||
+        streq(type_parsed, "application/javascript") ||
+        streq(type_parsed, "application/json") ||
+        streq(type_parsed, "application/xml") ||
+        streq(type_parsed, "application/x-www-form-urlencoded") ||
+        streq(type_parsed, "application/x-tex") ||
+        streq(type_parsed, "application/x-httpd-php") ||
+        streq(type_parsed, "application/x-latex") ||
+        streq(type_parsed, "application/x-javascript");
+}
+
+int strcpy_rem_webroot(char *dst, const char *src, const char *webroot) {
+    strcpy(dst, src);
+    if (webroot == NULL)
+        return 0;
+
+    char *pos;
+    const unsigned long webroot_len = strlen(webroot);
+    if (webroot_len == 0)
+        return 0;
+
+    while ((pos = strstr(dst, webroot)) != NULL) {
+        strcpy(pos, pos + webroot_len);
+    }
+
+    return 0;
+}
+
+int str_trim(char **start, char **end) {
+    if (start == NULL || end == NULL || *start == NULL || *end == NULL)
+        return -1;
+
+    (*end)--;
+    while (*start[0] == ' ' || *start[0] == '\t' || *start[0] == '\r' || *start[0] == '\n') (*start)++;
+    while (*end[0] == ' ' || *end[0] == '\t' || *end[0] == '\r' || *end[0] == '\n') (*end)--;
+    (*end)++;
+    return 0;
+}
+
+int str_trim_lws(char **start, char **end) {
+    if (start == NULL || end == NULL || *start == NULL || *end == NULL)
+        return -1;
+
+    (*end)--;
+    while (*start[0] == ' ' || *start[0] == '\t') (*start)++;
+    while (*end[0] == ' ' || *end[0] == '\t') (*end)--;
+    (*end)++;
+    return 0;
+}
+
+int streq(const char *restrict str1, const char *restrict str2) {
+    return str1 != NULL && str2 != NULL && strcmp(str1, str2) == 0;
+}
+
+int strcontains(const char *restrict haystack, const char *restrict needle) {
+    return haystack != NULL && needle != NULL && strstr(haystack, needle) != NULL;
+}
+
+int strstarts(const char *restrict str, const char *restrict prefix) {
+    if (str == NULL || prefix == NULL) return 0;
+    unsigned long l1 = strlen(str), l2 = strlen(prefix);
+    return l2 <= l1 && strncmp(str, prefix, l2) == 0;
+}
+
+int strends(const char *restrict str, const char *restrict suffix) {
+    if (str == NULL || suffix == NULL) return 0;
+    unsigned long l1 = strlen(str), l2 = strlen(suffix);
+    return l2 <= l1 && strcmp(str + l1 - l2, suffix) == 0;
+}
+
+int base64_encode(void *data, unsigned long data_len, char *output, unsigned long *output_len) {
+    unsigned long out_len = 4 * ((data_len + 2) / 3);
+    if (output_len != NULL) *output_len = out_len;
+
+    for (int i = 0, j = 0; i < data_len;) {
+        unsigned int octet_a = (i < data_len) ? ((unsigned char *) data)[i++] : 0;
+        unsigned int octet_b = (i < data_len) ? ((unsigned char *) data)[i++] : 0;
+        unsigned int octet_c = (i < data_len) ? ((unsigned char *) data)[i++] : 0;
+        unsigned int triple = (octet_a << 0x10) + (octet_b << 0x08) + octet_c;
+        output[j++] = base64_encode_table[(triple >> 3 * 6) & 0x3F];
+        output[j++] = base64_encode_table[(triple >> 2 * 6) & 0x3F];
+        output[j++] = base64_encode_table[(triple >> 1 * 6) & 0x3F];
+        output[j++] = base64_encode_table[(triple >> 0 * 6) & 0x3F];
+    }
+
+    for (int i = 0; i < base64_mod_table[data_len % 3]; i++)
+        output[out_len - 1 - i] = '=';
+    output[out_len] = 0;
+
+    return 0;
+}
+
+long clock_micros(void) {
+    struct timespec time;
+    clock_gettime(CLOCK_MONOTONIC, &time);
+    return time.tv_sec * 1000000 + time.tv_nsec / 1000;
+}
+
+long clock_cpu(void) {
+    struct timespec time;
+    clock_gettime(CLOCK_THREAD_CPUTIME_ID, &time);
+    return time.tv_sec * 1000000000 + time.tv_nsec;
+}
+
+long stat_mtime(const char *filename) {
+    struct stat stat_buf;
+    stat(filename, &stat_buf);
+    return stat_buf.st_mtime;
+}
+
+int rm_rf(const char *path) {
+    struct stat stat_buf;
+    if (lstat(path, &stat_buf) != 0)
+        return (errno == ENOENT) ? 0 : -1;
+
+    if (S_ISREG(stat_buf.st_mode)) {
+        // regular file
+        return unlink(path);
+    } else if (S_ISLNK(stat_buf.st_mode)) {
+        // link
+        return unlink(path);
+    } else if (S_ISDIR(stat_buf.st_mode)) {
+        // directory
+        char buf[FILENAME_MAX];
+        DIR *dir;
+
+        // open directory
+        if ((dir = opendir(path)) == NULL)
+            return -1;
+
+        // read directory
+        for (struct dirent *ent; (ent = readdir(dir)) != NULL;) {
+            if (streq(ent->d_name, ".") || streq(ent->d_name, ".."))
+                continue;
+
+            snprintf(buf, sizeof(buf), "%s/%s", path, ent->d_name);
+            if (rm_rf(buf) != 0) {
+                closedir(dir);
+                return -1;
+            }
+        }
+
+        // close and remove directory
+        closedir(dir);
+        return rmdir(path);
+    } else {
+        // other - not supported
+        errno = ENOTSUP;
+        return -1;
+    }
+}
+
+long fsize(FILE *file) {
+    long cur_pos, len;
+    if ((cur_pos = ftell(file)) == -1)
+        return -1;
+    if (fseek(file, 0, SEEK_END) != 0)
+        return -1;
+    if ((len = ftell(file)) == -1)
+        return -1;
+    if (fseek(file, cur_pos, SEEK_SET) != 0)
+        return -1;
+    return len;
+}
+
+long flines(FILE *file) {
+    long cur_pos, lines = 0;
+    if ((cur_pos = ftell(file)) == -1)
+        return -1;
+    if (fseek(file, 0, SEEK_SET) != 0)
+        return -1;
+
+    for (int ch; (ch = fgetc(file)) != EOF;) {
+        if (ch == '\n') lines++;
+    }
+
+    if (fseek(file, cur_pos, SEEK_SET) != 0)
+        return -1;
+    return lines + 1;
+}
+
+long file_get_line_pos(FILE *file, long line_num) {
+    if (line_num < 1) {
+        errno = EINVAL;
+        return -1;
+    }
+
+    long cur_pos;
+    if ((cur_pos = ftell(file)) == -1)
+        return -1;
+    if (fseek(file, 0, SEEK_SET) != 0)
+        return -1;
+
+    long lines = 0, pos = 0;
+    for (int ch; lines < line_num - 1 && (ch = fgetc(file)) != EOF; pos++) {
+        if (ch == '\n') lines++;
+    }
+
+    if (fseek(file, cur_pos, SEEK_SET) != 0)
+        return -1;
+    return pos;
+}
+
+int fseekl(FILE *file, long line_num) {
+    if (line_num < 1) {
+        errno = EINVAL;
+        return -1;
+    }
+
+    if (fseek(file, 0, SEEK_SET) != 0)
+        return -1;
+
+    long lines = 0;
+    for (int ch; lines < line_num - 1 && (ch = fgetc(file)) != EOF;) {
+        if (ch == '\n') lines++;
+    }
+
+    return 0;
+}
+
+long ftelll(FILE *file) {
+    long cur_pos;
+    if ((cur_pos = ftell(file)) == -1)
+        return -1;
+    if (fseek(file, 0, SEEK_SET) != 0)
+        return -1;
+
+    long lines = 0, pos = 0;
+    for (int ch; pos < cur_pos && (ch = fgetc(file)) != EOF; pos++) {
+        if (ch == '\n') lines++;
+    }
+
+    if (fseek(file, cur_pos, SEEK_SET) != 0)
+        return -1;
+    return lines + 1;
+}
+
+long parse_chunk_header(const char *buf, size_t len, size_t *ret_len) {
+    for (int i = 0; i < len; i++) {
+        char ch = buf[i];
+        if (ch == '\r') {
+            continue;
+        } else if (ch == '\n' && i > 1 && buf[i - 1] == '\r') {
+            if (ret_len != NULL) *ret_len = i + 1;
+            return strtol(buf, NULL, 16);
+        } else if (!((ch >= '0' && ch <= '9') || (ch >= 'a' && ch <= 'f') || (ch >= 'A' && ch <= 'F'))) {
+            errno = EPROTO;
+            return -1;
+        }
+    }
+    return -1;
+}
--- a/src/lib/utils.h
+++ b/src/lib/utils.h
@@ -0,0 +1,70 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Utilities (header file)
+ * @file src/lib/utils.h
+ * @author Lorenz Stechauner
+ * @date 2020-12-03
+ */
+
+#ifndef SESIMOS_UTILS_H
+#define SESIMOS_UTILS_H
+
+#include <stdio.h>
+
+#define ERR_STR "\x1B[1;31m"
+#define CLR_STR "\x1B[0m"
+#define BLD_STR "\x1B[1m"
+#define WRN_STR "\x1B[1;33m"
+#define BLUE_STR "\x1B[34m"
+#define HTTP_STR "\x1B[1;31m"
+#define HTTPS_STR "\x1B[1;32m"
+
+char *format_duration(unsigned long micros, char *buf);
+
+int url_encode_component(const void *in, size_t size_in, char *out, size_t size_out);
+
+int url_encode(const void *in, size_t size_in, char *out, size_t size_out);
+
+int url_decode(const char *str, char *dec, long *size);
+
+int mime_is_compressible(const char *restrict type);
+
+int mime_is_text(const char *restrict type);
+
+int strcpy_rem_webroot(char *dst, const char *str, const char *webroot);
+
+int str_trim(char **start, char **end);
+
+int str_trim_lws(char **start, char **end);
+
+int streq(const char *restrict str1, const char *restrict str2);
+
+int strcontains(const char *restrict haystack, const char *restrict needle);
+
+int strstarts(const char *restrict str, const char *restrict prefix);
+
+int strends(const char *restrict str, const char *restrict suffix);
+
+int base64_encode(void *data, unsigned long data_len, char *output, unsigned long *output_len);
+
+long clock_micros(void);
+
+long clock_cpu(void);
+
+long stat_mtime(const char *filename);
+
+int rm_rf(const char *path);
+
+long fsize(FILE *file);
+
+long flines(FILE *file);
+
+long file_get_line_pos(FILE *file, long line_num);
+
+int fseekl(FILE *file, long line_num);
+
+long ftelll(FILE *file);
+
+long parse_chunk_header(const char *buf, size_t len, size_t *ret_len);
+
+#endif //SESIMOS_UTILS_H
--- a/src/lib/websocket.c
+++ b/src/lib/websocket.c
@@ -0,0 +1,130 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief WebSocket reverse proxy
+ * @file src/lib/websocket.c
+ * @author Lorenz Stechauner
+ * @date 2022-08-16
+ */
+
+#include "../logger.h"
+#include "websocket.h"
+#include "utils.h"
+
+#include <string.h>
+#include <openssl/sha.h>
+
+static const char ws_key_uuid[] = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
+
+int ws_calc_accept_key(const char *key, char *accept_key) {
+    if (key == NULL || accept_key == NULL)
+        return -1;
+
+    char input[256] = "";
+    unsigned char output[SHA_DIGEST_LENGTH];
+    strcat(input, key);
+    strcat(input, ws_key_uuid);
+
+    if (SHA1((unsigned char *) input, strlen(input), output) == NULL) {
+        return -2;
+    }
+
+    base64_encode(output, sizeof(output), accept_key, NULL);
+
+    return 0;
+}
+
+int ws_recv_frame_header(sock *s, ws_frame *frame) {
+    unsigned char buf[12];
+
+    if (sock_recv_x(s, buf, 2, 0) == -1) {
+        error("Unable to receive from socket");
+        return -1;
+    }
+
+    unsigned short bits = (buf[0] << 8) | buf[1];
+    frame->f_fin = (bits >> 15) & 1;
+    frame->f_rsv1 = (bits >> 14) & 1;
+    frame->f_rsv2 = (bits >> 13) & 1;
+    frame->f_rsv3 = (bits >> 12) & 1;
+    frame->opcode = (bits >> 8) & 0xF;
+    frame->f_mask = (bits >> 7) & 1;
+    unsigned short len = (bits & 0x7F);
+
+    int remaining = frame->f_mask ? 4 : 0;
+    if (len == 126) {
+        remaining += 2;
+    } else if (len == 127) {
+        remaining += 8;
+    }
+
+    if (sock_recv_x(s, buf, remaining, 0) == -1) {
+        error("Unable to receive from socket");
+        return -1;
+    }
+
+    if (len == 126) {
+        frame->len = (((unsigned long) buf[0]) << 8) | ((unsigned long) buf[1]);
+    } else if (len == 127) {
+        frame->len =
+                (((unsigned long) buf[0]) << 56) |
+                (((unsigned long) buf[1]) << 48) |
+                (((unsigned long) buf[2]) << 40) |
+                (((unsigned long) buf[3]) << 32) |
+                (((unsigned long) buf[4]) << 24) |
+                (((unsigned long) buf[5]) << 16) |
+                (((unsigned long) buf[6]) << 8) |
+                (((unsigned long) buf[7]) << 0);
+    } else {
+        frame->len = len;
+    }
+
+    if (frame->f_mask) memcpy(frame->masking_key, buf + (remaining - 4), 4);
+
+    return 0;
+}
+
+int ws_send_frame_header(sock *s, ws_frame *frame) {
+    unsigned char buf[14], *ptr = buf;
+
+    unsigned short len;
+    if (frame->len > 0x7FFF) {
+        len = 127;
+    } else if (frame->len > 125) {
+        len = 126;
+    } else {
+        len = frame->len;
+    }
+
+    unsigned short bits =
+            (frame->f_fin << 15) |
+            (frame->f_rsv1 << 14) |
+            (frame->f_rsv2 << 13) |
+            (frame->f_rsv3 << 12) |
+            (frame->opcode << 8) |
+            (frame->f_mask << 7) |
+            len;
+
+    ptr++[0] = bits >> 8;
+    ptr++[0] = bits & 0xFF;
+
+    if (len >= 126) {
+        for (int i = (len == 126 ? 2 : 8) - 1; i >= 0; i--)
+            ptr++[0] = (unsigned char) ((frame->len >> (i * 8)) & 0xFF);
+    }
+
+    if (frame->f_mask) {
+        memcpy(ptr, frame->masking_key, 4);
+        ptr += 4;
+    }
+
+    long ret = sock_send_x(s, buf, ptr - buf, frame->len != 0 ? MSG_MORE : 0);
+    if (ret < 0) {
+        error("Unable to send to socket");
+        return -1;
+    } else if (ret != ptr - buf) {
+        error("Unable to send to socket");
+        return -2;
+    }
+
+    return 0;
+}
--- a/src/lib/websocket.h
+++ b/src/lib/websocket.h
@@ -0,0 +1,33 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief WebSocket reverse proxy (header file)
+ * @file src/lib/websocket.h
+ * @author Lorenz Stechauner
+ * @date 2022-08-16
+ */
+
+#ifndef SESIMOS_WEBSOCKET_H
+#define SESIMOS_WEBSOCKET_H
+
+#include "sock.h"
+
+#define WS_TIMEOUT 3600
+
+typedef struct {
+    unsigned char f_fin:1;
+    unsigned char f_rsv1:1;
+    unsigned char f_rsv2:1;
+    unsigned char f_rsv3:1;
+    unsigned char opcode:4;
+    unsigned char f_mask:1;
+    unsigned long len;
+    char masking_key[4];
+} ws_frame;
+
+int ws_calc_accept_key(const char *key, char *accept_key);
+
+int ws_recv_frame_header(sock *s, ws_frame *frame);
+
+int ws_send_frame_header(sock *s, ws_frame *frame);
+
+#endif //SESIMOS_WEBSOCKET_H
--- a/src/logger.c
+++ b/src/logger.c
@@ -0,0 +1,305 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Logger
+ * @file src/logger.h
+ * @author Lorenz Stechauner
+ * @date 2022-12-10
+ */
+
+#include "logger.h"
+#include "lib/utils.h"
+#include "lib/error.h"
+
+#include <stdio.h>
+#include <pthread.h>
+#include <semaphore.h>
+#include <errno.h>
+#include <string.h>
+#include <stdarg.h>
+#include <signal.h>
+#include <malloc.h>
+
+#define LOG_MAX_MSG_SIZE 2048
+#define LOG_BUF_SIZE 256
+#define LOG_NAME_LEN 12
+#define LOG_PREFIX_LEN 256
+
+#define LOG_PREFIX "[%8s][%-8s][%-6s]"
+#define LOG_TIME_BUF_SIZE 9
+#define LOG_TIME_FMT "%H:%M:%S"
+
+typedef struct {
+    log_lvl_t lvl;
+    long time;
+    char name[LOG_NAME_LEN];
+    char prefix[LOG_PREFIX_LEN];
+    char txt[LOG_MAX_MSG_SIZE];
+} log_msg_t;
+
+typedef struct {
+    int rd;
+    int wr;
+    log_msg_t msgs[LOG_BUF_SIZE];
+} buf_t;
+
+static pthread_t thread;
+static volatile sig_atomic_t alive = 0;
+static sem_t sem_buf, sem_buf_free, sem_buf_used;
+static buf_t buffer;
+
+static pthread_key_t key_name = -1, key_prefix = -1;
+static char global_name[LOG_NAME_LEN] = "", global_prefix[LOG_PREFIX_LEN] = "";
+
+static const char *level_keywords[] = {
+        "EMERG",
+        "ALERT",
+        "CRIT",
+        "ERROR",
+        "WARN",
+        "NOTICE",
+        "INFO",
+        "DEBUG"
+};
+
+static const char *timestr(time_t ts, char *buf) {
+    struct tm time_info;
+    strftime(buf, LOG_TIME_BUF_SIZE, LOG_TIME_FMT, localtime_r(&ts, &time_info));
+    return buf;
+}
+
+static void err(const char *restrict msg) {
+    char err_buf[64], time_buf[LOG_TIME_BUF_SIZE];
+    fprintf(stderr, ERR_STR LOG_PREFIX " %s: %s" CLR_STR "\n", timestr(time(NULL), time_buf), "logger",
+            level_keywords[LOG_CRITICAL], msg, error_str(errno, err_buf, sizeof(err_buf)));
+}
+
+void logmsgf(log_lvl_t level, const char *restrict format, ...) {
+    char buf[256], err_buf[256], time_buf[LOG_TIME_BUF_SIZE];
+    va_list args;
+    va_start(args, format);
+
+    const char *color = (level <= LOG_ERROR) ? ERR_STR : ((level <= LOG_WARNING) ? WRN_STR : "");
+    if (errno != 0) {
+        snprintf(buf, sizeof(buf), "%s%s: %s" CLR_STR, color, format, error_str(errno, err_buf, sizeof(err_buf)));
+    } else {
+        snprintf(buf, sizeof(buf), "%s%s" CLR_STR, color, format);
+    }
+
+    void *name = pthread_getspecific(key_name);
+    if (name == NULL && global_name[0] != 0) name = global_name;
+    void *prefix = pthread_getspecific(key_prefix);
+    if (prefix == NULL && global_prefix[0] != 0) prefix = global_prefix;
+
+    if (!alive) {
+        // no logger thread running
+        // simply write to stdout without synchronization
+        printf("%s" LOG_PREFIX "%s%s ", color,
+               timestr(time(NULL), time_buf),
+               (name != NULL) ? (char *) name : "",
+               level_keywords[level], CLR_STR,
+               (prefix != NULL) ? (char *) prefix : "");
+        vprintf(buf, args);
+        printf("\n");
+    } else {
+        // wait for free slot in buffer
+        while (sem_wait(&sem_buf_free) != 0) {
+            if (errno == EINTR) {
+                errno = 0;
+                continue;
+            } else {
+                err("Unable to lock semaphore");
+                errno = 0;
+            }
+            // cleanup
+            va_end(args);
+            return;
+        }
+
+        // try to lock buffer
+        while (sem_wait(&sem_buf) != 0) {
+            if (errno == EINTR) {
+                errno = 0;
+                continue;
+            } else {
+                err("Unable to lock semaphore");
+                errno = 0;
+            }
+            // cleanup
+            sem_post(&sem_buf_free);
+            va_end(args);
+            return;
+        }
+
+        // write message to buffer
+        log_msg_t *msg = &buffer.msgs[buffer.rd];
+        buffer.rd = (buffer.rd + 1) % LOG_BUF_SIZE;
+
+        vsnprintf(msg->txt, sizeof(msg->txt), buf, args);
+        msg->lvl = level;
+        msg->time = time(NULL);
+
+        if (name != NULL) {
+            snprintf(msg->name, sizeof(msg->name), "%s", (char *) name);
+        } else {
+            msg->name[0] = 0;
+        }
+
+        if (prefix != NULL) {
+            snprintf(msg->prefix, sizeof(msg->prefix), "%s", (char *) prefix);
+        } else {
+            msg->prefix[0] = 0;
+        }
+
+        // unlock buffer
+        sem_post(&sem_buf);
+
+        // unlock slot in buffer for logger
+        sem_post(&sem_buf_used);
+    }
+
+    // cleanup
+    va_end(args);
+}
+
+static void logger_destroy(void) {
+    sem_destroy(&sem_buf);
+    sem_destroy(&sem_buf_free);
+    sem_destroy(&sem_buf_used);
+}
+
+static int logger_remaining(void) {
+    int val = 0;
+    sem_getvalue(&sem_buf_used, &val);
+    return val;
+}
+
+void logger_set_name(const char *restrict format, ...) {
+    va_list args;
+
+    void *ptr;
+    if (key_name == -1) {
+        // not initialized
+        va_start(args, format);
+        vsnprintf(global_name, sizeof(global_name), format, args);
+        ptr = global_name;
+    } else {
+        int ret;
+        if ((ptr = pthread_getspecific(key_name)) == NULL) {
+            ptr = malloc(LOG_NAME_LEN);
+            if ((ret = pthread_setspecific(key_name, ptr)) != 0) {
+                errno = ret;
+                err("Unable to set thread specific values");
+                return;
+            }
+        }
+
+        va_start(args, format);
+        vsnprintf(ptr, LOG_NAME_LEN, format, args);
+    }
+
+    // set thread name
+    // warning: max length is 16 (incl. terminating null byte)
+    pthread_setname_np(pthread_self(), ptr);
+
+    // cleanup
+    va_end(args);
+}
+
+void logger_set_prefix(const char *restrict format, ...) {
+    va_list args;
+
+    if (key_prefix == -1) {
+        // not initialized
+        va_start(args, format);
+        vsnprintf(global_prefix, sizeof(global_prefix), format, args);
+    } else {
+        int ret;
+        void *ptr = pthread_getspecific(key_prefix);
+        if (!ptr) {
+            ptr = malloc(LOG_PREFIX_LEN);
+            if ((ret = pthread_setspecific(key_prefix, ptr)) != 0) {
+                errno = ret;
+                err("Unable to set thread specific values");
+                return;
+            }
+        }
+        va_start(args, format);
+        vsnprintf(ptr, LOG_PREFIX_LEN, format, args);
+    }
+
+    // cleanup
+    va_end(args);
+}
+
+static void *logger_thread(void *arg) {
+    char time_buf[LOG_TIME_BUF_SIZE];
+
+    logger_set_name("logger");
+    alive = 1;
+
+    while (alive || logger_remaining() > 0) {
+        // wait for buffer to be filled
+        if (sem_wait(&sem_buf_used) != 0) {
+            if (errno == EINTR) {
+                errno = 0;
+                continue;
+            } else {
+                err("Unable to lock semaphore");
+                errno = 0;
+                break;
+            }
+        }
+
+        log_msg_t *msg = &buffer.msgs[buffer.wr];
+        buffer.wr = (buffer.wr + 1) % LOG_BUF_SIZE;
+
+        printf("%s" LOG_PREFIX "%s%s %s\n",
+               (msg->lvl <= LOG_ERROR) ? ERR_STR : ((msg->lvl <= LOG_WARNING) ? WRN_STR : ""),
+               (timestr(msg->time, time_buf)),
+               (msg->name[0] != 0) ? (char *) msg->name : "", level_keywords[msg->lvl], CLR_STR,
+               (msg->prefix[0] != 0) ? (char *) msg->prefix : "",  msg->txt);
+
+        // unlock slot in buffer
+        sem_post(&sem_buf_free);
+    }
+
+    logger_destroy();
+
+    return NULL;
+}
+
+int logger_init(void) {
+    int ret;
+
+    // try to initialize all three semaphores
+    if (sem_init(&sem_buf, 0, 1) != 0 || sem_init(&sem_buf_free, 0, LOG_BUF_SIZE) != 0 || sem_init(&sem_buf_used, 0, 0) != 0) {
+        err("Unable to initialize semaphore");
+        logger_destroy();
+        return -1;
+    }
+
+    // initialize read/write heads
+    buffer.rd = 0;
+    buffer.wr = 0;
+
+    // initialize thread specific values (keys)
+    if ((ret = pthread_key_create(&key_name, free)) != 0 || (ret = pthread_key_create(&key_prefix, free)) != 0) {
+        errno = ret;
+        err("Unable to initialize thread specific values");
+        logger_destroy();
+        return -1;
+    }
+
+    pthread_create(&thread, NULL, logger_thread, NULL);
+
+    return 0;
+}
+
+void logger_stop(void) {
+    alive = 0;
+    pthread_kill(thread, SIGUSR1);
+}
+
+int logger_join(void) {
+    return pthread_join(thread, NULL);
+}
--- a/src/logger.h
+++ b/src/logger.h
@@ -0,0 +1,42 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Logger (header file)
+ * @file src/logger.h
+ * @author Lorenz Stechauner
+ * @date 2022-12-10
+ */
+
+#ifndef SESIMOS_LOGGER_H
+#define SESIMOS_LOGGER_H
+
+#define LOG_DEBUG 7
+#define LOG_INFO 6
+#define LOG_NOTICE 5
+#define LOG_WARNING 4
+#define LOG_ERROR 3
+#define LOG_CRITICAL 2
+#define LOG_ALERT 1
+
+typedef unsigned char log_lvl_t;
+
+#define debug(...) logmsgf(LOG_DEBUG, __VA_ARGS__)
+#define info(...) logmsgf(LOG_INFO, __VA_ARGS__)
+#define notice(...) logmsgf(LOG_NOTICE, __VA_ARGS__)
+#define warning(...) logmsgf(LOG_WARNING, __VA_ARGS__)
+#define error(...) logmsgf(LOG_ERROR, __VA_ARGS__)
+#define critical(...) logmsgf(LOG_CRITICAL, __VA_ARGS__)
+#define alert(...) logmsgf(LOG_ALERT, __VA_ARGS__)
+
+void logmsgf(log_lvl_t level, const char *restrict format, ...);
+
+void logger_set_name(const char *restrict format, ...);
+
+void logger_set_prefix(const char *restrict format, ...);
+
+int logger_init(void);
+
+void logger_stop(void);
+
+int logger_join(void);
+
+#endif //SESIMOS_LOGGER_H
--- a/src/necronda-server.cpp
+++ b/src/necronda-server.cpp
@@ -1,284 +0,0 @@
-/**
- * Necronda Web Server 3.0
- * necronda-server.cpp - Main Executable
- * Lorenz Stechauner, 2018-05-09
- */
-
-
-#include "necronda-server.h"
-#include <magic.h>
-#include <iostream>
-#include <thread>
-#include <sys/time.h>
-#include <sys/stat.h>
-#include <signal.h>
-#include <csignal>
-
-
-using namespace std;
-
-const char* webroot = "/srv/necronda/";
-
-
-string getMimeType(string path) {
-
-    unsigned long pos = path.find_last_of('.');
-    string ext;
-    if (pos != string::npos) {
-        ext = path.substr(pos + 1, path.length() - pos);
-    }
-
-    magic_t magic = magic_open(MAGIC_MIME_TYPE);
-    magic_load(magic, "/usr/share/misc/magic.mgc");
-    string type = magic_file(magic, path.c_str());
-    magic_setflags(magic, MAGIC_MIME_ENCODING);
-    string charset = magic_file(magic, path.c_str());
-
-    if (type == "text/plain") {
-        if (ext == "css") {
-            type = "text/css";
-        } else if (ext == "js") {
-            type = "text/javascript";
-        }
-    }
-
-    magic_close(magic);
-
-    return type + "; charset=" + charset;
-}
-
-/**
- *  Sun, 06 Nov 1994 08:49:37 GMT
- * @return
- */
-
-std::string getTimestamp(string path) {
-    struct stat attrib;
-    stat(path.c_str(), &attrib);
-    return getTimestamp(attrib.st_ctime);
-}
-
-std::string getTimestamp(time_t time) {
-    char buffer[64];
-    struct tm *timeinfo = gmtime(&time);
-    strftime(buffer, sizeof(buffer), "%Y%m%d%H%M%S", timeinfo);
-    return string(buffer);
-}
-
-long getFileSize(string filename) {
-    struct stat stat_buf;
-    int rc = stat(filename.c_str(), &stat_buf);
-    return rc == 0 ? stat_buf.st_size : -1;
-}
-
-
-/**
- * Returns a formatted time string
- * @param micros Delta time to be formatted
- * @return A formatted time string
- */
-std::string formatTime(long micros) {
-    char buffer[64];
-    if (micros < 1000) {
-        sprintf(buffer, "%.3f ms", micros / 1000.0);
-    } else if (micros < 10000) {
-        sprintf(buffer, "%.2f ms", micros / 1000.0);
-    } else if (micros < 100000) {
-        sprintf(buffer, "%.1f ms", micros / 1000.0);
-    } else if (micros < 1000000) {
-        sprintf(buffer, "%.0f ms", micros / 1000.0);
-    } else {
-        sprintf(buffer, "%.1f s", micros / 1000000.0);
-    }
-    return std::string(buffer);
-}
-
-std::string formatSize(unsigned long bytes) {
-    char buffer[64];
-    if (bytes > 0x10000000000) {
-        sprintf(buffer, "%.1f TiB", (double) bytes / 0x10000000000);
-    } else if (bytes > 0x40000000) {
-        sprintf(buffer, "%.1f GiB", (double) bytes / 0x40000000);
-    } else if (bytes > 0x100000) {
-        sprintf(buffer, "%.1f MiB", (double) bytes / 0x100000);
-    } else if (bytes > 0x400) {
-        sprintf(buffer, "%.1f KiB", (double) bytes / 0x400);
-    } else {
-        sprintf(buffer, "%ld B", bytes);
-    }
-    return std::string(buffer);
-}
-
-
-
-
-string url_decode(string url) {
-    long pos = 0;
-    while ((pos = url.find('+', pos + 1)) != string::npos) {
-        url.replace(pos, 1, 1, ' ');
-    }
-    pos = 0;
-    while ((pos = url.find('%', pos + 1)) != string::npos) {
-        const char *num = url.substr(pos + 1, 2).c_str();
-        auto c = (char) strtol(num, nullptr, 16);
-        url.erase(pos, 3);
-        url.insert(pos, 1, c);
-    }
-
-    return url;
-}
-
-string url_encode(string url) {
-    char buff[4];
-    for (long pos = 0; pos < url.length(); pos++) {
-        auto c = (unsigned char) url[pos];
-        if (c < ' ' || c > '~' || c == ' ' || c == '#' || c == '?' || c == '&' || c == '=' || c == '\\' || c == '%') {
-            sprintf(buff, "%%%02X", c);
-            url.replace(pos, 1, buff);
-        }
-    }
-    return url;
-}
-
-string html_decode(string text) {
-    return text;
-}
-
-string html_encode(string text) {
-    return text;
-}
-
-string cli_encode(string text) {
-    char buff[5];
-    for (long pos = 0; pos < text.length(); pos++) {
-        auto c = (unsigned char) text[pos];
-        if (!((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || c == ',' || c == '.' || c == '_' || c == '+' || c == ':' || c == '@' || c == '%' || c == '/' || c == '-')) {
-            sprintf(buff, "\\%.1s", &c);
-            text.replace(pos, 1, buff);
-            pos++;
-        }
-    }
-    return text;
-}
-
-string read_line(FILE* file) {
-    char *line;
-    size_t len = 0;
-    ssize_t read;
-    if ((read = getline(&line, &len, file)) < 0  || line == nullptr) {
-        return "";
-    }
-    string l = string(line);
-    if (l[l.length()-1] == '\n') {
-        l.erase(l.length()-1);
-    }
-    if (l[l.length()-1] == '\r') {
-        l.erase(l.length()-1);
-    }
-    return l;
-}
-
-
-#include "procopen.cpp"
-#include "network/Address.cpp"
-#include "network/Socket.cpp"
-#include "URI.cpp"
-#include "network/http/Http.cpp"
-#include "network/http/HttpStatusCode.cpp"
-#include "network/http/HttpHeader.cpp"
-#include "network/http/HttpRequest.cpp"
-#include "network/http/HttpResponse.cpp"
-#include "network/http/HttpConnection.cpp"
-
-string getWebRoot(string host) {
-    string root = webroot + host;
-    if (fileExists(root)) {
-        return root;
-    } else {
-        return "";
-    }
-}
-
-
-#include "client.cpp"
-
-
-long clientnum = 0;
-
-int main() {
-    cout << "Necronda Server 3.0" << endl << "by Lorenz Stechauner" << endl << endl;
-
-    signal(SIGPIPE, SIG_IGN);
-
-    SSL_load_error_strings();
-    SSL_library_init();
-    ERR_load_crypto_strings();
-    OpenSSL_add_all_algorithms();
-
-    int ret = system("mkdir -p /var/necronda /etc/necronda /tmp/necronda; touch /var/necronda/ETags");
-
-    if (ret != 0) {
-        cout << "Unable to create server files" << endl;
-        exit(1);
-    }
-
-    list<unsigned short> ports = {80, 443};
-
-    list<Socket> servers = {};
-    auto it = ports.begin();
-
-    for (int i = 0; i < ports.size(); i++) {
-        unsigned short port = *it;
-        advance(it, 1);
-        Socket server = Socket();
-        servers.push_back(server);
-
-        try {
-            server.setReuseAddress(true);
-            server.setReceiveTimeout(0);
-            server.setSendTimeout(0);
-        } catch (char *msg) {
-            cout << "Unable to set socket option: " << msg << endl;
-            exit(2);
-        }
-
-        try {
-            server.bind(port);
-        } catch (char *msg) {
-            cout << "Unable to bind socket to port " << port << ": " << msg << endl;
-            exit(3);
-        }
-
-        try {
-            server.listen(256);
-        } catch (char *msg) {
-            cout << "Unable to listen on socket: " << msg << endl;
-            exit(4);
-        }
-
-    }
-
-    cout << "Ready for connections" << endl;
-
-    while (true) {
-        try {
-            Socket::select(servers, {});
-            for (Socket server : servers) {
-                try {
-                    Socket *socket = server.accept();
-                    clientnum++;
-                    thread *t = new thread(client_handler, socket, clientnum, server.getSocketPort() == 443);
-                } catch (char *msg) {
-                    // Nothing
-                }
-            }
-        } catch (char *msg) {
-            cout << "Select: " << msg << endl;
-            break;
-        }
-    }
-
-    return 0;
-}
-
-
--- a/src/necronda-server.h
+++ b/src/necronda-server.h
@@ -1,41 +0,0 @@
-//
-// Created by lorenz on 5/17/18.
-//
-
-#include <string>
-
-#ifndef NECRONDA_SERVER
-#define NECRONDA_SERVER
-
-using namespace std;
-
-unsigned long getMicros();
-
-string formatTime(long micros);
-
-string formatSize(unsigned long bytes);
-
-string getWebRoot(string host);
-
-string getMimeType(string path);
-
-string getTimestamp(string path);
-
-string getTimestamp(time_t time);
-
-long getFileSize(string filename);
-
-string url_decode(string url);
-
-string url_encode(string url);
-
-string html_decode(string text);
-
-string html_encode(string text);
-
-string cli_encode(string text);
-
-string read_line(FILE *file);
-
-
-#endif
--- a/src/network/Address.cpp
+++ b/src/network/Address.cpp
@@ -1,68 +0,0 @@
-
-
-#include <iostream>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <cstring>
-#include "Address.h"
-
-using namespace std;
-
-
-Address::Address() {
-
-}
-
-Address::Address(string addr) {
-    // TODO
-}
-
-Address::Address(struct sockaddr_in *addr) {
-    address = ntohl(addr->sin_addr.s_addr);
-}
-
-
-struct sockaddr_in Address::toStruct(unsigned short port)const {
-    struct sockaddr_in addr;
-    addr.sin_family = AF_INET;
-    addr.sin_addr.s_addr = htonl(address);
-    addr.sin_port = htons(port);
-    return addr;
-}
-
-
-
-string Address::toString() const {
-    struct sockaddr_in addr = toStruct(0);
-    struct in_addr ipAddr = addr.sin_addr;
-    return inet_ntoa(ipAddr);
-}
-
-bool Address::isLocal() {
-    string a = toString();
-    return a.find("127.0.0.") == 0;
-}
-
-
-ostream& operator<<(ostream &str, const Address &addr) {
-    return str << addr.toString();
-}
-
-string operator+(string &str, const Address &addr) {
-    return str + addr.toString();
-}
-
-string operator+(string &str, const Address *addr) {
-    return str + addr->toString();
-}
-
-string operator+(const Address &addr, string &str) {
-    return addr.toString() + str;
-}
-
-string operator+(const Address *addr, string &str) {
-    return addr->toString() + str;
-}
-
-
-
--- a/src/network/Address.h
+++ b/src/network/Address.h
@@ -1,31 +0,0 @@
-/**
- * Necronda Web Server 3.0
- * HttpHeader.h - HttpHeader Class definition
- * Lorenz Stechauner, 2018-05-09
- */
-
-#ifndef NECRONDA_ADDRESS
-#define NECRONDA_ADDRESS
-
-using namespace std;
-
-class Address {
-private:
-    unsigned int address;
-
-public:
-    Address();
-
-    explicit Address(string address);
-
-    explicit Address(struct sockaddr_in *address);
-
-    struct sockaddr_in toStruct(unsigned short port) const;
-
-    string toString() const;
-
-    bool isLocal();
-
-};
-
-#endif
--- a/src/network/Socket.cpp
+++ b/src/network/Socket.cpp
@@ -1,661 +0,0 @@
-/**
- * Necronda Web Server 3.0
- * Socket.cpp - Socket Class methods
- * Lorenz Stechauner, 2018-05-09
- */
-
-
-#include <iostream>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <cstring>
-#include <utility>
-#include <unistd.h>
-#include <sstream>
-#include <ctime>
-#include <poll.h>
-#include <openssl/ssl.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <list>
-#include <sys/stat.h>
-
-#include "Address.h"
-#include "Socket.h"
-#include "http/Http.h"
-
-using namespace std;
-
-
-static void multi_ssl_init() {
-    SSL_load_error_strings();
-    SSL_library_init();
-    ERR_load_crypto_strings();
-    OpenSSL_add_all_algorithms();
-}
-
-
-char *multi_ssl_get_error(SSL *ssl, int ret) {
-    if (ret > 0) {
-        return nullptr;
-    }
-
-    unsigned long ret2 = ERR_get_error();
-    const char *err2 = strerror(errno);
-    const char *err1 = ERR_reason_error_string(ret2);
-
-    switch (SSL_get_error(ssl, ret)) {
-        case SSL_ERROR_NONE:
-            return (char *) "none";
-        case SSL_ERROR_ZERO_RETURN:
-            return (char *) "closed";
-        case SSL_ERROR_WANT_READ:
-            return (char *) "want_read";
-        case SSL_ERROR_WANT_WRITE:
-            return (char *) "want_write";
-        case SSL_ERROR_WANT_CONNECT:
-            return (char *) "want_connect";
-        case SSL_ERROR_WANT_ACCEPT:
-            return (char *) "want_accept";
-        case SSL_ERROR_WANT_X509_LOOKUP:
-            return (char *) "want_x509_lookup";
-        case SSL_ERROR_SYSCALL:
-            return (char *) ((ret2 == 0) ? (ret == 0) ? "protocol violation" : err2 : err1);
-        case SSL_ERROR_SSL:
-            return (char *) err1;
-        default:
-            return (char *) "unknown error";
-    }
-}
-
-char *strerror_socket(int nr) {
-    if (nr == EAGAIN || nr == EWOULDBLOCK) {
-        return (char *) "timeout";
-    } else if (nr == ECONNRESET) {
-        return (char *) "closed";
-    } else {
-        return strerror(nr);
-    }
-}
-
-
-Socket::Socket(int fd) {
-    this->fd = fd;
-    microsStart = getMicros();
-    microsLast = microsStart;
-    bytesSent = 0;
-    bytesReceived = 0;
-    enc = false;
-    ssl = nullptr;
-    ctx = nullptr;
-    clients = false;
-    servers = false;
-}
-
-Socket::Socket() {
-    fd = ::socket(AF_INET, SOCK_STREAM, 0);
-    if (fd == 0) {
-        throw strerror(errno);
-    }
-    enc = false;
-    microsStart = getMicros();
-    microsLast = microsStart;
-    bytesSent = 0;
-    bytesReceived = 0;
-    ssl = nullptr;
-    ctx = nullptr;
-    clients = false;
-    servers = false;
-}
-
-int Socket::getFd() {
-    return fd;
-}
-
-void Socket::setSocketOption(int option, bool value = true) {
-    int val = value ? 1 : 0;
-
-    if (::setsockopt(fd, SOL_SOCKET, option, &val, sizeof(val)) != 0) {
-        throw strerror(errno);
-    }
-}
-
-void Socket::bind(Address *address, unsigned short port) {
-    struct sockaddr_in addr;
-    addr.sin_family = AF_INET;
-    addr.sin_addr.s_addr = INADDR_ANY; // address.
-    addr.sin_port = htons(port);
-
-    if (::bind(fd, (struct sockaddr *) &addr, sizeof(addr)) != 0) {
-        throw strerror(errno);
-    }
-}
-
-void Socket::bind(unsigned short port) {
-    struct sockaddr_in addr;
-    addr.sin_family = AF_INET;
-    addr.sin_addr.s_addr = INADDR_ANY;
-    addr.sin_port = htons(port);
-
-    if (::bind(fd, (struct sockaddr *) &addr, sizeof(addr)) != 0) {
-        throw strerror(errno);
-    }
-}
-
-void Socket::listen(int num) {
-    if (::listen(fd, num) != 0) {
-        throw strerror(errno);
-    }
-}
-
-void Socket::connect(Address, unsigned short) {
-
-}
-
-Socket* Socket::accept() {
-    int newfd = ::accept(fd, nullptr, nullptr);
-    if (newfd < 0) {
-        throw strerror(errno);
-    }
-    Socket *socket = new Socket(newfd);
-    socket->servers = true;
-    return socket;
-}
-
-void Socket::close() {
-    if (isSecured()) {
-        //SSL_shutdown(ssl);
-        SSL_free(ssl);
-        SSL_CTX_free(ctx);
-    }
-
-    if (::close(fd) != 0) {
-        throw strerror(errno);
-    }
-}
-
-Address *Socket::getPeerAddress() const {
-    struct sockaddr_storage addr;
-    socklen_t len = sizeof(addr);
-    getpeername(fd, (struct sockaddr *) &addr, &len);
-    struct sockaddr_in *s = (struct sockaddr_in *) &addr;
-    return new Address(s);
-}
-
-unsigned short Socket::getPeerPort() const {
-    struct sockaddr_storage addr;
-    socklen_t len = sizeof(addr);
-    getpeername(fd, (struct sockaddr *) &addr, &len);
-    return ntohs(((struct sockaddr_in *) &addr)->sin_port);
-}
-
-Address *Socket::getSocketAddress() const {
-    struct sockaddr_storage addr;
-    socklen_t len = sizeof(addr);
-    getsockname(fd, (struct sockaddr *) &addr, &len);
-    struct sockaddr_in *s = (struct sockaddr_in *) &addr;
-    return new Address(s);
-}
-
-unsigned short Socket::getSocketPort() const {
-    struct sockaddr_storage addr;
-    socklen_t len = sizeof(addr);
-    getsockname(fd, (struct sockaddr *) &addr, &len);
-    return ntohs(((struct sockaddr_in *) &addr)->sin_port);
-}
-
-
-void Socket::setReuseAddress(bool value) {
-    setSocketOption(SO_REUSEADDR, value);
-}
-
-void Socket::setReusePort(bool value) {
-    setSocketOption(SO_REUSEPORT, value);
-}
-
-
-string Socket::toString() const {
-    return "{[Socket]" + getSocketAddress()->toString() + ":" + to_string(getSocketPort()) + "<->" +
-           getPeerAddress()->toString() + ":" + to_string(getPeerPort()) + "}";
-}
-
-long Socket::send(string *str) {
-    return send(str->c_str(), str->length());
-}
-
-long Socket::send(string str) {
-    return send(str.c_str(), str.length());
-}
-
-long Socket::send(const char *str, long length) {
-    return send((void*) str, length);
-}
-
-long Socket::send(const char *str) {
-    return send(str, strlen(str));
-}
-
-long Socket::send(FILE *file) {
-    char buffer[CPPNET_CHUNK];
-    long all_len = 0;
-    long len = 0;
-    do {
-        len = fread(buffer, 1, CPPNET_CHUNK, file);
-        send(buffer, len);
-        all_len += len;
-    } while (len > 0 && len == CPPNET_CHUNK);
-    return all_len;
-}
-
-Socket::~Socket() {
-
-}
-
-long Socket::receive(void *buffer, int size) {
-    long len;
-    if (isSecured()) {
-        len = SSL_read(ssl, buffer,  size);
-        if (len < 0) {
-            throw multi_ssl_get_error(ssl, (int) len);
-        }
-    } else {
-        len = recv(fd, buffer, (size_t) size, 0);
-        if (len < 0) {
-            throw strerror_socket(errno);
-        }
-    }
-    bytesReceived += len;
-    return len;
-}
-
-long Socket::peek(void *buffer, int size) {
-    long len;
-    if (isSecured()) {
-        len = SSL_peek(ssl, buffer, size);
-        if (len < 0) {
-            throw multi_ssl_get_error(ssl, (int) len);
-        }
-    } else {
-        len = recv(fd, buffer, (size_t) size, MSG_PEEK);
-        if (len < 0) {
-            throw strerror_socket(errno);
-        }
-    }
-    return len;
-}
-
-long Socket::send(void *buffer, int size) {
-    long len;
-    if (isSecured()) {
-        if (size != 0) {
-            len = SSL_write(ssl, buffer, size);
-            if (len <= 0) {
-                throw multi_ssl_get_error(ssl, (int) len);
-            }
-        } else {
-            len = 0;
-        }
-    } else {
-        len = ::send(fd, buffer, (size_t) size, 0);
-        if (len < 0) {
-            throw strerror_socket(errno);
-        }
-    }
-    bytesSent += len;
-    return len;
-}
-
-
-string Socket::receive() {
-    string *str = new string();
-
-    char buffer[CPPNET_CHUNK];
-    long len = 0;
-    do {
-        len = receive((void*) buffer, CPPNET_CHUNK);
-        str->append(buffer, (unsigned) len);
-    } while (len > 0 && len == CPPNET_CHUNK);
-
-    return *str;
-}
-
-string Socket::receive(long length) {
-    string *str = new string();
-
-    char buffer[CPPNET_CHUNK];
-    long len = 0;
-    long reclen = 0;
-    do {
-        len = receive((void*) buffer, CPPNET_CHUNK);
-        reclen += len;
-        str->append(buffer, (unsigned) len);
-    } while (reclen < length);
-
-    return *str;
-}
-
-string Socket::receive(string until) {
-    string *str = new string();
-
-    struct pollfd ufds[1];
-    ufds[0].fd = fd;
-    ufds[0].events = POLLIN | POLLOUT;
-
-    char buffer[CPPNET_CHUNK];
-    long len = 0;
-    do {
-        len = peek((void*) buffer, CPPNET_CHUNK);
-        if (len != 0) {
-            string s = string(buffer, (size_t) len);
-            size_t found = s.find(until);
-            long l = (found != string::npos) ? found + 1 : len;
-            long l2 = (found != string::npos) ? found : len;
-            str->append(buffer, (unsigned) l2);
-            receive((void *) buffer, (int) l);
-            if (found != string::npos) {
-                break;
-            }
-        }
-        if (poll(ufds, 1, 0) < 0) {
-            throw strerror_socket(errno);
-        } else if ((ufds[0].revents & POLLIN) == 0) {
-            if ((ufds[0].revents & POLLOUT) != 0) {
-                throw (char *) "error";
-            } else {
-                throw (char *) "want_write";
-            }
-        } else if ((ufds[0].revents & POLLERR) != 0) {
-            throw (char *) "error";
-        } else if (ufds[0].revents & (POLLRDHUP | POLLHUP | POLLNVAL) != 0) {
-            throw (char *) "closed";
-        }
-    } while (true);
-
-    return *str;
-}
-
-string Socket::receive(const char *until) {
-    return receive(until, (int) (strlen(until)));
-}
-
-string Socket::receive(const char *until, unsigned long strlen) {
-    return receive(string(until, strlen));
-}
-
-long Socket::receive(FILE *file) {
-    char buffer[CPPNET_CHUNK];
-    long len;
-    long rec = 0;
-    do {
-        len = receive((void*) buffer, CPPNET_CHUNK);
-        fwrite(buffer, 1, CPPNET_CHUNK, file);
-        rec += len;
-    } while (len > 0 && len == CPPNET_CHUNK);
-    return len;
-}
-
-long Socket::receive(FILE *file, long size) {
-    char buffer[CPPNET_CHUNK];
-    long len = 0;
-    long rec = 0;
-    while (size > rec) {
-        len = receive((void*) buffer, (CPPNET_CHUNK > (size - rec) && size >= 0)?(size - rec):CPPNET_CHUNK);
-        fwrite(buffer, 1, len, file);
-        rec += len;
-    }
-    return rec;
-}
-
-string Socket::receiveLine() {
-    string str = receive("\n");
-    if (str.length() > 0 && str.at(str.length() - 1) == '\r') {
-        str = str.substr(0, str.length() - 1);
-    }
-    return str;
-}
-
-
-long Socket::getDuration() {
-    return getMicros() - microsStart;
-}
-
-
-void Socket::setReceiveTimeout(unsigned long ms) {
-    struct timeval timeout;
-    if (ms == 0) {
-        timeout.tv_sec = 0;
-        timeout.tv_usec = 1;
-    } else {
-        timeout.tv_sec = ms / 1000;
-        timeout.tv_usec = (ms % 1000) * 1000;
-    }
-    if (setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (char *) &timeout, sizeof(timeout)) < 0) {
-        throw strerror(errno);
-    }
-}
-
-void Socket::setSendTimeout(unsigned long ms) {
-    struct timeval timeout;
-    if (ms == 0) {
-        timeout.tv_sec = 0;
-        timeout.tv_usec = 1;
-    } else {
-        timeout.tv_sec = ms / 1000;
-        timeout.tv_usec = (ms % 1000) * 1000;
-    }
-    if (setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, (char *) &timeout, sizeof(timeout)) < 0) {
-        throw strerror(errno);
-    }
-}
-
-bool Socket::isServerSide() {
-    return servers;
-}
-
-bool Socket::isSecured() {
-    return enc;
-}
-
-bool Socket::isClientSide() {
-    return clients;
-}
-
-void Socket::sslHandshake(map<string, KeyPair> sni) {
-    /*if (isSecured()) {
-        throw (char *) "Socket already secured";
-    }
-
-    const SSL_METHOD *method;
-    if (isServerSide()) {
-        method = TLSv1_2_server_method();
-    } else if (isClientSide()) {
-        method = TLSv1_2_client_method();
-    } else {
-        method = TLSv1_2_method();
-    }
-
-    SSL_CTX *ctx = SSL_CTX_new(method);
-    SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
-    SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
-    SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4");
-    SSL_CTX_set_ecdh_auto(ctx, 1);
-
-    const char *certfile = keypair.fullchain.c_str();
-    const char *keyfile = keypair.privkey.c_str();
-
-    if (isServerSide()) {
-        if (SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM) != 1) {
-            throw (char *) ERR_reason_error_string(ERR_get_error());
-        }
-
-        if (SSL_CTX_use_PrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM) != 1) {
-            throw (char *) ERR_reason_error_string(ERR_get_error());
-        }
-    }
-
-    SSL_CTX_set_tlsext_servername_callback
-
-    this->ctx = ctx;
-    this->ssl = SSL_new(ctx);
-    SSL_set_fd(ssl, fd);
-    enc = true;
-
-    while (true) {
-        int ret = 0;
-        if (isServerSide()) {
-            ret = SSL_accept(ssl);
-        } else if (isClientSide()) {
-            ret = SSL_connect(ssl);
-        } else {
-            ret = SSL_do_handshake(ssl);
-        }
-
-        if (ret <= 0 && ((isServerSide() && SSL_get_error(ssl, ret) != SSL_ERROR_WANT_READ) ||
-                         (isClientSide() && SSL_get_error(ssl, ret) != SSL_ERROR_WANT_WRITE))) {
-            throw multi_ssl_get_error(ssl, ret);
-        } else if (ret == 1) {
-            break;
-        }
-    }*/
-
-}
-
-void Socket::sslHandshake() {
-    sslHandshake(KeyPair{"", ""});
-}
-
-void Socket::sslHandshake(KeyPair keypair) {
-    if (isSecured()) {
-        throw (char *) "Socket already secured";
-    }
-
-    const SSL_METHOD *method;
-    if (isServerSide()) {
-        method = TLSv1_2_server_method();
-    } else if (isClientSide()) {
-        method = TLSv1_2_client_method();
-    } else {
-        method = TLSv1_2_method();
-    }
-
-    SSL_CTX *ctx = SSL_CTX_new(method);
-    SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
-    SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, nullptr);
-    SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION); // TLS1_VERSION
-    SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
-    SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4");
-    SSL_CTX_set_ecdh_auto(ctx, 1);
-
-    const char *certfile = keypair.fullchain.c_str();
-    const char *keyfile = keypair.privkey.c_str();
-
-    if (isServerSide()) {
-        if (SSL_CTX_use_certificate_chain_file(ctx, certfile) != 1) {
-            throw (char *) ERR_reason_error_string(ERR_get_error());
-        }
-
-        if (SSL_CTX_use_PrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM) != 1) {
-            throw (char *) ERR_reason_error_string(ERR_get_error());
-        }
-    }
-
-    this->ctx = ctx;
-    this->ssl = SSL_new(ctx);
-    SSL_set_fd(ssl, fd);
-    enc = true;
-
-    while (true) {
-        int ret = 0;
-        if (isServerSide()) {
-            ret = SSL_accept(ssl);
-        } else if (isClientSide()) {
-            ret = SSL_connect(ssl);
-        } else {
-            ret = SSL_do_handshake(ssl);
-        }
-
-        if (ret <= 0 && ((isServerSide() && SSL_get_error(ssl, ret) != SSL_ERROR_WANT_READ) ||
-                         (isClientSide() && SSL_get_error(ssl, ret) != SSL_ERROR_WANT_WRITE))) {
-            throw multi_ssl_get_error(ssl, ret);
-        } else if (ret == 1) {
-            break;
-        }
-    }
-
-}
-
-void Socket::sslHandshake(string privkey, string fullchain) {
-    sslHandshake(KeyPair{std::move(privkey), std::move(fullchain)});
-}
-
-long Socket::select(list<Socket> read, list<Socket> write, long millis) {
-    fd_set readfd, writefd;
-    int maxfd = 0;
-    FD_ZERO(&readfd);
-    FD_ZERO(&writefd);
-
-    for (Socket s : read) {
-        if (s.fd > maxfd) {
-            maxfd = s.fd;
-        }
-        FD_SET(s.fd, &readfd);
-    }
-
-    for (Socket s : write) {
-        if (s.fd > maxfd) {
-            maxfd = s.fd;
-        }
-        FD_SET(s.fd, &writefd);
-    }
-
-    struct timeval *tv = new struct timeval;
-    if (millis < 0) {
-        tv = nullptr;
-    } else if (millis == 0) {
-        tv->tv_sec = 0;
-        tv->tv_usec = 1;
-    } else {
-        tv->tv_sec = millis / 1000;
-        tv->tv_usec = (millis % 1000) * 1000;
-    }
-
-    int ret = ::select(maxfd + 1, &readfd, &writefd, nullptr, tv);
-    if (ret < 0) {
-        throw (char *) strerror(errno);
-    }
-    return ret;
-}
-
-long Socket::select(list<Socket> read, list<Socket> write) {
-    Socket::select(std::move(read), std::move(write), -1);
-}
-
-unsigned long Socket::getBytesSent() {
-    return bytesSent;
-}
-
-unsigned long Socket::getBytesReceived() {
-    return bytesReceived;
-}
-
-
-ostream &operator<<(ostream &str, const Socket &socket) {
-    return str << socket.toString();
-}
-
-ostream &operator<<(ostream &str, const Socket *socket) {
-    return str << socket->toString();
-}
-
-string operator+(string &str, const Socket &socket) {
-    return str + socket.toString();
-}
-
-string operator+(const Socket &socket, string &str) {
-    return socket.toString() + str;
-}
-
-
-
-
--- a/src/network/Socket.h
+++ b/src/network/Socket.h
@@ -1,174 +0,0 @@
-/**
- * Necronda Web Server 3.0
- * Socket.h - Socket Class definition
- * Lorenz Stechauner, 2018-05-09
- */
-
-#ifndef NECRONDA_SOCKET
-#define NECRONDA_SOCKET
-
-#include <map>
-
-#define CPPNET_CHUNK  16384
-
-typedef struct {
-    string privkey;
-    string fullchain;
-} KeyPair;
-
-using namespace std;
-
-
-class Socket {
-private:
-    int fd;
-    SSL *ssl;
-    SSL_CTX *ctx;
-    bool enc;
-    bool servers;
-    bool clients;
-    unsigned long bytesSent;
-    unsigned long bytesReceived;
-    long microsStart;
-    long microsLast;
-
-    void setSocketOption(int, bool);
-
-    long send(void *buffer, int size);
-
-    long receive(void *buffer, int size);
-
-    long peek(void *buffer, int size);
-
-public:
-    Socket();
-
-    explicit Socket(int filedescriptor);
-
-    ~Socket();
-
-    void bind(Address *address, unsigned short port);
-
-    void bind(unsigned short port);
-
-    void listen(int count = 1);
-
-    void connect(Address address, unsigned short port);
-
-    Socket* accept();
-
-    void sslHandshake();
-
-    void sslHandshake(map<string, KeyPair> sni);
-
-    void sslHandshake(KeyPair keypair);
-
-    void sslHandshake(string privkey, string fullchain);
-
-    long send(string *str);
-
-    long send(string str);
-
-    long send(const char *str);
-
-    long send(const char *str, long length);
-
-    long send(FILE *file);
-
-    string receive();
-
-    string receive(long length);
-
-    string receive(string until);
-
-    string receive(const char *until, unsigned long strlen);
-
-    string receive(const char *until);
-
-    long receive(FILE *file);
-
-    string receiveLine();
-
-    void shutdown();
-
-    void close();
-
-    int getFd();
-
-    long getDuration();
-
-    Address *getSocketAddress() const;
-
-    unsigned short getSocketPort() const;
-
-    Address *getPeerAddress() const;
-
-    unsigned short getPeerPort() const;
-
-    string toString() const;
-
-
-    bool isServerSide();
-
-    bool isClientSide();
-
-    bool isSecured();
-
-
-    void setReuseAddress(bool value = true);
-
-    void setReusePort(bool value = true);
-
-    void setSendBufferSize(int value);
-
-    void setReceiveBufferSize(int value);
-
-    void setMinReceiveBytes(int value);
-
-    void setMinSendBytes(int value);
-
-    void setSendTimeout(unsigned long ms);
-
-    void setReceiveTimeout(unsigned long ms);
-
-
-    bool getReuseAddress();
-
-    bool getReusePort();
-
-    int getSendBufferSize();
-
-    int getReceiveBufferSize();
-
-    int getMinReceiveBytes();
-
-    int getMinSendBytes();
-
-    long getSendTimeout();
-
-    long getReceiveTimeout();
-
-    unsigned long getBytesSent();
-
-    unsigned long getBytesReceived();
-
-    static long select(list<Socket> read, list<Socket> write, long millis);
-
-    static long select(list<Socket> read, list<Socket> write);
-
-    long receive(FILE *file, long size);
-};
-
-Socket operator<<(Socket sock, const char *str);
-
-Socket operator<<(Socket sock, string str);
-
-ostream &operator<<(ostream &str, const Socket &socket);
-
-ostream &operator<<(ostream &str, const Socket *socket);
-
-string operator+(string &str, const Socket &socket);
-
-string operator+(const Socket &socket, string &str);
-
-#endif
--- a/src/network/http/Http.cpp
+++ b/src/network/http/Http.cpp
@@ -1,32 +0,0 @@
-//
-// Created by lorenz on 7/10/18.
-//
-
-#include <sys/stat.h>
-#include <sys/time.h>
-#include "Http.h"
-
-unsigned long getMicros() {
-    struct timeval tv;
-    gettimeofday(&tv, nullptr);
-    return (unsigned long) (1000000 * tv.tv_sec + tv.tv_usec);
-}
-
-string getHttpDate() {
-    time_t rawtime;
-    time(&rawtime);
-    return getHttpDate(rawtime);
-}
-
-string getHttpDate(string filename) {
-    struct stat attrib;
-    stat(filename.c_str(), &attrib);
-    return getHttpDate(attrib.st_ctime);
-}
-
-string getHttpDate(time_t time) {
-    char buffer[64];
-    struct tm *timeinfo = gmtime(&time);
-    strftime(buffer, sizeof(buffer), "%a, %d %b %Y %H:%M:%S GMT", timeinfo);
-    return string(buffer);
-}
--- a/src/network/http/Http.h
+++ b/src/network/http/Http.h
@@ -1,22 +0,0 @@
-//
-// Created by lorenz on 7/10/18.
-//
-
-#ifndef CPPNET_HTTP_H
-#define CPPNET_HTTP_H
-
-#include <ctime>
-#include <string>
-
-using namespace std;
-
-unsigned long getMicros();
-
-string getHttpDate(time_t time);
-
-string getHttpDate();
-
-string getHttpDate(string filename);
-
-
-#endif //CPPNET_HTTP_H
--- a/src/network/http/HttpConnection.cpp
+++ b/src/network/http/HttpConnection.cpp
@@ -1,194 +0,0 @@
-
-
-#include <zlib.h>
-#include <cassert>
-#include <iostream>
-#include <utility>
-#include "HttpConnection.h"
-#include "../Socket.h"
-#include "HttpStatusCode.h"
-#include "Http.h"
-
-
-HttpConnection::HttpConnection() = default;
-
-HttpConnection::HttpConnection(Socket *socket) {
-    this->socket = socket;
-    this->request = new HttpRequest(socket);
-    this->response = new HttpResponse();
-    microsStart = getMicros();
-    response->setVersion("1.1");
-    response->setField("Server", "Necronda/3.0");
-}
-
-void HttpConnection::respond(int statuscode) {
-    if (statuscode >= 400 && statuscode < 600) {
-        respond(statuscode,
-                "<!DOCTYPE html><html><head><title>" + to_string(statuscode) + " " +
-                ::getStatusCode(statuscode).message +
-                "</title></head><body><center><h1>" + to_string(statuscode) + " " +
-                ::getStatusCode(statuscode).message +
-                "</h1>" +
-                ((request->isExistingField("Host")) ?
-                 (request->isExistingField("Referer") &&
-                  request->getField("Referer").find(request->getField("Host")) != string::npos) ?
-                 "<p>Go back to the last page you visited: <a href=\"" + request->getField("Referer") + "\">" +
-                 request->getField("Referer") + "</a></p>" :
-                 "<p>Go back to the home page of <a href=\"//" +
-                 request->getField("Host") + "/\">" +
-                 request->getField("Host") +
-                 "</a></p>" : "") + "</center></body></html>\r\n"
-        );
-    } else {
-        respond(statuscode, "");
-    }
-}
-
-void HttpConnection::respond(int statuscode, string payload) {
-    response->setStatusCode(statuscode);
-    response->setField("Date", getHttpDate());
-    response->setField("Content-Length", to_string(payload.length()));
-    response->sendHeader(socket);
-    socket->send(std::move(payload));
-}
-
-void HttpConnection::respond(int statuscode, FILE *file, bool compress, long start, long end) {
-    response->setStatusCode(statuscode);
-    response->setField("Transfer-Encoding", "chunked");
-    response->setField("Date", getHttpDate());
-
-    long shouldTransfer;
-    long transfered = 0;
-
-    fseek(file, 0, SEEK_END);
-    long len = ftell(file);
-
-    if (start != -1 && end != -1) {
-        fseek(file, start, SEEK_SET);
-        response->setField("Content-Length", to_string(end - start + 1));
-        shouldTransfer = end - start + 1;
-        compress = false;
-    } else {
-        fseek(file, 0, SEEK_SET);
-        shouldTransfer = len;
-        if (len >= 0 && !compress) {
-            response->setField("Content-Length", to_string(len));
-        }
-    }
-
-    if (compress) {
-        response->setField("Content-Encoding", "deflate");
-    }
-
-    response->sendHeader(socket);
-
-    if (compress) {
-        int level = 1;
-        int ret, flush;
-        unsigned have;
-        z_stream strm;
-        unsigned char in[CPPNET_CHUNK];
-        unsigned char out[CPPNET_CHUNK];
-
-        strm.zalloc = Z_NULL;
-        strm.zfree = Z_NULL;
-        strm.opaque = Z_NULL;
-        ret = deflateInit(&strm, level);
-        if (ret != Z_OK) {
-            throw (char *) "Unable to open file";
-        }
-
-        do {
-            strm.avail_in = (uInt) fread(in, 1, CPPNET_CHUNK, file);
-
-            if (ferror(file)) {
-                (void) deflateEnd(&strm);
-                throw (char *) strerror(errno);
-            }
-            flush = feof(file) ? Z_FINISH : Z_NO_FLUSH;
-            strm.next_in = in;
-            do {
-                strm.avail_out = CPPNET_CHUNK;
-                strm.next_out = out;
-                ret = deflate(&strm, flush);
-                assert(ret != Z_STREAM_ERROR);
-                have = CPPNET_CHUNK - strm.avail_out;
-
-                if (have != 0) {
-                    char buffer[64];
-                    sprintf(buffer, "%X\r\n", have);
-                    socket->send(buffer);
-                    socket->send((const char *) out, have);
-                    socket->send("\r\n");
-                }
-            } while (strm.avail_out == 0);
-            assert(strm.avail_in == 0);
-        } while (flush != Z_FINISH);
-        assert(ret == Z_STREAM_END);
-        socket->send("0\r\n\r\n");
-        deflateEnd(&strm);
-    } else {
-        char buffer[CPPNET_CHUNK];
-        char buff[64];
-        while (true) {
-            unsigned long size = fread(buffer, 1, (size_t) ((CPPNET_CHUNK > (shouldTransfer - transfered) && shouldTransfer > 0) ? (shouldTransfer - transfered) : CPPNET_CHUNK), file);
-            transfered += size;
-            sprintf(buff, "%lX\r\n", size);
-            socket->send(buff);
-            socket->send((const char *) buffer, size);
-            socket->send("\r\n");
-            if (size == 0) {
-                break;
-            }
-        }
-    }
-}
-
-string HttpConnection::getField(string index) {
-    return request->getField(std::move(index));
-}
-
-string HttpConnection::getPath() {
-    return request->getPath();
-}
-
-void HttpConnection::setField(string index, string data) {
-    response->setField(std::move(index), std::move(data));
-}
-
-bool HttpConnection::isExistingField(string index) {
-    return request->isExistingField(std::move(index));
-}
-
-string HttpConnection::getMethod() {
-    return request->getMethod();
-}
-
-long HttpConnection::getDuration() {
-    return getMicros() - microsStart;
-}
-
-HttpStatusCode HttpConnection::getStatusCode() {
-    return response->getStatusCode();
-}
-
-void HttpConnection::redirect(int statuscode, string location) {
-    setField("Location", std::move(location));
-    respond(statuscode, "");
-}
-
-string HttpConnection::getResponseField(string index) {
-    return response->getField(std::move(index));
-}
-
-bool HttpConnection::isExistingResponseField(string index) {
-    return response->isExistingField(std::move(index));
-}
-
-string HttpConnection::cgiExport() {
-    return request->cgiExport();
-}
-
-void HttpConnection::removeField(string index) {
-    response->removeField(std::move(index));
-}
--- a/src/network/http/HttpConnection.h
+++ b/src/network/http/HttpConnection.h
@@ -1,55 +0,0 @@
-
-
-#ifndef NECRONDA_HTTP_CONNECTION
-#define NECRONDA_HTTP_CONNECTION
-
-
-#include "../Socket.h"
-#include "HttpResponse.h"
-#include "HttpRequest.h"
-
-
-class HttpConnection {
-private:
-    Socket *socket{};
-    HttpRequest *request{};
-    HttpResponse *response{};
-    long microsStart{};
-
-public:
-    explicit HttpConnection();
-
-    explicit HttpConnection(Socket *socket);
-
-    void respond(int statuscode);
-
-    void respond(int statuscode, string payload);
-
-    void respond(int statuscode, FILE *file, bool compress = false, long start = -1, long end = -1);
-
-    void redirect(int statuscode, string location);
-
-    bool isExistingField(string index);
-
-    bool isExistingResponseField(string index);
-
-    string getField(string index);
-
-    string getResponseField(string index);
-
-    string getPath();
-
-    string getMethod();
-
-    void setField(string index, string data);
-
-    long getDuration();
-
-    HttpStatusCode getStatusCode();
-
-    string cgiExport();
-
-    void removeField(string index);
-};
-
-#endif
--- a/src/network/http/HttpHeader.cpp
+++ b/src/network/http/HttpHeader.cpp
@@ -1,122 +0,0 @@
-/**
- * Necronda Web Server 3.0
- * HttpHeader.cpp - HttpHeader Class methods
- * Lorenz Stechauner, 2018-05-09
- */
-
-
-#include <map>
-#include <iostream>
-#include "../Socket.h"
-
-#include "HttpHeader.h"
-
-
-using namespace std;
-
-string to_cgi(string text) {
-    for (auto & c: text) c = (char) toupper(c);
-    long pos = 0;
-    while ((pos = text.find('-', pos + 1)) != string::npos) {
-        text.replace(pos, 1, 1, '_');
-    }
-    return text;
-}
-
-
-/**
- * Default Constructor
- */
-HttpHeader::HttpHeader() {
-    fields = fields;
-}
-
-HttpHeader::HttpHeader(Socket *socket) : HttpHeader::HttpHeader() {
-    parse(socket);
-}
-
-
-void HttpHeader::parse(Socket *socket) {
-    while (true) {
-        string line = socket->receiveLine();
-        if (line.length() == 0) {
-            break;
-        } else {
-            unsigned long pos = line.find(':');
-            if (pos == string::npos) {
-                throw (char *) "Malformed header";
-            }
-            string index = line.substr(0, pos);
-            string data = line.substr(pos + 1, line.length() - pos);
-            while (index[0] == ' ') index.erase(index.begin() + 0);
-            while (index[index.length() - 1] == ' ') index.erase(index.end() - 1);
-            while (data[0] == ' ') data.erase(data.begin() + 0);
-            while (data[data.length() - 1] == ' ') data.erase(data.end() - 1);
-            setField(index, data);
-        }
-    }
-}
-
-
-/**
- * Default Destructor
- */
-HttpHeader::~HttpHeader() {
-    fields.clear();
-}
-
-
-/**
- * Sets a field in the HTTP header
- * e.g. Content-Length: 42
- * @param index The field index
- * @param data The field data
- */
-void HttpHeader::setField(string index, string data) {
-    removeField(index);
-    fields.insert(make_pair(index, data));
-}
-
-void HttpHeader::removeField(string index) {
-    fields.erase(index);
-}
-
-/**
- * Gets a field from the HTTP header
- * e.g. Content-Length: 42
- * @param index The field index
- * @return The field data
- */
-string HttpHeader::getField(string index) {
-    auto i = fields.find(index);
-    if (i != fields.end()) {
-        return fields.at(index);
-    } else {
-        return "";
-    }
-}
-
-
-bool HttpHeader::isExistingField(string index) {
-    auto i = fields.find(index);
-    return i != fields.end();
-}
-
-string HttpHeader::toString() {
-    string header = "";
-    for (auto it = fields.begin(); it != fields.end(); it++ ) {
-        header += it->first + ": " + it->second + "\r\n";
-    }
-    return header;
-}
-
-string HttpHeader::cgiExport() {
-    string header = "";
-    for (auto it = fields.begin(); it != fields.end(); it++ ) {
-        header += "HTTP_" + to_cgi(it->first) + "=" + cli_encode(it->second) + " ";
-    }
-    return header;
-}
-
-
-
--- a/src/network/http/HttpHeader.h
+++ b/src/network/http/HttpHeader.h
@@ -1,53 +0,0 @@
-/**
- * Necronda Web Server 3.0
- * HttpHeader.h - HttpHeader Class definition
- * Lorenz Stechauner, 2018-05-09
- */
-
-#ifndef NECRONDA_HTTP_HEADER
-#define NECRONDA_HTTP_HEADER
-
-#include <cstring>
-
-using namespace std;
-
-struct comp {
-    bool operator()(const std::string& lhs, const std::string& rhs) const {
-        return strcasecmp(lhs.c_str(), rhs.c_str()) < 0;
-    }
-};
-
-/**
- * Stores Key-Value Pairs for a HTTP header
- * e.g.
- * Content-Length: 64
- * Host: example.org
- */
-class HttpHeader {
-private:
-    map<string, string, comp> fields;
-
-public:
-    HttpHeader();
-
-    explicit HttpHeader(Socket *socket);
-
-    ~HttpHeader();
-
-    void setField(string index, string data);
-
-    string getField(string index);
-
-    void removeField(string index);
-
-    bool isExistingField(string index);
-
-    void parse(Socket *socket);
-
-    string toString();
-
-    string cgiExport();
-
-};
-
-#endif
--- a/src/network/http/HttpRequest.cpp
+++ b/src/network/http/HttpRequest.cpp
@@ -1,107 +0,0 @@
-
-
-#include <string>
-#include <utility>
-#include <iostream>
-#include "../Socket.h"
-#include "HttpHeader.h"
-#include "HttpRequest.h"
-
-
-HttpRequest::HttpRequest() {
-    this->header = HttpHeader();
-}
-
-HttpRequest::HttpRequest(Socket *socket) : HttpRequest::HttpRequest() {
-    parseHeader(socket);
-}
-
-HttpRequest::HttpRequest(string method, string path, string version) : HttpRequest::HttpRequest() {
-    this->method = std::move(method);
-    this->path = std::move(path);
-    this->version = std::move(version);
-}
-
-void HttpRequest::parseHeader(Socket *socket) {
-    string line = socket->receiveLine();
-
-    unsigned long pos1 = line.find(' ');
-    unsigned long pos2;
-
-    bool invalid = false;
-
-    if (pos1 != string::npos) {
-        pos2 = line.find(' ', pos1 + 1);
-        if (pos2 != string::npos) {
-            method = line.substr(0, pos1);
-            for (auto &c: method) c = (char) toupper(c);
-            path = line.substr(pos1 + 1, pos2 - pos1 - 1);
-            version = line.substr(pos2 + 6, 3);
-        } else {
-            invalid = true;
-        }
-    } else {
-        pos2 = string::npos;
-        invalid = true;
-    }
-
-
-    if (!invalid && (line.substr(pos2 + 1, 5) != "HTTP/" || version[1] != '.' || path[0] != '/' || !(version[0] >= '0' && version[0] <= '9') || !(version[2] >= '0' && version[2] <= '9'))) {
-        invalid = true;
-    }
-
-    if (invalid) {
-        method = "";
-        path = "";
-        version = "";
-        throw (char *) "Malformed header";
-    }
-
-    header.parse(socket);
-}
-
-string HttpRequest::getMethod() {
-    return method;
-}
-
-string HttpRequest::getPath() {
-    return path;
-}
-
-string HttpRequest::getVersion() {
-    return version;
-}
-
-void HttpRequest::setMethod(string method) {
-    this->method = std::move(method);
-}
-
-void HttpRequest::setPath(string path) {
-    this->path = std::move(path);
-}
-
-void HttpRequest::setVersion(string version) {
-    this->version = std::move(version);
-}
-
-string HttpRequest::getField(string index) {
-    return header.getField(std::move(index));
-}
-
-void HttpRequest::setField(string index, string data) {
-    header.setField(std::move(index), std::move(data));
-}
-
-bool HttpRequest::isExistingField(string index) {
-    return header.isExistingField(std::move(index));
-}
-
-string HttpRequest::cgiExport() {
-    return header.cgiExport();
-}
-
-
-
-
-
-
--- a/src/network/http/HttpRequest.h
+++ b/src/network/http/HttpRequest.h
@@ -1,52 +0,0 @@
-/**
- * Necronda Web Server 3.0
- * HttpHeader.h - HttpHeader Class definition
- * Lorenz Stechauner, 2018-05-09
- */
-
-#ifndef NECRONDA_HTTP_REQUEST
-#define NECRONDA_HTTP_REQUEST
-
-using namespace std;
-
-class HttpRequest {
-private:
-    HttpHeader header;
-    string method;
-    string path;
-    string version;
-
-public:
-    HttpRequest();
-
-    explicit HttpRequest(Socket *socket);
-
-    HttpRequest(string method, string path, string version = "1.1");
-
-    void parseHeader(Socket *socket);
-
-    void sendHeader(Socket *socket);
-
-    string getField(string index);
-
-    void setField(string index, string data);
-
-    bool isExistingField(string index);
-
-    string getMethod();
-
-    string getPath();
-
-    string getVersion();
-
-    void setMethod(string method);
-
-    void setPath(string path);
-
-    void setVersion(string version);
-
-    string cgiExport();
-
-};
-
-#endif
--- a/src/network/http/HttpResponse.cpp
+++ b/src/network/http/HttpResponse.cpp
@@ -1,70 +0,0 @@
-//
-// Created by lorenz on 5/17/18.
-//
-
-#include "HttpResponse.h"
-#include <utility>
-#include <iostream>
-#include "HttpStatusCode.h"
-
-
-HttpResponse::HttpResponse() {
-    this->header = HttpHeader();
-}
-
-HttpResponse::HttpResponse(Socket *socket) : HttpResponse::HttpResponse() {
-    this->parseHeader(socket);
-}
-
-HttpResponse::HttpResponse(int statuscode, string version) : HttpResponse::HttpResponse(::getStatusCode(statuscode), std::move(version)) {
-}
-
-HttpResponse::HttpResponse(HttpStatusCode statuscode, string version) : HttpResponse::HttpResponse() {
-    this->statuscode = statuscode;
-    this->version = std::move(version);
-}
-
-void HttpResponse::sendHeader(Socket *socket) {
-    socket->send("HTTP/" + version + " " + to_string(statuscode.code) + " " + statuscode.message + "\r\n" +
-            header.toString() + "\r\n");
-}
-
-string HttpResponse::getField(string index) {
-    return header.getField(std::move(index));
-}
-
-void HttpResponse::setField(string index, string data) {
-    header.setField(std::move(index), std::move(data));
-}
-
-bool HttpResponse::isExistingField(string index) {
-    return header.isExistingField(std::move(index));
-}
-
-HttpStatusCode HttpResponse::getStatusCode() {
-    return statuscode;
-}
-
-string HttpResponse::getVersion() {
-    return version;
-}
-
-void HttpResponse::setStatusCode(HttpStatusCode statuscode) {
-    this->statuscode = statuscode;
-}
-
-void HttpResponse::setStatusCode(int statuscode) {
-    this->statuscode = ::getStatusCode(statuscode);
-}
-
-void HttpResponse::setVersion(string version) {
-    this->version = std::move(version);
-}
-
-void HttpResponse::parseHeader(Socket *socket) {
-
-}
-
-void HttpResponse::removeField(string index) {
-    header.removeField(std::move(index));
-}
--- a/src/network/http/HttpResponse.h
+++ b/src/network/http/HttpResponse.h
@@ -1,50 +0,0 @@
-
-
-#ifndef NECRONDA_HTTP_RESPONSE
-#define NECRONDA_HTTP_RESPONSE
-
-
-#include <string>
-#include "HttpHeader.h"
-#include "HttpStatusCode.h"
-#include "../Socket.h"
-
-class HttpResponse {
-private:
-    HttpHeader header;
-    HttpStatusCode statuscode;
-    string version;
-
-public:
-    HttpResponse();
-
-    explicit HttpResponse(Socket *socket);
-
-    explicit HttpResponse(int statuscode, string version = "1.1");
-
-    explicit HttpResponse(HttpStatusCode statuscode, string version = "1.1");
-
-    void parseHeader(Socket *socket);
-
-    void sendHeader(Socket *socket);
-
-    string getField(string index);
-
-    void setField(string index, string data);
-
-    bool isExistingField(string index);
-
-    HttpStatusCode getStatusCode();
-
-    string getVersion();
-
-    void setStatusCode(HttpStatusCode statuscode);
-
-    void setStatusCode(int statuscode);
-
-    void setVersion(string version);
-
-    void removeField(string index);
-};
-
-#endif
--- a/src/network/http/HttpStatusCode.cpp
+++ b/src/network/http/HttpStatusCode.cpp
@@ -1,66 +0,0 @@
-#include "HttpStatusCode.h"
-
-/**
- * Necronda Web Server 3.0
- * HttpStatusCode.cpp - HTTP Status Code definition
- * Lorenz Stechauner, 2018-05-16
- * Reference: https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
- */
-
-
-HttpStatusCode httpStatusCodes[] = {
-        HttpStatusCode{100, "Informational", "Continue", ""},
-        HttpStatusCode{101, "Informational", "Switching Protocols", ""},
-
-        HttpStatusCode{200, "Success",       "OK", ""},
-        HttpStatusCode{201, "Success",       "Created", ""},
-        HttpStatusCode{202, "Success",       "Accepted", ""},
-        HttpStatusCode{203, "Success",       "Non-Authoritative Information", ""},
-        HttpStatusCode{204, "Success",       "No Content", ""},
-        HttpStatusCode{205, "Success",       "Reset Content", ""},
-        HttpStatusCode{206, "Success",       "Partial Content", ""},
-
-        HttpStatusCode{300, "Redirection",   "Multiple Choices", ""},
-        HttpStatusCode{301, "Redirection",   "Moved Permanently", ""},
-        HttpStatusCode{302, "Redirection",   "Found", ""},
-        HttpStatusCode{303, "Redirection",   "See Other", ""},
-        HttpStatusCode{304, "Redirection",   "Not Modified", ""},
-        HttpStatusCode{305, "Redirection",   "Use Proxy", ""},
-        HttpStatusCode{307, "Redirection",   "Temporary Redirect", ""},
-        HttpStatusCode{308, "Redirection",   "Permanent Redirect", ""},
-
-        HttpStatusCode{400, "Client Error",  "Bad Request", ""},
-        HttpStatusCode{401, "Client Error",  "Unauthorized", ""},
-        HttpStatusCode{402, "Client Error",  "Payment Required", ""},
-        HttpStatusCode{403, "Client Error",  "Forbidden", ""},
-        HttpStatusCode{404, "Client Error",  "Not Found", ""},
-        HttpStatusCode{405, "Client Error",  "Method Not Allowed", ""},
-        HttpStatusCode{406, "Client Error",  "Not Acceptable", ""},
-        HttpStatusCode{407, "Client Error",  "Proxy Authentication Required", ""},
-        HttpStatusCode{408, "Client Error",  "Request Timeout", ""},
-        HttpStatusCode{409, "Client Error",  "Conflict", ""},
-        HttpStatusCode{410, "Client Error",  "Gone", ""},
-        HttpStatusCode{411, "Client Error",  "Length Required", ""},
-        HttpStatusCode{412, "Client Error",  "Precondition Failed", ""},
-        HttpStatusCode{413, "Client Error",  "Request Entity Too Large", ""},
-        HttpStatusCode{414, "Client Error",  "Request-URI Too Long", ""},
-        HttpStatusCode{415, "Client Error",  "Unsupported Media Type", ""},
-        HttpStatusCode{416, "Client Error",  "Requested Range Not Satisfiable", ""},
-        HttpStatusCode{417, "Client Error",  "Expectation Failed", ""},
-
-        HttpStatusCode{500, "Server Error",  "Internal Server Error", ""},
-        HttpStatusCode{501, "Server Error",  "Not Implemented", ""},
-        HttpStatusCode{502, "Server Error",  "Bad Gateway", ""},
-        HttpStatusCode{503, "Server Error",  "Service Unavailable", ""},
-        HttpStatusCode{504, "Server Error",  "Gateway Timeout", ""},
-        HttpStatusCode{505, "Server Error",  "HTTP Version Not Supported", ""},
-};
-
-HttpStatusCode getStatusCode(int statuscode) {
-    for (HttpStatusCode sc : httpStatusCodes) {
-        if (sc.code == statuscode) {
-            return sc;
-        }
-    }
-    throw (char *) "Invalid status code";
-}
--- a/src/network/http/HttpStatusCode.h
+++ b/src/network/http/HttpStatusCode.h
@@ -1,15 +0,0 @@
-
-
-#ifndef NECRONDA_HTTP_STATUSCODE
-#define NECRONDA_HTTP_STATUSCODE
-
-typedef struct {
-    short code;                    // The status code (e.g. 200)
-    const char *type;             // The status type type (e.g Success)
-    const char *message;        // The status code message (e.g. OK)
-    const char *description;    // The status code description (currently not used)
-} HttpStatusCode;
-
-HttpStatusCode getStatusCode(int statuscode);
-
-#endif
--- a/src/procopen.cpp
+++ b/src/procopen.cpp
@@ -1,41 +0,0 @@
-//
-// Created by lorenz on 5/30/18.
-//
-
-#include "procopen.h"
-
-stds procopen(const char* command) {
-
-    int pipes[3][2];
-
-    pipe(pipes[PARENT_READ_PIPE]);
-    pipe(pipes[PARENT_WRITE_PIPE]);
-    pipe(pipes[PARENT_ERROR_PIPE]);
-
-    int pid = fork();
-
-    if(pid == 0) {
-        dup2(CHILD_READ_FD, STDIN_FILENO);
-        dup2(CHILD_WRITE_FD, STDOUT_FILENO);
-        dup2(CHILD_ERROR_FD, STDERR_FILENO);
-
-        close(CHILD_READ_FD);
-        close(CHILD_WRITE_FD);
-        close(CHILD_ERROR_FD);
-
-        close(PARENT_READ_FD);
-        close(PARENT_WRITE_FD);
-        close(PARENT_ERROR_FD);
-
-        system(command);
-        exit(0);
-    } else {
-        close(CHILD_READ_FD);
-        close(CHILD_WRITE_FD);
-        close(CHILD_ERROR_FD);
-
-        return stds{fdopen(PARENT_WRITE_FD, "w"), fdopen(PARENT_READ_FD, "r"), fdopen(PARENT_ERROR_FD, "r"), (pid_t) pid};
-    }
-}
-
-
--- a/src/procopen.h
+++ b/src/procopen.h
@@ -1,41 +0,0 @@
-//
-// Created by lorenz on 5/30/18.
-//
-
-
-#include <zconf.h>
-#include <cstdlib>
-#include <cstdio>
-
-#ifndef NECRONDA_PROCOPEN
-#define NECRONDA_PROCOPEN
-
-
-#define PARENT_WRITE_PIPE  0
-#define PARENT_READ_PIPE   1
-#define PARENT_ERROR_PIPE  2
-
-#define READ_FD  0
-#define WRITE_FD 1
-
-#define PARENT_READ_FD  ( pipes[PARENT_READ_PIPE][READ_FD]   )
-#define PARENT_WRITE_FD ( pipes[PARENT_WRITE_PIPE][WRITE_FD] )
-#define PARENT_ERROR_FD ( pipes[PARENT_ERROR_PIPE][READ_FD] )
-
-#define CHILD_READ_FD   ( pipes[PARENT_WRITE_PIPE][READ_FD]  )
-#define CHILD_WRITE_FD  ( pipes[PARENT_READ_PIPE][WRITE_FD]  )
-#define CHILD_ERROR_FD  ( pipes[PARENT_ERROR_PIPE][WRITE_FD]  )
-
-
-typedef struct {
-    FILE* stdin;
-    FILE* stdout;
-    FILE* stderr;
-    pid_t pid;
-} stds;
-
-
-stds procopen(const char* command);
-
-
-#endif
--- a/src/server.c
+++ b/src/server.c
@@ -0,0 +1,439 @@
+/**
+ * Sesimos - secure, simple, modern web server
+ * @brief Main executable
+ * @file src/server.c
+ * @author Lorenz Stechauner
+ * @date 2020-12-03
+ */
+
+#include "defs.h"
+#include "server.h"
+#include "logger.h"
+#include "async.h"
+
+#include "cache_handler.h"
+#include "lib/config.h"
+#include "lib/proxy.h"
+#include "lib/geoip.h"
+#include "workers.h"
+#include "worker/func.h"
+#include "lib/list.h"
+#include "lib/utils.h"
+
+#include <stdio.h>
+#include <getopt.h>
+#include <sys/socket.h>
+#include <signal.h>
+#include <unistd.h>
+#include <string.h>
+#include <arpa/inet.h>
+#include <sys/types.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/conf.h>
+#include <semaphore.h>
+
+const char *config_file;
+static int sockets[NUM_SOCKETS];
+static SSL_CTX *contexts[CONFIG_MAX_CERT_CONFIG];
+static client_ctx_t **clients;
+static sem_t sem_clients_lock;
+
+static void clean(void) {
+    notice("Cleaning sesimos cache and metadata files...");
+
+    // remove legacy files
+    //     /.../server/, /.../server/cache
+    if (rm_rf("/var/sesimos/server") != 0) {
+        error("Unable to remove /var/sesimos/server/");
+    } else if (!errno) {
+        notice("Successfully removed /var/sesimos/server/");
+    }
+    errno = 0;
+
+    // remove cache and metadata files
+    char buf[512];
+    for (int i = 0; i < CONFIG_MAX_HOST_CONFIG; i++) {
+        host_config_t *hc = &config.hosts[i];
+        if (hc->type == CONFIG_TYPE_UNSET) break;
+        if (hc->type != CONFIG_TYPE_LOCAL) continue;
+
+        snprintf(buf, sizeof(buf), "%s/.sesimos", hc->local.webroot);
+        if (rm_rf(buf) != 0) {
+            error("Unable to remove %s/", buf);
+        } else if (!errno) {
+            notice("Successfully removed %s/", buf);
+        }
+        errno = 0;
+    }
+
+    notice("Cleaned all sesimos cache and metadata files!");
+}
+
+static int ssl_servername_cb(SSL *ssl, int *ad, void *arg) {
+    const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
+    if (servername != NULL) {
+        const host_config_t *conf = get_host_config(servername);
+        if (conf != NULL) SSL_set_SSL_CTX(ssl, contexts[conf->cert]);
+    }
+    return SSL_TLSEXT_ERR_OK;
+}
+
+void server_free_client(client_ctx_t *ctx) {
+    // try to lock clients list
+    while (sem_wait(&sem_clients_lock) != 0) {
+        if (errno == EINTR) {
+            errno = 0;
+            continue;
+        } else {
+            critical("Unable to lock clients list");
+            return;
+        }
+    }
+
+    // delete from list
+    clients = list_delete(clients, &ctx);
+    if (clients == NULL) {
+        critical("Unable to delete context from list");
+        return;
+    }
+
+    // unlock clients list
+    sem_post(&sem_clients_lock);
+
+    // free data
+    free(ctx);
+}
+
+static void ssl_free() {
+    for (int i = 0; i < CONFIG_MAX_CERT_CONFIG; i++) {
+        const cert_config_t *conf = &config.certs[i];
+        if (conf->name[0] == 0) break;
+        SSL_CTX_free(contexts[i]);
+    }
+}
+
+static void accept_cb(void *arg) {
+    int i = (int) (((int *) arg) - sockets);
+    int fd = sockets[i];
+
+    client_ctx_t *client_ctx = malloc(sizeof(client_ctx_t));
+    if (client_ctx == NULL) {
+        critical("Unable to allocate memory for client context");
+        errno = 0;
+        return;
+    }
+    sock *client = &client_ctx->socket;
+
+    client->ctx = contexts[0];
+    socklen_t addr_len = sizeof(client->_addr);
+    int client_fd = accept(fd, &client->_addr.sock, &addr_len);
+    if (client_fd < 0) {
+        critical("Unable to accept connection");
+        free(client_ctx);
+        return;
+    }
+
+    sock_init(client, client_fd, (i == 1) ? SOCK_ENCRYPTED : 0);
+    client_ctx->cnx_s = client->ts_start;
+    client_ctx->cnx_e = -1, client_ctx->req_s = -1, client_ctx->req_e = -1, client_ctx->res_ts = -1;
+
+    // try to lock clients list
+    while (sem_wait(&sem_clients_lock) != 0) {
+        if (errno == EINTR) {
+            errno = 0;
+            continue;
+        } else {
+            critical("Unable to lock clients list");
+            return;
+        }
+    }
+
+    // append to list
+    clients = list_append(clients, &client_ctx);
+    if (clients == NULL) {
+        critical("Unable to add client context to list");
+        free(client_ctx);
+        errno = 0;
+        return;
+    }
+
+    // unlock clients list
+    sem_post(&sem_clients_lock);
+
+    tcp_accept(client_ctx);
+}
+
+static void accept_err_cb(void *arg) {
+    int i = (int) (((int *) arg) - sockets);
+    int fd = sockets[i];
+    // TODO accept error callback
+}
+
+static void terminate_forcefully(int sig) {
+    fprintf(stderr, "\n");
+    notice("Terminating forcefully!");
+
+    geoip_free();
+
+    notice("Goodbye");
+    exit(2);
+}
+
+static void terminate_gracefully(int sig) {
+    if (sig != 0) fprintf(stderr, "\n");
+    notice("Terminating gracefully...");
+
+    struct sigaction act = {0};
+    act.sa_handler = terminate_forcefully;
+    sigaction(SIGINT, &act, NULL);
+    sigaction(SIGTERM, &act, NULL);
+
+    debug("Closing listening sockets...");
+    for (int i = 0; i < NUM_SOCKETS; i++) {
+        close(sockets[i]);
+    }
+
+    debug("Stopping workers...");
+    cache_stop();
+    workers_stop();
+    debug("Destroying workers...");
+    workers_destroy();
+
+    logger_set_prefix("");
+    debug("Closing proxy connections...");
+    proxy_close_all();
+
+    debug("Closing client connections...");
+    while (list_size(clients) > 0)
+        tcp_close(clients[0]);
+    logger_set_prefix("");
+
+    debug("Stopping async loop...");
+    async_stop();
+}
+
+static void nothing(int sig) {}
+
+int main(int argc, char *const argv[]) {
+    const int YES = 1;
+    int ret;
+    int mode = 0;
+
+    memset(sockets, 0, sizeof(sockets));
+
+    const struct sockaddr_in6 addresses[2] = {
+            {.sin6_family = AF_INET6, .sin6_addr = IN6ADDR_ANY_INIT, .sin6_port = htons(80)},
+            {.sin6_family = AF_INET6, .sin6_addr = IN6ADDR_ANY_INIT, .sin6_port = htons(443)}
+    };
+
+    logger_set_name("server");
+
+    if (setvbuf(stdout, NULL, _IOLBF, 0) != 0 || setvbuf(stderr, NULL, _IOLBF, 0) != 0) {
+        critical("Unable to set stdout/stderr to line-buffered mode");
+        return 1;
+    }
+    printf("sesimos web server " SERVER_VERSION "\n");
+
+    static const struct option long_opts[] = {
+            {"help",    no_argument,        0, 'h'},
+            {"clean",   no_argument,        0, 'C'},
+            {"config",  required_argument,  0, 'c'},
+            { 0,        0,                  0,  0 }
+    };
+
+    config_file = NULL;
+    for (int c, opt_idx; (c = getopt_long(argc, argv, "hCc:", long_opts, &opt_idx)) != -1;) {
+        switch (c) {
+            case 'h':
+                fprintf(stderr,
+                        "Usage: sesimos [-h] [-c <CONFIG FILE>]\n"
+                        "\n"
+                        "Options:\n"
+                        "  -c, --config <CONFIG-FILE>  path to the config file. If not provided, default will be used\n"
+                        "  -C, --clean                 clear cached files and other metadata\n"
+                        "  -h, --help                  print this dialogue\n");
+                return 0;
+            case 'c':
+                config_file = optarg;
+                break;
+            case 'C':
+                mode = 1;
+                break;
+            case '?':
+            default:
+                critical("Unable to parse arguments");
+                return 1;
+        }
+    }
+
+    if (optind != argc) {
+        critical("No positional arguments expected");
+        return 1;
+    }
+
+    if (config_load(config_file == NULL ? DEFAULT_CONFIG_FILE : config_file) != 0)
+        return 1;
+
+    if (mode == 1) {
+        clean();
+        return 0;
+    }
+
+    if ((sockets[0] = socket(AF_INET6, SOCK_STREAM, 0)) == -1 ||
+        (sockets[1] = socket(AF_INET6, SOCK_STREAM, 0)) == -1)
+    {
+        critical("Unable to create socket");
+        return 1;
+    }
+
+    for (int i = 0; i < NUM_SOCKETS; i++) {
+        if (setsockopt(sockets[i], SOL_SOCKET, SO_REUSEADDR, &YES, sizeof(YES)) < 0) {
+            critical("Unable to set options for socket %i", i);
+            return 1;
+        }
+    }
+
+    if (bind(sockets[0], (struct sockaddr *) &addresses[0], sizeof(addresses[0])) == -1 ||
+        bind(sockets[1], (struct sockaddr *) &addresses[1], sizeof(addresses[1])) == -1)
+    {
+        critical("Unable to bind socket to address");
+        return 1;
+    }
+
+    struct sigaction act = {0};
+    act.sa_handler = terminate_gracefully;
+    sigaction(SIGINT, &act, NULL);
+    sigaction(SIGTERM, &act, NULL);
+    act.sa_handler = nothing;
+    sigaction(SIGUSR1, &act, NULL);
+    sigaction(SIGPIPE, &act, NULL);
+
+    if ((ret = geoip_init(config.geoip_dir)) != 0) {
+        if (ret == -1) {
+            critical("Unable to initialize geoip");
+        }
+        return 1;
+    }
+
+    for (int i = 0; i < CONFIG_MAX_CERT_CONFIG; i++) {
+        const cert_config_t *conf = &config.certs[i];
+        if (conf->name[0] == 0) break;
+
+        contexts[i] = SSL_CTX_new(TLS_server_method());
+        SSL_CTX *ctx = contexts[i];
+        SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
+        SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
+        SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
+        SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
+        SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4");
+        SSL_CTX_set_ecdh_auto(ctx, 1);
+        SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
+
+        if (SSL_CTX_use_certificate_chain_file(ctx, conf->full_chain) != 1) {
+            critical("Unable to load certificate chain file: %s: %s", ERR_reason_error_string(ERR_get_error()), conf->full_chain);
+            geoip_free();
+            return 1;
+        }
+        if (SSL_CTX_use_PrivateKey_file(ctx, conf->priv_key, SSL_FILETYPE_PEM) != 1) {
+            critical("Unable to load private key file: %s: %s", ERR_reason_error_string(ERR_get_error()), conf->priv_key);
+            geoip_free();
+            return 1;
+        }
+    }
+
+    clients = list_create(sizeof(client_ctx_t *), 64);
+    if (clients == NULL) {
+        critical("Unable to initialize client list");
+        ssl_free();
+        return 1;
+    }
+
+    if (sem_init(&sem_clients_lock, 0, 1) != 0) {
+        critical("Unable to create clients lock semaphore");
+        ssl_free();
+        list_free(clients);
+        return 1;
+    }
+
+    if (async_init() != 0) {
+        critical("Unable to initialize async thread");
+        ssl_free();
+        geoip_free();
+        list_free(clients);
+        sem_destroy(&sem_clients_lock);
+        return 1;
+    }
+
+    if (proxy_preload() != 0) {
+        critical("Unable to initialize proxy");
+        ssl_free();
+        geoip_free();
+        list_free(clients);
+        sem_destroy(&sem_clients_lock);
+        async_free();
+        return 1;
+    }
+
+    for (int i = 0; i < NUM_SOCKETS; i++) {
+        if (listen(sockets[i], LISTEN_BACKLOG) < 0) {
+            critical("Unable to listen on socket %i", i);
+            ssl_free();
+            geoip_free();
+            list_free(clients);
+            sem_destroy(&sem_clients_lock);
+            async_free();
+            proxy_unload();
+            return 1;
+        }
+    }
+
+    logger_init();
+
+    if ((ret = cache_init()) != 0) {
+        if (ret == -1) critical("Unable to initialize cache");
+        ssl_free();
+        geoip_free();
+        list_free(clients);
+        sem_destroy(&sem_clients_lock);
+        async_free();
+        proxy_unload();
+        logger_stop();
+        logger_join();
+        return 1;
+    }
+
+    logger_set_name("main");
+
+    workers_init();
+
+    for (int i = 0; i < NUM_SOCKETS; i++) {
+        async_fd(sockets[i], ASYNC_WAIT_READ, ASYNC_KEEP, &sockets[i], accept_cb, accept_err_cb, accept_err_cb);
+    }
+
+    notice("Ready to accept connections");
+
+    int error = 0;
+    async_thread();
+    if (errno != 0) {
+        errno = 0;
+        error = 2;
+        terminate_gracefully(0);
+    }
+
+    notice("Goodbye!");
+
+    // cleanup
+    ssl_free();
+    list_free(clients);
+    sem_destroy(&sem_clients_lock);
+    geoip_free();
+    proxy_unload();
+    cache_join();
+    async_free();
+    logger_stop();
+    logger_join();
+
+    return error;
+}
--- a/src/server.h
+++ b/src/server.h
@@ -0,0 +1,26 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Main executable (header file)
+ * @file src/server.h
+ * @author Lorenz Stechauner
+ * @date 2020-12-03
+ */
+
+#ifndef SESIMOS_SERVER_H
+#define SESIMOS_SERVER_H
+
+#include "worker/func.h"
+
+#define NUM_SOCKETS 2
+#define LISTEN_BACKLOG 16
+#define REQ_PER_CONNECTION 200
+#define CLIENT_TIMEOUT 3600
+#define SERVER_TIMEOUT_INIT 4
+#define SERVER_TIMEOUT 3600
+
+#define CNX_HANDLER_WORKERS 8
+#define REQ_HANDLER_WORKERS 16
+
+void server_free_client(client_ctx_t *ctx);
+
+#endif //SESIMOS_SERVER_H
--- a/src/worker/chunk_handler.c
+++ b/src/worker/chunk_handler.c
@@ -0,0 +1,50 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief FastCGI frame handler
+ * @file src/worker/fcgi_frame_handler.c
+ * @author Lorenz Stechauner
+ * @date 2023-01-22
+ */
+
+#include "func.h"
+#include "../logger.h"
+#include "../workers.h"
+
+#include <errno.h>
+
+void chunk_handler_func(chunk_ctx_t *ctx) {
+    logger_set_prefix("[%*s]%s", ADDRSTRLEN, ctx->client->socket.s_addr, ctx->client->log_prefix);
+
+    char buf[CHUNK_SIZE];
+    long sent = sock_splice_chunked(&ctx->client->socket, ctx->socket, buf, sizeof(buf), ctx->flags | SOCK_SINGLE_CHUNK);
+    if (sent < 0) {
+        // error
+        error("Unable to splice chunk");
+        errno = 0;
+        ctx->err_cb(ctx);
+    } else if (sent == 0) {
+        // last chunk
+        ctx->client->chunks_transferred = 1;
+        ctx->next_cb(ctx);
+    } else {
+        // next chunk
+        handle_chunk(ctx);
+        return;
+    }
+
+    free(ctx);
+}
+
+int handle_chunks(client_ctx_t *ctx, sock *socket, int flags, void (*next_cb)(chunk_ctx_t *), void (*err_cb)(chunk_ctx_t *)) {
+    chunk_ctx_t *a = malloc(sizeof(chunk_ctx_t));
+
+    a->client = ctx;
+    a->socket = socket;
+    a->flags = flags;
+    a->next_cb = (void (*)(void *)) next_cb;
+    a->err_cb  = (void (*)(void *)) err_cb;
+
+    handle_chunk(a);
+
+    return 0;
+}
--- a/src/worker/fastcgi_frame_handler.c
+++ b/src/worker/fastcgi_frame_handler.c
@@ -0,0 +1,72 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief FastCGI frame handler
+ * @file src/worker/fastcgi_frame_handler.c
+ * @author Lorenz Stechauner
+ * @date 2023-01-22
+ */
+
+#include "func.h"
+#include "../lib/fastcgi.h"
+#include "../logger.h"
+#include "../workers.h"
+
+#include <errno.h>
+#include <memory.h>
+#include <unistd.h>
+
+void fastcgi_frame_handler_func(fastcgi_ctx_t *ctx) {
+    logger_set_prefix("[%*s]%s", ADDRSTRLEN, ctx->client->socket.s_addr, ctx->client->log_prefix);
+
+    switch (fastcgi_recv_frame(&ctx->cnx)) {
+        case FCGI_STDOUT:
+        case FCGI_STDERR:
+            fastcgi_handle_frame(ctx);
+            break;
+        case -1:
+            error("Unable to receive FastCGI frame");
+            ctx->client->s_keep_alive = 0;
+            fastcgi_close(ctx);
+            break;
+        default:
+            // end of request received
+            write(ctx->cnx.fd_out, "\0\0\0\0\0\0\0\0\r\n", 10);
+            fastcgi_close(ctx);
+    }
+}
+
+int fastcgi_handle_connection(client_ctx_t *ctx, fastcgi_cnx_t **cnx) {
+    sock_set_timeout(&(*cnx)->socket, FASTCGI_TIMEOUT);
+    sock_set_socket_timeout(&(*cnx)->socket, 1);
+
+    fastcgi_ctx_t *a = malloc(sizeof(fastcgi_ctx_t));
+    a->closed = 0;
+    a->client = ctx;
+    memcpy(&a->cnx, *cnx, sizeof(fastcgi_cnx_t));
+    ctx->fcgi_ctx = a;
+    fastcgi_handle_frame(a);
+    *cnx = &a->cnx;
+
+    return 0;
+}
+
+void fastcgi_close(fastcgi_ctx_t *ctx) {
+    if (ctx->closed == 0) {
+        ctx->closed++;
+        return;
+    }
+
+    logger_set_prefix("[%*s]%s", ADDRSTRLEN, ctx->client->socket.s_addr, ctx->client->log_prefix);
+
+    fastcgi_php_error(&ctx->cnx, NULL);
+
+    if (ctx->cnx.app_status != 0)
+        error("FastCGI app terminated with exit code %i", ctx->cnx.app_status);
+
+    debug("Closing FastCGI connection");
+
+    fastcgi_close_cnx(&ctx->cnx);
+    ctx->client->fcgi_ctx = NULL;
+    free(ctx);
+    errno = 0;
+}
--- a/src/worker/fastcgi_handler.c
+++ b/src/worker/fastcgi_handler.c
@@ -0,0 +1,190 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief FastCGI handler
+ * @file src/worker/fastcgi_handler.c
+ * @author Lorenz Stechauner
+ * @date 2022-12-28
+ */
+
+#include "func.h"
+#include "../logger.h"
+#include "../lib/utils.h"
+#include "../workers.h"
+#include "../lib/fastcgi.h"
+
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+
+static int fastcgi_handler_1(client_ctx_t *ctx, fastcgi_cnx_t **fcgi_cnx);
+static int fastcgi_handler_2(client_ctx_t *ctx, fastcgi_cnx_t *fcgi_cnx);
+
+void fastcgi_handler_func(client_ctx_t *ctx) {
+    logger_set_prefix("[%s%*s%s]%s", BLD_STR, ADDRSTRLEN, ctx->req_host, CLR_STR, ctx->log_prefix);
+
+    if (!ctx->chunks_transferred) {
+        fastcgi_cnx_t *fcgi_cnx = NULL;
+        int ret = fastcgi_handler_1(ctx, &fcgi_cnx);
+        respond(ctx);
+        if (ret == 0) {
+            switch (fastcgi_handler_2(ctx, fcgi_cnx)) {
+                case 1: return;
+                case 2: break;
+            }
+        } else if (ctx->fcgi_ctx != NULL) {
+            fastcgi_close(ctx->fcgi_ctx);
+        }
+    }
+
+    request_complete(ctx);
+    handle_request(ctx);
+}
+
+static int fastcgi_handler_1(client_ctx_t *ctx, fastcgi_cnx_t **fcgi_cnx) {
+    http_res *res = &ctx->res;
+    http_req *req = &ctx->req;
+    http_uri *uri = &ctx->uri;
+    sock *client = &ctx->socket;
+    char *err_msg = ctx->err_msg;
+    char buf[1024];
+
+    int mode, ret;
+    if (strends(uri->filename, ".php")) {
+        mode = FASTCGI_BACKEND_PHP;
+    } else {
+        res->status = http_get_status(500);
+        error("Invalid FastCGI extension: %s", uri->filename);
+        return 3;
+    }
+
+    fastcgi_cnx_t fcgi_cnx_buf;
+    sock_init(&fcgi_cnx_buf.socket, -1, 0);
+    fcgi_cnx_buf.req_id = 0;
+    fcgi_cnx_buf.r_addr = ctx->socket.addr;
+    fcgi_cnx_buf.r_host = (ctx->host[0] != 0) ? ctx->host : NULL;
+
+    struct stat statbuf;
+    stat(uri->filename, &statbuf);
+    char *last_modified = http_format_date(statbuf.st_mtime, buf, sizeof(buf));
+    http_add_header_field(&res->hdr, "Last-Modified", last_modified);
+
+    res->status = http_get_status(200);
+    if (fastcgi_init(&fcgi_cnx_buf, mode, ctx->req_num, client, req, uri) != 0) {
+        fastcgi_close_cnx(&fcgi_cnx_buf);
+        res->status = http_get_status(503);
+        sprintf(err_msg, "Unable to communicate with FastCGI socket.");
+        return 3;
+    }
+
+    (*fcgi_cnx) = &fcgi_cnx_buf;
+    fastcgi_handle_connection(ctx, fcgi_cnx);
+
+    const char *client_content_length = http_get_header_field(&req->hdr, "Content-Length");
+    const char *client_transfer_encoding = http_get_header_field(&req->hdr, "Transfer-Encoding");
+    if (client_content_length != NULL) {
+        unsigned long client_content_len = strtoul(client_content_length, NULL, 10);
+        ret = fastcgi_receive(*fcgi_cnx, client, client_content_len);
+    } else if (strcontains(client_transfer_encoding, "chunked")) {
+        ret = fastcgi_receive_chunked(*fcgi_cnx, client);
+    } else {
+        ret = 0;
+    }
+    if (ret != 0) {
+        if (ret < 0) {
+            return -1;
+        } else {
+            sprintf(err_msg, "Unable to communicate with FastCGI socket.");
+        }
+        res->status = http_get_status(502);
+        return 2;
+    }
+    fastcgi_close_stdin(*fcgi_cnx);
+
+    if ((ret = fastcgi_header(*fcgi_cnx, res, err_msg)) != 0) {
+        if (ret == -1) res->status = http_get_status(502);
+        return ret;
+    }
+
+    const char *status_hdr = http_get_header_field(&res->hdr, "Status");
+    if (status_hdr != NULL) {
+        int status_code = (int) strtoul(status_hdr, NULL, 10);
+        res->status = http_get_status(status_code);
+        http_remove_header_field(&res->hdr, "Status", HTTP_REMOVE_ALL);
+        if (res->status == NULL && status_code >= 100 && status_code <= 999) {
+            ctx->custom_status.code = status_code;
+            ctx->custom_status.type = 0;
+            strcpy(ctx->custom_status.msg, status_hdr + 4);
+            res->status = &ctx->custom_status;
+        } else if (res->status == NULL) {
+            res->status = http_get_status(500);
+            sprintf(err_msg, "The status_hdr code was set to an invalid or unknown value.");
+            return 2;
+        }
+    }
+
+    const char *content_length_f = http_get_header_field(&res->hdr, "Content-Length");
+    ctx->content_length = (content_length_f == NULL) ? -1 : strtol(content_length_f, NULL, 10);
+
+    const char *content_type = http_get_header_field(&res->hdr, "Content-Type");
+    const char *content_encoding = http_get_header_field(&res->hdr, "Content-Encoding");
+    if (content_encoding == NULL &&
+        content_type != NULL &&
+        strstarts(content_type, "text/html") &&
+        ctx->content_length != -1 &&
+        ctx->content_length <= sizeof(ctx->msg_content) - 1)
+    {
+        fastcgi_dump(*fcgi_cnx, ctx->msg_content, sizeof(ctx->msg_content));
+        return 1;
+    }
+
+    ctx->use_fastcgi = 1;
+    ctx->content_length = -1;
+
+    if (http_get_header_field(&res->hdr, "Content-Length") == NULL) {
+        http_add_header_field(&res->hdr, "Transfer-Encoding", "chunked");
+    }
+
+    return 0;
+}
+
+static void fastcgi_next_cb(chunk_ctx_t *ctx) {
+    if (ctx->client->fcgi_ctx) {
+        fastcgi_close(ctx->client->fcgi_ctx);
+        ctx->client->fcgi_ctx = NULL;
+    }
+
+    fastcgi_handle(ctx->client);
+}
+
+static void fastcgi_error_cb(chunk_ctx_t *ctx) {
+    if (ctx->client->chunks_transferred)
+        return;
+
+    logger_set_prefix("[%s%*s%s]%s", BLD_STR, ADDRSTRLEN, ctx->client->req_host, CLR_STR, ctx->client->log_prefix);
+
+    // FIXME segfault on error_cb
+    warning("Closing connection due to FastCGI error");
+    if(ctx->client->fcgi_ctx) {
+        fastcgi_close(ctx->client->fcgi_ctx);
+        ctx->client->fcgi_ctx = NULL;
+    }
+
+    tcp_close(ctx->client);
+
+    errno = 0;
+}
+
+static int fastcgi_handler_2(client_ctx_t *ctx, fastcgi_cnx_t *fcgi_cnx) {
+    int chunked = strcontains(http_get_header_field(&ctx->res.hdr, "Transfer-Encoding"), "chunked");
+
+    if (chunked) {
+        handle_chunks(ctx, &fcgi_cnx->out, SOCK_CHUNKED, fastcgi_next_cb, fastcgi_error_cb);
+        return 1;
+    } else {
+        fastcgi_send(fcgi_cnx, &ctx->socket);
+        fastcgi_close(ctx->fcgi_ctx);
+        ctx->fcgi_ctx = NULL;
+        fastcgi_handle(ctx);
+        return 2;
+    }
+}
--- a/src/worker/func.h
+++ b/src/worker/func.h
@@ -0,0 +1,98 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Worker function header file
+ * @file src/worker/func.h
+ * @author Lorenz Stechauner
+ * @date 2022-12-29
+ */
+
+#ifndef SESIMOS_FUNC_H
+#define SESIMOS_FUNC_H
+
+#include "../defs.h"
+#include "../lib/sock.h"
+#include "../lib/http.h"
+#include "../lib/uri.h"
+#include "../lib/config.h"
+#include "../lib/proxy.h"
+#include "../lib/fastcgi.h"
+
+typedef struct {
+    sock socket;
+    int req_num;
+    unsigned char s_keep_alive:1, c_keep_alive:1, use_fastcgi:4, use_proxy:2, ws_close:2, chunks_transferred:1;
+    char cc[3], host[256];
+    char req_host[256], err_msg[256];
+    char log_prefix[128];
+    char _c_addr[INET6_ADDRSTRLEN + 1], _s_addr[INET6_ADDRSTRLEN + 1];
+    long cnx_s, cnx_e, req_s, res_ts, req_e;
+    http_req req;
+    http_res res;
+    http_uri uri;
+    http_status_ctx status;
+    http_status custom_status;
+    host_config_t *conf;
+    FILE *file;
+    long content_length;
+    char *msg_buf, *msg_buf_ptr, msg_content[1024];
+    proxy_ctx_t *proxy;
+    void *fcgi_ctx;
+} client_ctx_t;
+
+typedef struct {
+    client_ctx_t *client;
+    sock *socket;
+    void *other;
+} ws_ctx_t;
+
+typedef struct {
+    int closed:2;
+    client_ctx_t *client;
+    fastcgi_cnx_t cnx;
+} fastcgi_ctx_t;
+
+typedef struct {
+    client_ctx_t *client;
+    sock *socket;
+    int flags;
+    void (*next_cb)(void *);
+    void (*err_cb)(void *);
+} chunk_ctx_t;
+
+void tcp_acceptor_func(client_ctx_t *ctx);
+
+void request_handler_func(client_ctx_t *ctx);
+
+void local_handler_func(client_ctx_t *ctx);
+
+void fastcgi_handler_func(client_ctx_t *ctx);
+
+void fastcgi_frame_handler_func(fastcgi_ctx_t *ctx);
+
+void proxy_handler_func(client_ctx_t *ctx);
+
+void proxy_peer_handler_func(proxy_ctx_t *ctx);
+
+void ws_frame_handler_func(ws_ctx_t *ctx);
+
+void chunk_handler_func(chunk_ctx_t *ctx);
+
+int respond(client_ctx_t *ctx);
+
+void request_complete(client_ctx_t *ctx);
+
+void timeout_request(client_ctx_t *ctx);
+
+void tcp_close(client_ctx_t *ctx);
+
+int ws_handle_connection(client_ctx_t *ctx);
+
+void ws_close(ws_ctx_t *ctx);
+
+int handle_chunks(client_ctx_t *ctx, sock *socket, int flags, void (*next_cb)(chunk_ctx_t *), void (*err_cb)(chunk_ctx_t *));
+
+int fastcgi_handle_connection(client_ctx_t *ctx, fastcgi_cnx_t **cnx);
+
+void fastcgi_close(fastcgi_ctx_t *ctx);
+
+#endif //SESIMOS_FUNC_H
--- a/src/worker/local_handler.c
+++ b/src/worker/local_handler.c
@@ -0,0 +1,251 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Local filesystem handler
+ * @file src/worker/local_handler.c
+ * @author Lorenz Stechauner
+ * @date 2022-12-29
+ */
+
+#include "func.h"
+#include "../logger.h"
+#include "../lib/utils.h"
+#include "../lib/compress.h"
+#include "../workers.h"
+#include "../lib/list.h"
+
+#include <string.h>
+#include <errno.h>
+
+static int local_handler(client_ctx_t *ctx);
+
+void local_handler_func(client_ctx_t *ctx) {
+    logger_set_prefix("[%s%*s%s]%s", BLD_STR, ADDRSTRLEN, ctx->req_host, CLR_STR, ctx->log_prefix);
+
+    switch (local_handler(ctx)) {
+        case 0:
+            respond(ctx);
+            request_complete(ctx);
+            handle_request(ctx);
+            break;
+        case 1:
+            fastcgi_handle(ctx);
+            break;
+        default:
+            tcp_close(ctx);
+            break;
+    }
+}
+
+static int range_handler(client_ctx_t *ctx) {
+    char buf[64];
+    long num0, num1, num2;
+    char *ptr;
+    int mode;
+    const char *range = http_get_header_field(&ctx->req.hdr, "Range");
+
+    if (strcontains(range, ","))
+        return -1;
+
+    ctx->file = fopen(ctx->uri.filename, "rb");
+
+    if (strstarts(range, "bytes=")) {
+        mode = 0;
+        range += 6;
+        num0 = fsize(ctx->file), num1 = 0, num2 = num0 - 1;
+        sprintf(buf, "bytes */%li", num0);
+    } else if (strstarts(range, "lines=") && mime_is_text(ctx->uri.meta->type)) {
+        mode = 1;
+        range += 6;
+        num0 = flines(ctx->file), num1 = 1, num2 = num0;
+        sprintf(buf, "lines */%li", num0);
+    } else {
+        return -1;
+    }
+
+    http_add_header_field(&ctx->res.hdr, "Content-Range", buf);
+
+    if ((ptr = strchr(range, '-')) == NULL)
+        return -1;
+
+    if (num0 == 0) {
+        ctx->content_length = 0;
+        return 0;
+    }
+
+    if (ptr[1] != 0) num2 = (long) strtoul(ptr + 1, NULL, 10);
+    if (ptr != range) {
+        num1 = (long) strtoul(range, NULL, 10);
+    } else {
+        if (mode == 0) {
+            num1 = num0 - num2 - 1;
+            num2 = num0 - 1;
+        } else if (mode == 1) {
+            num1 = num0 - num2 + 1;
+            num2 = num0;
+        }
+    }
+
+    if ((mode == 0 && (num1 >= num0 || num2 >= num0 || num1 > num2 || num1 < 0 || num2 < 0)) ||
+        (mode == 1 && (num1 > num0 || num2 > num0 || num1 > num2 || num1 <= 0 || num2 <= 0)))
+    {
+        return -1;
+    }
+
+    sprintf(buf, "%s %li-%li/%li", (mode == 0) ? "bytes" : "lines", num1, num2, num0);
+    http_remove_header_field(&ctx->res.hdr, "Content-Range", HTTP_REMOVE_ALL);
+    http_add_header_field(&ctx->res.hdr, "Content-Range", buf);
+
+    if (mode == 0) {
+        fseek(ctx->file, num1, SEEK_SET);
+        ctx->content_length = num2 - num1 + 1;
+    } else if (mode == 1) {
+        fseekl(ctx->file, num1);
+        ctx->content_length = file_get_line_pos(ctx->file, num2 + 1) - file_get_line_pos(ctx->file, num1);
+    }
+
+    return 0;
+}
+
+static int local_handler(client_ctx_t *ctx) {
+    http_res *res = &ctx->res;
+    http_req *req = &ctx->req;
+    http_uri *uri = &ctx->uri;
+    char *err_msg = ctx->err_msg;
+
+    char buf1[1024], buf2[1024];
+    int accept_if_modified_since = 0;
+
+    if (streq(req->method, "TRACE")) {
+        res->status = http_get_status(200);
+        http_add_header_field(&res->hdr, "Content-Type", "message/http");
+
+        ctx->msg_buf_ptr = malloc(4096);
+        ctx->msg_buf = ctx->msg_buf_ptr;
+        ctx->content_length = snprintf(ctx->msg_buf, 4096 - ctx->content_length, "%s %s HTTP/%s\r\n", req->method, req->uri, req->version);
+        for (int i = 0; i < list_size(req->hdr.fields); i++) {
+            const http_field *f = &req->hdr.fields[i];
+            ctx->content_length += snprintf(ctx->msg_buf + ctx->content_length, 4096 - ctx->content_length, "%s: %s\r\n", http_field_get_name(f), http_field_get_value(f));
+        }
+
+        return 0;
+    }
+
+    if (strstarts(uri->req_path, "/.well-known/")) {
+        http_add_header_field(&res->hdr, "Access-Control-Allow-Origin", "*");
+    }
+
+    if ((!strstarts(uri->req_path, "/.well-known/") && strcontains(uri->path, "/.")) || strends(uri->filename, ".inc") || strends(uri->filename, ".inc.php")) {
+        res->status = http_get_status(403);
+        sprintf(err_msg, "Parts of this URI are hidden.");
+        return 0;
+    } else if (uri->filename == NULL && (int) uri->is_static && (int) uri->is_dir && strlen(uri->pathinfo) == 0) {
+        res->status = http_get_status(403);
+        sprintf(err_msg, "It is not allowed to list the contents of this directory.");
+        return 0;
+    } else if (uri->filename == NULL && (int) !uri->is_static && (int) uri->is_dir && strlen(uri->pathinfo) == 0) {
+        // TODO list directory contents
+        res->status = http_get_status(501);
+        sprintf(err_msg, "Listing contents of an directory is currently not implemented.");
+        return 0;
+    } else if (uri->filename == NULL || (strlen(uri->pathinfo) > 0 && (int) uri->is_static)) {
+        res->status = http_get_status(404);
+        return 0;
+    } else if (strlen(uri->pathinfo) != 0 && ctx->conf->local.dir_mode != URI_DIR_MODE_INFO) {
+        res->status = http_get_status(404);
+        return 0;
+    }
+
+    if (uri->is_static) {
+        res->status = http_get_status(200);
+        cache_init_uri(ctx->conf->cache, uri);
+
+        http_add_header_field(&res->hdr, "Accept-Ranges", mime_is_text(uri->meta->type) ? "bytes, lines" : "bytes");
+
+        if (!streq(req->method, "GET") && !streq(req->method, "HEAD")) {
+            res->status = http_get_status(405);
+            return 0;
+        }
+
+        if (http_get_header_field(&req->hdr, "Content-Length") != NULL || http_get_header_field(&req->hdr, "Transfer-Encoding") != NULL) {
+            res->status = http_get_status(400);
+            sprintf(err_msg, "A GET request must not contain a payload");
+            return 0;
+        }
+
+        const char *last_modified = http_format_date(uri->meta->mtime, buf1, sizeof(buf1));
+        http_add_header_field(&res->hdr, "Last-Modified", last_modified);
+        sprintf(buf2, "%s; charset=%s", uri->meta->type, uri->meta->charset);
+        http_add_header_field(&res->hdr, "Content-Type", buf2);
+
+        const char *accept_encoding = http_get_header_field(&req->hdr, "Accept-Encoding");
+        int enc = 0;
+        if (accept_encoding != NULL) {
+            if (uri->meta->filename_comp_br[0] != 0 && strcontains(accept_encoding, "br")) {
+                ctx->file = fopen(uri->meta->filename_comp_br, "rb");
+                if (ctx->file == NULL) {
+                    cache_mark_dirty(ctx->conf->cache, uri->filename);
+                    errno = 0;
+                } else {
+                    http_add_header_field(&res->hdr, "Content-Encoding", "br");
+                    enc = COMPRESS_BR;
+                }
+            } else if (uri->meta->filename_comp_gz[0] != 0 && strcontains(accept_encoding, "gzip")) {
+                ctx->file = fopen(uri->meta->filename_comp_gz, "rb");
+                if (ctx->file == NULL) {
+                    cache_mark_dirty(ctx->conf->cache, uri->filename);
+                    errno = 0;
+                } else {
+                    http_add_header_field(&res->hdr, "Content-Encoding", "gzip");
+                    enc = COMPRESS_GZ;
+                }
+            }
+            if (enc != 0) {
+                http_add_header_field(&res->hdr, "Vary", "Accept-Encoding");
+            }
+        }
+
+        if (uri->meta->etag[0] != 0) {
+            strcpy(buf1, uri->meta->etag);
+            if (enc) {
+                strcat(buf1, "-");
+                strcat(buf1, (enc & COMPRESS_BR) ? "br" : (enc & COMPRESS_GZ) ? "gzip" : "");
+            }
+            http_add_header_field(&res->hdr, "ETag", buf1);
+        }
+
+        http_add_header_field(&res->hdr, "Cache-Control", mime_is_text(uri->meta->type) ? "public, max-age=3600" : "public, max-age=86400");
+
+        const char *if_modified_since = http_get_header_field(&req->hdr, "If-Modified-Since");
+        const char *if_none_match = http_get_header_field(&req->hdr, "If-None-Match");
+        if ((if_none_match != NULL && !strcontains(if_none_match, uri->meta->etag)) ||
+            (accept_if_modified_since && streq(if_modified_since, last_modified)))
+        {
+            res->status = http_get_status(304);
+            return 0;
+        }
+
+        if (http_get_header_field(&req->hdr, "Range") != NULL) {
+            if (range_handler(ctx) == 0) {
+                res->status = http_get_status(206);
+            } else {
+                if (ctx->file) {
+                    fclose(ctx->file);
+                    ctx->file = NULL;
+                }
+                http_remove_header_field(&res->hdr, "Content-Type", HTTP_REMOVE_ALL);
+                http_remove_header_field(&res->hdr, "Last-Modified", HTTP_REMOVE_ALL);
+                http_remove_header_field(&res->hdr, "ETag", HTTP_REMOVE_ALL);
+                http_remove_header_field(&res->hdr, "Cache-Control", HTTP_REMOVE_ALL);
+                res->status = http_get_status(416);
+            }
+            return 0;
+        }
+
+        if (ctx->file == NULL) ctx->file = fopen(uri->filename, "rb");
+        ctx->content_length = fsize(ctx->file);
+    } else {
+        return 1;
+    }
+
+    return 0;
+}
--- a/src/worker/proxy_handler.c
+++ b/src/worker/proxy_handler.c
@@ -0,0 +1,156 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Proxy handler
+ * @file src/worker/proxy_handler.c
+ * @author Lorenz Stechauner
+ * @date 2022-12-29
+ */
+
+#include "func.h"
+#include "../logger.h"
+#include "../lib/utils.h"
+#include "../lib/proxy.h"
+#include "../lib/websocket.h"
+#include "../workers.h"
+
+#include <string.h>
+
+static int proxy_handler_1(client_ctx_t *ctx);
+static int proxy_handler_2(client_ctx_t *ctx);
+
+void proxy_handler_func(client_ctx_t *ctx) {
+    logger_set_prefix("[%s%*s%s]%s", BLD_STR, ADDRSTRLEN, ctx->req_host, CLR_STR, ctx->log_prefix);
+
+    // TODO handle 1xx responses
+
+    int ret = proxy_handler_1(ctx);
+    respond(ctx);
+
+    if (ret == 1) {
+        // error status code
+        if (proxy_unlock_ctx(ctx->proxy) == 1)
+            proxy_peer_handle(ctx->proxy);
+    } else if (ctx->use_proxy == 0) {
+        // proxy not used
+        proxy_close(ctx->proxy);
+        proxy_unlock_ctx(ctx->proxy);
+    } else if (ctx->use_proxy == 1) {
+        // proxy is used
+        if (proxy_handler_2(ctx) == 1) {
+            // chunked
+            return;
+        }
+        if (proxy_unlock_ctx(ctx->proxy) == 1)
+            proxy_peer_handle(ctx->proxy);
+    } else if (ctx->use_proxy == 2) {
+        // WebSocket
+        ws_handle_connection(ctx);
+        return;
+    }
+
+    ctx->proxy = NULL;
+    request_complete(ctx);
+    handle_request(ctx);
+}
+
+static int proxy_handler_1(client_ctx_t *ctx) {
+    http_res *res = &ctx->res;
+    http_status_ctx *status = &ctx->status;
+
+    char buf[1024];
+
+    info("Reverse proxy for " BLD_STR "[%s]:%i" CLR_STR, ctx->conf->proxy.hostname, ctx->conf->proxy.port);
+    http_remove_header_field(&res->hdr, "Date", HTTP_REMOVE_ALL);
+    http_remove_header_field(&res->hdr, "Server", HTTP_REMOVE_ALL);
+
+    ctx->use_proxy = proxy_init(&ctx->proxy, &ctx->req, res, status, ctx->conf, &ctx->socket, &ctx->custom_status, ctx->err_msg) == 0;
+    ctx->proxy->client = ctx;
+
+    if (ctx->use_proxy == 0)
+        return 0;
+
+    if (res->status->code == 101) {
+        const char *connection = http_get_header_field(&res->hdr, "Connection");
+        const char *upgrade = http_get_header_field(&res->hdr, "Upgrade");
+        if (connection != NULL && upgrade != NULL &&
+            (strcontains(connection, "upgrade") || strcontains(connection, "Upgrade")) &&
+            streq(upgrade, "websocket"))
+        {
+            const char *ws_accept = http_get_header_field(&res->hdr, "Sec-WebSocket-Accept");
+            if (ws_calc_accept_key(status->ws_key, buf) == 0) {
+                ctx->use_proxy = streq(buf, ws_accept) ? 2 : 1;
+            }
+        } else {
+            status->status = 101;
+            status->origin = INTERNAL;
+            res->status = http_get_status(501);
+        }
+    }
+
+    // Let 300 be formatted by origin server
+    if (ctx->use_proxy && res->status->code >= 301 && res->status->code < 600) {
+        const char *content_type = http_get_header_field(&res->hdr, "Content-Type");
+        const char *content_length_f = http_get_header_field(&res->hdr, "Content-Length");
+        const char *content_encoding = http_get_header_field(&res->hdr, "Content-Encoding");
+        if (content_encoding == NULL && (
+                content_length_f == NULL ||
+                streq(content_length_f, "0") ||
+                (content_length_f != NULL && strstarts(content_type, "text/html"))))
+        {
+            long content_len = (!streq(ctx->req.method, "HEAD") && content_length_f != NULL) ? strtol(content_length_f, NULL, 10) : 0;
+            if (content_len < sizeof(ctx->msg_content)) {
+                if (status->status != 101) {
+                    status->status = res->status->code;
+                    status->origin = res->status->code >= 400 ? SERVER : NONE;
+                }
+                ctx->use_proxy = 0;
+
+                if (content_len > 0)
+                    proxy_dump(ctx->proxy, ctx->msg_content, content_len);
+
+                return 1;
+            }
+        }
+    }
+
+    return streq(ctx->req.method, "HEAD") ? 1 : 0;
+}
+
+static void proxy_chunk_next_cb(chunk_ctx_t *ctx) {
+    if (proxy_unlock_ctx(ctx->client->proxy) == 1)
+        proxy_peer_handle(ctx->client->proxy);
+
+    ctx->client->proxy = NULL;
+    request_complete(ctx->client);
+    handle_request(ctx->client);
+}
+
+static void proxy_chunk_err_cb(chunk_ctx_t *ctx) {
+    ctx->client->c_keep_alive = 0;
+    proxy_close(ctx->client->proxy);
+    proxy_unlock_ctx(ctx->client->proxy);
+
+    ctx->client->proxy = NULL;
+    request_complete(ctx->client);
+    handle_request(ctx->client);
+}
+
+static int proxy_handler_2(client_ctx_t *ctx) {
+    const char *transfer_encoding = http_get_header_field(&ctx->res.hdr, "Transfer-Encoding");
+    int chunked = strcontains(transfer_encoding, "chunked");
+
+    const char *content_len = http_get_header_field(&ctx->res.hdr, "Content-Length");
+    unsigned long len_to_send = (content_len != NULL) ? strtol(content_len, NULL, 10) : 0;
+
+    if (chunked) {
+        handle_chunks(ctx, &ctx->proxy->proxy, SOCK_CHUNKED, proxy_chunk_next_cb, proxy_chunk_err_cb);
+        return 1;
+    }
+
+    int ret;
+    if ((ret = proxy_send(ctx->proxy, &ctx->socket, len_to_send, 0)) == -1) {
+        ctx->c_keep_alive = 0;
+    }
+
+    return ret;
+}
--- a/src/worker/proxy_peer_handler.c
+++ b/src/worker/proxy_peer_handler.c
@@ -0,0 +1,17 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Proxy peer handler
+ * @file src/worker/proxy_peer_handler.c
+ * @author Lorenz Stechauner
+ * @date 2023-07-07
+ */
+
+#include "func.h"
+#include "../logger.h"
+#include "../lib/utils.h"
+
+void proxy_peer_handler_func(proxy_ctx_t *ctx) {
+    if (!ctx->initialized || ctx->in_use) return;
+    logger_set_prefix("[%s%*s%s]", BLD_STR, ADDRSTRLEN, ctx->host, CLR_STR);
+    proxy_close(ctx);
+}
--- a/src/worker/request_handler.c
+++ b/src/worker/request_handler.c
@@ -0,0 +1,397 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Client request handler
+ * @file src/worker/request_handler.c
+ * @author Lorenz Stechauner
+ * @date 2022-12-28
+ */
+
+#include "../defs.h"
+#include "func.h"
+#include "../workers.h"
+#include "../lib/mpmc.h"
+#include "../logger.h"
+#include "../lib/utils.h"
+#include "../server.h"
+#include "../lib/res.h"
+#include "../lib/error.h"
+
+#include <string.h>
+#include <arpa/inet.h>
+#include <errno.h>
+
+static int request_handler(client_ctx_t *ctx);
+
+void request_handler_func(client_ctx_t *ctx) {
+    logger_set_prefix("[%*s]%s", ADDRSTRLEN, ctx->socket.s_addr, ctx->log_prefix);
+
+    switch (request_handler(ctx)) {
+        case 0:
+            respond(ctx);
+            request_complete(ctx);
+            handle_request(ctx);
+            break;
+        case 1:
+            local_handle(ctx);
+            break;
+        case 2:
+            proxy_handle(ctx);
+            break;
+        default:
+            tcp_close(ctx);
+            break;
+    }
+}
+
+static void init_ctx(client_ctx_t *ctx) {
+    ctx->conf = NULL;
+    ctx->file = NULL;
+    ctx->proxy = NULL;
+    ctx->use_fastcgi = 0;
+    ctx->chunks_transferred = 0;
+    ctx->fcgi_ctx = NULL;
+    ctx->use_proxy = 0;
+    ctx->ws_close = 0;
+    ctx->proxy = NULL;
+    ctx->msg_content[0] = 0;
+    ctx->msg_buf = NULL;
+    ctx->msg_buf_ptr = NULL;
+    ctx->req_host[0] = 0;
+    ctx->err_msg[0] = 0;
+    ctx->req_s = ctx->socket.ts_last;
+
+    memset(&ctx->uri, 0, sizeof(ctx->uri));
+    memset(&ctx->req, 0, sizeof(ctx->req));
+    memset(&ctx->res, 0, sizeof(ctx->res));
+
+    ctx->res.status = http_get_status(501);
+    http_init_hdr(&ctx->res.hdr);
+    sprintf(ctx->res.version, "1.1");
+
+    ctx->status.status = 0;
+    ctx->status.origin = NONE;
+    ctx->status.ws_key = NULL;
+}
+
+static int request_handler(client_ctx_t *ctx) {
+    sock *client = &ctx->socket;
+    char *err_msg = ctx->err_msg;
+    http_res *res = &ctx->res;
+
+    long ret;
+    char buf0[1024], buf1[1024];
+
+    ctx->req_s = clock_micros();
+
+    init_ctx(ctx);
+
+    http_add_header_field(&res->hdr, "Date", http_get_date(buf0, sizeof(buf0)));
+    http_add_header_field(&res->hdr, "Server", SERVER_STR);
+    /*if (ret <= 0) {
+        if (errno != 0) return 0;
+
+        ctx->c_keep_alive = 0;
+        res->status = http_get_status(408);
+        return 0;
+    }*/
+
+    http_req *req = &ctx->req;
+    ret = http_receive_request(client, req);
+    if (ret != 0) {
+        ctx->c_keep_alive = 0;
+        error("Unable to receive http header");
+        sprintf(err_msg, "Unable to receive http header: %s.", error_str(errno, buf0, sizeof(buf0)));
+        int err = error_get_http();
+        res->status = http_get_status(err == HTTP_ERROR_URI_TOO_LONG ? 414 : (err == HTTP_ERROR_TOO_MANY_HEADER_FIELDS ? 431 : 400));
+        errno = 0;
+        return 0;
+    }
+
+    const char *hdr_connection = http_get_header_field(&req->hdr, "Connection");
+    ctx->c_keep_alive = (strcontains(hdr_connection, "keep-alive") || strcontains(hdr_connection, "Keep-Alive"));
+    const char *host_ptr = http_get_header_field(&req->hdr, "Host");
+    if (host_ptr != NULL && strlen(host_ptr) > 255) {
+        ctx->req_host[0] = 0;
+        res->status = http_get_status(400);
+        sprintf(err_msg, "Host header field is too long.");
+        return 0;
+    } else if (host_ptr == NULL || strchr(host_ptr, '/') != NULL) {
+        if (strchr(ctx->socket.addr, ':') == NULL) {
+            strcpy(ctx->req_host, ctx->socket.addr);
+        } else {
+            sprintf(ctx->req_host, "[%s]", ctx->socket.addr);
+        }
+        res->status = http_get_status(400);
+        sprintf(err_msg, "The client provided no or an invalid Host header field.");
+        return 0;
+    } else {
+        strcpy(ctx->req_host, host_ptr);
+    }
+
+    logger_set_prefix("[%s%*s%s]%s", BLD_STR, ADDRSTRLEN, ctx->req_host, CLR_STR, ctx->log_prefix);
+    info(BLD_STR "%s %s", req->method, req->uri);
+
+    if (strstarts(req->uri, "/.sesimos/res/")) {
+        if (!streq(req->method, "GET") && !streq(req->method, "HEAD")) {
+            res->status = http_get_status(405);
+            http_add_header_field(&res->hdr, "Allow", "GET, HEAD");
+            return 0;
+        }
+
+        const res_t resources[] = {
+                {"style.css",        "text/css; charset=UTF-8",      http_style_doc,    http_style_doc_size},
+                {"icon-error.svg",   "image/svg+xml; charset=UTF-8", http_icon_error,   http_icon_error_size},
+                {"icon-info.svg",    "image/svg+xml; charset=UTF-8", http_icon_info,    http_icon_info_size},
+                {"icon-success.svg", "image/svg+xml; charset=UTF-8", http_icon_success, http_icon_success_size},
+                {"icon-warning.svg", "image/svg+xml; charset=UTF-8", http_icon_warning, http_icon_warning_size},
+                {"globe.svg",        "image/svg+xml; charset=UTF-8", http_icon_globe,   http_icon_globe_size},
+        };
+
+        res->status = http_get_status(404);
+        for (int i = 0; i < sizeof(resources) / sizeof(res_t); i++) {
+            const res_t *r = &resources[i];
+            if (streq(req->uri + 14, r->name)) {
+                res->status = http_get_status(203);
+                http_add_header_field(&res->hdr, "Content-Type", r->type);
+                http_add_header_field(&res->hdr, "Cache-Control", "public, max-age=86400");
+                ctx->msg_buf = (char *) r->content;
+                ctx->content_length = r->size;
+                break;
+            }
+        }
+
+        return 0;
+    }
+
+    ctx->conf = get_host_config(ctx->req_host);
+    if (ctx->conf == NULL) {
+        res->status = http_get_status(421);
+        strcpy(ctx->err_msg, "The requested host name is not configured on the server.");
+        return 0;
+    }
+
+    http_uri *uri = &ctx->uri;
+    unsigned char dir_mode = (ctx->conf->type == CONFIG_TYPE_LOCAL ? ctx->conf->local.dir_mode : URI_DIR_MODE_NO_VALIDATION);
+    ret = uri_init(uri, ctx->conf->local.webroot, req->uri, dir_mode);
+    if (ret != 0) {
+        if (ret == 1) {
+            sprintf(err_msg, "Invalid URI: has to start with slash.");
+            res->status = http_get_status(400);
+        } else if (ret == 2) {
+            sprintf(err_msg, "Invalid URI: contains relative path change (/../).");
+            res->status = http_get_status(400);
+        } else if (ret == 3) {
+            sprintf(err_msg, "The specified webroot directory does not exist.");
+            res->status = http_get_status(404);
+        } else {
+            res->status = http_get_status(500);
+        }
+        return 0;
+    }
+
+    if (ctx->conf->type == CONFIG_TYPE_LOCAL && streq(req->method, "TRACE")) {
+        return 1;
+    } else if (dir_mode != URI_DIR_MODE_NO_VALIDATION) {
+        ssize_t size = sizeof(buf0);
+        url_decode(req->uri, buf0, &size);
+        int change_proto = (!client->enc && !strstarts(uri->uri, "/.well-known/"));
+        if (!streq(uri->uri, buf0) || change_proto) {
+            res->status = http_get_status(308);
+            size = url_encode(uri->uri, strlen(uri->uri), buf0, sizeof(buf0));
+            if (change_proto) {
+                int p_len = snprintf(buf1, sizeof(buf1), "https://%s%s", ctx->req_host, buf0);
+                if (p_len < 0 || p_len >= sizeof(buf1)) {
+                    res->status = http_get_status(500);
+                    error("Header field 'Location' too long");
+                    return 0;
+                }
+                http_add_header_field(&res->hdr, "Location", buf1);
+            } else {
+                http_add_header_field(&res->hdr, "Location", buf0);
+            }
+            return 0;
+        }
+    } else if (!client->enc) {
+        res->status = http_get_status(308);
+        sprintf(buf0, "https://%s%s", ctx->req_host, req->uri);
+        http_add_header_field(&res->hdr, "Location", buf0);
+        return 0;
+    }
+
+    if (ctx->conf->type == CONFIG_TYPE_LOCAL) {
+        return 1;
+    } else if (ctx->conf->type == CONFIG_TYPE_REVERSE_PROXY) {
+        return 2;
+    } else {
+        error("Unknown host type: %i", ctx->conf->type);
+        res->status = http_get_status(501);
+    }
+
+    return 0;
+}
+
+int respond(client_ctx_t *ctx) {
+    http_req *req = &ctx->req;
+    http_res *res = &ctx->res;
+    sock *client = &ctx->socket;
+    http_status_ctx *status = &ctx->status;
+    char *err_msg = ctx->err_msg;
+
+    long ret = 0;
+    char buf0[1024];
+    char msg_pre_buf_1[4096], msg_pre_buf_2[4096];
+    char buffer[CHUNK_SIZE];
+
+    if (!ctx->use_proxy) {
+        if (ctx->conf != NULL && ctx->conf->type == CONFIG_TYPE_LOCAL && ctx->uri.is_static && res->status->code == 405) {
+            http_add_header_field(&res->hdr, "Allow", "GET, HEAD, TRACE");
+        }
+        if (http_get_header_field(&res->hdr, "Accept-Ranges") == NULL) {
+            http_add_header_field(&res->hdr, "Accept-Ranges", "none");
+        }
+        if (!ctx->use_fastcgi && ctx->file == NULL && ctx->msg_buf == NULL) {
+            http_remove_header_field(&res->hdr, "Date", HTTP_REMOVE_ALL);
+            http_remove_header_field(&res->hdr, "Server", HTTP_REMOVE_ALL);
+            http_remove_header_field(&res->hdr, "Cache-Control", HTTP_REMOVE_ALL);
+            http_remove_header_field(&res->hdr, "Content-Type", HTTP_REMOVE_ALL);
+            http_remove_header_field(&res->hdr, "Content-Encoding", HTTP_REMOVE_ALL);
+            http_add_header_field(&res->hdr, "Date", http_get_date(buf0, sizeof(buf0)));
+            http_add_header_field(&res->hdr, "Server", SERVER_STR);
+            http_add_header_field(&res->hdr, "Cache-Control", "no-cache");
+            http_add_header_field(&res->hdr, "Content-Type", "text/html; charset=UTF-8");
+
+            // TODO list Locations on 3xx Redirects
+            const http_doc_info *http_info = http_get_status_info(res->status->code);
+            const http_status_msg *http_msg = http_get_error_msg(res->status->code);
+
+            if (ctx->msg_content[0] == 0) {
+                if (res->status->code >= 300 && res->status->code < 400) {
+                    const char *location = http_get_header_field(&res->hdr, "Location");
+                    if (location != NULL) {
+                        snprintf(ctx->msg_content, sizeof(ctx->msg_content), "      <ul>\n        <li><a href=\"%s\">%s</a></li>\n      </ul>\n", location, location);
+                    }
+                }
+            } else if (strstarts(ctx->msg_content, "<!DOCTYPE html>") || strstarts(ctx->msg_content, "<html")) {
+                ctx->msg_content[0] = 0;
+                // TODO let relevant information pass?
+            }
+
+            char *proxy_doc = "";
+            if (ctx->conf != NULL && ctx->conf->type == CONFIG_TYPE_REVERSE_PROXY) {
+                const http_status *status_hdr = http_get_status(status->status);
+                char stat_str[8];
+                sprintf(stat_str, "%03i", status->status);
+                snprintf(msg_pre_buf_2, sizeof(msg_pre_buf_2), http_proxy_doc,
+                        " success",
+                        (status->origin == CLIENT_REQ) ? " error" : " success",
+                        (status->origin == INTERNAL) ?   " error" : " success",
+                        (status->origin == SERVER_REQ) ? " error" : (status->status == 0 ? "" : " success"),
+                        (status->origin == CLIENT_RES) ? " error" : " success",
+                        (status->origin == SERVER) ?     " error" : (status->status == 0 ? "" : " success"),
+                        (status->origin == SERVER_RES) ? " error" : (status->status == 0 ? "" : " success"),
+                        (status->origin == INTERNAL) ?   " error" : " success",
+                        (status->origin == INTERNAL || status->origin == SERVER) ? " error" : " success",
+                        res->status->code,
+                        res->status->msg,
+                        (status->status == 0) ? "???" : stat_str,
+                        (status_hdr != NULL) ? status_hdr->msg : "",
+                        ctx->req_host, SERVER_NAME);
+                proxy_doc = msg_pre_buf_2;
+            }
+
+            ctx->msg_buf_ptr = malloc(4096);
+            ctx->msg_buf = ctx->msg_buf_ptr;
+            snprintf(msg_pre_buf_1, sizeof(msg_pre_buf_1), http_info->doc,
+                     res->status->code, res->status->msg, http_msg != NULL ? http_msg->msg : "", err_msg);
+            ctx->content_length = snprintf(ctx->msg_buf, 4096, http_default_doc, res->status->code, res->status->msg,
+                                           msg_pre_buf_1, http_info->mode, http_info->icon, http_info->color,
+                                           ctx->req_host, proxy_doc, ctx->msg_content, SERVER_STR_HTML);
+        }
+        if (ctx->content_length >= 0) {
+            sprintf(buf0, "%li", ctx->content_length);
+            http_remove_header_field(&res->hdr, "Content-Length", HTTP_REMOVE_ALL);
+            http_add_header_field(&res->hdr, "Content-Length", buf0);
+        } else if (http_get_header_field(&res->hdr, "Transfer-Encoding") == NULL) {
+            ctx->s_keep_alive = 0;
+        }
+    }
+
+    if (ctx->use_proxy != 2) {
+        http_remove_header_field(&res->hdr, "Connection", HTTP_REMOVE_ALL);
+        http_remove_header_field(&res->hdr, "Keep-Alive", HTTP_REMOVE_ALL);
+        if (ctx->s_keep_alive && ctx->c_keep_alive) {
+            http_add_header_field(&res->hdr, "Connection", "keep-alive");
+            sprintf(buf0, "timeout=%i, max=%i", CLIENT_TIMEOUT, REQ_PER_CONNECTION);
+            http_add_header_field(&res->hdr, "Keep-Alive", buf0);
+        } else {
+            http_add_header_field(&res->hdr, "Connection", "close");
+        }
+    }
+
+    http_send_response(client, res);
+    ctx->res_ts = clock_micros();
+    const char *location = http_get_header_field(&res->hdr, "Location");
+    info("%s%s%03i %s%s%s (%s)%s", http_get_status_color(res->status->code), ctx->use_proxy ? "-> " : "", res->status->code,
+         res->status->msg, location != NULL ? " -> " : "", location != NULL ? location : "",
+         format_duration(ctx->res_ts - ctx->req_s, buf0), CLR_STR);
+
+    // TODO access/error log file
+
+    if (ctx->use_proxy) {
+        // reverse proxy
+        return 3;
+    } else if (!streq(req->method, "HEAD")) {
+        // default response
+        if (ctx->msg_buf != NULL) {
+            ret = sock_send_x(client, ctx->msg_buf, ctx->content_length, 0);
+            if (ret <= 0) {
+                error("Unable to send");
+            }
+        } else if (ctx->file != NULL) {
+            unsigned long len, snd_len = 0;
+            while (snd_len < ctx->content_length) {
+                len = fread(buffer, 1, CHUNK_SIZE, ctx->file);
+                if (snd_len + len > ctx->content_length) {
+                    len = ctx->content_length - snd_len;
+                }
+                ret = sock_send_x(client, buffer, len, feof(ctx->file) ? 0 : MSG_MORE);
+                if (ret <= 0) {
+                    error("Unable to send");
+                    break;
+                }
+                snd_len += ret;
+            }
+        } else if (ctx->use_fastcgi) {
+            // FastCGI
+            return 2;
+        }
+
+        if (ret < 0) ctx->c_keep_alive = 0;
+    }
+
+    return 0;
+}
+
+void request_complete(client_ctx_t *ctx) {
+    char buf[32];
+    ctx->req_e = clock_micros();
+    info("Transfer complete: %s", format_duration(ctx->req_e - ctx->req_s, buf));
+
+    if (ctx->file) fclose(ctx->file);
+    free(ctx->msg_buf_ptr);
+    uri_free(&ctx->uri);
+    http_free_req(&ctx->req);
+    http_free_res(&ctx->res);
+}
+
+void timeout_request(client_ctx_t *ctx) {
+    init_ctx(ctx);
+    logger_set_prefix("[%*s]%s", ADDRSTRLEN, ctx->socket.s_addr, ctx->log_prefix);
+
+    ctx->s_keep_alive = 0;
+    ctx->res.status = http_get_status(408);
+
+    respond(ctx);
+    request_complete(ctx);
+    tcp_close(ctx);
+}
--- a/src/worker/tcp_acceptor.c
+++ b/src/worker/tcp_acceptor.c
@@ -0,0 +1,109 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief TCP acceptor
+ * @file src/worker/tcp_acceptor.c
+ * @author Lorenz Stechauner
+ * @date 2022-12-28
+ */
+
+#include "func.h"
+#include "../logger.h"
+#include "../lib/utils.h"
+#include "../lib/geoip.h"
+#include "../workers.h"
+#include "../server.h"
+#include "../lib/error.h"
+
+#include <string.h>
+#include <errno.h>
+#include <openssl/ssl.h>
+
+static int tcp_acceptor(client_ctx_t *ctx);
+
+void tcp_acceptor_func(client_ctx_t *ctx) {
+    if (tcp_acceptor(ctx) == 0) {
+        handle_request(ctx);
+    } else {
+        tcp_close(ctx);
+    }
+}
+
+static int tcp_acceptor(client_ctx_t *ctx) {
+    struct sockaddr_in6 server_addr;
+
+    memset(ctx->_c_addr, 0, sizeof(ctx->_c_addr));
+    memset(ctx->_s_addr, 0, sizeof(ctx->_s_addr));
+    inet_ntop(ctx->socket._addr.ipv6.sin6_family, &ctx->socket._addr.ipv6.sin6_addr, ctx->_c_addr, sizeof(ctx->_c_addr));
+    if (strstarts(ctx->_c_addr, "::ffff:")) {
+        ctx->socket.addr = ctx->_c_addr + 7;
+    } else {
+        ctx->socket.addr = ctx->_c_addr;
+    }
+
+    socklen_t len = sizeof(server_addr);
+    getsockname(ctx->socket.socket, (struct sockaddr *) &server_addr, &len);
+    inet_ntop(server_addr.sin6_family, (void *) &server_addr.sin6_addr, ctx->_s_addr, sizeof(ctx->_s_addr));
+    if (strstarts(ctx->_s_addr, "::ffff:")) {
+        ctx->socket.s_addr = ctx->_s_addr + 7;
+    } else {
+        ctx->socket.s_addr = ctx->_s_addr;
+    }
+
+    sprintf(ctx->log_prefix, "[%s%4i%s]%s[%*s][%5i]%s", (int) ctx->socket.enc ? HTTPS_STR : HTTP_STR,
+            ntohs(server_addr.sin6_port), CLR_STR, /*color_table[0]*/ "", ADDRSTRLEN, ctx->socket.addr,
+            ntohs(ctx->socket._addr.ipv6.sin6_port), CLR_STR);
+
+    logger_set_prefix("[%*s]%s", ADDRSTRLEN, ctx->socket.s_addr, ctx->log_prefix);
+
+    sock *client = &ctx->socket;
+    ctx->cnx_s = clock_micros();
+
+    sock_reverse_lookup(&ctx->socket, ctx->host, sizeof(ctx->host));
+
+    ctx->cc[0] = 0;
+    geoip_lookup_country(&client->_addr.sock, ctx->cc);
+
+    info("Connection accepted from %s %s%s%s[%s]", ctx->socket.addr, ctx->host[0] != 0 ? "(" : "",
+         ctx->host[0] != 0 ? ctx->host : "", ctx->host[0] != 0 ? ") " : "",
+         ctx->cc[0] != 0 ? ctx->cc : "N/A");
+
+    if (sock_set_socket_timeout(client, 1) != 0 || sock_set_timeout(client, CLIENT_TIMEOUT) != 0) {
+        error("Unable to set timeout for socket");
+        return -1;
+    }
+
+    if (client->enc) {
+        client->ssl = SSL_new(client->ctx);
+        SSL_set_fd(client->ssl, client->socket);
+        SSL_set_accept_state(client->ssl);
+
+        int ret;
+        if ((ret = SSL_accept(client->ssl)) != 1) {
+            sock_error(client, ret);
+            info("Unable to perform handshake");
+            return -1;
+        }
+        client->ts_last = clock_micros();
+        client->ts_last_send = client->ts_last;
+    }
+
+    ctx->req_num = 0;
+    ctx->s_keep_alive = 1;
+    ctx->c_keep_alive = 1;
+    ctx->chunks_transferred = 0;
+
+    return 0;
+}
+
+void tcp_close(client_ctx_t *ctx) {
+    errno = 0;
+    logger_set_prefix("[%*s]%s", ADDRSTRLEN, ctx->socket.s_addr, ctx->log_prefix);
+
+    sock_close(&ctx->socket);
+
+    ctx->cnx_e = clock_micros();
+    char buf[32];
+    info("Connection closed (%s)", format_duration(ctx->cnx_e - ctx->cnx_s, buf));
+
+    server_free_client(ctx);
+}
--- a/src/worker/ws_frame_handler.c
+++ b/src/worker/ws_frame_handler.c
@@ -0,0 +1,113 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief WebSocket frame handler
+ * @file src/worker/ws_frame_handler.c
+ * @author Lorenz Stechauner
+ * @date 2022-12-30
+ */
+
+#include "../defs.h"
+#include "func.h"
+#include "../logger.h"
+#include "../lib/websocket.h"
+#include "../workers.h"
+#include "../lib/utils.h"
+
+#include <errno.h>
+#include <string.h>
+
+static int ws_frame_handler(ws_ctx_t *ctx);
+
+void ws_frame_handler_func(ws_ctx_t *ctx) {
+    logger_set_prefix("[%*s]%s", ADDRSTRLEN, ctx->client->socket.s_addr, ctx->client->log_prefix);
+
+    if (ws_frame_handler(ctx) == 0) {
+        if (ctx->client->ws_close == 3) {
+            ws_close(ctx);
+        } else {
+            ws_handle_frame(ctx);
+        }
+    } else {
+        ws_close(ctx);
+    }
+}
+
+int ws_handle_connection(client_ctx_t *ctx) {
+    info("Upgrading to WebSocket connection");
+
+    // copy proxy connection details
+    proxy_ctx_t *proxy = malloc(sizeof(proxy_ctx_t));
+    memcpy(proxy, ctx->proxy, sizeof(proxy_ctx_t));
+    ctx->proxy = proxy;
+
+    // free proxy connection slot
+    ctx->proxy->initialized = 0;
+    proxy_unlock_ctx(ctx->proxy);
+
+    sock_set_timeout(&ctx->socket, WS_TIMEOUT);
+    sock_set_timeout(&proxy->proxy, WS_TIMEOUT);
+
+    ws_ctx_t *a = malloc(sizeof(ws_ctx_t));
+    ws_ctx_t *b = malloc(sizeof(ws_ctx_t));
+
+    a->other = b,             b->other = a;
+    a->client = ctx,          b->client = ctx;
+    a->socket = &ctx->socket, b->socket = &proxy->proxy;
+
+    ws_handle_frame(a);
+    ws_handle_frame(b);
+
+    return 0;
+}
+
+static int ws_frame_handler(ws_ctx_t *ctx) {
+    ws_frame frame;
+    char buf[CHUNK_SIZE];
+
+    sock *socket = ctx->socket;
+    sock *other = (ctx->socket == &ctx->client->socket) ? &ctx->client->proxy->proxy : &ctx->client->socket;
+
+    if (ws_recv_frame_header(socket, &frame) != 0)
+        return -1;
+
+    debug("WebSocket: Peer %s, Opcode=0x%X, Len=%li", (ctx->socket == &ctx->client->socket) ? "client" : "server", frame.opcode, frame.len);
+
+    if (frame.opcode == 0x8) {
+        ctx->client->ws_close |= (ctx->socket == &ctx->client->socket) ? 1 : 2;
+    }
+
+    if (ws_send_frame_header(other, &frame) != 0)
+        return -1;
+
+    if (frame.len > 0) {
+        long ret = sock_splice(other, socket, buf, sizeof(buf), frame.len);
+        if (ret < 0) {
+            error("Unable to forward data in WebSocket");
+            return -1;
+        } else if (ret != frame.len) {
+            error("Unable to forward correct number of bytes in WebSocket");
+            return -1;
+        }
+    }
+
+    return 0;
+}
+
+void ws_close(ws_ctx_t *ctx) {
+    ws_ctx_t *other = ctx->other;
+    if (other) {
+        proxy_ctx_t *proxy = ctx->client->proxy;
+        other->other = NULL;
+        logger_set_prefix("[%*s]%s", ADDRSTRLEN, ctx->client->socket.s_addr, ctx->client->log_prefix);
+
+        proxy->cnx_e = clock_micros();
+        char buf[32];
+        info("Closing WebSocket connection (%s)", format_duration(proxy->cnx_e - proxy->cnx_s, buf));
+
+        sock_close(&proxy->proxy);
+        free(ctx->client->proxy);
+        tcp_close(ctx->client);
+    }
+    free(ctx);
+    errno = 0;
+}
--- a/src/workers.c
+++ b/src/workers.c
@@ -0,0 +1,129 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Worker interface
+ * @file src/workers.c
+ * @author Lorenz Stechauner
+ * @date 2022-12-29
+ */
+
+#include "workers.h"
+#include "lib/mpmc.h"
+
+#include "worker/func.h"
+#include "async.h"
+
+static mpmc_t tcp_acceptor_ctx, request_handler_ctx, local_handler_ctx, fastcgi_handler_ctx, proxy_handler_ctx,
+              proxy_peer_handler_ctx, ws_frame_handler_ctx, chunk_handler_ctx, fastcgi_frame_handler_ctx;
+
+int workers_init(void) {
+    mpmc_init(&tcp_acceptor_ctx,          8, 64, (void (*)(void *)) tcp_acceptor_func,          "tcp");
+    mpmc_init(&request_handler_ctx,       8, 64, (void (*)(void *)) request_handler_func,       "req");
+    mpmc_init(&local_handler_ctx,         8, 64, (void (*)(void *)) local_handler_func,         "local");
+    mpmc_init(&fastcgi_handler_ctx,       8, 64, (void (*)(void *)) fastcgi_handler_func,       "fcgi");
+    mpmc_init(&proxy_handler_ctx,         8, 64, (void (*)(void *)) proxy_handler_func,         "proxy");
+    mpmc_init(&proxy_peer_handler_ctx,    1,  8, (void (*)(void *)) proxy_peer_handler_func,    "prxy_p");
+    mpmc_init(&ws_frame_handler_ctx,      8, 64, (void (*)(void *)) ws_frame_handler_func,      "ws");
+    mpmc_init(&chunk_handler_ctx,         8, 64, (void (*)(void *)) chunk_handler_func,         "chunk");
+    mpmc_init(&fastcgi_frame_handler_ctx, 8, 64, (void (*)(void *)) fastcgi_frame_handler_func, "fcgi_f");
+    return -1;
+}
+
+void workers_stop(void) {
+    mpmc_stop(&tcp_acceptor_ctx);
+    mpmc_stop(&local_handler_ctx);
+    mpmc_stop(&fastcgi_handler_ctx);
+    mpmc_stop(&proxy_handler_ctx);
+    mpmc_stop(&proxy_peer_handler_ctx);
+    mpmc_stop(&request_handler_ctx);
+    mpmc_stop(&ws_frame_handler_ctx);
+    mpmc_stop(&chunk_handler_ctx);
+    mpmc_stop(&fastcgi_frame_handler_ctx);
+}
+
+void workers_destroy(void) {
+    mpmc_destroy(&tcp_acceptor_ctx);
+    mpmc_destroy(&local_handler_ctx);
+    mpmc_destroy(&fastcgi_handler_ctx);
+    mpmc_destroy(&proxy_handler_ctx);
+    mpmc_destroy(&proxy_peer_handler_ctx);
+    mpmc_destroy(&request_handler_ctx);
+    mpmc_destroy(&ws_frame_handler_ctx);
+    mpmc_destroy(&chunk_handler_ctx);
+    mpmc_destroy(&fastcgi_frame_handler_ctx);
+}
+
+int tcp_accept(client_ctx_t *ctx) {
+    return mpmc_queue(&tcp_acceptor_ctx, ctx);
+}
+
+static int handle_request_cb(client_ctx_t *ctx) {
+    return mpmc_queue(&request_handler_ctx, ctx);
+}
+
+int handle_request(client_ctx_t *ctx) {
+    if (ctx->c_keep_alive && ctx->s_keep_alive) {
+        return async(&ctx->socket, ASYNC_WAIT_READ, 0, ctx,
+                     (void (*)(void *)) handle_request_cb,
+                     (void (*)(void *)) timeout_request,
+                     (void (*)(void *)) tcp_close);
+    } else {
+        tcp_close(ctx);
+        return 0;
+    }
+}
+
+int local_handle(client_ctx_t *ctx) {
+    return mpmc_queue(&local_handler_ctx, ctx);
+}
+
+int fastcgi_handle(client_ctx_t *ctx) {
+    return mpmc_queue(&fastcgi_handler_ctx, ctx);
+}
+
+static int fastcgi_handle_frame_cb(fastcgi_ctx_t *ctx) {
+    return mpmc_queue(&fastcgi_frame_handler_ctx, ctx);
+}
+
+int fastcgi_handle_frame(fastcgi_ctx_t *ctx) {
+    return async(&ctx->cnx.socket, ASYNC_WAIT_READ, 0, ctx,
+                 (void (*)(void *)) fastcgi_handle_frame_cb,
+                 (void (*)(void *)) fastcgi_close,
+                 (void (*)(void *)) fastcgi_close);
+}
+
+int proxy_handle(client_ctx_t *ctx) {
+    return mpmc_queue(&proxy_handler_ctx, ctx);
+}
+
+static int proxy_peer_handle_cb(proxy_ctx_t *ctx) {
+    return mpmc_queue(&proxy_peer_handler_ctx, ctx);
+}
+
+int proxy_peer_handle(proxy_ctx_t *ctx) {
+    return async(&ctx->proxy, ASYNC_WAIT_READ, ASYNC_IGNORE_PENDING, ctx,
+                 (void (*)(void *)) proxy_peer_handle_cb,
+                 (void (*)(void *)) proxy_peer_handle_cb,
+                 (void (*)(void *)) proxy_peer_handle_cb);
+}
+
+static int ws_handle_frame_cb(ws_ctx_t *ctx) {
+    return mpmc_queue(&ws_frame_handler_ctx, ctx);
+}
+
+int ws_handle_frame(ws_ctx_t *ctx) {
+    return async(ctx->socket, ASYNC_WAIT_READ, 0, ctx,
+                 (void (*)(void *)) ws_handle_frame_cb,
+                 (void (*)(void *)) ws_close,
+                 (void (*)(void *)) ws_close);
+}
+
+static int handle_chunk_cb(chunk_ctx_t *ctx) {
+    return mpmc_queue(&chunk_handler_ctx, ctx);
+}
+
+int handle_chunk(chunk_ctx_t *ctx) {
+    return async(ctx->socket, ASYNC_WAIT_READ, 0, ctx,
+                 (void (*)(void *)) handle_chunk_cb,
+                 (void (*)(void *)) ctx->err_cb,
+                 (void (*)(void *)) ctx->err_cb);
+}
--- a/src/workers.h
+++ b/src/workers.h
@@ -0,0 +1,38 @@
+/**
+ * sesimos - secure, simple, modern web server
+ * @brief Worker interface (header file)
+ * @file src/workers.h
+ * @author Lorenz Stechauner
+ * @date 2022-12-29
+ */
+
+#ifndef SESIMOS_WORKERS_H
+#define SESIMOS_WORKERS_H
+
+#include "worker/func.h"
+
+int workers_init(void);
+
+void workers_stop(void);
+
+void workers_destroy(void);
+
+int tcp_accept(client_ctx_t *ctx);
+
+int handle_request(client_ctx_t *ctx);
+
+int local_handle(client_ctx_t *ctx);
+
+int fastcgi_handle(client_ctx_t *ctx);
+
+int fastcgi_handle_frame(fastcgi_ctx_t *ctx);
+
+int proxy_handle(client_ctx_t *ctx);
+
+int proxy_peer_handle(proxy_ctx_t *ctx);
+
+int ws_handle_frame(ws_ctx_t *ctx);
+
+int handle_chunk(chunk_ctx_t *ctx);
+
+#endif //SESIMOS_WORKERS_H
--- a/test/mock_socket.c
+++ b/test/mock_socket.c
@@ -0,0 +1,28 @@
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "mock_socket.h"
+
+int mock_socket_send_mode;
+
+static int sockets[256] = {0};
+static int n_sockets = 0;
+
+int mock_socket(int domain, int type, int protocol) {
+    printf("SOCKET\n");
+    return (n_sockets++) + 100;
+}
+
+ssize_t mock_send(int fd, const void *buf, size_t n, int flags) {
+    printf("SEND\n");
+    if (mock_socket_send_mode == MOCK_SOCKET_MODE_EINTR) {
+        errno = EINTR;
+        return rand() % ((ssize_t) n) - 1;
+    } else if (mock_socket_send_mode == MOCK_SOCKET_MODE_CLOSED) {
+        errno = 0; // TODO
+        return -1;
+    }
+
+    return (ssize_t) n;
+}
--- a/test/mock_socket.h
+++ b/test/mock_socket.h
@@ -0,0 +1,20 @@
+
+#ifndef SESIMOS_MOCK_SOCKET_H
+#define SESIMOS_MOCK_SOCKET_H
+
+#include <stdlib.h>
+
+#define MOCK_SOCKET_MODE_SUCCESS 0
+#define MOCK_SOCKET_MODE_EINTR 1
+#define MOCK_SOCKET_MODE_CLOSED 2
+
+#define socket(args...) mock_socket(args)
+#define send(args...) mock_send(args)
+
+extern int mock_socket_send_mode;
+
+int mock_socket(int domain, int type, int protocol);
+
+ssize_t mock_send(int fd, const void *buf, size_t n, int flags);
+
+#endif //SESIMOS_MOCK_SOCKET_H
--- a/test/mock_ssl.c
+++ b/test/mock_ssl.c
@@ -0,0 +1,33 @@
+
+#include <openssl/crypto.h>
+
+
+int SSL_write(SSL *ssl, const void *buf, int num) {
+    return num;
+}
+
+int SSL_read(SSL *ssl, void *buf, int num) {
+    return num;
+}
+
+int SSL_peek(SSL *ssl, void *buf, int num) {
+    return num;
+}
+
+int SSL_get_error(const SSL *s, int ret_code) {
+    return 0;
+}
+
+const char *ERR_reason_error_string(unsigned long e) {
+    return "";
+}
+
+int SSL_shutdown(SSL *s) {
+    return 0;
+}
+
+void SSL_free(SSL *ssl) {}
+
+unsigned long ERR_get_error(void) {
+    return 0;
+}
--- a/test/test_list.c
+++ b/test/test_list.c
@@ -0,0 +1,92 @@
+
+#include <criterion/criterion.h>
+#include <criterion/parameterized.h>
+
+#include "../src/lib/list.h"
+
+Test(list, simple) {
+    int v;
+    int *list = list_create(sizeof(int), 16);
+    cr_assert_not_null(list);
+    cr_assert_eq(list_size(list), 0);
+
+    v = 1;
+    list = list_append(list, &v);
+    cr_assert_not_null(list);
+    cr_assert_eq(list_size(list), 1);
+    cr_assert_eq(list[0], 1);
+
+    v = 3;
+    list = list_append(list, &v);
+    cr_assert_not_null(list);
+    cr_assert_eq(list_size(list), 2);
+    cr_assert_eq(list[0], 1);
+    cr_assert_eq(list[1], 3);
+
+    v = 2;
+    list = list_insert(list, &v, 1);
+    cr_assert_not_null(list);
+    cr_assert_eq(list_size(list), 3);
+    cr_assert_eq(list[0], 1);
+    cr_assert_eq(list[1], 2);
+    cr_assert_eq(list[2], 3);
+
+    list = list_remove(list, 0);
+    cr_assert_not_null(list);
+    cr_assert_eq(list_size(list), 2);
+    cr_assert_eq(list[0], 2);
+    cr_assert_eq(list[1], 3);
+
+    list = list_remove(list, 1);
+    cr_assert_not_null(list);
+    cr_assert_eq(list_size(list), 1);
+    cr_assert_eq(list[0], 2);
+
+    list = list_remove(list, 0);
+    cr_assert_not_null(list);
+    cr_assert_eq(list_size(list), 0);
+
+    list_free(list);
+}
+
+Test(list, resize) {
+    int v;
+    int *list = list_create(sizeof(int), 4);
+    cr_assert_not_null(list);
+    cr_assert_eq(list_size(list), 0);
+
+    for (int i = 0; i < 4096; i++) {
+        v = 9182 - i;
+        list = list_append(list, &v);
+        cr_assert_not_null(list);
+        cr_assert_eq(list_size(list), i + 1);
+        for (int j = 0; j <= i; j++) {
+            cr_assert_eq(list[j], 9182 - j);
+        }
+    }
+
+    for (int i = 0; i < 4096; i++) {
+        list = list_remove(list, -1);
+        cr_assert_not_null(list);
+        cr_assert_eq(list_size(list), 4096 - i - 1);
+        for (int j = 0; j < 4096 - i; j++) {
+            cr_assert_eq(list[j], 9182 - j);
+        }
+    }
+
+    for (int i = 0; i < 4096; i++) {
+        v = 47391 - i;
+        list = list_append(list, &v);
+        cr_assert_not_null(list);
+        cr_assert_eq(list_size(list), i + 1);
+        for (int j = 0; j <= i; j++) {
+            cr_assert_eq(list[j], 47391 - j);
+        }
+    }
+
+    list = list_clear(list);
+    cr_assert_not_null(list);
+    cr_assert_eq(list_size(list), 0);
+
+    list_free(list);
+}
--- a/test/test_sock.c
+++ b/test/test_sock.c
@@ -0,0 +1,15 @@
+
+#include <criterion/criterion.h>
+#include "mock_socket.h"
+#include "../src/lib/sock.h"
+
+
+Test(sock, sock_send_1) {
+    int fd = socket(AF_INET6, SOCK_STREAM, 0);
+    sock s;
+    s.enc = 0;
+    s.socket = fd;
+
+    long ret = sock_send(&s, "Hello", 5, 0);
+    cr_assert_eq(ret, 5);
+}
--- a/test/test_utils.c
+++ b/test/test_utils.c
@@ -0,0 +1,86 @@
+
+#include <criterion/criterion.h>
+#include <criterion/parameterized.h>
+
+#include "../src/lib/utils.h"
+
+struct url_encode_t {
+    long in_size;
+    char in[256];
+    long exp_size;
+    char exp[256];
+};
+
+struct format_duration_t {
+    unsigned long micros;
+    char exp[16];
+};
+
+ParameterizedTestParameters(utils, url_encode) {
+    static struct url_encode_t params[] = {
+            {0, "", 0, ""},
+            {9, "Test Text", 11, "Test%20Text"},
+            {21, "Text\0with\0null\0bytes\0", 29, "Text%00with%00null%00bytes%00"},
+            {59, "Text&with+some/strange_symbols-or#something?I%don't|know...", 59, "Text&with+some/strange_symbols-or#something?I%don't|know..."},
+            {33, "Data\x12With\x13Some" "\xFF" "Control" "\xFE" "Characters", 41, "Data%12With%13Some%FFControl%FECharacters"}
+    };
+    return cr_make_param_array(struct url_encode_t, params, sizeof(params) / sizeof(struct url_encode_t));
+}
+
+ParameterizedTest(struct url_encode_t *param, utils, url_encode) {
+    char out[256];
+    cr_assert_eq(url_encode(param->in, param->in_size, out, sizeof(out)), param->exp_size);
+    cr_assert_arr_eq(out, param->exp, param->exp_size + 1);
+}
+
+Test(utils, url_encode_bytes) {
+    char out[4];
+    char exp[4];
+
+    for (int i = 0; i < 256; i++) {
+        unsigned char ch = i;
+        if (ch <= 0x20 || ch >= 0x7F) {
+            cr_assert_eq(url_encode(&ch, 1, out, sizeof(out)), 3);
+            sprintf(exp, "%%%02X", ch);
+            cr_assert_str_eq(out, exp);
+        } else {
+            cr_assert_eq(url_encode(&ch, 1, out, sizeof(out)), 1);
+            sprintf(exp, "%c", ch);
+            cr_assert_str_eq(out, exp);
+        }
+    }
+}
+
+Test(utils, url_encode_invalid) {
+    cr_assert_eq(url_encode("Hello", 5, NULL, 0), 5);
+}
+
+ParameterizedTestParameters(utils, format_duration) {
+    static struct format_duration_t params[] = {
+            {0, "0.0 ms"},
+            {1, "0.0 ms"},
+            {90, "0.1 ms"},
+            {100, "0.1 ms"},
+            {110, "0.1 ms"},
+            {900, "0.9 ms"},
+            {1000, "1.0 ms"},
+            {9000, "9.0 ms"},
+            {9899, "9.9 ms"},
+            {9999, "10.0 ms"},
+            {10000, "10 ms"},
+            {11999, "12 ms"},
+            {999999, "1.0 s"},
+            {1000000, "1.0 s"},
+            {3000000, "3.0 s"},
+            {1000000 * 60, "1:00 min"},
+            {1000000 * 60 * 30L - 30000000, "29:30 min"},
+            {1000000 * 60 * 60L, "60:00 min"},
+            {1000000 * 60 * 120L, "120 min"},
+    };
+    return cr_make_param_array(struct format_duration_t, params, sizeof(params) / sizeof(struct format_duration_t));
+}
+
+ParameterizedTest(struct format_duration_t *param, utils, format_duration) {
+    char buf[16];
+    cr_assert_str_eq(format_duration(param->micros, buf), param->exp);
+}