Refactoring

[tofuproxy.git] / doc / index.texi

diff --git a/doc/index.texi b/doc/index.texi
index 2b1e75576bb78db18de1a438cb1f715f4352252f..5839a6b3f11e99759e98a25cab17d32b198f97e5 100644 (file)
--- a/doc/index.texi
+++ b/doc/index.texi
@@ -9,15 +9,13 @@ Copyright @copyright{} 2021 @email{stargrave@@stargrave.org, Sergey Matveev}
 @node Top
 @top tofuproxy
 
 @node Top
 @top tofuproxy
 

-@image{logs,,,Example logs,.webp}
-

 @itemize
 
 @item I am tired that various HTTPS clients (like browsers and feed
 aggregators) use various TLS libraries with different features. NSS,
 GnuTLS, OpenSSL... All of them sucks, comparing to Go's @code{crypto/tls}.
 
 @itemize
 
 @item I am tired that various HTTPS clients (like browsers and feed
 aggregators) use various TLS libraries with different features. NSS,
 GnuTLS, OpenSSL... All of them sucks, comparing to Go's @code{crypto/tls}.
 

-@item I am tired that everyone provides very limited certificates trust
+@item I tired that everyone provides very limited certificates trust

 management capabilities, like either certificate or SPKI
 @url{https://en.wikipedia.org/wiki/Certificate_pinning, pinning} with
 @url{https://en.wikipedia.org/wiki/Trust_on_first_use, TOFU}. Even my
 management capabilities, like either certificate or SPKI
 @url{https://en.wikipedia.org/wiki/Certificate_pinning, pinning} with
 @url{https://en.wikipedia.org/wiki/Trust_on_first_use, TOFU}. Even my


@@ -28,20 +26,25 @@ more sufficient and convenient to work with.
 @item I am tired that many clients provides very few information about
 certificates and connections at all.
 
 @item I am tired that many clients provides very few information about
 certificates and connections at all.
 

-@item I am tired that hardly anyone can control (no automatic silent
+@item I hate that hardly anyone can control (no automatic silent

 transparent following) HTTP redirections. Although Firefox had proper
 extensions for that.
 
 transparent following) HTTP redirections. Although Firefox had proper
 extensions for that.
 

-@item I am tired that you have got small control on URLs. The best you
-can is to use some kind of @url{https://en.wikipedia.org/wiki/Privoxy,
-Privoxy}, but it is not friendly with TLS connections, obviously.
+@item I am sick of tiny control on URLs. The best you can is to use some
+kind of @url{https://en.wikipedia.org/wiki/Privoxy, Privoxy}, but it is
+not friendly with TLS connections, obviously.

 
 @item Hardly anyone does
 @url{https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities, DANE}
 checks.
 
 @item And there is insanity of downloading fonts.
 
 @item Hardly anyone does
 @url{https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities, DANE}
 checks.
 
 @item And there is insanity of downloading fonts.

-    Why the hell people just do not send PostScript documents instead!?
+Why the hell people just do not send PostScript documents instead!?
+
+@item And wonderful @url{http://jpegxl.info/, JPEG XL} image format is
+not supported by most browsers. Even pretty old
+@url{https://developers.google.com/speed/webp, WebP} is not supported
+everywhere.

 
 @end itemize
 
 
 @end itemize
 


@@ -57,17 +60,25 @@ creating some kind of complex configuration framework.
 @item TLS connection between client and @command{tofuproxy} has the
     proper hostname set in ephemeral on-the-fly generated certificate.
 
 @item TLS connection between client and @command{tofuproxy} has the
     proper hostname set in ephemeral on-the-fly generated certificate.
 

-@item @code{HEAD} method is forbidden, because of damned Xombrero loving
-    making it so much. Can live without it.
+@item @code{HEAD} method for Xombrero is forbidden, as it loves it too much.

 
 @item @code{www.reddit.com} is redirected to @code{old.reddit.com}.
 
 
 @item @code{www.reddit.com} is redirected to @code{old.reddit.com}.
 

-@item Various spying domains (advertisement, tracking counters) are
-    responded with 404 error.
+@item @url{https://habr.com/ru/all/, Хабр}'s resolution reduced images
+    are redirected to their full size variants.
+
+@item Various spying domains (advertisement, tracking counters) are denied.
+
+@item Web fonts downloads are forbidden.
+
+@item Permanent HTTP redirects are replaced with HTML page with the link.
+
+@item Temporary HTTP redirects are replaced with HTML too, if it is
+    neither @url{https://newsboat.org/, Newsboat} nor image paths.
+
+@item WebP images, if it is not Xombrero, is transcoded to PNG.

 
 

-@item All HTTP redirects are replaced with HTML page with the link.
-    However temporary redirects are passed as is for @code{newsboat}
-    User-Agent.
+@item JPEG XL images are transparently transcoded to PNG too.

 
 @item Default Go's checks are applied to all certificates. If they pass,
     then certificate chain is saved on the disk. Future connections are
 
 @item Default Go's checks are applied to all certificates. If they pass,
     then certificate chain is saved on the disk. Future connections are


@@ -80,68 +91,14 @@ creating some kind of complex configuration framework.
 
 @item Optionally DANE-EE check is also made for each domain you visit.
 
 
 @item Optionally DANE-EE check is also made for each domain you visit.
 

-@end itemize
-
-@image{dialog,,,Example dialog,.webp}
-
-@node Usage
-@unnumbered Usage
-
-@itemize
-
-@item Build @command{tofuproxy}:
+@item TLS session resumption and keep-alives are also supported.

 
 

-@example
-$ git clone git://git.stargrave.org/tofuproxy.git
-$ cd tofuproxy
-$ go build
-@end example
-
-@item
-Generate CA-capable certificate for the proxy, that will issue ephemeral
-certificate to proxied domains:
-
-@example
-$ redo cert.pem
-@end example
-
-@item
-Create directory with output FIFOs and directory for stored certificate chains:
-
-@example
-$ ./mkfifos.sh
-$ mkdir certs
-@end example
-
-@item
-Run @command{tofuproxy} itself. By default it will bind to
-@code{[::1]:8080}, use @code{[::1]:53} DNS server for DANE requests
-(set to an empty string to disable DANE lookups):
-
-@example
-$ ./tofuproxy
-main.go:316: listening: [::1]:8080
-@end example
-
-@item Trust your newly generated CA:
-
-@example
-# cat /path/to/tofuproxy/cert.pem >> /etc/ssl/cert.pem
-@end example
-
-@item Point you HTTP/HTTPS clients to @code{http://localhost:8080}.
-
-@item Watch logs with @url{https://github.com/halturin/multitail, multitail}:
-
-@example
-$ ./multitail.sh
-@end example
+@item And Go itself tries also to act as a
+@url{https://http2.github.io/, HTTP/2} client too.

 
 @end itemize
 
 
 @end itemize
 

-When you encounter something requiring your attention and decision, you
-will be shown Tk-dialog through the @command{wish} invocation. GnuTLS'es
-@command{certtool} is used for certificate information printing.
+@include usage.texi

 
 @node TODO
 @unnumbered TODO
 
 @node TODO
 @unnumbered TODO


@@ -150,8 +107,6 @@ What I am planning possibly to do? Just brainstorming:
 
 @itemize
 
 
 @itemize
 

-@item JPEG-XL/WebP transparent converter to JPEG/PNG.
-

 @item HTTP authorization dialog.
 
 @item TLS client certificates usage capability.
 @item HTTP authorization dialog.
 
 @item TLS client certificates usage capability.