6 @item Currently @command{tofuproxy} uses:
7 GnuTLS'es @url{https://www.gnutls.org/manual/html_node/certtool-Invocation.html, certtool},
8 @url{http://cr.yp.to/redo.html, redo} build system,
9 @url{https://www.tcl.tk/, Tcl/Tk}'s @command{wish} shell for GUI dialogues,
10 @command{dwebp}, @command{djxl} for images transcoding,
11 @url{https://github.com/halturin/multitail, multitail} for logs viewing.
13 @item Download and build @command{tofuproxy}:
16 $ git clone git://git.stargrave.org/tofuproxy.git
22 If build fails because of untrusted @code{ca.cypherpunks.ru} certificate, then:
25 $ [fetch|wget] http://www.ca.cypherpunks.ru/cert.pem
26 $ [fetch|wget] http://www.ca.cypherpunks.ru/cert.pem.asc
27 $ gpg --auto-key-locate dane --locate-keys stargrave at stargrave dot org
28 $ gpg --auto-key-locate wkd --locate-keys stargrave at gnupg dot net
29 $ gpg --verify cert.pem.asc
30 $ SSL_CERT_FILE=`pwd`/cert.pem GIT_SSL_CAINFO=`pwd`/cert.pem redo all
34 Run @command{tofuproxy} itself. By default it will bind to
35 @code{[::1]:8080}, use @code{[::1]:53} DNS server for DANE requests
36 (set to an empty string to disable DANE lookups):
40 main.go:316: listening: [::1]:8080
43 @item Trust your newly generated CA:
46 # cat cert.pem >> /etc/ssl/cert.pem
49 @item Point you HTTP/HTTPS clients to @code{http://localhost:8080}.
54 $ ( cd fifos ; ./multitail.sh )
57 @image{logs,,,Example logs,.webp}
60 When you encounter something requiring your attention and decision, you
61 will be shown Tk-dialog through the @command{wish} invocation. GnuTLS'es
62 @command{certtool} is used for certificate information printing.
64 @image{dialog,,,Example dialog,.webp}