@item atomic packages store on filesystem
@item SHA256-checksummed packages (both uploaded and proxied one)
@item graceful HTTP-server shutdown
-@item no TLS support
@item no YAML configuration, just command-line arguments
@item no package overwriting ability (as PyPI does)
@end itemize
GoCheese is free software, licenced under
-@url{https://www.gnu.org/licenses/gpl-3.0.html, GNU GPLv3} conditions:
+@url{https://www.gnu.org/licenses/gpl-3.0.html, GNU GPLv3}:
see the file COPYING for copying conditions.
@menu
* Usage::
* Password authentication: Passwords.
+* TLS support: TLS.
* Storage format: Storage.
@end menu
Before refreshing it's recommended to check @option{-passwd} file with
@option{-passwd-check} option to prevent daemon failure.
+@node TLS
+@unnumbered TLS support
+
+You can enable TLS support by specifying PEM-encoded X.509 certificate
+and private key files. Go's TLS implementation supports TLS 1.3, HTTP/2
+negotiation, Keep-Alives, modern ciphersuites and ECC.
+
+For example generate some self-signed certificate using GnuTLS toolset:
+
+@verbatim
+$ certtool --generate-privkey --ecc --outfile prv.pem
+$ cert_template=`mktemp`
+$ echo cn=gocheese.host > $cert_template
+$ certtool \
+ --generate-self-signed \
+ --load-privkey=prv.pem \
+ --template $cert_template \
+ --outfile=cert.pem
+$ rm $cert_template
+$ gocheese -tls-cert cert.pem -tls-key prv.pem [...]
+@end verbatim
+
@node Storage
@unnumbered Storage format