X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=gocheese.texi;h=fac8df0e4c564c3652a1e4043224be30c5dc4f38;hb=d0729b9a07e45b8a45efacd00cb0a080f858d240;hp=8ad7b69db949fd0919d28e95cc2b8941c1fb5507;hpb=c576240f769376cce57823e24158ab4bdaae324c;p=gocheese.git

diff --git a/gocheese.texi b/gocheese.texi
index 8ad7b69..fac8df0 100644
--- a/gocheese.texi
+++ b/gocheese.texi
@@ -25,18 +25,19 @@ but nearly all the code was rewritten. It has huge differences:
 @item proxying and caching of missing packages
 @item atomic packages store on filesystem
 @item SHA256-checksummed packages (both uploaded and proxied one)
-@item no TLS support
+@item graceful HTTP-server shutdown
 @item no YAML configuration, just command-line arguments
-@item no package overwriting ability
+@item no package overwriting ability (as PyPI does)
 @end itemize
 
 GoCheese is free software, licenced under
-@url{https://www.gnu.org/licenses/gpl-3.0.html, GNU GPLv3} conditions:
+@url{https://www.gnu.org/licenses/gpl-3.0.html, GNU GPLv3}:
 see the file COPYING for copying conditions.
 
 @menu
 * Usage::
 * Password authentication: Passwords.
+* TLS support: TLS.
 * Storage format: Storage.
 @end menu
 
@@ -61,7 +62,7 @@ You can upload packages to it with
 twine upload
     --repository-url http://gocheese.host:8080/simple/ \
     --username spam \
-    --passwd foo dist/tarball.tar.gz
+    --password foo dist/tarball.tar.gz
 @end verbatim
 
 @node Passwords
@@ -75,6 +76,8 @@ following format:
 username:hashed-password
 @end verbatim
 
+Empty lines and having @verb{|#|} at the beginning are skipped.
+
 Supported hashing algorithms are:
 
 @table @asis
@@ -122,6 +125,28 @@ $ kill -HUP `pidof gocheese`
 Before refreshing it's recommended to check @option{-passwd} file with
 @option{-passwd-check} option to prevent daemon failure.
 
+@node TLS
+@unnumbered TLS support
+
+You can enable TLS support by specifying PEM-encoded X.509 certificate
+and private key files. Go's TLS implementation supports TLS 1.3, HTTP/2
+negotiation, Keep-Alives, modern ciphersuites and ECC.
+
+For example generate some self-signed certificate using GnuTLS toolset:
+
+@verbatim
+$ certtool --generate-privkey --ecc --outfile prv.pem
+$ cert_template=`mktemp`
+$ echo cn=gocheese.host > $cert_template
+$ certtool \
+    --generate-self-signed \
+    --load-privkey=prv.pem \
+    --template $cert_template \
+    --outfile=cert.pem
+$ rm $cert_template
+$ gocheese -tls-cert cert.pem -tls-key prv.pem [...]
+@end verbatim
+
 @node Storage
 @unnumbered Storage format