I really like using Amfora for browsing gemini but it doesn't support gopher,
so I decided to try out solderpunk's `agena` - a python proxy for browsing
gophher with a gemini client.

I did the following:

1. `git clone https://tildegit.org/solderpunk/agena && cd agena`
2. Create certificates for agena, as gemini is TLS mandatory but does TOFU. For
  this I use https://github.com/smallstep/cli:
  `step-cli certificate create --profile=self-signed --subtle --san 127.0.0.1
  --no-password --insecure --not-after 43800h localhost cert.pem key.pem`
3. **ENSURE THE KEY IS READABLE ONLY TO YOU ON A SHARED MACHINE**
4. Run agena with `./agena`
5. Modify your Amfora config to contain the following lines:
  ```
  [proxies]
  gopher = "localhost:1965"
  ```
6. Browse to your heart's content!

In the example of the `step-cli` command there are a few unobvious things to
point out:

- `--subtle` and `--insecure` are mandatory gating flags to prevent misuse when
 you provide `--profile=self-signed` and `--no-password` respectively.
- These are because step is designed to make the typical use case of TLS
 easier, and self-signed non-passworded certs are not that. We can use these
 however as we are only trusting a locally accessible proxy, and having a
 password prevents us from starting `agena` noninteractively.
- `--san 127.0.0.1` is required as the original X509 spec doesn't allow for an
 IP address as a common name (the positional argument that we've used
 `localhost` for), so we have to put it in the SAN extension field for it to
 be respected.
- `--non-after 43800h` means we expire after 5 years. This is bad practice if
 you're out there on the web, but with a local proxy you're just creating pain
 for yourself by issuing short amounts of time.

I hope that's helpful - X509 is a pain in the ass and the gemini use case is
made difficult by the assumption of the chain-of-trust model by most tools.

***UPDATE***
I've just submitted a PR that deletes about 5 lines of Amfora to enable
bookmarking for non-gemini pages - I'm hoping that code was just vestigial and
it will be accepted upstream.

***UPDATE***
It was merged within an hour :D

You are viewing proxied material from republic.circumlunar.space. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.