I really like using Amfora for browsing gemini but it doesn't support gopher,
so I decided to try out solderpunk's `agena` - a python proxy for browsing
gophher with a gemini client.

I did the following:

1. `git clone https://tildegit.org/solderpunk/agena && cd agena`
2. Create certificates for agena, as gemini is TLS mandatory but does TOFU. For
   this I use https://github.com/smallstep/cli:
   `step-cli certificate create --profile=self-signed --subtle --san 127.0.0.1
   --no-password --insecure --not-after 43800h localhost cert.pem key.pem`
3. **ENSURE THE KEY IS READABLE ONLY TO YOU ON A SHARED MACHINE**
4. Run agena with `./agena`
5. Modify your Amfora config to contain the following lines:
   ```
   [proxies]
   gopher = "localhost:1965"
   ```
6. Browse to your heart's content!

In the example of the `step-cli` command there are a few unobvious things to
point out:

- `--subtle` and `--insecure` are mandatory gating flags to prevent misuse when
  you provide `--profile=self-signed` and `--no-password` respectively.
- These are because step is designed to make the typical use case of TLS
  easier, and self-signed non-passworded certs are not that. We can use these
  however as we are only trusting a locally accessible proxy, and having a
  password prevents us from starting `agena` noninteractively.
- `--san 127.0.0.1` is required as the original X509 spec doesn't allow for an
  IP address as a common name (the positional argument that we've used
  `localhost` for), so we have to put it in the SAN extension field for it to
  be respected.
- `--non-after 43800h` means we expire after 5 years. This is bad practice if
  you're out there on the web, but with a local proxy you're just creating pain
  for yourself by issuing short amounts of time.

I hope that's helpful - X509 is a pain in the ass and the gemini use case is
made difficult by the assumption of the chain-of-trust model by most tools.

***UPDATE***
I've just submitted a PR that deletes about 5 lines of Amfora to enable
bookmarking for non-gemini pages - I'm hoping that code was just vestigial and
it will be accepted upstream.

***UPDATE***
It was merged within an hour :D