--- /dev/null
+****************
+OUYA image store
+****************
+
+Browse images on your OUYA by hosting an OUYA game store that delivers
+image folders as games.
+
+
+============
+Requirements
+============
+
+- Web server (e.g. Apache 2.2)
+- PHP 5.4+
+- OpenSSL
+- Access to your DNS server
+
+
+=====
+Setup
+=====
+1. Create a SSL certificate authority, install its root cert on your OUYA
+ (advanced settings, security, install from SD card)
+2. Create an SSL certificate for ``*.ouya.tv``, sign it with your CA certificate.
+ See the `SSL certificate generation`_ instructions below
+3. Create a virtual host in Apache, set the server name to ``devs.ouya.tv``
+ and alias to ``www.ouya.tv`` and ``status.ouya.tv``.
+ Let it use the generated certificate.
+ Point the document root to the ``ouya-imagestore/www/`` folder.
+ Make sure it's the only SSL host, or the first vhost with SSL
+ (OUYA does not support SNI).
+4. Copy ``data/config.php.dist`` to ``data/config.php`` and change the
+ ``basedir`` variable to a folder that contains subfolders with images.
+5. In your DNS server, set ``devs.ouya.tv``, ``www.ouya.tv`` and
+ ``status.ouya.tv`` to the apache machine's IP.
+6. Power up your OUYA. Start the store ("Discover").
+
+You will see your image folders with a preview image each.
+Opening the "game" folder displays all images as game screenshots.
+
+
+
+SSL certificate generation
+==========================
+First, generate your own certificate authority (CA)::
+
+ $ cd doc
+ $ openssl genrsa -out rootCA.key 2048
+ $ openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem
+
+Then, create a certificate and sign it with your CA's key::
+
+ $ openssl req -new -x509 -nodes -config ouya.tv-cert-req.cnf -out selfcert-ouya.tv.pem -keyout selfcert-ouya.tv.key -days 730
+
+ $ openssl genrsa -out selfcert-ouya.tv.key 1024
+ $ openssl req -new -config ouya.tv-cert-req.cnf -key selfcert-ouya.tv.key -out selfcert-ouya.tv.csr
+ $ openssl x509 -req -in selfcert-ouya.tv.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out selfcert-ouya.tv.crt -days 730 -extfile ouya.tv-cert-req.cnf
+
+Verify CSR::
+
+ $ openssl req -text -noout -verify -in selfcert-ouya.tv.csr
+
+Verify certificate::
+
+ $ openssl x509 -in selfcert-ouya.tv.crt -text -noout
+
+Note that the OUYA store application does not use SNI (Server Name Indication).
+This means that your server's ``*.ouya.tv`` must be delivered first when no
+host name is indicated by the client, thus the vhost has to be the first
+of all in the configuration.
+++ /dev/null
-Generate web server SSL certificate
-===================================
-::
-
- $ openssl req -new -x509 -nodes -config ouya.tv-cert-req.cnf -out selfcert-ouya.tv.pem -keyout selfcert-ouya.tv.key -days 730
-
- $ openssl genrsa -out selfcert-ouya.tv.key 1024
- $ openssl req -new -config ouya.tv-cert-req.cnf -key selfcert-ouya.tv.key -out selfcert-ouya.tv.csr
- $ openssl x509 -req -in selfcert-ouya.tv.csr -CA ~/.mitmproxy/mitmproxy-ca.pem -CAkey ~/.mitmproxy/mitmproxy-ca.pem -CAcreateserial -out selfcert-ouya.tv.crt -days 730 -extfile ouya.tv-cert-req.cnf
-
-Verify CSR::
-
- $ openssl req -text -noout -verify -in selfcert-ouya.tv.csr
-
-Verify certificate::
-
- $ openssl x509 -in selfcert-ouya.tv.crt -text -noout
-
-Then install the certificate in your web server.
-
-Note that the OUYA store application does not use SNI (Server Name Indication).
-This means that your server's *.ouya.tv must be delivered first when no
-host name is indicated by the client, thus the vhost has to be the first
-of all in the configuration.