docs(readme): document environment versus QubesDB configuration

proxy/README.md

@@ -126,26 +126,21 @@ PR in this repository.
 
 ## Configuration
 
-The proxy script must be run with the path to its configuration file
-as its first argument. This repo includes an example configuration
-file, at `config-example.yaml`. Configuration consists of the
-following values:
-
-- `host` - The hostname of the remote server. Must be set.
-- `port` - The port the request should be sent to. Must be set.
-- `scheme` - `http` or `https`. Must be set.
-- `dev` - A boolean, where `True` indicates we're running in development mode, any other value (or not set) indicates we're running in production. See below for what that means.
-- `target_vm` - The name of the VM we should `qvm-move` non-JSON responses to. Must be set if dev is not True.
-
-### dev vs prod
-
-Configuration includes a "dev" attribute. At this point, the only
-difference between dev and production modes is how non-JSON responses
-are handled. In prod mode, the content is saved to a local file, then
-moved (via `qvm-move`) to the VM indicated by `target_vm`. In dev
-mode, the file is not moved off the VM, but is saved as a temporary
-file in `/tmp`. In both cases, the response written to STDOUT includes
-the name of the new file.
+In development, the proxy should be run with the `SD_PROXY_ORIGIN` environment
+variable set, like:
+
+```sh-session
+$ export SD_PROXY_ORIGIN=http://${JOURNALIST_INTERFACE}.onion
+```
+
+In a production build with the `qubesdb` feature, the same value is expected in
+the Qubes feature `vm-config.SD_PROXY_ORIGIN`, exposed in QubesDB at
+`/vm-config/SD_PROXY_ORIGIN`. Yo can simulate this, including on Qubes 4.1,
+with:
+
+```sh-session
+[user@dom0 ~] qubesdb-write sd-proxy -c write /vm-config/SD_PROXY_ORIGIN $JOURNALIST_INTERFACE
+```
 
 ## Tests