Host at nats.convey.sh with tls (#28)

* Fix configuration test on README

* done hosting of nats.convey.sh with tls

README.md

@@ -15,10 +15,10 @@
 
 ```bash
 echo "Hello world" | convey
-21f50fba373e11e9990a72000872a940
+vibrant_allen
 ```
 ```bash
-convey 21f50fba373e11e9990a72000872a940
+convey vibrant_allen
 Hello world
 ```
 
@@ -27,7 +27,7 @@ Hello world
 - Pipe between hosts with an idomatic interface using the standard `|` symbol.
 - Easily pipe files between hosts.
 - Does not require any open ports between your clients.
-- Configure it to use short channel names instead of UUIDs for easy typing such as `vibrant_allen`.
+- Configure it to use short channel names for easy typing such as `vibrant_allen` or UUIDs.
 - Supports colors through [ANSI escape codes](https://en.wikipedia.org/wiki/ANSI_escape_code#Colors).
 - Supports Linux, macOS and Windows.
 - No dependencies to install.
@@ -75,11 +75,13 @@ convey <ID>
 Hello world
 ```
 
-The keyfile should be a secret file that you can easily access on the machines you want to use `convey` with. Some examples are:
-- a text file
+The keyfile should be a secret file that can be easily accessed on the machines you want to use `convey` with.  
+Your keyfiles don't leave your machine. We create a fingerprint from this file and use that fingerprint only.  
+Some examples are:
+- a text file (e.g. `~/.ssh/id_rsa.pub`)
 - an image file
-- a file with randomly generated bytes - [example](https://unix.stackexchange.com/questions/33629/how-can-i-populate-a-file-with-random-data)
-- raw URL to gist - [see GitHub gist](https://gist.github.com)
+- a file with randomly generated bytes - [how to](https://unix.stackexchange.com/questions/33629/how-can-i-populate-a-file-with-random-data)
+- raw URL to gist - [GitHub gist](https://gist.github.com)
 
 ---
 
@@ -96,12 +98,12 @@ Usage:
 
 Flags:
       --keyfile string        URL or local path to keyfile (at least 64 bytes is required)
-      --short-names           Use short channel names (channel conflicts could be more likely for a given keyfile/fingerprint)
+      --long-names            Use standard uuid format for channel names 
       --overwrite             Overwrite current configuration
       --fingerprint string    (advanced) If you know the fingerprint you want to use (SHAKE-256 hex), you can set it directly instead of using --keyfile
+      --nats-cacert string    (advanced) Local path to CA certificate used by NATS server
       --nats-cluster string   (advanced) NATS cluster id
       --nats-url string       (advanced) NATS server url
-      --nats-cacert string    (advanced) Local path to CA certificate used by NATS server
   -h, --help                  help for configure
 ```
 
@@ -111,7 +113,6 @@ By default, configuration is loaded from `$HOME/.convey.yaml`.
 
 # Development
 
-**Set up**
 ```bash
 go get -u github.com/derekbekoe/convey
 cd $GOPATH/src/github.com/derekbekoe/convey
@@ -122,7 +123,8 @@ go run main.go
 
 # Self-hosting
 
-For convenience, we've provided a service that the application uses by default.
+For convenience, we've provided a hosted service that `convey` uses by default.  
+This hosted service uses TLS to ensure communications are encrypted.
 
 Alternatively, you can host your own [NATS Streaming Server](https://docs.nats.io/nats-streaming-concepts/intro) and configure `convey` to use that server.
 

cmd/configure.go

@@ -85,7 +85,7 @@ func init() {
 	configureCmd.PersistentFlags().StringVar(&natsCaCert, "nats-cacert", "", "(advanced) Local path to CA certificate used by NATS server")
 	configureCmd.PersistentFlags().StringVar(&keyFile, "keyfile", "", "URL or local path to keyfile (at least 64 bytes is required)")
 	configureCmd.PersistentFlags().StringVar(&knownFingerprint, "fingerprint", "", "(advanced) If you know the fingerprint you want to use (SHAKE-256 hex), you can set it directly instead of using --keyfile")
-	configureCmd.PersistentFlags().BoolVar(&useLongName, "long-names", false, "Use standard uuid format channel names ")
+	configureCmd.PersistentFlags().BoolVar(&useLongName, "long-names", false, "Use standard uuid format for channel names ")
 	configureCmd.PersistentFlags().BoolVar(&forceWrite, "overwrite", false, "Overwrite current configuration")
 }
 

cmd/root.go

@@ -43,6 +43,8 @@ const (
 	configKeyNatsCACert    = "NatsCACert"
 	configKeyUseLongName   = "UseLongName"
 	configKeyFingerprint   = "Fingerprint"
+	hostedNatsURL          = "tls://nats.convey.sh:4443"
+	hostedNatsClusterID    = "convey-cluster"
 )
 
 // Path to config file set by user
@@ -183,8 +185,14 @@ func connectToStan(clientID string) (stan.Conn, *nats.Conn) {
 	natsClusterID := viper.GetString(configKeyNatsClusterID)
 	natsRootCa := viper.GetString(configKeyNatsCACert)
 
-	if natsURL == "" || natsClusterID == "" {
-		s := fmt.Sprintf("The configuration options '%s' and '%s' are not set. Use `convey configure` to set. Use `--help` for usage.",
+	if natsURL == "" && natsClusterID == "" {
+		// Use hosted service
+		natsURL = hostedNatsURL
+		natsClusterID = hostedNatsClusterID
+		// Ignore any custom root CA set if we are using our hosted service
+		natsRootCa = ""
+	} else if natsURL == "" || natsClusterID == "" {
+		s := fmt.Sprintf("The configuration options '%s' and '%s' are not set. Use `convey configure` to set both or don't set any to use the hosted service.",
 			configKeyNatsURL,
 			configKeyNatsClusterID)
 		errorExit(s)
@@ -203,6 +211,9 @@ func connectToStan(clientID string) (stan.Conn, *nats.Conn) {
 		errorExit(s)
 	}
 
+	msgServerInfo := fmt.Sprintf("Using NATS server - %s - %s", natsURL, natsClusterID)
+	log.Printf(msgServerInfo)
+
 	stanConn, err := stan.Connect(
 		natsClusterID,
 		clientID,

docs/self-hosting.md

@@ -124,4 +124,45 @@ If you want to host on a VM instead, it should be fairly straightforward to modi
 
 ## Host on VM with certificate signed by CA (TLS)
 
-<!-- TODO-DEREK Complete this using Lets Encrypt. -->
+Create a resource group and VM (an Azure VM in this sample):
+```sh
+az group create -n nats -l westus
+az vm create --image UbuntuLTS -g nats -n convey-nats-usw2-1 -l westus2 --size Standard_DS2_v2 --public-ip-address-dns-name convey-nats-usw2-1
+az vm open-port -g nats -n convey-nats-usw2-1 --port 80 443 4443 4444
+```
+
+SSH into the VM:
+```
+ssh IP_ADDRESS
+```
+
+Use certbot to get your SSL certificate:
+
+https://certbot.eff.org/lets-encrypt/ubuntubionic-other
+
+Install and start NATS Server:
+
+```sh
+wget -O nats-server.deb https://github.com/nats-io/nats-server/releases/download/v2.1.2/nats-server-v2.1.2-amd64.deb
+
+nohup nats-server --addr 0.0.0.0 --port 4443 --https_port 4444 --tlscert /etc/letsencrypt/live/convey-nats-usw2-1.westus2.cloudapp.azure.com/fullchain.pem --tlskey /etc/letsencrypt/live/convey-nats-usw2-1.westus2.cloudapp.azure.com/privkey.pem --tls --log /var/log/nats-server &
+```
+
+Other releases: https://github.com/nats-io/nats-server/releases
+
+Install and start NATS Streaming Server:
+
+```
+wget -O nats-streaming-server.deb https://github.com/nats-io/nats-streaming-server/releases/download/v0.16.2/nats-streaming-server-v0.16.2-amd64.deb
+dpkg -i nats-streaming-server.deb 
+
+nohup nats-streaming-server --cluster_id test-cluster --store MEMORY --max_channels 0 --max_subs 0 --max_msgs 0 --max_bytes 0 --max_age 24h --max_inactivity 10m --encrypt --encryption_key mykey --nats_server nats://convey-nats-usw2-1.westus2.cloudapp.azure.com:4443 --log /var/log/nats-streaming-server &
+```
+
+Other releases: https://github.com/nats-io/nats-streaming-server/releases
+
+Finally, configure `convey` to use this server:
+
+```
+convey configure --nats-url nats://convey-nats-usw2-1.westus2.cloudapp.azure.com:4443 --nats-cluster test-cluster --keyfile FILE
+```