diff --git a/README.md b/README.md index f38e396..b16818a 100644 --- a/README.md +++ b/README.md @@ -15,10 +15,10 @@ ```bash echo "Hello world" | convey -21f50fba373e11e9990a72000872a940 +vibrant_allen ``` ```bash -convey 21f50fba373e11e9990a72000872a940 +convey vibrant_allen Hello world ``` @@ -27,7 +27,7 @@ Hello world - Pipe between hosts with an idomatic interface using the standard `|` symbol. - Easily pipe files between hosts. - Does not require any open ports between your clients. -- Configure it to use short channel names instead of UUIDs for easy typing such as `vibrant_allen`. +- Configure it to use short channel names for easy typing such as `vibrant_allen` or UUIDs. - Supports colors through [ANSI escape codes](https://en.wikipedia.org/wiki/ANSI_escape_code#Colors). - Supports Linux, macOS and Windows. - No dependencies to install. @@ -75,11 +75,13 @@ convey Hello world ``` -The keyfile should be a secret file that you can easily access on the machines you want to use `convey` with. Some examples are: -- a text file +The keyfile should be a secret file that can be easily accessed on the machines you want to use `convey` with. +Your keyfiles don't leave your machine. We create a fingerprint from this file and use that fingerprint only. +Some examples are: +- a text file (e.g. `~/.ssh/id_rsa.pub`) - an image file -- a file with randomly generated bytes - [example](https://unix.stackexchange.com/questions/33629/how-can-i-populate-a-file-with-random-data) -- raw URL to gist - [see GitHub gist](https://gist.github.com) +- a file with randomly generated bytes - [how to](https://unix.stackexchange.com/questions/33629/how-can-i-populate-a-file-with-random-data) +- raw URL to gist - [GitHub gist](https://gist.github.com) --- @@ -96,12 +98,12 @@ Usage: Flags: --keyfile string URL or local path to keyfile (at least 64 bytes is required) - --short-names Use short channel names (channel conflicts could be more likely for a given keyfile/fingerprint) + --long-names Use standard uuid format for channel names --overwrite Overwrite current configuration --fingerprint string (advanced) If you know the fingerprint you want to use (SHAKE-256 hex), you can set it directly instead of using --keyfile + --nats-cacert string (advanced) Local path to CA certificate used by NATS server --nats-cluster string (advanced) NATS cluster id --nats-url string (advanced) NATS server url - --nats-cacert string (advanced) Local path to CA certificate used by NATS server -h, --help help for configure ``` @@ -111,7 +113,6 @@ By default, configuration is loaded from `$HOME/.convey.yaml`. # Development -**Set up** ```bash go get -u github.com/derekbekoe/convey cd $GOPATH/src/github.com/derekbekoe/convey @@ -122,7 +123,8 @@ go run main.go # Self-hosting -For convenience, we've provided a service that the application uses by default. +For convenience, we've provided a hosted service that `convey` uses by default. +This hosted service uses TLS to ensure communications are encrypted. Alternatively, you can host your own [NATS Streaming Server](https://docs.nats.io/nats-streaming-concepts/intro) and configure `convey` to use that server. diff --git a/cmd/configure.go b/cmd/configure.go index a590b41..d3b0a59 100644 --- a/cmd/configure.go +++ b/cmd/configure.go @@ -85,7 +85,7 @@ func init() { configureCmd.PersistentFlags().StringVar(&natsCaCert, "nats-cacert", "", "(advanced) Local path to CA certificate used by NATS server") configureCmd.PersistentFlags().StringVar(&keyFile, "keyfile", "", "URL or local path to keyfile (at least 64 bytes is required)") configureCmd.PersistentFlags().StringVar(&knownFingerprint, "fingerprint", "", "(advanced) If you know the fingerprint you want to use (SHAKE-256 hex), you can set it directly instead of using --keyfile") - configureCmd.PersistentFlags().BoolVar(&useLongName, "long-names", false, "Use standard uuid format channel names ") + configureCmd.PersistentFlags().BoolVar(&useLongName, "long-names", false, "Use standard uuid format for channel names ") configureCmd.PersistentFlags().BoolVar(&forceWrite, "overwrite", false, "Overwrite current configuration") } diff --git a/cmd/root.go b/cmd/root.go index 727c042..2f114c4 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -43,6 +43,8 @@ const ( configKeyNatsCACert = "NatsCACert" configKeyUseLongName = "UseLongName" configKeyFingerprint = "Fingerprint" + hostedNatsURL = "tls://nats.convey.sh:4443" + hostedNatsClusterID = "convey-cluster" ) // Path to config file set by user @@ -183,8 +185,14 @@ func connectToStan(clientID string) (stan.Conn, *nats.Conn) { natsClusterID := viper.GetString(configKeyNatsClusterID) natsRootCa := viper.GetString(configKeyNatsCACert) - if natsURL == "" || natsClusterID == "" { - s := fmt.Sprintf("The configuration options '%s' and '%s' are not set. Use `convey configure` to set. Use `--help` for usage.", + if natsURL == "" && natsClusterID == "" { + // Use hosted service + natsURL = hostedNatsURL + natsClusterID = hostedNatsClusterID + // Ignore any custom root CA set if we are using our hosted service + natsRootCa = "" + } else if natsURL == "" || natsClusterID == "" { + s := fmt.Sprintf("The configuration options '%s' and '%s' are not set. Use `convey configure` to set both or don't set any to use the hosted service.", configKeyNatsURL, configKeyNatsClusterID) errorExit(s) @@ -203,6 +211,9 @@ func connectToStan(clientID string) (stan.Conn, *nats.Conn) { errorExit(s) } + msgServerInfo := fmt.Sprintf("Using NATS server - %s - %s", natsURL, natsClusterID) + log.Printf(msgServerInfo) + stanConn, err := stan.Connect( natsClusterID, clientID, diff --git a/docs/self-hosting.md b/docs/self-hosting.md index fe72462..1b4380b 100644 --- a/docs/self-hosting.md +++ b/docs/self-hosting.md @@ -124,4 +124,45 @@ If you want to host on a VM instead, it should be fairly straightforward to modi ## Host on VM with certificate signed by CA (TLS) - +Create a resource group and VM (an Azure VM in this sample): +```sh +az group create -n nats -l westus +az vm create --image UbuntuLTS -g nats -n convey-nats-usw2-1 -l westus2 --size Standard_DS2_v2 --public-ip-address-dns-name convey-nats-usw2-1 +az vm open-port -g nats -n convey-nats-usw2-1 --port 80 443 4443 4444 +``` + +SSH into the VM: +``` +ssh IP_ADDRESS +``` + +Use certbot to get your SSL certificate: + +https://certbot.eff.org/lets-encrypt/ubuntubionic-other + +Install and start NATS Server: + +```sh +wget -O nats-server.deb https://github.com/nats-io/nats-server/releases/download/v2.1.2/nats-server-v2.1.2-amd64.deb + +nohup nats-server --addr 0.0.0.0 --port 4443 --https_port 4444 --tlscert /etc/letsencrypt/live/convey-nats-usw2-1.westus2.cloudapp.azure.com/fullchain.pem --tlskey /etc/letsencrypt/live/convey-nats-usw2-1.westus2.cloudapp.azure.com/privkey.pem --tls --log /var/log/nats-server & +``` + +Other releases: https://github.com/nats-io/nats-server/releases + +Install and start NATS Streaming Server: + +``` +wget -O nats-streaming-server.deb https://github.com/nats-io/nats-streaming-server/releases/download/v0.16.2/nats-streaming-server-v0.16.2-amd64.deb +dpkg -i nats-streaming-server.deb + +nohup nats-streaming-server --cluster_id test-cluster --store MEMORY --max_channels 0 --max_subs 0 --max_msgs 0 --max_bytes 0 --max_age 24h --max_inactivity 10m --encrypt --encryption_key mykey --nats_server nats://convey-nats-usw2-1.westus2.cloudapp.azure.com:4443 --log /var/log/nats-streaming-server & +``` + +Other releases: https://github.com/nats-io/nats-streaming-server/releases + +Finally, configure `convey` to use this server: + +``` +convey configure --nats-url nats://convey-nats-usw2-1.westus2.cloudapp.azure.com:4443 --nats-cluster test-cluster --keyfile FILE +```