update server recipes - Linode & DigitalOcean (#239)

README.md

@@ -86,7 +86,9 @@ It's the easiest to try SMP agent via a prototype [simplex-chat](https://github.
 
 ## Deploy SMP server on Linode
 
-You can get Linode [free credits](https://www.linode.com/lp/affiliate-referral/?irclickid=02-QkdTEpxyLW0W0EOSREQreUkB2DtzGE2lGTE0&irgwc=1&utm_source=impact) to deploy SMP server.
+<!-- TODO revise this link, looks fishy -->
+
+\* You can get [Linode free credits](https://www.linode.com/lp/affiliate-referral/?irclickid=02-QkdTEpxyLW0W0EOSREQreUkB2DtzGE2lGTE0&irgwc=1&utm_source=impact) to deploy SMP server.
 
 Deployment on Linode is performed via StackScripts, which serve as recipes for Linode instances, also called Linodes. To deploy SMP server on Linode:
 
@@ -108,13 +110,15 @@ Please submit an [issue](https://github.com/simplex-chat/simplexmq/issues) if an
 
 ## Deploy SMP server on DigitalOcean
 
-You can deploy SMP server using [SimpleX Server 1-click app](https://marketplace.digitalocean.com/apps/simplex-server) from DigitalOcean marketplace:
+\* When creating a DigitalOcean account you can use [this link](https://try.digitalocean.com/freetrialoffer/) to get free credits. (You would still be required either to provide your credit card details or make a confirmation pre-payment with PayPal)
+
+To deploy SMP server use [SimpleX Server 1-click app](https://marketplace.digitalocean.com/apps/simplex-server) from DigitalOcean marketplace:
 
 - Create a DigitalOcean account or login with an already existing one.
 - Click 'Create SimpleX server Droplet' button.
-- Choose the region and plan according to your requirements (cheapest Regular plan should be sufficient).
-- Provide ssh key and confirm Droplet creation. 
-- SSH to created Droplet (`ssh root@<droplet_ip_address>`) to get SMP server public key hash - either from the welcome message or from `/etc/opt/simplex/pub_key_hash`. DigitalOcean has a good guide on [how to login to Droplet via ssh](https://docs.digitalocean.com/products/droplets/how-to/connect-with-ssh/).
+- Choose the region and plan according to your requirements (Basic plan should be sufficient).
+- Finalize Droplet creation. 
+- Open "Console" on your Droplet management page to get SMP server fingerprint - either from the welcome message or from `/etc/opt/simplex/fingerprint`. Alternatively you can manually SSH to created Droplet, see [instruction](https://docs.digitalocean.com/products/droplets/how-to/connect-with-ssh/).
 - Great, your own SMP server is ready! Use `ip_address#hash` as SMP server address in the client.
 
 Please submit an [issue](https://github.com/simplex-chat/simplexmq/issues) if any problems occur.

scripts/smp-server-digitalocean-droplet/README.md

@@ -1,10 +1,10 @@
 # Server image for DigitalOcean
 
+<!-- TODO tested on a fresh DO droplet and this seems to be wrong - we have to update the image to behave as described.
+
 The current image used for 1-click deployment on DigitalOcean does not contain the source or binary of SMP Server - it downloads the compiled binary of the latest release (rather than a particular release) from GitHub.
 
-The upside is that the new image does not have to be created and approved by DigitalOcean every time when the new release is created.
-
-The downside is that while the release is being prepared in CI, when the release object is already created in GitHub but the server binary is not attached yet, the attempt to install the server would fail - it can last anything from several to 20 minutes, depending on whether the cached dependencies were used or everything was recompiled. Currently, when there is a small number of users, it is not a big problem, but we should consider some possible solutions in the future. Linode StackScript has the same issue.
+The upside is that the new image does not have to be created and approved by DigitalOcean every time when the new release is created. -->
 
 ## How to build an image
 

scripts/smp-server-digitalocean-droplet/files/opt/simplex/on_login.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# receives pubkey_hash file location as the first parameter
+# receives fingerprint file location as the first parameter
 
 ip_address=$(hostname -I | awk '{print$1}')
 hash=$(cat $1)

scripts/smp-server-digitalocean-droplet/scripts/03-init-start.sh

@@ -45,10 +45,12 @@ EOT
 chmod 644 /etc/systemd/system/smp-server.service
 
 echo "initializing SMP server"
-hash_file="$conf_dir/pubkey_hash"
-smp-server init -l | grep "transport key hash:" | cut -f2 -d":" | xargs > $hash_file
+smp-server init -l
+# CA certificate (identity/offline) fingerprint
+hash_file="$conf_dir/fingerprint"
 # turn off websockets support
 sed -e '/websockets/s/^/# /g' -i $conf_dir/smp-server.ini
+
 # add welcome script to .bashrc
 echo "bash /opt/simplex/on_login.sh $hash_file" >> /root/.bashrc
 

scripts/smp-server-linode.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 # <UDF name="enable_store_log" label="Store log - persists SMP queues to append only log and restores them upon server restart." default="on" oneof="on, off" />
-# <UDF name="api_token" label="Linode API token - enables StackScript to create tags containing SMP server domain/ip address, transport key hash and server version. Use `domain#hash` or `ip#hash` as SMP server address in the client. Note: minimal permissions token should have are - read/write access to `linodes` (to update linode tags - you need them) and `domains` (to add A record for the chosen 3rd level domain)" default="" />
-# <UDF name="fqdn" label="FQDN (Fully qualified domain name) - provide third level domain name (ex: smp.example.com). If provided can be used instead of ip address." default="" />
+# <UDF name="api_token" label="Linode API token - enables StackScript to create tags containing SMP server FQDN / IP address, CA certificate fingerprint and server version. Use `fqdn#fingerprint` or `ip#fingerprint` as SMP server address in the client. Note: minimal permissions token should have are - read/write access to `linodes` (to update linode tags) and `domains` (to add A record for the chosen 3rd level domain)" default="" />
+# <UDF name="fqdn" label="FQDN (Fully qualified domain name) - provide third level domain name (ex: smp.example.com). If provided can be used instead of IP address." default="" />
 
 # log all stdout output to stackscript.log
 exec &> >(tee -i /var/log/stackscript.log)
@@ -48,15 +48,17 @@ source /etc/profile.d/simplex.sh
 # initialize SMP server
 init_opts=()
 [[ $ENABLE_STORE_LOG == "on" ]] && init_opts+=(-l)
-hash_file="$conf_dir/pubkey_hash"
-smp-server init "${init_opts[@]}" | grep "transport key hash:" | cut -f2 -d":" | xargs > $hash_file
+smp-server init "${init_opts[@]}"
+# CA certificate (identity/offline) fingerprint
+hash_file="$conf_dir/fingerprint"
 # turn off websockets support
 sed -e '/websockets/s/^/# /g' -i $conf_dir/smp-server.ini
+
 # create script that will run on login
 on_login_script="/opt/simplex/on_login.sh"
 cat <<EOT >> $on_login_script
 #!/bin/bash
-# receives pubkey_hash file location as the first parameter
+# receives fingerprint file location as the first parameter
 
 ip_address=\$(hostname -I | awk '{print\$1}')
 hash=\$(cat \$1)