Software `/` code `/` prosody

Annotate

util/prosodyctl/check.lua @ 13219:22763b30e458 0.12

util.prosodyctl.check: Hint about the 'external_addresses' config option

author	Kim Alvefur <zash@zash.se>
date	Mon, 17 Jul 2023 14:56:57 +0200
parent	13217:b264ea91e930
child	13220:56decf85db1d
child	13254:a2ba3f06dcf4

rev	line source
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1 local configmanager = require "core.configmanager";
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	2 local moduleapi = require "core.moduleapi";
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	3 local show_usage = require "util.prosodyctl".show_usage;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	4 local show_warning = require "util.prosodyctl".show_warning;
11780 98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	5 local is_prosody_running = require "util.prosodyctl".isrunning;
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	6 local parse_args = require "util.argparse".parse;
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	7 local dependencies = require "util.dependencies";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	8 local socket = require "socket";
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	9 local socket_url = require "socket.url";
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	10 local jid_split = require "util.jid".prepped_split;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	11 local modulemanager = require "core.modulemanager";
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	12 local async = require "util.async";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	13 local httputil = require "util.http";
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	14
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	15 local function api(host)
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	16 return setmetatable({ name = "prosodyctl.check"; host = host; log = prosody.log }, { __index = moduleapi })
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	17 end
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	18
11826 e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	19 local function check_ojn(check_type, target_host)
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	20 local http = require "net.http"; -- .new({});
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	21 local json = require "util.json";
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	22
11826 e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	23 local response, err = async.wait_for(http.request(
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	24 ("https://observe.jabber.network/api/v1/check/%s"):format(httputil.urlencode(check_type)),
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	25 {
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	26 method="POST",
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	27 headers={["Accept"] = "application/json"; ["Content-Type"] = "application/json"},
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	28 body=json.encode({target=target_host}),
11826 e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	29 }));
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	30
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	31 if not response then
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	32 return false, err;
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	33 end
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	34
11826 e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	35 if response.code ~= 200 then
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	36 return false, ("API replied with non-200 code: %d"):format(response.code);
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	37 end
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	38
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	39 local decoded_body, err = json.decode(response.body);
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	40 if decoded_body == nil then
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	41 return false, ("Failed to parse API JSON: %s"):format(err)
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	42 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	43
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	44 local success = decoded_body["success"];
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	45 return success == true, nil;
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	46 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	47
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	48 local function check_probe(base_url, probe_module, target)
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	49 local http = require "net.http"; -- .new({});
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	50 local params = httputil.formencode({ module = probe_module; target = target })
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	51 local response, err = async.wait_for(http.request(base_url .. "?" .. params));
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	52
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	53 if not response then return false, err; end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	54
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	55 if response.code ~= 200 then return false, ("API replied with non-200 code: %d"):format(response.code); end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	56
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	57 for line in response.body:gmatch("[^\r\n]+") do
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	58 local probe_success = line:match("^probe_success%s+(%d+)");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	59
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	60 if probe_success == "1" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	61 return true;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	62 elseif probe_success == "0" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	63 return false;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	64 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	65 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	66 return false, "Probe endpoint did not return a success status";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	67 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	68
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	69 local function check_turn_service(turn_service, ping_service)
12385 92b35a41bb3c prosodyctl: check turn: compare correct addresses for relay mismatch detection (thanks Zash) Matthew Wild <mwild1@gmail.com> parents: 12384 diff changeset	70 local ip = require "util.ip";
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	71 local stun = require "net.stun";
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	72
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	73 -- Create UDP socket for communication with the server
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	74 local sock = assert(require "socket".udp());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	75 sock:setsockname("*", 0);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	76 sock:setpeername(turn_service.host, turn_service.port);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	77 sock:settimeout(10);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	78
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	79 -- Helper function to receive a packet
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	80 local function receive_packet()
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	81 local raw_packet, err = sock:receive();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	82 if not raw_packet then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	83 return nil, err;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	84 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	85 return stun.new_packet():deserialize(raw_packet);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	86 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	87
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	88 local result = { warnings = {} };
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	89
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	90 -- Send a "binding" query, i.e. a request for our external IP/port
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	91 local bind_query = stun.new_packet("binding", "request");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	92 bind_query:add_attribute("software", "prosodyctl check turn");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	93 sock:send(bind_query:serialize());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	94
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	95 local bind_result, err = receive_packet();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	96 if not bind_result then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	97 result.error = "No STUN response: "..err;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	98 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	99 elseif bind_result:is_err_resp() then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	100 result.error = ("STUN server returned error: %d (%s)"):format(bind_result:get_error());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	101 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	102 elseif not bind_result:is_success_resp() then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	103 result.error = ("Unexpected STUN response: %d (%s)"):format(bind_result:get_type());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	104 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	105 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	106
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	107 result.external_ip = bind_result:get_xor_mapped_address();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	108 if not result.external_ip then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	109 result.error = "STUN server did not return an address";
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	110 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	111 end
12384 53b4549c2209 prosodyctl: check turn: Add check for private IP returned from STUN. Matthew Wild <mwild1@gmail.com> parents: 12383 diff changeset	112 if ip.new_ip(result.external_ip.address).private then
53b4549c2209 prosodyctl: check turn: Add check for private IP returned from STUN. Matthew Wild <mwild1@gmail.com> parents: 12383 diff changeset	113 table.insert(result.warnings, "STUN returned a private IP! Is the TURN server behind a NAT and misconfigured?");
53b4549c2209 prosodyctl: check turn: Add check for private IP returned from STUN. Matthew Wild <mwild1@gmail.com> parents: 12383 diff changeset	114 end
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	115
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	116 -- Send a TURN "allocate" request. Expected to fail due to auth, but
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	117 -- necessary to obtain a valid realm/nonce from the server.
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	118 local pre_request = stun.new_packet("allocate", "request");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	119 sock:send(pre_request:serialize());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	120
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	121 local pre_result, err = receive_packet();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	122 if not pre_result then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	123 result.error = "No initial TURN response: "..err;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	124 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	125 elseif pre_result:is_success_resp() then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	126 result.error = "TURN server does not have authentication enabled";
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	127 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	128 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	129
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	130 local realm = pre_result:get_attribute("realm");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	131 local nonce = pre_result:get_attribute("nonce");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	132
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	133 if not realm then
12383 a9b6ed86b573 prosodyctl: check turn: improve warning text to suggest issues Matthew Wild <mwild1@gmail.com> parents: 12382 diff changeset	134 table.insert(result.warnings, "TURN server did not return an authentication realm. Is authentication enabled?");
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	135 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	136 if not nonce then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	137 table.insert(result.warnings, "TURN server did not return a nonce");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	138 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	139
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	140 -- Use the configured secret to obtain temporary user/pass credentials
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	141 local turn_user, turn_pass = stun.get_user_pass_from_secret(turn_service.secret);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	142
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	143 -- Send a TURN allocate request, will fail if auth is wrong
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	144 local alloc_request = stun.new_packet("allocate", "request");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	145 alloc_request:add_requested_transport("udp");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	146 alloc_request:add_attribute("username", turn_user);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	147 if realm then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	148 alloc_request:add_attribute("realm", realm);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	149 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	150 if nonce then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	151 alloc_request:add_attribute("nonce", nonce);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	152 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	153 local key = stun.get_long_term_auth_key(realm or turn_service.host, turn_user, turn_pass);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	154 alloc_request:add_message_integrity(key);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	155 sock:send(alloc_request:serialize());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	156
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	157 -- Check the response
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	158 local alloc_response, err = receive_packet();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	159 if not alloc_response then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	160 result.error = "TURN server did not response to allocation request: "..err;
12466 9ee41552bca0 util.prosodyctl: check turn: ensure a result is always returned from a check (thanks eTaurus) Matthew Wild <mwild1@gmail.com> parents: 12441 diff changeset	161 return result;
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	162 elseif alloc_response:is_err_resp() then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	163 result.error = ("TURN allocation failed: %d (%s)"):format(alloc_response:get_error());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	164 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	165 elseif not alloc_response:is_success_resp() then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	166 result.error = ("Unexpected TURN response: %d (%s)"):format(alloc_response:get_type());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	167 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	168 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	169
12375 ea5e46601cfb prosodyctl: check turn: show relayed address(es) in verbose mode Matthew Wild <mwild1@gmail.com> parents: 12373 diff changeset	170 result.relayed_addresses = alloc_response:get_xor_relayed_addresses();
ea5e46601cfb prosodyctl: check turn: show relayed address(es) in verbose mode Matthew Wild <mwild1@gmail.com> parents: 12373 diff changeset	171
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	172 if not ping_service then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	173 -- Success! We won't be running the relay test.
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	174 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	175 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	176
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	177 -- Run the relay test - i.e. send a binding request to ping_service
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	178 -- and receive a response.
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	179
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	180 -- Resolve the IP of the ping service
12373 5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	181 local ping_host, ping_port = ping_service:match("^([^:]+):(%d+)$");
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	182 if ping_host then
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	183 ping_port = tonumber(ping_port);
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	184 else
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	185 -- Only a hostname specified, use default STUN port
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	186 ping_host, ping_port = ping_service, 3478;
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	187 end
12416 19fd28239e73 prosodyctl: check turn: Fail with error if our own address is supplied for the ping test Matthew Wild <mwild1@gmail.com> parents: 12414 diff changeset	188
19fd28239e73 prosodyctl: check turn: Fail with error if our own address is supplied for the ping test Matthew Wild <mwild1@gmail.com> parents: 12414 diff changeset	189 if ping_host == turn_service.host then
19fd28239e73 prosodyctl: check turn: Fail with error if our own address is supplied for the ping test Matthew Wild <mwild1@gmail.com> parents: 12414 diff changeset	190 result.error = ("Unable to perform ping test: please supply an external STUN server address. See https://prosody.im/doc/turn#prosodyctl-check");
19fd28239e73 prosodyctl: check turn: Fail with error if our own address is supplied for the ping test Matthew Wild <mwild1@gmail.com> parents: 12414 diff changeset	191 return result;
19fd28239e73 prosodyctl: check turn: Fail with error if our own address is supplied for the ping test Matthew Wild <mwild1@gmail.com> parents: 12414 diff changeset	192 end
19fd28239e73 prosodyctl: check turn: Fail with error if our own address is supplied for the ping test Matthew Wild <mwild1@gmail.com> parents: 12414 diff changeset	193
12373 5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	194 local ping_service_ip, err = socket.dns.toip(ping_host);
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	195 if not ping_service_ip then
12379 6ac3c580c00d prosodyctl: check turn: Clearer error when unable to resolve external service host Matthew Wild <mwild1@gmail.com> parents: 12377 diff changeset	196 result.error = "Unable to resolve ping service hostname: "..err;
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	197 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	198 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	199
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	200 -- Ask the TURN server to allow packets from the ping service IP
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	201 local perm_request = stun.new_packet("create-permission");
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	202 perm_request:add_xor_peer_address(ping_service_ip);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	203 perm_request:add_attribute("username", turn_user);
12382 574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	204 if realm then
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	205 perm_request:add_attribute("realm", realm);
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	206 end
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	207 if nonce then
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	208 perm_request:add_attribute("nonce", nonce);
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	209 end
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	210 perm_request:add_message_integrity(key);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	211 sock:send(perm_request:serialize());
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	212
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	213 local perm_response, err = receive_packet();
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	214 if not perm_response then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	215 result.error = "No response from TURN server when requesting peer permission: "..err;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	216 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	217 elseif perm_response:is_err_resp() then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	218 result.error = ("TURN permission request failed: %d (%s)"):format(perm_response:get_error());
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	219 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	220 elseif not perm_response:is_success_resp() then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	221 result.error = ("Unexpected TURN response: %d (%s)"):format(perm_response:get_type());
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	222 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	223 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	224
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	225 -- Ask the TURN server to relay a STUN binding request to the ping server
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	226 local ping_data = stun.new_packet("binding"):serialize();
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	227
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	228 local ping_request = stun.new_packet("send", "indication");
12373 5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	229 ping_request:add_xor_peer_address(ping_service_ip, ping_port);
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	230 ping_request:add_attribute("data", ping_data);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	231 ping_request:add_attribute("username", turn_user);
12382 574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	232 if realm then
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	233 ping_request:add_attribute("realm", realm);
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	234 end
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	235 if nonce then
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	236 ping_request:add_attribute("nonce", nonce);
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	237 end
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	238 ping_request:add_message_integrity(key);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	239 sock:send(ping_request:serialize());
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	240
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	241 local ping_response, err = receive_packet();
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	242 if not ping_response then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	243 result.error = "No response from ping server ("..ping_service_ip.."): "..err;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	244 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	245 elseif not ping_response:is_indication() or select(2, ping_response:get_method()) ~= "data" then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	246 result.error = ("Unexpected TURN response: %s %s"):format(select(2, ping_response:get_method()), select(2, ping_response:get_type()));
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	247 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	248 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	249
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	250 local pong_data = ping_response:get_attribute("data");
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	251 if not pong_data then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	252 result.error = "No data relayed from remote server";
12466 9ee41552bca0 util.prosodyctl: check turn: ensure a result is always returned from a check (thanks eTaurus) Matthew Wild <mwild1@gmail.com> parents: 12441 diff changeset	253 return result;
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	254 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	255 local pong = stun.new_packet():deserialize(pong_data);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	256
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	257 result.external_ip_pong = pong:get_xor_mapped_address();
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	258 if not result.external_ip_pong then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	259 result.error = "Ping server did not return an address";
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	260 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	261 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	262
12390 71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	263 local relay_address_found, relay_port_matches;
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	264 for _, relayed_address in ipairs(result.relayed_addresses) do
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	265 if relayed_address.address == result.external_ip_pong.address then
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	266 relay_address_found = true;
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	267 relay_port_matches = result.external_ip_pong.port == relayed_address.port;
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	268 end
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	269 end
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	270 if not relay_address_found then
12383 a9b6ed86b573 prosodyctl: check turn: improve warning text to suggest issues Matthew Wild <mwild1@gmail.com> parents: 12382 diff changeset	271 table.insert(result.warnings, "TURN external IP vs relay address mismatch! Is the TURN server behind a NAT and misconfigured?");
12390 71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	272 elseif not relay_port_matches then
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	273 table.insert(result.warnings, "External port does not match reported relay port! This is probably caused by a NAT in front of the TURN server.");
12383 a9b6ed86b573 prosodyctl: check turn: improve warning text to suggest issues Matthew Wild <mwild1@gmail.com> parents: 12382 diff changeset	274 end
a9b6ed86b573 prosodyctl: check turn: improve warning text to suggest issues Matthew Wild <mwild1@gmail.com> parents: 12382 diff changeset	275
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	276 --
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	277
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	278 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	279 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	280
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	281 local function skip_bare_jid_hosts(host)
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	282 if jid_split(host) then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	283 -- See issue #779
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	284 return false;
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	285 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	286 return true;
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	287 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	288
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	289 local check_opts = {
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	290 short_params = {
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	291 h = "help", v = "verbose";
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	292 };
12376 10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	293 value_params = {
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	294 ping = true;
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	295 };
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	296 };
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	297
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	298 local function check(arg)
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	299 if arg[1] == "help" or arg[1] == "--help" then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	300 show_usage([[check]], [[Perform basic checks on your Prosody installation]]);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	301 return 1;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	302 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	303 local what = table.remove(arg, 1);
12376 10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	304 local opts, opts_err, opts_info = parse_args(arg, check_opts);
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	305 if opts_err == "missing-value" then
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	306 print("Error: Expected a value after '"..opts_info.."'");
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	307 return 1;
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	308 elseif opts_err == "param-not-found" then
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	309 print("Error: Unknown parameter: "..opts_info);
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	310 return 1;
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	311 end
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	312 local array = require "util.array";
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	313 local set = require "util.set";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	314 local it = require "util.iterators";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	315 local ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	316 local function disabled_hosts(host, conf) return host ~= "*" and conf.enabled ~= false; end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	317 local function enabled_hosts() return it.filter(disabled_hosts, pairs(configmanager.getconfig())); end
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	318 if not (what == nil or what == "disabled" or what == "config" or what == "dns" or what == "certs" or what == "connectivity" or what == "turn") then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	319 show_warning("Don't know how to check '%s'. Try one of 'config', 'dns', 'certs', 'disabled', 'turn' or 'connectivity'.", what);
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	320 show_warning("Note: The connectivity check will connect to a remote server.");
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	321 return 1;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	322 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	323 if not what or what == "disabled" then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	324 local disabled_hosts_set = set.new();
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	325 for host in it.filter("*", pairs(configmanager.getconfig())) do
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	326 if api(host):get_option_boolean("enabled") == false then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	327 disabled_hosts_set:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	328 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	329 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	330 if not disabled_hosts_set:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	331 local msg = "Checks will be skipped for these disabled hosts: %s";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	332 if what then msg = "These hosts are disabled: %s"; end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	333 show_warning(msg, tostring(disabled_hosts_set));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	334 if what then return 0; end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	335 print""
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	336 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	337 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	338 if not what or what == "config" then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	339 print("Checking config...");
12441 dc6263625069 prosodyctl: check config: Report paths of loaded configuration files (fixed #1729) Matthew Wild <mwild1@gmail.com> parents: 12416 diff changeset	340
dc6263625069 prosodyctl: check config: Report paths of loaded configuration files (fixed #1729) Matthew Wild <mwild1@gmail.com> parents: 12416 diff changeset	341 if what == "config" then
dc6263625069 prosodyctl: check config: Report paths of loaded configuration files (fixed #1729) Matthew Wild <mwild1@gmail.com> parents: 12416 diff changeset	342 local files = configmanager.files();
dc6263625069 prosodyctl: check config: Report paths of loaded configuration files (fixed #1729) Matthew Wild <mwild1@gmail.com> parents: 12416 diff changeset	343 print(" The following configuration files have been loaded:");
dc6263625069 prosodyctl: check config: Report paths of loaded configuration files (fixed #1729) Matthew Wild <mwild1@gmail.com> parents: 12416 diff changeset	344 print(" - "..table.concat(files, "\n - "));
dc6263625069 prosodyctl: check config: Report paths of loaded configuration files (fixed #1729) Matthew Wild <mwild1@gmail.com> parents: 12416 diff changeset	345 end
dc6263625069 prosodyctl: check config: Report paths of loaded configuration files (fixed #1729) Matthew Wild <mwild1@gmail.com> parents: 12416 diff changeset	346
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	347 local obsolete = set.new({ --> remove
12118 30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	348 "archive_cleanup_interval",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	349 "dns_timeout",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	350 "muc_log_cleanup_interval",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	351 "s2s_dns_resolvers",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	352 "setgid",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	353 "setuid",
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	354 });
12159 aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	355 local function instead_use(kind, name, value)
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	356 if kind == "option" then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	357 if value then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	358 return string.format("instead, use '%s = %q'", name, value);
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	359 else
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	360 return string.format("instead, use '%s'", name);
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	361 end
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	362 elseif kind == "module" then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	363 return string.format("instead, add %q to '%s'", name, value or "modules_enabled");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	364 elseif kind == "community" then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	365 return string.format("instead, add %q from %s", name, value or "prosody-modules");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	366 end
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	367 return kind
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	368 end
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	369 local deprecated_replacements = {
12159 aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	370 anonymous_login = instead_use("option", "authentication", "anonymous");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	371 daemonize = "instead, use the --daemonize/-D or --foreground/-F command line flags";
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	372 disallow_s2s = instead_use("module", "s2s");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	373 no_daemonize = "instead, use the --daemonize/-D or --foreground/-F command line flags";
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	374 require_encryption = "instead, use 'c2s_require_encryption' and 's2s_require_encryption'";
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	375 vcard_compatibility = instead_use("community", "mod_compat_vcard");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	376 use_libevent = instead_use("option", "network_backend", "event");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	377 whitelist_registration_only = instead_use("option", "allowlist_registration_only");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	378 registration_whitelist = instead_use("option", "registration_allowlist");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	379 registration_blacklist = instead_use("option", "registration_blocklist");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	380 blacklist_on_registration_throttle_overload = instead_use("blocklist_on_registration_throttle_overload");
12898 4255db0f8e58 util.prosodyctl.check: Suggest 'http_cors_override' instead of older CORS settings Kim Alvefur <zash@zash.se> parents: 12842 diff changeset	381 cross_domain_bosh = "instead, use 'http_cors_override', see https://prosody.im/doc/http#cross-domain-cors-support";
4255db0f8e58 util.prosodyctl.check: Suggest 'http_cors_override' instead of older CORS settings Kim Alvefur <zash@zash.se> parents: 12842 diff changeset	382 cross_domain_websocket = "instead, use 'http_cors_override', see https://prosody.im/doc/http#cross-domain-cors-support";
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	383 };
11800 60018637f5d4 util.prosodyctl.check: Nudge towards plural port options Kim Alvefur <zash@zash.se> parents: 11799 diff changeset	384 -- FIXME all the singular _port and _interface options are supposed to be deprecated too
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	385 local deprecated_ports = { bosh = "http", legacy_ssl = "c2s_direct_tls" };
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	386 local port_suffixes = set.new({ "port", "ports", "interface", "interfaces", "ssl" });
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	387 for port, replacement in pairs(deprecated_ports) do
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	388 for suffix in port_suffixes do
11800 60018637f5d4 util.prosodyctl.check: Nudge towards plural port options Kim Alvefur <zash@zash.se> parents: 11799 diff changeset	389 local rsuffix = (suffix == "port" or suffix == "interface") and suffix.."s" or suffix;
12158 7ff3699c1653 util.prosodyctl.check: Move word to ease future translations Kim Alvefur <zash@zash.se> parents: 12157 diff changeset	390 deprecated_replacements[port.."_"..suffix] = "instead, use '"..replacement.."_"..rsuffix.."'"
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	391 end
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	392 end
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	393 local deprecated = set.new(array.collect(it.keys(deprecated_replacements)));
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	394 local known_global_options = set.new({
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	395 "access_control_allow_credentials",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	396 "access_control_allow_headers",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	397 "access_control_allow_methods",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	398 "access_control_max_age",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	399 "admin_socket",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	400 "body_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	401 "bosh_max_inactivity",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	402 "bosh_max_polling",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	403 "bosh_max_wait",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	404 "buffer_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	405 "c2s_close_timeout",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	406 "c2s_stanza_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	407 "c2s_tcp_keepalives",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	408 "c2s_timeout",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	409 "component_stanza_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	410 "component_tcp_keepalives",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	411 "consider_bosh_secure",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	412 "consider_websocket_secure",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	413 "console_banner",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	414 "console_prettyprint_settings",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	415 "daemonize",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	416 "gc",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	417 "http_default_host",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	418 "http_errors_always_show",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	419 "http_errors_default_message",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	420 "http_errors_detailed",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	421 "http_errors_messages",
11833 bd86ab8122d9 util.prosodyctl.check: Add two known globals from mod_http Kim Alvefur <zash@zash.se> parents: 11827 diff changeset	422 "http_max_buffer_size",
bd86ab8122d9 util.prosodyctl.check: Add two known globals from mod_http Kim Alvefur <zash@zash.se> parents: 11827 diff changeset	423 "http_max_content_size",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	424 "installer_plugin_path",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	425 "limits",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	426 "limits_resolution",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	427 "log",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	428 "multiplex_buffer_size",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	429 "network_backend",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	430 "network_default_read_size",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	431 "network_settings",
11940 2d82e4245aa3 util.prosodyctl.check: Add mod_http_openmetrics settings to known globals Kim Alvefur <zash@zash.se> parents: 11925 diff changeset	432 "openmetrics_allow_cidr",
2d82e4245aa3 util.prosodyctl.check: Add mod_http_openmetrics settings to known globals Kim Alvefur <zash@zash.se> parents: 11925 diff changeset	433 "openmetrics_allow_ips",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	434 "pidfile",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	435 "plugin_paths",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	436 "plugin_server",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	437 "prosodyctl_timeout",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	438 "prosody_group",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	439 "prosody_user",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	440 "run_as_root",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	441 "s2s_close_timeout",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	442 "s2s_insecure_domains",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	443 "s2s_require_encryption",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	444 "s2s_secure_auth",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	445 "s2s_secure_domains",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	446 "s2s_stanza_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	447 "s2s_tcp_keepalives",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	448 "s2s_timeout",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	449 "statistics",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	450 "statistics_config",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	451 "statistics_interval",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	452 "tcp_keepalives",
12099 b344edad61d3 core.certmanager: Rename preset option to 'tls_preset' Kim Alvefur <zash@zash.se> parents: 11957 diff changeset	453 "tls_profile",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	454 "trusted_proxies",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	455 "umask",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	456 "use_dane",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	457 "use_ipv4",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	458 "use_ipv6",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	459 "websocket_frame_buffer_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	460 "websocket_frame_fragment_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	461 "websocket_get_response_body",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	462 "websocket_get_response_text",
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	463 });
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	464 local config = configmanager.getconfig();
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	465 local global = api("*");
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	466 -- Check that we have any global options (caused by putting a host at the top)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	467 if it.count(it.filter("log", pairs(config["*"]))) == 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	468 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	469 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	470 print(" No global options defined. Perhaps you have put a host definition at the top")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	471 print(" of the config file? They should be at the bottom, see https://prosody.im/doc/configure#overview");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	472 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	473 if it.count(enabled_hosts()) == 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	474 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	475 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	476 if it.count(it.filter("*", pairs(config))) == 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	477 print(" No hosts are defined, please add at least one VirtualHost section")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	478 elseif config["*"]["enabled"] == false then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	479 print(" No hosts are enabled. Remove enabled = false from the global section or put enabled = true under at least one VirtualHost section")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	480 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	481 print(" All hosts are disabled. Remove enabled = false from at least one VirtualHost section")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	482 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	483 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	484 if not config["*"].modules_enabled then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	485 print(" No global modules_enabled is set?");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	486 local suggested_global_modules;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	487 for host, options in enabled_hosts() do --luacheck: ignore 213/host
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	488 if not options.component_module and options.modules_enabled then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	489 suggested_global_modules = set.intersection(suggested_global_modules or set.new(options.modules_enabled), set.new(options.modules_enabled));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	490 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	491 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	492 if suggested_global_modules and not suggested_global_modules:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	493 print(" Consider moving these modules into modules_enabled in the global section:")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	494 print(" "..tostring(suggested_global_modules / function (x) return ("%q"):format(x) end));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	495 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	496 print();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	497 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	498
13217 b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	499 local function validate_module_list(host, name, modules)
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	500 if modules == nil then
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	501 return -- okay except for global section, checked separately
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	502 end
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	503 local t = type(modules)
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	504 if t ~= "table" then
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	505 print(" The " .. name .. " in the " .. host .. " section should not be a " .. t .. " but a list of strings, e.g.");
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	506 print(" " .. name .. " = { \"name_of_module\", \"another_plugin\", }")
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	507 print()
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	508 ok = false
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	509 return
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	510 end
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	511 for k, v in pairs(modules) do
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	512 if type(k) ~= "number" or type(v) ~= "string" then
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	513 print(" The " .. name .. " in the " .. host .. " section should not be a map of " .. type(k) .. " to " .. type(v)
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	514 .. " but a list of strings, e.g.");
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	515 print(" " .. name .. " = { \"name_of_module\", \"another_plugin\", }")
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	516 ok = false
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	517 break
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	518 end
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	519 end
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	520 end
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	521
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	522 for host, options in enabled_hosts() do
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	523 validate_module_list(host, "modules_enabled", options.modules_enabled);
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	524 validate_module_list(host, "modules_disabled", options.modules_disabled);
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	525 end
b264ea91e930 util.prosodyctl.check: Validate format of module list options Kim Alvefur <zash@zash.se> parents: 13216 diff changeset	526
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	527 do -- Check for modules enabled both normally and as components
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	528 local modules = global:get_option_set("modules_enabled");
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	529 for host, options in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	530 local component_module = options.component_module;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	531 if component_module and modules:contains(component_module) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	532 print((" mod_%s is enabled both in modules_enabled and as Component %q %q"):format(component_module, host, component_module));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	533 print(" This means the service is enabled on all VirtualHosts as well as the Component.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	534 print(" Are you sure this what you want? It may cause unexpected behaviour.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	535 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	536 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	537 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	538
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	539 -- Check for global options under hosts
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	540 local global_options = set.new(it.to_array(it.keys(config["*"])));
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	541 local obsolete_global_options = set.intersection(global_options, obsolete);
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	542 if not obsolete_global_options:empty() then
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	543 print("");
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	544 print(" You have some obsolete options you can remove from the global section:");
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	545 print(" "..tostring(obsolete_global_options))
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	546 ok = false;
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	547 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	548 local deprecated_global_options = set.intersection(global_options, deprecated);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	549 if not deprecated_global_options:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	550 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	551 print(" You have some deprecated options in the global section:");
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	552 for option in deprecated_global_options do
12158 7ff3699c1653 util.prosodyctl.check: Move word to ease future translations Kim Alvefur <zash@zash.se> parents: 12157 diff changeset	553 print((" '%s' -- %s"):format(option, deprecated_replacements[option]));
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	554 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	555 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	556 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	557 for host, options in it.filter(function (h) return h ~= "*" end, pairs(configmanager.getconfig())) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	558 local host_options = set.new(it.to_array(it.keys(options)));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	559 local misplaced_options = set.intersection(host_options, known_global_options);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	560 for name in pairs(options) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	561 if name:match("^interfaces?")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	562 or name:match("_ports?$") or name:match("_interfaces?$")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	563 or (name:match("_ssl$") and not name:match("^[cs]2s_ssl$")) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	564 misplaced_options:add(name);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	565 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	566 end
11799 8c9ec2db1d95 util.prosodyctl.check: Fix to not treat some options as misplaced Kim Alvefur <zash@zash.se> parents: 11798 diff changeset	567 -- FIXME These _could_ be misplaced, but we would have to check where the corresponding module is loaded to be sure
8c9ec2db1d95 util.prosodyctl.check: Fix to not treat some options as misplaced Kim Alvefur <zash@zash.se> parents: 11798 diff changeset	568 misplaced_options:exclude(set.new({ "external_service_port", "turn_external_port" }));
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	569 if not misplaced_options:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	570 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	571 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	572 local n = it.count(misplaced_options);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	573 print(" You have "..n.." option"..(n>1 and "s " or " ").."set under "..host.." that should be");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	574 print(" in the global section of the config file, above any VirtualHost or Component definitions,")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	575 print(" see https://prosody.im/doc/configure#overview for more information.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	576 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	577 print(" You need to move the following option"..(n>1 and "s" or "")..": "..table.concat(it.to_array(misplaced_options), ", "));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	578 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	579 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	580 for host, options in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	581 local host_options = set.new(it.to_array(it.keys(options)));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	582 local subdomain = host:match("^[^.]+");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	583 if not(host_options:contains("component_module")) and (subdomain == "jabber" or subdomain == "xmpp"
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	584 or subdomain == "chat" or subdomain == "im") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	585 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	586 print(" Suggestion: If "..host.. " is a new host with no real users yet, consider renaming it now to");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	587 print(" "..host:gsub("^[^.]+%.", "")..". You can use SRV records to redirect XMPP clients and servers to "..host..".");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	588 print(" For more information see: https://prosody.im/doc/dns");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	589 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	590 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	591 local all_modules = set.new(config["*"].modules_enabled);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	592 local all_options = set.new(it.to_array(it.keys(config["*"])));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	593 for host in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	594 all_options:include(set.new(it.to_array(it.keys(config[host]))));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	595 all_modules:include(set.new(config[host].modules_enabled));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	596 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	597 for mod in all_modules do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	598 if mod:match("^mod_") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	599 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	600 print(" Modules in modules_enabled should not have the 'mod_' prefix included.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	601 print(" Change '"..mod.."' to '"..mod:match("^mod_(.*)").."'.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	602 elseif mod:match("^auth_") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	603 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	604 print(" Authentication modules should not be added to modules_enabled,");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	605 print(" but be specified in the 'authentication' option.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	606 print(" Remove '"..mod.."' from modules_enabled and instead add");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	607 print(" authentication = '"..mod:match("^auth_(.*)").."'");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	608 print(" For more information see https://prosody.im/doc/authentication");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	609 elseif mod:match("^storage_") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	610 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	611 print(" storage modules should not be added to modules_enabled,");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	612 print(" but be specified in the 'storage' option.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	613 print(" Remove '"..mod.."' from modules_enabled and instead add");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	614 print(" storage = '"..mod:match("^storage_(.*)").."'");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	615 print(" For more information see https://prosody.im/doc/storage");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	616 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	617 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	618 if all_modules:contains("vcard") and all_modules:contains("vcard_legacy") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	619 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	620 print(" Both mod_vcard_legacy and mod_vcard are enabled but they conflict");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	621 print(" with each other. Remove one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	622 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	623 if all_modules:contains("pep") and all_modules:contains("pep_simple") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	624 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	625 print(" Both mod_pep_simple and mod_pep are enabled but they conflict");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	626 print(" with each other. Remove one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	627 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	628 for host, host_config in pairs(config) do --luacheck: ignore 213/host
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	629 if type(rawget(host_config, "storage")) == "string" and rawget(host_config, "default_storage") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	630 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	631 print(" The 'default_storage' option is not needed if 'storage' is set to a string.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	632 break;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	633 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	634 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	635 local require_encryption = set.intersection(all_options, set.new({
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	636 "require_encryption", "c2s_require_encryption", "s2s_require_encryption"
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	637 })):empty();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	638 local ssl = dependencies.softreq"ssl";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	639 if not ssl then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	640 if not require_encryption then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	641 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	642 print(" You require encryption but LuaSec is not available.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	643 print(" Connections will fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	644 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	645 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	646 elseif not ssl.loadcertificate then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	647 if all_options:contains("s2s_secure_auth") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	648 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	649 print(" You have set s2s_secure_auth but your version of LuaSec does ");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	650 print(" not support certificate validation, so all s2s connections will");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	651 print(" fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	652 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	653 elseif all_options:contains("s2s_secure_domains") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	654 local secure_domains = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	655 for host in enabled_hosts() do
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	656 if api(host):get_option_boolean("s2s_secure_auth") then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	657 secure_domains:add("*");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	658 else
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	659 secure_domains:include(api(host):get_option_set("s2s_secure_domains", {}));
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	660 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	661 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	662 if not secure_domains:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	663 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	664 print(" You have set s2s_secure_domains but your version of LuaSec does ");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	665 print(" not support certificate validation, so s2s connections to/from ");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	666 print(" these domains will fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	667 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	668 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	669 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	670 elseif require_encryption and not all_modules:contains("tls") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	671 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	672 print(" You require encryption but mod_tls is not enabled.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	673 print(" Connections will fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	674 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	675 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	676
12317 b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	677 do
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	678 local registration_enabled_hosts = {};
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	679 for host in enabled_hosts() do
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	680 local host_modules, component = modulemanager.get_modules_for_host(host);
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	681 local hostapi = api(host);
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	682 local allow_registration = hostapi:get_option_boolean("allow_registration", false);
12317 b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	683 local mod_register = host_modules:contains("register");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	684 local mod_register_ibr = host_modules:contains("register_ibr");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	685 local mod_invites_register = host_modules:contains("invites_register");
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	686 local registration_invite_only = hostapi:get_option_boolean("registration_invite_only", true);
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	687 local is_vhost = not component;
12317 b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	688 if is_vhost and (mod_register_ibr or (mod_register and allow_registration))
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	689 and not (mod_invites_register and registration_invite_only) then
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	690 table.insert(registration_enabled_hosts, host);
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	691 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	692 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	693 if #registration_enabled_hosts > 0 then
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	694 table.sort(registration_enabled_hosts);
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	695 print("");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	696 print(" Public registration is enabled on:");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	697 print(" "..table.concat(registration_enabled_hosts, ", "));
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	698 print("");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	699 print(" If this is intentional, review our guidelines on running a public server");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	700 print(" at https://prosody.im/doc/public_servers - otherwise, consider switching to");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	701 print(" invite-based registration, which is more secure.");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	702 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	703 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	704
12318 239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	705 do
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	706 local orphan_components = {};
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	707 local referenced_components = set.new();
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	708 local enabled_hosts_set = set.new();
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	709 for host in it.filter("*", pairs(configmanager.getconfig())) do
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	710 local hostapi = api(host);
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	711 if hostapi:get_option_boolean("enabled", true) then
12318 239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	712 enabled_hosts_set:add(host);
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	713 for _, disco_item in ipairs(hostapi:get_option_array("disco_items", {})) do
12318 239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	714 referenced_components:add(disco_item[1]);
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	715 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	716 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	717 end
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	718 for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	719 local is_component = not not select(2, modulemanager.get_modules_for_host(host));
12318 239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	720 if is_component then
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	721 local parent_domain = host:match("^[^.]+%.(.+)$");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	722 local is_orphan = not (enabled_hosts_set:contains(parent_domain) or referenced_components:contains(host));
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	723 if is_orphan then
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	724 table.insert(orphan_components, host);
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	725 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	726 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	727 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	728 if #orphan_components > 0 then
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	729 table.sort(orphan_components);
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	730 print("");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	731 print(" Your configuration contains the following unreferenced components:\n");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	732 print(" "..table.concat(orphan_components, "\n "));
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	733 print("");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	734 print(" Clients may not be able to discover these services because they are not linked to");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	735 print(" any VirtualHost. They are automatically linked if they are direct subdomains of a");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	736 print(" VirtualHost. Alternatively, you can explicitly link them using the disco_items option.");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	737 print(" For more information see https://prosody.im/doc/modules/mod_disco#items");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	738 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	739 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	740
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	741 print("Done.\n");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	742 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	743 if not what or what == "dns" then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	744 local dns = require "net.dns";
10971 3cdb4a7cb406 util.prosodyctl.check: Use net.unbound for DNS if available Kim Alvefur <zash@zash.se> parents: 10932 diff changeset	745 pcall(function ()
11645 3be346c5b940 util.prosodyctl.check: Reload unbound to ensure hosts.txt is ignored Kim Alvefur <zash@zash.se> parents: 11635 diff changeset	746 local unbound = require"net.unbound";
3be346c5b940 util.prosodyctl.check: Reload unbound to ensure hosts.txt is ignored Kim Alvefur <zash@zash.se> parents: 11635 diff changeset	747 dns = unbound.dns;
10971 3cdb4a7cb406 util.prosodyctl.check: Use net.unbound for DNS if available Kim Alvefur <zash@zash.se> parents: 10932 diff changeset	748 end)
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	749 local idna = require "util.encodings".idna;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	750 local ip = require "util.ip";
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	751 local global = api("*");
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	752 local c2s_ports = global:get_option_set("c2s_ports", {5222});
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	753 local s2s_ports = global:get_option_set("s2s_ports", {5269});
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	754 local c2s_tls_ports = global:get_option_set("c2s_direct_tls_ports", {});
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	755 local s2s_tls_ports = global:get_option_set("s2s_direct_tls_ports", {});
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	756
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	757 local global_enabled = set.new();
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	758 for host in enabled_hosts() do
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	759 global_enabled:include(modulemanager.get_modules_for_host(host));
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	760 end
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	761 if global_enabled:contains("net_multiplex") then
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	762 local multiplex_ports = global:get_option_set("ports", {});
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	763 local multiplex_tls_ports = global:get_option_set("ssl_ports", {});
12230 f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	764 if not multiplex_ports:empty() then
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	765 c2s_ports = c2s_ports + multiplex_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	766 s2s_ports = s2s_ports + multiplex_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	767 end
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	768 if not multiplex_tls_ports:empty() then
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	769 c2s_tls_ports = c2s_tls_ports + multiplex_tls_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	770 s2s_tls_ports = s2s_tls_ports + multiplex_tls_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	771 end
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	772 end
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	773
11776 1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	774 local c2s_srv_required, s2s_srv_required, c2s_tls_srv_required, s2s_tls_srv_required;
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	775 if not c2s_ports:contains(5222) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	776 c2s_srv_required = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	777 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	778 if not s2s_ports:contains(5269) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	779 s2s_srv_required = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	780 end
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	781 if not c2s_tls_ports:empty() then
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	782 c2s_tls_srv_required = true;
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	783 end
11776 1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	784 if not s2s_tls_ports:empty() then
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	785 s2s_tls_srv_required = true;
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	786 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	787
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	788 local problem_hosts = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	789
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	790 local external_addresses, internal_addresses = set.new(), set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	791
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	792 local fqdn = socket.dns.tohostname(socket.dns.gethostname());
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	793 if fqdn then
13121 332e95f75dbb util.prosodyctl.check: Fix error where hostname can't be turned into A label Kim Alvefur <zash@zash.se> parents: 12898 diff changeset	794 local fqdn_a = idna.to_ascii(fqdn);
332e95f75dbb util.prosodyctl.check: Fix error where hostname can't be turned into A label Kim Alvefur <zash@zash.se> parents: 12898 diff changeset	795 if fqdn_a then
332e95f75dbb util.prosodyctl.check: Fix error where hostname can't be turned into A label Kim Alvefur <zash@zash.se> parents: 12898 diff changeset	796 local res = dns.lookup(fqdn_a, "A");
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	797 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	798 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	799 external_addresses:add(record.a);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	800 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	801 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	802 end
13121 332e95f75dbb util.prosodyctl.check: Fix error where hostname can't be turned into A label Kim Alvefur <zash@zash.se> parents: 12898 diff changeset	803 if fqdn_a then
332e95f75dbb util.prosodyctl.check: Fix error where hostname can't be turned into A label Kim Alvefur <zash@zash.se> parents: 12898 diff changeset	804 local res = dns.lookup(fqdn_a, "AAAA");
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	805 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	806 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	807 external_addresses:add(record.aaaa);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	808 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	809 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	810 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	811 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	812
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	813 local local_addresses = require"util.net".local_addresses() or {};
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	814
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	815 for addr in it.values(local_addresses) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	816 if not ip.new_ip(addr).private then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	817 external_addresses:add(addr);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	818 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	819 internal_addresses:add(addr);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	820 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	821 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	822
12320 f0be98bab9dd prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config Matthew Wild <mwild1@gmail.com> parents: 12319 diff changeset	823 -- Allow admin to specify additional (e.g. undiscoverable) IP addresses in the config
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	824 for _, address in ipairs(global:get_option_array("external_addresses", {})) do
12320 f0be98bab9dd prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config Matthew Wild <mwild1@gmail.com> parents: 12319 diff changeset	825 external_addresses:add(address);
f0be98bab9dd prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config Matthew Wild <mwild1@gmail.com> parents: 12319 diff changeset	826 end
f0be98bab9dd prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config Matthew Wild <mwild1@gmail.com> parents: 12319 diff changeset	827
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	828 if external_addresses:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	829 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	830 print(" Failed to determine the external addresses of this server. Checks may be inaccurate.");
13219 22763b30e458 util.prosodyctl.check: Hint about the 'external_addresses' config option Kim Alvefur <zash@zash.se> parents: 13217 diff changeset	831 print(" If you know the correct external addresses you can specify them in the config like:")
22763b30e458 util.prosodyctl.check: Hint about the 'external_addresses' config option Kim Alvefur <zash@zash.se> parents: 13217 diff changeset	832 print(" external_addresses = { \"192.0.2.34\", \"2001:db8::abcd:1234\" }")
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	833 c2s_srv_required, s2s_srv_required = true, true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	834 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	835
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	836 local v6_supported = not not socket.tcp6;
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	837 local use_ipv4 = global:get_option_boolean("use_ipv4", true);
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	838 local use_ipv6 = global:get_option_boolean("use_ipv6", true);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	839
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	840 local function trim_dns_name(n)
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	841 return (n:gsub("%.$", ""));
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	842 end
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	843
12319 8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	844 local unknown_addresses = set.new();
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	845
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	846 for jid in enabled_hosts() do
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	847 local all_targets_ok, some_targets_ok = true, false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	848 local node, host = jid_split(jid);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	849
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	850 local modules, component_module = modulemanager.get_modules_for_host(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	851 if component_module then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	852 modules:add(component_module);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	853 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	854
12842 3edd39c55a8a prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793) Kim Alvefur <zash@zash.se> parents: 12520 diff changeset	855 -- TODO Refactor these DNS SRV checks since they are very similar
3edd39c55a8a prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793) Kim Alvefur <zash@zash.se> parents: 12520 diff changeset	856 -- FIXME Suggest concrete actionable steps to correct issues so that
3edd39c55a8a prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793) Kim Alvefur <zash@zash.se> parents: 12520 diff changeset	857 -- users don't have to copy-paste the message into the support chat and
3edd39c55a8a prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793) Kim Alvefur <zash@zash.se> parents: 12520 diff changeset	858 -- ask what to do about it.
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	859 local is_component = not not component_module;
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	860 print("Checking DNS for "..(is_component and "component" or "host").." "..jid.."...");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	861 if node then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	862 print("Only the domain part ("..host..") is used in DNS.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	863 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	864 local target_hosts = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	865 if modules:contains("c2s") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	866 local res = dns.lookup("_xmpp-client._tcp."..idna.to_ascii(host)..".", "SRV");
11613 c8a9f77d48fd util.prosodyctl.check: Fix for net.dns vs unbound API difference Kim Alvefur <zash@zash.se> parents: 11612 diff changeset	867 if res and #res > 0 then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	868 for _, record in ipairs(res) do
10932 ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	869 if record.srv.target == "." then -- TODO is this an error if mod_c2s is enabled?
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	870 print(" 'xmpp-client' service disabled by pointing to '.'"); -- FIXME Explain better what this is
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	871 break;
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	872 end
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	873 local target = trim_dns_name(record.srv.target);
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	874 target_hosts:add(target);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	875 if not c2s_ports:contains(record.srv.port) then
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	876 print(" SRV target "..target.." contains unknown client port: "..record.srv.port);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	877 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	878 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	879 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	880 if c2s_srv_required then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	881 print(" No _xmpp-client SRV record found for "..host..", but it looks like you need one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	882 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	883 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	884 target_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	885 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	886 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	887 end
12842 3edd39c55a8a prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793) Kim Alvefur <zash@zash.se> parents: 12520 diff changeset	888 if modules:contains("c2s") then
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	889 local res = dns.lookup("_xmpps-client._tcp."..idna.to_ascii(host)..".", "SRV");
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	890 if res and #res > 0 then
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	891 for _, record in ipairs(res) do
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	892 if record.srv.target == "." then -- TODO is this an error if mod_c2s is enabled?
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	893 print(" 'xmpps-client' service disabled by pointing to '.'"); -- FIXME Explain better what this is
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	894 break;
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	895 end
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	896 local target = trim_dns_name(record.srv.target);
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	897 target_hosts:add(target);
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	898 if not c2s_tls_ports:contains(record.srv.port) then
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	899 print(" SRV target "..target.." contains unknown Direct TLS client port: "..record.srv.port);
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	900 end
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	901 end
12842 3edd39c55a8a prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793) Kim Alvefur <zash@zash.se> parents: 12520 diff changeset	902 elseif c2s_tls_srv_required then
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	903 print(" No _xmpps-client SRV record found for "..host..", but it looks like you need one.");
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	904 all_targets_ok = false;
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	905 end
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	906 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	907 if modules:contains("s2s") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	908 local res = dns.lookup("_xmpp-server._tcp."..idna.to_ascii(host)..".", "SRV");
11613 c8a9f77d48fd util.prosodyctl.check: Fix for net.dns vs unbound API difference Kim Alvefur <zash@zash.se> parents: 11612 diff changeset	909 if res and #res > 0 then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	910 for _, record in ipairs(res) do
10932 ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	911 if record.srv.target == "." then -- TODO Is this an error if mod_s2s is enabled?
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	912 print(" 'xmpp-server' service disabled by pointing to '.'"); -- FIXME Explain better what this is
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	913 break;
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	914 end
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	915 local target = trim_dns_name(record.srv.target);
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	916 target_hosts:add(target);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	917 if not s2s_ports:contains(record.srv.port) then
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	918 print(" SRV target "..target.." contains unknown server port: "..record.srv.port);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	919 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	920 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	921 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	922 if s2s_srv_required then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	923 print(" No _xmpp-server SRV record found for "..host..", but it looks like you need one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	924 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	925 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	926 target_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	927 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	928 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	929 end
12842 3edd39c55a8a prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793) Kim Alvefur <zash@zash.se> parents: 12520 diff changeset	930 if modules:contains("s2s") then
11776 1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	931 local res = dns.lookup("_xmpps-server._tcp."..idna.to_ascii(host)..".", "SRV");
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	932 if res and #res > 0 then
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	933 for _, record in ipairs(res) do
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	934 if record.srv.target == "." then -- TODO is this an error if mod_s2s is enabled?
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	935 print(" 'xmpps-server' service disabled by pointing to '.'"); -- FIXME Explain better what this is
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	936 break;
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	937 end
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	938 local target = trim_dns_name(record.srv.target);
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	939 target_hosts:add(target);
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	940 if not s2s_tls_ports:contains(record.srv.port) then
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	941 print(" SRV target "..target.." contains unknown Direct TLS server port: "..record.srv.port);
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	942 end
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	943 end
12842 3edd39c55a8a prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793) Kim Alvefur <zash@zash.se> parents: 12520 diff changeset	944 elseif s2s_tls_srv_required then
11776 1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	945 print(" No _xmpps-server SRV record found for "..host..", but it looks like you need one.");
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	946 all_targets_ok = false;
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	947 end
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	948 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	949 if target_hosts:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	950 target_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	951 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	952
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	953 if target_hosts:contains("localhost") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	954 print(" Target 'localhost' cannot be accessed from other servers");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	955 target_hosts:remove("localhost");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	956 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	957
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	958 local function check_address(target)
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	959 local A, AAAA = dns.lookup(idna.to_ascii(target), "A"), dns.lookup(idna.to_ascii(target), "AAAA");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	960 local prob = {};
12231 ca8453129ade util.prosodyctl.check: Fix A/AAAA check for proxy65 and http Kim Alvefur <zash@zash.se> parents: 12230 diff changeset	961 if use_ipv4 and not (A and #A > 0) then table.insert(prob, "A"); end
ca8453129ade util.prosodyctl.check: Fix A/AAAA check for proxy65 and http Kim Alvefur <zash@zash.se> parents: 12230 diff changeset	962 if use_ipv6 and not (AAAA and #AAAA > 0) then table.insert(prob, "AAAA"); end
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	963 return prob;
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	964 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	965
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	966 if modules:contains("proxy65") then
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	967 local proxy65_target = api(host):get_option_string("proxy65_address", host);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	968 if type(proxy65_target) == "string" then
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	969 local prob = check_address(proxy65_target);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	970 if #prob > 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	971 print(" File transfer proxy "..proxy65_target.." has no "..table.concat(prob, "/")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	972 .." record. Create one or set 'proxy65_address' to the correct host/IP.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	973 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	974 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	975 print(" proxy65_address for "..host.." should be set to a string, unable to perform DNS check");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	976 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	977 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	978
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	979 local known_http_modules = set.new { "bosh"; "http_files"; "http_file_share"; "http_openmetrics"; "websocket" };
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	980 local function contains_match(hayset, needle)
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	981 for member in hayset do if member:find(needle) then return true end end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	982 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	983
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	984 if modules:contains("http") or not set.intersection(modules, known_http_modules):empty()
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	985 or contains_match(modules, "^http_") or contains_match(modules, "_web$") then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	986
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	987 local http_host = api(host):get_option_string("http_host", host);
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	988 local http_internal_host = http_host;
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	989 local http_url = api(host):get_option_string("http_external_url");
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	990 if http_url then
12218 0795e1ccf3d8 util.prosodyctl.check: Fix use of LuaSocket URL parser Kim Alvefur <zash@zash.se> parents: 12217 diff changeset	991 local url_parse = require "socket.url".parse;
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	992 local external_url_parts = url_parse(http_url);
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	993 if external_url_parts then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	994 http_host = external_url_parts.host;
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	995 else
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	996 print(" The 'http_external_url' setting is not a valid URL");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	997 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	998 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	999
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1000 local prob = check_address(http_host);
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1001 if #prob > 1 then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1002 print(" HTTP service " .. http_host .. " has no " .. table.concat(prob, "/") .. " record. Create one or change "
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1003 .. (http_url and "'http_external_url'" or "'http_host'").." to the correct host.");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1004 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1005
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1006 if http_host ~= http_internal_host then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1007 print(" Ensure the reverse proxy sets the HTTP Host header to '" .. http_internal_host .. "'");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1008 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1009 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	1010
11652 887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	1011 if not use_ipv4 and not use_ipv6 then
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	1012 print(" Both IPv6 and IPv4 are disabled, Prosody will not listen on any ports");
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	1013 print(" nor be able to connect to any remote servers.");
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	1014 all_targets_ok = false;
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	1015 end
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	1016
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1017 for target_host in target_hosts do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1018 local host_ok_v4, host_ok_v6;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1019 do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1020 local res = dns.lookup(idna.to_ascii(target_host), "A");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1021 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1022 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1023 if external_addresses:contains(record.a) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1024 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1025 host_ok_v4 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1026 elseif internal_addresses:contains(record.a) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1027 host_ok_v4 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1028 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1029 print(" "..target_host.." A record points to internal address, external connections might fail");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1030 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1031 print(" "..target_host.." A record points to unknown address "..record.a);
12319 8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1032 unknown_addresses:add(record.a);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1033 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1034 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1035 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1036 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1037 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1038 do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1039 local res = dns.lookup(idna.to_ascii(target_host), "AAAA");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1040 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1041 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1042 if external_addresses:contains(record.aaaa) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1043 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1044 host_ok_v6 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1045 elseif internal_addresses:contains(record.aaaa) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1046 host_ok_v6 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1047 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1048 print(" "..target_host.." AAAA record points to internal address, external connections might fail");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1049 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1050 print(" "..target_host.." AAAA record points to unknown address "..record.aaaa);
12319 8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1051 unknown_addresses:add(record.aaaa);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1052 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1053 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1054 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1055 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1056 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1057
11653 51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1058 if host_ok_v4 and not use_ipv4 then
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1059 print(" Host "..target_host.." does seem to resolve to this server but IPv4 has been disabled");
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1060 all_targets_ok = false;
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1061 end
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1062
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1063 if host_ok_v6 and not use_ipv6 then
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1064 print(" Host "..target_host.." does seem to resolve to this server but IPv6 has been disabled");
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1065 all_targets_ok = false;
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1066 end
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1067
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1068 local bad_protos = {}
11651 c9f46d28ed7e util.prosodyctl.check: Silence IP protocol mismatches when disabled Kim Alvefur <zash@zash.se> parents: 11645 diff changeset	1069 if use_ipv4 and not host_ok_v4 then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1070 table.insert(bad_protos, "IPv4");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1071 end
11651 c9f46d28ed7e util.prosodyctl.check: Silence IP protocol mismatches when disabled Kim Alvefur <zash@zash.se> parents: 11645 diff changeset	1072 if use_ipv6 and not host_ok_v6 then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1073 table.insert(bad_protos, "IPv6");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1074 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1075 if #bad_protos > 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1076 print(" Host "..target_host.." does not seem to resolve to this server ("..table.concat(bad_protos, "/")..")");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1077 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1078 if host_ok_v6 and not v6_supported then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1079 print(" Host "..target_host.." has AAAA records, but your version of LuaSocket does not support IPv6.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1080 print(" Please see https://prosody.im/doc/ipv6 for more information.");
11925 3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false Kim Alvefur <zash@zash.se> parents: 11924 diff changeset	1081 elseif host_ok_v6 and not use_ipv6 then
3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false Kim Alvefur <zash@zash.se> parents: 11924 diff changeset	1082 print(" Host "..target_host.." has AAAA records, but IPv6 is disabled.");
3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false Kim Alvefur <zash@zash.se> parents: 11924 diff changeset	1083 -- TODO Tell them to drop the AAAA records or enable IPv6?
3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false Kim Alvefur <zash@zash.se> parents: 11924 diff changeset	1084 print(" Please see https://prosody.im/doc/ipv6 for more information.");
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1085 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1086 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1087 if not all_targets_ok then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1088 print(" "..(some_targets_ok and "Only some" or "No").." targets for "..host.." appear to resolve to this server.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1089 if is_component then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1090 print(" DNS records are necessary if you want users on other servers to access this component.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1091 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1092 problem_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1093 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1094 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1095 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1096 if not problem_hosts:empty() then
12319 8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1097 if not unknown_addresses:empty() then
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1098 print("");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1099 print("Some of your DNS records point to unknown IP addresses. This may be expected if your server");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1100 print("is behind a NAT or proxy. The unrecognized addresses were:");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1101 print("");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1102 print(" Unrecognized: "..tostring(unknown_addresses));
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1103 print("");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1104 print("The addresses we found on this system are:");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1105 print("");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1106 print(" Internal: "..tostring(internal_addresses));
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1107 print(" External: "..tostring(external_addresses));
13219 22763b30e458 util.prosodyctl.check: Hint about the 'external_addresses' config option Kim Alvefur <zash@zash.se> parents: 13217 diff changeset	1108 print("")
22763b30e458 util.prosodyctl.check: Hint about the 'external_addresses' config option Kim Alvefur <zash@zash.se> parents: 13217 diff changeset	1109 print("If the list of external external addresses is incorrect you can specify correct addresses in the config:")
22763b30e458 util.prosodyctl.check: Hint about the 'external_addresses' config option Kim Alvefur <zash@zash.se> parents: 13217 diff changeset	1110 print(" external_addresses = { \"192.0.2.34\", \"2001:db8::abcd:1234\" }")
12319 8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1111 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1112 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1113 print("For more information about DNS configuration please see https://prosody.im/doc/dns");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1114 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1115 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1116 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1117 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1118 if not what or what == "certs" then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1119 local cert_ok;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1120 print"Checking certificates..."
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1121 local x509_verify_identity = require"util.x509".verify_identity;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1122 local create_context = require "core.certmanager".create_context;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1123 local ssl = dependencies.softreq"ssl";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1124 -- local datetime_parse = require"util.datetime".parse_x509;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1125 local load_cert = ssl and ssl.loadcertificate;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1126 -- or ssl.cert_from_pem
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1127 if not ssl then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1128 print("LuaSec not available, can't perform certificate checks")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1129 if what == "certs" then cert_ok = false end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1130 elseif not load_cert then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1131 print("This version of LuaSec (" .. ssl._VERSION .. ") does not support certificate checking");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1132 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1133 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1134 for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1135 print("Checking certificate for "..host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1136 -- First, let's find out what certificate this host uses.
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1137 local host_ssl_config = configmanager.rawget(host, "ssl")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1138 or configmanager.rawget(host:match("%.(.*)"), "ssl");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1139 local global_ssl_config = configmanager.rawget("*", "ssl");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1140 local ok, err, ssl_config = create_context(host, "server", host_ssl_config, global_ssl_config);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1141 if not ok then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1142 print(" Error: "..err);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1143 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1144 elseif not ssl_config.certificate then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1145 print(" No 'certificate' found for "..host)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1146 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1147 elseif not ssl_config.key then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1148 print(" No 'key' found for "..host)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1149 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1150 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1151 local key, err = io.open(ssl_config.key); -- Permissions check only
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1152 if not key then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1153 print(" Could not open "..ssl_config.key..": "..err);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1154 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1155 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1156 key:close();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1157 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1158 local cert_fh, err = io.open(ssl_config.certificate); -- Load the file.
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1159 if not cert_fh then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1160 print(" Could not open "..ssl_config.certificate..": "..err);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1161 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1162 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1163 print(" Certificate: "..ssl_config.certificate)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1164 local cert = load_cert(cert_fh:read"*a"); cert_fh:close();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1165 if not cert:validat(os.time()) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1166 print(" Certificate has expired.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1167 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1168 elseif not cert:validat(os.time() + 86400) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1169 print(" Certificate expires within one day.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1170 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1171 elseif not cert:validat(os.time() + 86400*7) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1172 print(" Certificate expires within one week.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1173 elseif not cert:validat(os.time() + 86400*31) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1174 print(" Certificate expires within one month.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1175 end
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1176 if select(2, modulemanager.get_modules_for_host(host)) == nil
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1177 and not x509_verify_identity(host, "_xmpp-client", cert) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1178 print(" Not valid for client connections to "..host..".")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1179 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1180 end
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1181 if (not (api(host):get_option_boolean("anonymous_login", false)
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1182 or api(host):get_option_string("authentication", "internal_hashed") == "anonymous"))
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1183 and not x509_verify_identity(host, "_xmpp-server", cert) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1184 print(" Not valid for server-to-server connections to "..host..".")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1185 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1186 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1187 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1188 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1189 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1190 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1191 if cert_ok == false then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1192 print("")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1193 print("For more information about certificates please see https://prosody.im/doc/certificates");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1194 ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1195 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1196 print("")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1197 end
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1198 -- intentionally not doing this by default
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1199 if what == "connectivity" then
11782 d93107de52dd util.prosodyctl.check: Ignore unused "ok" variable [luacheck] Kim Alvefur <zash@zash.se> parents: 11780 diff changeset	1200 local _, prosody_is_running = is_prosody_running();
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1201 if api("*"):get_option_string("pidfile") and not prosody_is_running then
11780 98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1202 print("Prosody does not appear to be running, which is required for this test.");
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1203 print("Start it and then try again.");
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1204 return 1;
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1205 end
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1206
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1207 local checker = "observe.jabber.network";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1208 local probe_instance;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1209 local probe_modules = {
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1210 ["xmpp-client"] = "c2s_normal_auth";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1211 ["xmpp-server"] = "s2s_normal";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1212 ["xmpps-client"] = nil; -- TODO
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1213 ["xmpps-server"] = nil; -- TODO
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1214 };
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1215 local probe_settings = api("*"):get_option_string("connectivity_probe");
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1216 if type(probe_settings) == "string" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1217 probe_instance = probe_settings;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1218 elseif type(probe_settings) == "table" and type(probe_settings.url) == "string" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1219 probe_instance = probe_settings.url;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1220 if type(probe_settings.modules) == "table" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1221 probe_modules = probe_settings.modules;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1222 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1223 elseif probe_settings ~= nil then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1224 print("The 'connectivity_probe' setting not understood.");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1225 print("Expected an URL or a table with 'url' and 'modules' fields");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1226 print("See https://prosody.im/doc/prosodyctl#check for more information."); -- FIXME
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1227 return 1;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1228 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1229
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1230 local check_api;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1231 if probe_instance then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1232 local parsed_url = socket_url.parse(probe_instance);
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1233 if not parsed_url then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1234 print(("'connectivity_probe' is not a valid URL: %q"):format(probe_instance));
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1235 print("Set it to the URL of an XMPP Blackbox Exporter instance and try again");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1236 return 1;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1237 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1238 checker = parsed_url.host;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1239
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1240 function check_api(protocol, host)
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1241 local target = socket_url.build({scheme="xmpp",path=host});
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1242 local probe_module = probe_modules[protocol];
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1243 if not probe_module then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1244 return nil, "Checking protocol '"..protocol.."' is currently unsupported";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1245 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1246 return check_probe(probe_instance, probe_module, target);
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1247 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1248 else
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1249 check_api = check_ojn;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1250 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1251
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1252 for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1253 local modules, component_module = modulemanager.get_modules_for_host(host);
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1254 if component_module then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1255 modules:add(component_module)
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1256 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1257
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1258 print("Checking external connectivity for "..host.." via "..checker)
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1259 local function check_connectivity(protocol)
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1260 local success, err = check_api(protocol, host);
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1261 if not success and err ~= nil then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1262 print((" %s: Failed to request check at API: %s"):format(protocol, err))
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1263 elseif success then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1264 print((" %s: Works"):format(protocol))
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1265 else
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1266 print((" %s: Check service failed to establish (secure) connection"):format(protocol))
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1267 ok = false
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1268 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1269 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1270
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1271 if modules:contains("c2s") then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1272 check_connectivity("xmpp-client")
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1273 if not api("*"):get_option_set("c2s_direct_tls_ports", {}):empty() then
11957 3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1274 check_connectivity("xmpps-client");
3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1275 end
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1276 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1277
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1278 if modules:contains("s2s") then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1279 check_connectivity("xmpp-server")
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1280 if not api("*"):get_option_set("s2s_direct_tls_ports", {}):empty() then
11957 3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1281 check_connectivity("xmpps-server");
3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1282 end
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1283 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1284
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1285 print()
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1286 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1287 print("Note: The connectivity check only checks the reachability of the domain.")
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1288 print("Note: It does not ensure that the check actually reaches this specific prosody instance.")
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1289 end
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1290
12377 317132bca8c0 prosodyctl: check: include TURN checks by default Matthew Wild <mwild1@gmail.com> parents: 12376 diff changeset	1291 if not what or what == "turn" then
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1292 local turn_enabled_hosts = {};
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1293 local turn_services = {};
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1294
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1295 for host in enabled_hosts() do
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1296 local has_external_turn = modulemanager.get_modules_for_host(host):contains("turn_external");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1297 if has_external_turn then
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1298 local hostapi = api(host);
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1299 table.insert(turn_enabled_hosts, host);
13216 fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1300 local turn_host = hostapi:get_option_string("turn_external_host", host);
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1301 local turn_port = hostapi:get_option_number("turn_external_port", 3478);
fcc052ca1652 util.prosodyctl.check: Get some config options via minimal moduleapi #896 Kim Alvefur <zash@zash.se> parents: 13121 diff changeset	1302 local turn_secret = hostapi:get_option_string("turn_external_secret");
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1303 if not turn_secret then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1304 print("Error: Your configuration is missing a turn_external_secret for "..host);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1305 print("Error: TURN will not be advertised for this host.");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1306 ok = false;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1307 else
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1308 local turn_id = ("%s:%d"):format(turn_host, turn_port);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1309 if turn_services[turn_id] and turn_services[turn_id].secret ~= turn_secret then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1310 print("Error: Your configuration contains multiple differing secrets");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1311 print(" for the TURN service at "..turn_id.." - we will only test one.");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1312 elseif not turn_services[turn_id] then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1313 turn_services[turn_id] = {
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1314 host = turn_host;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1315 port = turn_port;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1316 secret = turn_secret;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1317 };
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1318 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1319 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1320 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1321 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1322
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1323 if what == "turn" then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1324 local count = it.count(pairs(turn_services));
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1325 if count == 0 then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1326 print("Error: Unable to find any TURN services configured. Enable mod_turn_external!");
12488 3183f358a88f util.prosodyctl.check: turn: Report lack of TURN services as a problem #1749 Kim Alvefur <zash@zash.se> parents: 12466 diff changeset	1327 ok = false;
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1328 else
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1329 print("Identified "..tostring(count).." TURN services.");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1330 print("");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1331 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1332 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1333
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1334 for turn_id, turn_service in pairs(turn_services) do
12377 317132bca8c0 prosodyctl: check: include TURN checks by default Matthew Wild <mwild1@gmail.com> parents: 12376 diff changeset	1335 print("Testing TURN service "..turn_id.."...");
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1336
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	1337 local result = check_turn_service(turn_service, opts.ping);
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1338 if #result.warnings > 0 then
12381 d999c2b3e289 prosodyctl: check turn: fix formatting of multiple warnings Matthew Wild <mwild1@gmail.com> parents: 12380 diff changeset	1339 print(("%d warnings:\n"):format(#result.warnings));
d999c2b3e289 prosodyctl: check turn: fix formatting of multiple warnings Matthew Wild <mwild1@gmail.com> parents: 12380 diff changeset	1340 print(" "..table.concat(result.warnings, "\n "));
d999c2b3e289 prosodyctl: check turn: fix formatting of multiple warnings Matthew Wild <mwild1@gmail.com> parents: 12380 diff changeset	1341 print("");
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1342 end
12380 3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1343
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1344 if opts.verbose then
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1345 if result.external_ip then
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1346 print(("External IP: %s"):format(result.external_ip.address));
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1347 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1348 if result.relayed_addresses then
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1349 for i, relayed_address in ipairs(result.relayed_addresses) do
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1350 print(("Relayed address %d: %s:%d"):format(i, relayed_address.address, relayed_address.port));
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1351 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1352 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1353 if result.external_ip_pong then
12390 71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	1354 print(("TURN external address: %s:%d"):format(result.external_ip_pong.address, result.external_ip_pong.port));
12380 3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1355 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1356 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1357
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1358 if result.error then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1359 print("Error: "..result.error.."\n");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1360 ok = false;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1361 else
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1362 print("Success!\n");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1363 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1364 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1365 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1366
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1367 if not ok then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1368 print("Problems found, see above.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1369 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1370 print("All checks passed, congratulations!");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1371 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1372 return ok and 0 or 2;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1373 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1374
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1375 return {
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1376 check = check;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1377 };

prosody

22763b30e458

util/prosodyctl/check.lua

Software / code / prosody

Annotate

util/prosodyctl/check.lua @ 13219:22763b30e458 0.12

Software `/` code `/` prosody