Software `/` code `/` prosody

Annotate

util/prosodyctl/check.lua @ 12390:71b5c9b8b07a 0.12

prosodyctl: check turn: warn about external port mismatches behind NAT Some NATs don't preserve port numbers, which can cause the TURN server's reported relay address to be incorrect (the TURN server has no way to predict what the external port is, so it can't be corrected in config like an IP mismatch can).

author	Matthew Wild <mwild1@gmail.com>
date	Fri, 11 Mar 2022 20:33:03 +0000
parent	12385:92b35a41bb3c
child	12414:a93e65784f2c

rev	line source
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1 local configmanager = require "core.configmanager";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	2 local show_usage = require "util.prosodyctl".show_usage;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	3 local show_warning = require "util.prosodyctl".show_warning;
11780 98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	4 local is_prosody_running = require "util.prosodyctl".isrunning;
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	5 local parse_args = require "util.argparse".parse;
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	6 local dependencies = require "util.dependencies";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	7 local socket = require "socket";
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	8 local socket_url = require "socket.url";
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	9 local jid_split = require "util.jid".prepped_split;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	10 local modulemanager = require "core.modulemanager";
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	11 local async = require "util.async";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	12 local httputil = require "util.http";
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	13
11826 e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	14 local function check_ojn(check_type, target_host)
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	15 local http = require "net.http"; -- .new({});
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	16 local json = require "util.json";
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	17
11826 e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	18 local response, err = async.wait_for(http.request(
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	19 ("https://observe.jabber.network/api/v1/check/%s"):format(httputil.urlencode(check_type)),
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	20 {
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	21 method="POST",
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	22 headers={["Accept"] = "application/json"; ["Content-Type"] = "application/json"},
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	23 body=json.encode({target=target_host}),
11826 e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	24 }));
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	25
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	26 if not response then
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	27 return false, err;
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	28 end
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	29
11826 e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	30 if response.code ~= 200 then
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	31 return false, ("API replied with non-200 code: %d"):format(response.code);
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	32 end
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	33
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	34 local decoded_body, err = json.decode(response.body);
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	35 if decoded_body == nil then
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check Kim Alvefur <zash@zash.se> parents: 11807 diff changeset	36 return false, ("Failed to parse API JSON: %s"):format(err)
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	37 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	38
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	39 local success = decoded_body["success"];
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	40 return success == true, nil;
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	41 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	42
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	43 local function check_probe(base_url, probe_module, target)
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	44 local http = require "net.http"; -- .new({});
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	45 local params = httputil.formencode({ module = probe_module; target = target })
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	46 local response, err = async.wait_for(http.request(base_url .. "?" .. params));
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	47
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	48 if not response then return false, err; end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	49
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	50 if response.code ~= 200 then return false, ("API replied with non-200 code: %d"):format(response.code); end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	51
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	52 for line in response.body:gmatch("[^\r\n]+") do
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	53 local probe_success = line:match("^probe_success%s+(%d+)");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	54
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	55 if probe_success == "1" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	56 return true;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	57 elseif probe_success == "0" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	58 return false;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	59 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	60 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	61 return false, "Probe endpoint did not return a success status";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	62 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	63
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	64 local function check_turn_service(turn_service, ping_service)
12385 92b35a41bb3c prosodyctl: check turn: compare correct addresses for relay mismatch detection (thanks Zash) Matthew Wild <mwild1@gmail.com> parents: 12384 diff changeset	65 local ip = require "util.ip";
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	66 local stun = require "net.stun";
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	67
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	68 -- Create UDP socket for communication with the server
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	69 local sock = assert(require "socket".udp());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	70 sock:setsockname("*", 0);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	71 sock:setpeername(turn_service.host, turn_service.port);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	72 sock:settimeout(10);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	73
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	74 -- Helper function to receive a packet
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	75 local function receive_packet()
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	76 local raw_packet, err = sock:receive();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	77 if not raw_packet then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	78 return nil, err;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	79 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	80 return stun.new_packet():deserialize(raw_packet);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	81 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	82
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	83 local result = { warnings = {} };
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	84
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	85 -- Send a "binding" query, i.e. a request for our external IP/port
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	86 local bind_query = stun.new_packet("binding", "request");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	87 bind_query:add_attribute("software", "prosodyctl check turn");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	88 sock:send(bind_query:serialize());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	89
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	90 local bind_result, err = receive_packet();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	91 if not bind_result then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	92 result.error = "No STUN response: "..err;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	93 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	94 elseif bind_result:is_err_resp() then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	95 result.error = ("STUN server returned error: %d (%s)"):format(bind_result:get_error());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	96 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	97 elseif not bind_result:is_success_resp() then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	98 result.error = ("Unexpected STUN response: %d (%s)"):format(bind_result:get_type());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	99 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	100 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	101
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	102 result.external_ip = bind_result:get_xor_mapped_address();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	103 if not result.external_ip then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	104 result.error = "STUN server did not return an address";
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	105 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	106 end
12384 53b4549c2209 prosodyctl: check turn: Add check for private IP returned from STUN. Matthew Wild <mwild1@gmail.com> parents: 12383 diff changeset	107 if ip.new_ip(result.external_ip.address).private then
53b4549c2209 prosodyctl: check turn: Add check for private IP returned from STUN. Matthew Wild <mwild1@gmail.com> parents: 12383 diff changeset	108 table.insert(result.warnings, "STUN returned a private IP! Is the TURN server behind a NAT and misconfigured?");
53b4549c2209 prosodyctl: check turn: Add check for private IP returned from STUN. Matthew Wild <mwild1@gmail.com> parents: 12383 diff changeset	109 end
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	110
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	111 -- Send a TURN "allocate" request. Expected to fail due to auth, but
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	112 -- necessary to obtain a valid realm/nonce from the server.
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	113 local pre_request = stun.new_packet("allocate", "request");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	114 sock:send(pre_request:serialize());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	115
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	116 local pre_result, err = receive_packet();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	117 if not pre_result then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	118 result.error = "No initial TURN response: "..err;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	119 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	120 elseif pre_result:is_success_resp() then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	121 result.error = "TURN server does not have authentication enabled";
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	122 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	123 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	124
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	125 local realm = pre_result:get_attribute("realm");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	126 local nonce = pre_result:get_attribute("nonce");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	127
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	128 if not realm then
12383 a9b6ed86b573 prosodyctl: check turn: improve warning text to suggest issues Matthew Wild <mwild1@gmail.com> parents: 12382 diff changeset	129 table.insert(result.warnings, "TURN server did not return an authentication realm. Is authentication enabled?");
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	130 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	131 if not nonce then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	132 table.insert(result.warnings, "TURN server did not return a nonce");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	133 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	134
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	135 -- Use the configured secret to obtain temporary user/pass credentials
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	136 local turn_user, turn_pass = stun.get_user_pass_from_secret(turn_service.secret);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	137
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	138 -- Send a TURN allocate request, will fail if auth is wrong
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	139 local alloc_request = stun.new_packet("allocate", "request");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	140 alloc_request:add_requested_transport("udp");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	141 alloc_request:add_attribute("username", turn_user);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	142 if realm then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	143 alloc_request:add_attribute("realm", realm);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	144 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	145 if nonce then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	146 alloc_request:add_attribute("nonce", nonce);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	147 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	148 local key = stun.get_long_term_auth_key(realm or turn_service.host, turn_user, turn_pass);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	149 alloc_request:add_message_integrity(key);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	150 sock:send(alloc_request:serialize());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	151
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	152 -- Check the response
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	153 local alloc_response, err = receive_packet();
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	154 if not alloc_response then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	155 result.error = "TURN server did not response to allocation request: "..err;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	156 return;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	157 elseif alloc_response:is_err_resp() then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	158 result.error = ("TURN allocation failed: %d (%s)"):format(alloc_response:get_error());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	159 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	160 elseif not alloc_response:is_success_resp() then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	161 result.error = ("Unexpected TURN response: %d (%s)"):format(alloc_response:get_type());
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	162 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	163 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	164
12375 ea5e46601cfb prosodyctl: check turn: show relayed address(es) in verbose mode Matthew Wild <mwild1@gmail.com> parents: 12373 diff changeset	165 result.relayed_addresses = alloc_response:get_xor_relayed_addresses();
ea5e46601cfb prosodyctl: check turn: show relayed address(es) in verbose mode Matthew Wild <mwild1@gmail.com> parents: 12373 diff changeset	166
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	167 if not ping_service then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	168 -- Success! We won't be running the relay test.
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	169 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	170 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	171
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	172 -- Run the relay test - i.e. send a binding request to ping_service
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	173 -- and receive a response.
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	174
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	175 -- Resolve the IP of the ping service
12373 5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	176 local ping_host, ping_port = ping_service:match("^([^:]+):(%d+)$");
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	177 if ping_host then
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	178 ping_port = tonumber(ping_port);
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	179 else
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	180 -- Only a hostname specified, use default STUN port
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	181 ping_host, ping_port = ping_service, 3478;
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	182 end
5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	183 local ping_service_ip, err = socket.dns.toip(ping_host);
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	184 if not ping_service_ip then
12379 6ac3c580c00d prosodyctl: check turn: Clearer error when unable to resolve external service host Matthew Wild <mwild1@gmail.com> parents: 12377 diff changeset	185 result.error = "Unable to resolve ping service hostname: "..err;
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	186 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	187 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	188
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	189 -- Ask the TURN server to allow packets from the ping service IP
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	190 local perm_request = stun.new_packet("create-permission");
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	191 perm_request:add_xor_peer_address(ping_service_ip);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	192 perm_request:add_attribute("username", turn_user);
12382 574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	193 if realm then
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	194 perm_request:add_attribute("realm", realm);
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	195 end
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	196 if nonce then
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	197 perm_request:add_attribute("nonce", nonce);
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	198 end
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	199 perm_request:add_message_integrity(key);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	200 sock:send(perm_request:serialize());
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	201
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	202 local perm_response, err = receive_packet();
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	203 if not perm_response then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	204 result.error = "No response from TURN server when requesting peer permission: "..err;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	205 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	206 elseif perm_response:is_err_resp() then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	207 result.error = ("TURN permission request failed: %d (%s)"):format(perm_response:get_error());
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	208 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	209 elseif not perm_response:is_success_resp() then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	210 result.error = ("Unexpected TURN response: %d (%s)"):format(perm_response:get_type());
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	211 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	212 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	213
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	214 -- Ask the TURN server to relay a STUN binding request to the ping server
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	215 local ping_data = stun.new_packet("binding"):serialize();
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	216
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	217 local ping_request = stun.new_packet("send", "indication");
12373 5417ec7e2ee8 prosodyctl: check turn: Allow specifying port for the ping service Matthew Wild <mwild1@gmail.com> parents: 12372 diff changeset	218 ping_request:add_xor_peer_address(ping_service_ip, ping_port);
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	219 ping_request:add_attribute("data", ping_data);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	220 ping_request:add_attribute("username", turn_user);
12382 574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	221 if realm then
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	222 ping_request:add_attribute("realm", realm);
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	223 end
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	224 if nonce then
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	225 ping_request:add_attribute("nonce", nonce);
574cf096a426 prosodyctl: check turn: fix traceback when server does not provide realm/nonce Matthew Wild <mwild1@gmail.com> parents: 12381 diff changeset	226 end
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	227 ping_request:add_message_integrity(key);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	228 sock:send(ping_request:serialize());
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	229
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	230 local ping_response, err = receive_packet();
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	231 if not ping_response then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	232 result.error = "No response from ping server ("..ping_service_ip.."): "..err;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	233 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	234 elseif not ping_response:is_indication() or select(2, ping_response:get_method()) ~= "data" then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	235 result.error = ("Unexpected TURN response: %s %s"):format(select(2, ping_response:get_method()), select(2, ping_response:get_type()));
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	236 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	237 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	238
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	239 local pong_data = ping_response:get_attribute("data");
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	240 if not pong_data then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	241 result.error = "No data relayed from remote server";
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	242 return;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	243 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	244 local pong = stun.new_packet():deserialize(pong_data);
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	245
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	246 result.external_ip_pong = pong:get_xor_mapped_address();
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	247 if not result.external_ip_pong then
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	248 result.error = "Ping server did not return an address";
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	249 return result;
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	250 end
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	251
12390 71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	252 local relay_address_found, relay_port_matches;
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	253 for _, relayed_address in ipairs(result.relayed_addresses) do
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	254 if relayed_address.address == result.external_ip_pong.address then
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	255 relay_address_found = true;
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	256 relay_port_matches = result.external_ip_pong.port == relayed_address.port;
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	257 end
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	258 end
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	259 if not relay_address_found then
12383 a9b6ed86b573 prosodyctl: check turn: improve warning text to suggest issues Matthew Wild <mwild1@gmail.com> parents: 12382 diff changeset	260 table.insert(result.warnings, "TURN external IP vs relay address mismatch! Is the TURN server behind a NAT and misconfigured?");
12390 71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	261 elseif not relay_port_matches then
71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	262 table.insert(result.warnings, "External port does not match reported relay port! This is probably caused by a NAT in front of the TURN server.");
12383 a9b6ed86b573 prosodyctl: check turn: improve warning text to suggest issues Matthew Wild <mwild1@gmail.com> parents: 12382 diff changeset	263 end
a9b6ed86b573 prosodyctl: check turn: improve warning text to suggest issues Matthew Wild <mwild1@gmail.com> parents: 12382 diff changeset	264
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	265 --
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	266
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	267 return result;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	268 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	269
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	270 local function skip_bare_jid_hosts(host)
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	271 if jid_split(host) then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	272 -- See issue #779
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	273 return false;
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	274 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	275 return true;
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	276 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	277
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	278 local check_opts = {
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	279 short_params = {
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	280 h = "help", v = "verbose";
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	281 };
12376 10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	282 value_params = {
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	283 ping = true;
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	284 };
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	285 };
1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	286
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	287 local function check(arg)
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	288 if arg[1] == "help" or arg[1] == "--help" then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	289 show_usage([[check]], [[Perform basic checks on your Prosody installation]]);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	290 return 1;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	291 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	292 local what = table.remove(arg, 1);
12376 10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	293 local opts, opts_err, opts_info = parse_args(arg, check_opts);
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	294 if opts_err == "missing-value" then
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	295 print("Error: Expected a value after '"..opts_info.."'");
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	296 return 1;
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	297 elseif opts_err == "param-not-found" then
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	298 print("Error: Unknown parameter: "..opts_info);
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	299 return 1;
10353ad0ca7a prosodyctl: check: Slightly improved argument handling Matthew Wild <mwild1@gmail.com> parents: 12375 diff changeset	300 end
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	301 local array = require "util.array";
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	302 local set = require "util.set";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	303 local it = require "util.iterators";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	304 local ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	305 local function disabled_hosts(host, conf) return host ~= "*" and conf.enabled ~= false; end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	306 local function enabled_hosts() return it.filter(disabled_hosts, pairs(configmanager.getconfig())); end
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	307 if not (what == nil or what == "disabled" or what == "config" or what == "dns" or what == "certs" or what == "connectivity" or what == "turn") then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	308 show_warning("Don't know how to check '%s'. Try one of 'config', 'dns', 'certs', 'disabled', 'turn' or 'connectivity'.", what);
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	309 show_warning("Note: The connectivity check will connect to a remote server.");
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	310 return 1;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	311 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	312 if not what or what == "disabled" then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	313 local disabled_hosts_set = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	314 for host, host_options in it.filter("*", pairs(configmanager.getconfig())) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	315 if host_options.enabled == false then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	316 disabled_hosts_set:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	317 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	318 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	319 if not disabled_hosts_set:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	320 local msg = "Checks will be skipped for these disabled hosts: %s";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	321 if what then msg = "These hosts are disabled: %s"; end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	322 show_warning(msg, tostring(disabled_hosts_set));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	323 if what then return 0; end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	324 print""
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	325 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	326 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	327 if not what or what == "config" then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	328 print("Checking config...");
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	329 local obsolete = set.new({ --> remove
12118 30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	330 "archive_cleanup_interval",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	331 "cross_domain_bosh",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	332 "cross_domain_websocket",
12118 30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	333 "dns_timeout",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	334 "muc_log_cleanup_interval",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	335 "s2s_dns_resolvers",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	336 "setgid",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings Kim Alvefur <zash@zash.se> parents: 12099 diff changeset	337 "setuid",
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	338 });
12159 aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	339 local function instead_use(kind, name, value)
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	340 if kind == "option" then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	341 if value then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	342 return string.format("instead, use '%s = %q'", name, value);
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	343 else
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	344 return string.format("instead, use '%s'", name);
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	345 end
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	346 elseif kind == "module" then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	347 return string.format("instead, add %q to '%s'", name, value or "modules_enabled");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	348 elseif kind == "community" then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	349 return string.format("instead, add %q from %s", name, value or "prosody-modules");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	350 end
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	351 return kind
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	352 end
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	353 local deprecated_replacements = {
12159 aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	354 anonymous_login = instead_use("option", "authentication", "anonymous");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	355 daemonize = "instead, use the --daemonize/-D or --foreground/-F command line flags";
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	356 disallow_s2s = instead_use("module", "s2s");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	357 no_daemonize = "instead, use the --daemonize/-D or --foreground/-F command line flags";
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	358 require_encryption = "instead, use 'c2s_require_encryption' and 's2s_require_encryption'";
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	359 vcard_compatibility = instead_use("community", "mod_compat_vcard");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	360 use_libevent = instead_use("option", "network_backend", "event");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	361 whitelist_registration_only = instead_use("option", "allowlist_registration_only");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	362 registration_whitelist = instead_use("option", "registration_allowlist");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	363 registration_blacklist = instead_use("option", "registration_blocklist");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions Kim Alvefur <zash@zash.se> parents: 12158 diff changeset	364 blacklist_on_registration_throttle_overload = instead_use("blocklist_on_registration_throttle_overload");
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	365 };
11800 60018637f5d4 util.prosodyctl.check: Nudge towards plural port options Kim Alvefur <zash@zash.se> parents: 11799 diff changeset	366 -- FIXME all the singular _port and _interface options are supposed to be deprecated too
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	367 local deprecated_ports = { bosh = "http", legacy_ssl = "c2s_direct_tls" };
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	368 local port_suffixes = set.new({ "port", "ports", "interface", "interfaces", "ssl" });
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	369 for port, replacement in pairs(deprecated_ports) do
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	370 for suffix in port_suffixes do
11800 60018637f5d4 util.prosodyctl.check: Nudge towards plural port options Kim Alvefur <zash@zash.se> parents: 11799 diff changeset	371 local rsuffix = (suffix == "port" or suffix == "interface") and suffix.."s" or suffix;
12158 7ff3699c1653 util.prosodyctl.check: Move word to ease future translations Kim Alvefur <zash@zash.se> parents: 12157 diff changeset	372 deprecated_replacements[port.."_"..suffix] = "instead, use '"..replacement.."_"..rsuffix.."'"
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	373 end
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	374 end
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	375 local deprecated = set.new(array.collect(it.keys(deprecated_replacements)));
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	376 local known_global_options = set.new({
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	377 "access_control_allow_credentials",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	378 "access_control_allow_headers",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	379 "access_control_allow_methods",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	380 "access_control_max_age",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	381 "admin_socket",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	382 "body_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	383 "bosh_max_inactivity",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	384 "bosh_max_polling",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	385 "bosh_max_wait",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	386 "buffer_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	387 "c2s_close_timeout",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	388 "c2s_stanza_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	389 "c2s_tcp_keepalives",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	390 "c2s_timeout",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	391 "component_stanza_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	392 "component_tcp_keepalives",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	393 "consider_bosh_secure",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	394 "consider_websocket_secure",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	395 "console_banner",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	396 "console_prettyprint_settings",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	397 "daemonize",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	398 "gc",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	399 "http_default_host",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	400 "http_errors_always_show",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	401 "http_errors_default_message",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	402 "http_errors_detailed",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	403 "http_errors_messages",
11833 bd86ab8122d9 util.prosodyctl.check: Add two known globals from mod_http Kim Alvefur <zash@zash.se> parents: 11827 diff changeset	404 "http_max_buffer_size",
bd86ab8122d9 util.prosodyctl.check: Add two known globals from mod_http Kim Alvefur <zash@zash.se> parents: 11827 diff changeset	405 "http_max_content_size",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	406 "installer_plugin_path",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	407 "limits",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	408 "limits_resolution",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	409 "log",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	410 "multiplex_buffer_size",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	411 "network_backend",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	412 "network_default_read_size",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	413 "network_settings",
11940 2d82e4245aa3 util.prosodyctl.check: Add mod_http_openmetrics settings to known globals Kim Alvefur <zash@zash.se> parents: 11925 diff changeset	414 "openmetrics_allow_cidr",
2d82e4245aa3 util.prosodyctl.check: Add mod_http_openmetrics settings to known globals Kim Alvefur <zash@zash.se> parents: 11925 diff changeset	415 "openmetrics_allow_ips",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	416 "pidfile",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	417 "plugin_paths",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	418 "plugin_server",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	419 "prosodyctl_timeout",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	420 "prosody_group",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	421 "prosody_user",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	422 "run_as_root",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	423 "s2s_close_timeout",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	424 "s2s_insecure_domains",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	425 "s2s_require_encryption",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	426 "s2s_secure_auth",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	427 "s2s_secure_domains",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	428 "s2s_stanza_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	429 "s2s_tcp_keepalives",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	430 "s2s_timeout",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	431 "statistics",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	432 "statistics_config",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	433 "statistics_interval",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	434 "tcp_keepalives",
12099 b344edad61d3 core.certmanager: Rename preset option to 'tls_preset' Kim Alvefur <zash@zash.se> parents: 11957 diff changeset	435 "tls_profile",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	436 "trusted_proxies",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	437 "umask",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	438 "use_dane",
11634 a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	439 "use_ipv4",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form Kim Alvefur <zash@zash.se> parents: 11617 diff changeset	440 "use_ipv6",
11635 1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	441 "websocket_frame_buffer_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	442 "websocket_frame_fragment_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	443 "websocket_get_response_body",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins Kim Alvefur <zash@zash.se> parents: 11634 diff changeset	444 "websocket_get_response_text",
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	445 });
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	446 local config = configmanager.getconfig();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	447 -- Check that we have any global options (caused by putting a host at the top)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	448 if it.count(it.filter("log", pairs(config["*"]))) == 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	449 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	450 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	451 print(" No global options defined. Perhaps you have put a host definition at the top")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	452 print(" of the config file? They should be at the bottom, see https://prosody.im/doc/configure#overview");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	453 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	454 if it.count(enabled_hosts()) == 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	455 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	456 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	457 if it.count(it.filter("*", pairs(config))) == 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	458 print(" No hosts are defined, please add at least one VirtualHost section")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	459 elseif config["*"]["enabled"] == false then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	460 print(" No hosts are enabled. Remove enabled = false from the global section or put enabled = true under at least one VirtualHost section")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	461 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	462 print(" All hosts are disabled. Remove enabled = false from at least one VirtualHost section")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	463 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	464 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	465 if not config["*"].modules_enabled then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	466 print(" No global modules_enabled is set?");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	467 local suggested_global_modules;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	468 for host, options in enabled_hosts() do --luacheck: ignore 213/host
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	469 if not options.component_module and options.modules_enabled then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	470 suggested_global_modules = set.intersection(suggested_global_modules or set.new(options.modules_enabled), set.new(options.modules_enabled));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	471 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	472 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	473 if suggested_global_modules and not suggested_global_modules:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	474 print(" Consider moving these modules into modules_enabled in the global section:")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	475 print(" "..tostring(suggested_global_modules / function (x) return ("%q"):format(x) end));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	476 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	477 print();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	478 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	479
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	480 do -- Check for modules enabled both normally and as components
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	481 local modules = set.new(config["*"]["modules_enabled"]);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	482 for host, options in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	483 local component_module = options.component_module;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	484 if component_module and modules:contains(component_module) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	485 print((" mod_%s is enabled both in modules_enabled and as Component %q %q"):format(component_module, host, component_module));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	486 print(" This means the service is enabled on all VirtualHosts as well as the Component.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	487 print(" Are you sure this what you want? It may cause unexpected behaviour.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	488 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	489 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	490 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	491
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	492 -- Check for global options under hosts
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	493 local global_options = set.new(it.to_array(it.keys(config["*"])));
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	494 local obsolete_global_options = set.intersection(global_options, obsolete);
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	495 if not obsolete_global_options:empty() then
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	496 print("");
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	497 print(" You have some obsolete options you can remove from the global section:");
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	498 print(" "..tostring(obsolete_global_options))
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	499 ok = false;
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	500 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	501 local deprecated_global_options = set.intersection(global_options, deprecated);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	502 if not deprecated_global_options:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	503 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	504 print(" You have some deprecated options in the global section:");
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	505 for option in deprecated_global_options do
12158 7ff3699c1653 util.prosodyctl.check: Move word to ease future translations Kim Alvefur <zash@zash.se> parents: 12157 diff changeset	506 print((" '%s' -- %s"):format(option, deprecated_replacements[option]));
11798 ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684 Kim Alvefur <zash@zash.se> parents: 11783 diff changeset	507 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	508 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	509 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	510 for host, options in it.filter(function (h) return h ~= "*" end, pairs(configmanager.getconfig())) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	511 local host_options = set.new(it.to_array(it.keys(options)));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	512 local misplaced_options = set.intersection(host_options, known_global_options);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	513 for name in pairs(options) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	514 if name:match("^interfaces?")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	515 or name:match("_ports?$") or name:match("_interfaces?$")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	516 or (name:match("_ssl$") and not name:match("^[cs]2s_ssl$")) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	517 misplaced_options:add(name);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	518 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	519 end
11799 8c9ec2db1d95 util.prosodyctl.check: Fix to not treat some options as misplaced Kim Alvefur <zash@zash.se> parents: 11798 diff changeset	520 -- FIXME These _could_ be misplaced, but we would have to check where the corresponding module is loaded to be sure
8c9ec2db1d95 util.prosodyctl.check: Fix to not treat some options as misplaced Kim Alvefur <zash@zash.se> parents: 11798 diff changeset	521 misplaced_options:exclude(set.new({ "external_service_port", "turn_external_port" }));
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	522 if not misplaced_options:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	523 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	524 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	525 local n = it.count(misplaced_options);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	526 print(" You have "..n.." option"..(n>1 and "s " or " ").."set under "..host.." that should be");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	527 print(" in the global section of the config file, above any VirtualHost or Component definitions,")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	528 print(" see https://prosody.im/doc/configure#overview for more information.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	529 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	530 print(" You need to move the following option"..(n>1 and "s" or "")..": "..table.concat(it.to_array(misplaced_options), ", "));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	531 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	532 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	533 for host, options in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	534 local host_options = set.new(it.to_array(it.keys(options)));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	535 local subdomain = host:match("^[^.]+");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	536 if not(host_options:contains("component_module")) and (subdomain == "jabber" or subdomain == "xmpp"
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	537 or subdomain == "chat" or subdomain == "im") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	538 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	539 print(" Suggestion: If "..host.. " is a new host with no real users yet, consider renaming it now to");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	540 print(" "..host:gsub("^[^.]+%.", "")..". You can use SRV records to redirect XMPP clients and servers to "..host..".");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	541 print(" For more information see: https://prosody.im/doc/dns");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	542 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	543 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	544 local all_modules = set.new(config["*"].modules_enabled);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	545 local all_options = set.new(it.to_array(it.keys(config["*"])));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	546 for host in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	547 all_options:include(set.new(it.to_array(it.keys(config[host]))));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	548 all_modules:include(set.new(config[host].modules_enabled));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	549 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	550 for mod in all_modules do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	551 if mod:match("^mod_") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	552 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	553 print(" Modules in modules_enabled should not have the 'mod_' prefix included.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	554 print(" Change '"..mod.."' to '"..mod:match("^mod_(.*)").."'.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	555 elseif mod:match("^auth_") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	556 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	557 print(" Authentication modules should not be added to modules_enabled,");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	558 print(" but be specified in the 'authentication' option.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	559 print(" Remove '"..mod.."' from modules_enabled and instead add");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	560 print(" authentication = '"..mod:match("^auth_(.*)").."'");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	561 print(" For more information see https://prosody.im/doc/authentication");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	562 elseif mod:match("^storage_") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	563 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	564 print(" storage modules should not be added to modules_enabled,");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	565 print(" but be specified in the 'storage' option.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	566 print(" Remove '"..mod.."' from modules_enabled and instead add");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	567 print(" storage = '"..mod:match("^storage_(.*)").."'");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	568 print(" For more information see https://prosody.im/doc/storage");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	569 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	570 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	571 if all_modules:contains("vcard") and all_modules:contains("vcard_legacy") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	572 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	573 print(" Both mod_vcard_legacy and mod_vcard are enabled but they conflict");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	574 print(" with each other. Remove one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	575 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	576 if all_modules:contains("pep") and all_modules:contains("pep_simple") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	577 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	578 print(" Both mod_pep_simple and mod_pep are enabled but they conflict");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	579 print(" with each other. Remove one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	580 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	581 for host, host_config in pairs(config) do --luacheck: ignore 213/host
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	582 if type(rawget(host_config, "storage")) == "string" and rawget(host_config, "default_storage") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	583 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	584 print(" The 'default_storage' option is not needed if 'storage' is set to a string.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	585 break;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	586 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	587 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	588 local require_encryption = set.intersection(all_options, set.new({
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	589 "require_encryption", "c2s_require_encryption", "s2s_require_encryption"
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	590 })):empty();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	591 local ssl = dependencies.softreq"ssl";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	592 if not ssl then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	593 if not require_encryption then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	594 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	595 print(" You require encryption but LuaSec is not available.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	596 print(" Connections will fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	597 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	598 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	599 elseif not ssl.loadcertificate then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	600 if all_options:contains("s2s_secure_auth") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	601 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	602 print(" You have set s2s_secure_auth but your version of LuaSec does ");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	603 print(" not support certificate validation, so all s2s connections will");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	604 print(" fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	605 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	606 elseif all_options:contains("s2s_secure_domains") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	607 local secure_domains = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	608 for host in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	609 if config[host].s2s_secure_auth == true then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	610 secure_domains:add("*");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	611 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	612 secure_domains:include(set.new(config[host].s2s_secure_domains));
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	613 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	614 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	615 if not secure_domains:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	616 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	617 print(" You have set s2s_secure_domains but your version of LuaSec does ");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	618 print(" not support certificate validation, so s2s connections to/from ");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	619 print(" these domains will fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	620 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	621 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	622 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	623 elseif require_encryption and not all_modules:contains("tls") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	624 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	625 print(" You require encryption but mod_tls is not enabled.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	626 print(" Connections will fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	627 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	628 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	629
12317 b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	630 do
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	631 local global_modules = set.new(config["*"].modules_enabled);
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	632 local registration_enabled_hosts = {};
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	633 for host in enabled_hosts() do
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	634 local host_modules = set.new(config[host].modules_enabled) + global_modules;
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	635 local allow_registration = config[host].allow_registration;
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	636 local mod_register = host_modules:contains("register");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	637 local mod_register_ibr = host_modules:contains("register_ibr");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	638 local mod_invites_register = host_modules:contains("invites_register");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	639 local registration_invite_only = config[host].registration_invite_only;
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	640 local is_vhost = not config[host].component_module;
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	641 if is_vhost and (mod_register_ibr or (mod_register and allow_registration))
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	642 and not (mod_invites_register and registration_invite_only) then
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	643 table.insert(registration_enabled_hosts, host);
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	644 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	645 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	646 if #registration_enabled_hosts > 0 then
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	647 table.sort(registration_enabled_hosts);
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	648 print("");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	649 print(" Public registration is enabled on:");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	650 print(" "..table.concat(registration_enabled_hosts, ", "));
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	651 print("");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	652 print(" If this is intentional, review our guidelines on running a public server");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	653 print(" at https://prosody.im/doc/public_servers - otherwise, consider switching to");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	654 print(" invite-based registration, which is more secure.");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	655 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	656 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config' Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	657
12318 239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	658 do
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	659 local orphan_components = {};
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	660 local referenced_components = set.new();
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	661 local enabled_hosts_set = set.new();
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	662 for host, host_options in it.filter("*", pairs(configmanager.getconfig())) do
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	663 if host_options.enabled ~= false then
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	664 enabled_hosts_set:add(host);
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	665 for _, disco_item in ipairs(host_options.disco_items or {}) do
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	666 referenced_components:add(disco_item[1]);
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	667 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	668 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	669 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	670 for host, host_config in enabled_hosts() do
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	671 local is_component = not not host_config.component_module;
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	672 if is_component then
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	673 local parent_domain = host:match("^[^.]+%.(.+)$");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	674 local is_orphan = not (enabled_hosts_set:contains(parent_domain) or referenced_components:contains(host));
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	675 if is_orphan then
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	676 table.insert(orphan_components, host);
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	677 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	678 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	679 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	680 if #orphan_components > 0 then
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	681 table.sort(orphan_components);
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	682 print("");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	683 print(" Your configuration contains the following unreferenced components:\n");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	684 print(" "..table.concat(orphan_components, "\n "));
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	685 print("");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	686 print(" Clients may not be able to discover these services because they are not linked to");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	687 print(" any VirtualHost. They are automatically linked if they are direct subdomains of a");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	688 print(" VirtualHost. Alternatively, you can explicitly link them using the disco_items option.");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	689 print(" For more information see https://prosody.im/doc/modules/mod_disco#items");
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	690 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	691 end
239ce74aa6a4 util.prosodyctl: check: warn about unreferenced components, suggest disco_items Matthew Wild <mwild1@gmail.com> parents: 12317 diff changeset	692
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	693 print("Done.\n");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	694 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	695 if not what or what == "dns" then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	696 local dns = require "net.dns";
10971 3cdb4a7cb406 util.prosodyctl.check: Use net.unbound for DNS if available Kim Alvefur <zash@zash.se> parents: 10932 diff changeset	697 pcall(function ()
11645 3be346c5b940 util.prosodyctl.check: Reload unbound to ensure hosts.txt is ignored Kim Alvefur <zash@zash.se> parents: 11635 diff changeset	698 local unbound = require"net.unbound";
11617 166f8e1d82b0 util.prosodyctl.check: Ensure that libunbound does not check hosts file Kim Alvefur <zash@zash.se> parents: 11616 diff changeset	699 local unbound_config = configmanager.get("*", "unbound") or {};
166f8e1d82b0 util.prosodyctl.check: Ensure that libunbound does not check hosts file Kim Alvefur <zash@zash.se> parents: 11616 diff changeset	700 unbound_config.hoststxt = false; -- don't look at /etc/hosts
166f8e1d82b0 util.prosodyctl.check: Ensure that libunbound does not check hosts file Kim Alvefur <zash@zash.se> parents: 11616 diff changeset	701 configmanager.set("*", "unbound", unbound_config);
12233 e4530bdbf5f3 util.prosodyctl.check: Fix reset of libunbound before DNS checks Kim Alvefur <zash@zash.se> parents: 12231 diff changeset	702 unbound.dns.purge(); -- ensure the above config is used
11645 3be346c5b940 util.prosodyctl.check: Reload unbound to ensure hosts.txt is ignored Kim Alvefur <zash@zash.se> parents: 11635 diff changeset	703 dns = unbound.dns;
10971 3cdb4a7cb406 util.prosodyctl.check: Use net.unbound for DNS if available Kim Alvefur <zash@zash.se> parents: 10932 diff changeset	704 end)
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	705 local idna = require "util.encodings".idna;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	706 local ip = require "util.ip";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	707 local c2s_ports = set.new(configmanager.get("*", "c2s_ports") or {5222});
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	708 local s2s_ports = set.new(configmanager.get("*", "s2s_ports") or {5269});
11778 f254fd16218a mod_c2s: Rename Direct TLS listener 'c2s_direct_tls' for clarity Kim Alvefur <zash@zash.se> parents: 11777 diff changeset	709 local c2s_tls_ports = set.new(configmanager.get("*", "c2s_direct_tls_ports") or {});
11776 1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	710 local s2s_tls_ports = set.new(configmanager.get("*", "s2s_direct_tls_ports") or {});
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	711
12230 f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	712 if set.new(configmanager.get("*", "modules_enabled")):contains("net_multiplex") then
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	713 local multiplex_ports = set.new(configmanager.get("*", "ports") or {});
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	714 local multiplex_tls_ports = set.new(configmanager.get("*", "ssl_ports") or {});
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	715 if not multiplex_ports:empty() then
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	716 c2s_ports = c2s_ports + multiplex_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	717 s2s_ports = s2s_ports + multiplex_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	718 end
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	719 if not multiplex_tls_ports:empty() then
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	720 c2s_tls_ports = c2s_tls_ports + multiplex_tls_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	721 s2s_tls_ports = s2s_tls_ports + multiplex_tls_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	722 end
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	723 end
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704 Kim Alvefur <zash@zash.se> parents: 12218 diff changeset	724
11776 1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	725 local c2s_srv_required, s2s_srv_required, c2s_tls_srv_required, s2s_tls_srv_required;
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	726 if not c2s_ports:contains(5222) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	727 c2s_srv_required = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	728 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	729 if not s2s_ports:contains(5269) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	730 s2s_srv_required = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	731 end
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	732 if not c2s_tls_ports:empty() then
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	733 c2s_tls_srv_required = true;
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	734 end
11776 1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	735 if not s2s_tls_ports:empty() then
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	736 s2s_tls_srv_required = true;
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	737 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	738
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	739 local problem_hosts = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	740
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	741 local external_addresses, internal_addresses = set.new(), set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	742
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	743 local fqdn = socket.dns.tohostname(socket.dns.gethostname());
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	744 if fqdn then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	745 do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	746 local res = dns.lookup(idna.to_ascii(fqdn), "A");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	747 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	748 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	749 external_addresses:add(record.a);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	750 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	751 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	752 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	753 do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	754 local res = dns.lookup(idna.to_ascii(fqdn), "AAAA");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	755 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	756 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	757 external_addresses:add(record.aaaa);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	758 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	759 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	760 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	761 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	762
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	763 local local_addresses = require"util.net".local_addresses() or {};
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	764
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	765 for addr in it.values(local_addresses) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	766 if not ip.new_ip(addr).private then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	767 external_addresses:add(addr);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	768 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	769 internal_addresses:add(addr);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	770 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	771 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	772
12320 f0be98bab9dd prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config Matthew Wild <mwild1@gmail.com> parents: 12319 diff changeset	773 -- Allow admin to specify additional (e.g. undiscoverable) IP addresses in the config
f0be98bab9dd prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config Matthew Wild <mwild1@gmail.com> parents: 12319 diff changeset	774 for _, address in ipairs(configmanager.get("*", "external_addresses") or {}) do
f0be98bab9dd prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config Matthew Wild <mwild1@gmail.com> parents: 12319 diff changeset	775 external_addresses:add(address);
f0be98bab9dd prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config Matthew Wild <mwild1@gmail.com> parents: 12319 diff changeset	776 end
f0be98bab9dd prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config Matthew Wild <mwild1@gmail.com> parents: 12319 diff changeset	777
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	778 if external_addresses:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	779 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	780 print(" Failed to determine the external addresses of this server. Checks may be inaccurate.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	781 c2s_srv_required, s2s_srv_required = true, true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	782 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	783
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	784 local v6_supported = not not socket.tcp6;
11924 53e68227c2c0 util.prosodyctl.check: Respect use_ipv4/v6 in proxy65 check Kim Alvefur <zash@zash.se> parents: 11923 diff changeset	785 local use_ipv4 = configmanager.get("*", "use_ipv4") ~= false;
53e68227c2c0 util.prosodyctl.check: Respect use_ipv4/v6 in proxy65 check Kim Alvefur <zash@zash.se> parents: 11923 diff changeset	786 local use_ipv6 = v6_supported and configmanager.get("*", "use_ipv6") ~= false;
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	787
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	788 local function trim_dns_name(n)
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	789 return (n:gsub("%.$", ""));
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	790 end
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	791
12319 8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	792 local unknown_addresses = set.new();
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	793
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	794 for jid, host_options in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	795 local all_targets_ok, some_targets_ok = true, false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	796 local node, host = jid_split(jid);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	797
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	798 local modules, component_module = modulemanager.get_modules_for_host(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	799 if component_module then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	800 modules:add(component_module);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	801 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	802
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	803 local is_component = not not host_options.component_module;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	804 print("Checking DNS for "..(is_component and "component" or "host").." "..jid.."...");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	805 if node then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	806 print("Only the domain part ("..host..") is used in DNS.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	807 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	808 local target_hosts = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	809 if modules:contains("c2s") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	810 local res = dns.lookup("_xmpp-client._tcp."..idna.to_ascii(host)..".", "SRV");
11613 c8a9f77d48fd util.prosodyctl.check: Fix for net.dns vs unbound API difference Kim Alvefur <zash@zash.se> parents: 11612 diff changeset	811 if res and #res > 0 then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	812 for _, record in ipairs(res) do
10932 ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	813 if record.srv.target == "." then -- TODO is this an error if mod_c2s is enabled?
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	814 print(" 'xmpp-client' service disabled by pointing to '.'"); -- FIXME Explain better what this is
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	815 break;
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	816 end
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	817 local target = trim_dns_name(record.srv.target);
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	818 target_hosts:add(target);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	819 if not c2s_ports:contains(record.srv.port) then
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	820 print(" SRV target "..target.." contains unknown client port: "..record.srv.port);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	821 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	822 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	823 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	824 if c2s_srv_required then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	825 print(" No _xmpp-client SRV record found for "..host..", but it looks like you need one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	826 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	827 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	828 target_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	829 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	830 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	831 end
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	832 if modules:contains("c2s") and c2s_tls_srv_required then
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	833 local res = dns.lookup("_xmpps-client._tcp."..idna.to_ascii(host)..".", "SRV");
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	834 if res and #res > 0 then
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	835 for _, record in ipairs(res) do
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	836 if record.srv.target == "." then -- TODO is this an error if mod_c2s is enabled?
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	837 print(" 'xmpps-client' service disabled by pointing to '.'"); -- FIXME Explain better what this is
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	838 break;
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	839 end
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	840 local target = trim_dns_name(record.srv.target);
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	841 target_hosts:add(target);
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	842 if not c2s_tls_ports:contains(record.srv.port) then
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	843 print(" SRV target "..target.." contains unknown Direct TLS client port: "..record.srv.port);
11615 8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	844 end
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	845 end
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	846 else
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	847 print(" No _xmpps-client SRV record found for "..host..", but it looks like you need one.");
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	848 all_targets_ok = false;
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	849 end
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records Kim Alvefur <zash@zash.se> parents: 11613 diff changeset	850 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	851 if modules:contains("s2s") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	852 local res = dns.lookup("_xmpp-server._tcp."..idna.to_ascii(host)..".", "SRV");
11613 c8a9f77d48fd util.prosodyctl.check: Fix for net.dns vs unbound API difference Kim Alvefur <zash@zash.se> parents: 11612 diff changeset	853 if res and #res > 0 then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	854 for _, record in ipairs(res) do
10932 ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	855 if record.srv.target == "." then -- TODO Is this an error if mod_s2s is enabled?
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	856 print(" 'xmpp-server' service disabled by pointing to '.'"); -- FIXME Explain better what this is
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	857 break;
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to Kim Alvefur <zash@zash.se> parents: 10871 diff changeset	858 end
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	859 local target = trim_dns_name(record.srv.target);
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	860 target_hosts:add(target);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	861 if not s2s_ports:contains(record.srv.port) then
11655 bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too Kim Alvefur <zash@zash.se> parents: 11654 diff changeset	862 print(" SRV target "..target.." contains unknown server port: "..record.srv.port);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	863 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	864 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	865 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	866 if s2s_srv_required then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	867 print(" No _xmpp-server SRV record found for "..host..", but it looks like you need one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	868 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	869 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	870 target_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	871 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	872 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	873 end
11776 1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	874 if modules:contains("s2s") and s2s_tls_srv_required then
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	875 local res = dns.lookup("_xmpps-server._tcp."..idna.to_ascii(host)..".", "SRV");
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	876 if res and #res > 0 then
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	877 for _, record in ipairs(res) do
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	878 if record.srv.target == "." then -- TODO is this an error if mod_s2s is enabled?
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	879 print(" 'xmpps-server' service disabled by pointing to '.'"); -- FIXME Explain better what this is
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	880 break;
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	881 end
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	882 local target = trim_dns_name(record.srv.target);
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	883 target_hosts:add(target);
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	884 if not s2s_tls_ports:contains(record.srv.port) then
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	885 print(" SRV target "..target.." contains unknown Direct TLS server port: "..record.srv.port);
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	886 end
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	887 end
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	888 else
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	889 print(" No _xmpps-server SRV record found for "..host..", but it looks like you need one.");
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	890 all_targets_ok = false;
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	891 end
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records Kim Alvefur <zash@zash.se> parents: 11655 diff changeset	892 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	893 if target_hosts:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	894 target_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	895 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	896
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	897 if target_hosts:contains("localhost") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	898 print(" Target 'localhost' cannot be accessed from other servers");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	899 target_hosts:remove("localhost");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	900 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	901
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	902 local function check_address(target)
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	903 local A, AAAA = dns.lookup(idna.to_ascii(target), "A"), dns.lookup(idna.to_ascii(target), "AAAA");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	904 local prob = {};
12231 ca8453129ade util.prosodyctl.check: Fix A/AAAA check for proxy65 and http Kim Alvefur <zash@zash.se> parents: 12230 diff changeset	905 if use_ipv4 and not (A and #A > 0) then table.insert(prob, "A"); end
ca8453129ade util.prosodyctl.check: Fix A/AAAA check for proxy65 and http Kim Alvefur <zash@zash.se> parents: 12230 diff changeset	906 if use_ipv6 and not (AAAA and #AAAA > 0) then table.insert(prob, "AAAA"); end
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	907 return prob;
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	908 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	909
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	910 if modules:contains("proxy65") then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	911 local proxy65_target = configmanager.get(host, "proxy65_address") or host;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	912 if type(proxy65_target) == "string" then
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	913 local prob = check_address(proxy65_target);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	914 if #prob > 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	915 print(" File transfer proxy "..proxy65_target.." has no "..table.concat(prob, "/")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	916 .." record. Create one or set 'proxy65_address' to the correct host/IP.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	917 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	918 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	919 print(" proxy65_address for "..host.." should be set to a string, unable to perform DNS check");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	920 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	921 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	922
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	923 local known_http_modules = set.new { "bosh"; "http_files"; "http_file_share"; "http_openmetrics"; "websocket" };
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	924 local function contains_match(hayset, needle)
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	925 for member in hayset do if member:find(needle) then return true end end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	926 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	927
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	928 if modules:contains("http") or not set.intersection(modules, known_http_modules):empty()
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	929 or contains_match(modules, "^http_") or contains_match(modules, "_web$") then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	930
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	931 local http_host = configmanager.get(host, "http_host") or host;
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	932 local http_internal_host = http_host;
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	933 local http_url = configmanager.get(host, "http_external_url");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	934 if http_url then
12218 0795e1ccf3d8 util.prosodyctl.check: Fix use of LuaSocket URL parser Kim Alvefur <zash@zash.se> parents: 12217 diff changeset	935 local url_parse = require "socket.url".parse;
12217 39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	936 local external_url_parts = url_parse(http_url);
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	937 if external_url_parts then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	938 http_host = external_url_parts.host;
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	939 else
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	940 print(" The 'http_external_url' setting is not a valid URL");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	941 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	942 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	943
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	944 local prob = check_address(http_host);
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	945 if #prob > 1 then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	946 print(" HTTP service " .. http_host .. " has no " .. table.concat(prob, "/") .. " record. Create one or change "
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	947 .. (http_url and "'http_external_url'" or "'http_host'").." to the correct host.");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	948 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	949
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	950 if http_host ~= http_internal_host then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	951 print(" Ensure the reverse proxy sets the HTTP Host header to '" .. http_internal_host .. "'");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	952 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	953 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks Kim Alvefur <zash@zash.se> parents: 12159 diff changeset	954
11652 887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	955 if not use_ipv4 and not use_ipv6 then
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	956 print(" Both IPv6 and IPv4 are disabled, Prosody will not listen on any ports");
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	957 print(" nor be able to connect to any remote servers.");
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	958 all_targets_ok = false;
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	959 end
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false Kim Alvefur <zash@zash.se> parents: 11651 diff changeset	960
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	961 for target_host in target_hosts do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	962 local host_ok_v4, host_ok_v6;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	963 do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	964 local res = dns.lookup(idna.to_ascii(target_host), "A");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	965 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	966 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	967 if external_addresses:contains(record.a) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	968 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	969 host_ok_v4 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	970 elseif internal_addresses:contains(record.a) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	971 host_ok_v4 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	972 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	973 print(" "..target_host.." A record points to internal address, external connections might fail");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	974 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	975 print(" "..target_host.." A record points to unknown address "..record.a);
12319 8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	976 unknown_addresses:add(record.a);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	977 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	978 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	979 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	980 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	981 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	982 do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	983 local res = dns.lookup(idna.to_ascii(target_host), "AAAA");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	984 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	985 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	986 if external_addresses:contains(record.aaaa) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	987 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	988 host_ok_v6 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	989 elseif internal_addresses:contains(record.aaaa) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	990 host_ok_v6 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	991 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	992 print(" "..target_host.." AAAA record points to internal address, external connections might fail");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	993 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	994 print(" "..target_host.." AAAA record points to unknown address "..record.aaaa);
12319 8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	995 unknown_addresses:add(record.aaaa);
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	996 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	997 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	998 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	999 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1000 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1001
11653 51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1002 if host_ok_v4 and not use_ipv4 then
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1003 print(" Host "..target_host.." does seem to resolve to this server but IPv4 has been disabled");
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1004 all_targets_ok = false;
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1005 end
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1006
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1007 if host_ok_v6 and not use_ipv6 then
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1008 print(" Host "..target_host.." does seem to resolve to this server but IPv6 has been disabled");
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1009 all_targets_ok = false;
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1010 end
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX Kim Alvefur <zash@zash.se> parents: 11652 diff changeset	1011
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1012 local bad_protos = {}
11651 c9f46d28ed7e util.prosodyctl.check: Silence IP protocol mismatches when disabled Kim Alvefur <zash@zash.se> parents: 11645 diff changeset	1013 if use_ipv4 and not host_ok_v4 then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1014 table.insert(bad_protos, "IPv4");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1015 end
11651 c9f46d28ed7e util.prosodyctl.check: Silence IP protocol mismatches when disabled Kim Alvefur <zash@zash.se> parents: 11645 diff changeset	1016 if use_ipv6 and not host_ok_v6 then
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1017 table.insert(bad_protos, "IPv6");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1018 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1019 if #bad_protos > 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1020 print(" Host "..target_host.." does not seem to resolve to this server ("..table.concat(bad_protos, "/")..")");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1021 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1022 if host_ok_v6 and not v6_supported then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1023 print(" Host "..target_host.." has AAAA records, but your version of LuaSocket does not support IPv6.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1024 print(" Please see https://prosody.im/doc/ipv6 for more information.");
11925 3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false Kim Alvefur <zash@zash.se> parents: 11924 diff changeset	1025 elseif host_ok_v6 and not use_ipv6 then
3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false Kim Alvefur <zash@zash.se> parents: 11924 diff changeset	1026 print(" Host "..target_host.." has AAAA records, but IPv6 is disabled.");
3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false Kim Alvefur <zash@zash.se> parents: 11924 diff changeset	1027 -- TODO Tell them to drop the AAAA records or enable IPv6?
3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false Kim Alvefur <zash@zash.se> parents: 11924 diff changeset	1028 print(" Please see https://prosody.im/doc/ipv6 for more information.");
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1029 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1030 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1031 if not all_targets_ok then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1032 print(" "..(some_targets_ok and "Only some" or "No").." targets for "..host.." appear to resolve to this server.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1033 if is_component then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1034 print(" DNS records are necessary if you want users on other servers to access this component.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1035 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1036 problem_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1037 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1038 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1039 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1040 if not problem_hosts:empty() then
12319 8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1041 if not unknown_addresses:empty() then
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1042 print("");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1043 print("Some of your DNS records point to unknown IP addresses. This may be expected if your server");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1044 print("is behind a NAT or proxy. The unrecognized addresses were:");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1045 print("");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1046 print(" Unrecognized: "..tostring(unknown_addresses));
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1047 print("");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1048 print("The addresses we found on this system are:");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1049 print("");
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1050 print(" Internal: "..tostring(internal_addresses));
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1051 print(" External: "..tostring(external_addresses));
8fc3c06f922d prosodyctl: check dns: List discovered addresses for diagnostic purposes Matthew Wild <mwild1@gmail.com> parents: 12318 diff changeset	1052 end
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1053 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1054 print("For more information about DNS configuration please see https://prosody.im/doc/dns");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1055 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1056 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1057 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1058 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1059 if not what or what == "certs" then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1060 local cert_ok;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1061 print"Checking certificates..."
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1062 local x509_verify_identity = require"util.x509".verify_identity;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1063 local create_context = require "core.certmanager".create_context;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1064 local ssl = dependencies.softreq"ssl";
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1065 -- local datetime_parse = require"util.datetime".parse_x509;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1066 local load_cert = ssl and ssl.loadcertificate;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1067 -- or ssl.cert_from_pem
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1068 if not ssl then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1069 print("LuaSec not available, can't perform certificate checks")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1070 if what == "certs" then cert_ok = false end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1071 elseif not load_cert then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1072 print("This version of LuaSec (" .. ssl._VERSION .. ") does not support certificate checking");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1073 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1074 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1075 for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1076 print("Checking certificate for "..host);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1077 -- First, let's find out what certificate this host uses.
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1078 local host_ssl_config = configmanager.rawget(host, "ssl")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1079 or configmanager.rawget(host:match("%.(.*)"), "ssl");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1080 local global_ssl_config = configmanager.rawget("*", "ssl");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1081 local ok, err, ssl_config = create_context(host, "server", host_ssl_config, global_ssl_config);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1082 if not ok then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1083 print(" Error: "..err);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1084 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1085 elseif not ssl_config.certificate then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1086 print(" No 'certificate' found for "..host)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1087 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1088 elseif not ssl_config.key then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1089 print(" No 'key' found for "..host)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1090 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1091 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1092 local key, err = io.open(ssl_config.key); -- Permissions check only
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1093 if not key then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1094 print(" Could not open "..ssl_config.key..": "..err);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1095 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1096 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1097 key:close();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1098 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1099 local cert_fh, err = io.open(ssl_config.certificate); -- Load the file.
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1100 if not cert_fh then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1101 print(" Could not open "..ssl_config.certificate..": "..err);
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1102 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1103 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1104 print(" Certificate: "..ssl_config.certificate)
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1105 local cert = load_cert(cert_fh:read"*a"); cert_fh:close();
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1106 if not cert:validat(os.time()) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1107 print(" Certificate has expired.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1108 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1109 elseif not cert:validat(os.time() + 86400) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1110 print(" Certificate expires within one day.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1111 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1112 elseif not cert:validat(os.time() + 86400*7) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1113 print(" Certificate expires within one week.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1114 elseif not cert:validat(os.time() + 86400*31) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1115 print(" Certificate expires within one month.")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1116 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1117 if configmanager.get(host, "component_module") == nil
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1118 and not x509_verify_identity(host, "_xmpp-client", cert) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1119 print(" Not valid for client connections to "..host..".")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1120 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1121 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1122 if (not (configmanager.get(host, "anonymous_login")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1123 or configmanager.get(host, "authentication") == "anonymous"))
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1124 and not x509_verify_identity(host, "_xmpp-server", cert) then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1125 print(" Not valid for server-to-server connections to "..host..".")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1126 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1127 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1128 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1129 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1130 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1131 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1132 if cert_ok == false then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1133 print("")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1134 print("For more information about certificates please see https://prosody.im/doc/certificates");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1135 ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1136 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1137 print("")
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1138 end
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1139 -- intentionally not doing this by default
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1140 if what == "connectivity" then
11782 d93107de52dd util.prosodyctl.check: Ignore unused "ok" variable [luacheck] Kim Alvefur <zash@zash.se> parents: 11780 diff changeset	1141 local _, prosody_is_running = is_prosody_running();
11780 98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1142 if configmanager.get("*", "pidfile") and not prosody_is_running then
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1143 print("Prosody does not appear to be running, which is required for this test.");
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1144 print("Start it and then try again.");
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1145 return 1;
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1146 end
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running Kim Alvefur <zash@zash.se> parents: 11779 diff changeset	1147
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1148 local checker = "observe.jabber.network";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1149 local probe_instance;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1150 local probe_modules = {
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1151 ["xmpp-client"] = "c2s_normal_auth";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1152 ["xmpp-server"] = "s2s_normal";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1153 ["xmpps-client"] = nil; -- TODO
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1154 ["xmpps-server"] = nil; -- TODO
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1155 };
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1156 local probe_settings = configmanager.get("*", "connectivity_probe");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1157 if type(probe_settings) == "string" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1158 probe_instance = probe_settings;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1159 elseif type(probe_settings) == "table" and type(probe_settings.url) == "string" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1160 probe_instance = probe_settings.url;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1161 if type(probe_settings.modules) == "table" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1162 probe_modules = probe_settings.modules;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1163 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1164 elseif probe_settings ~= nil then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1165 print("The 'connectivity_probe' setting not understood.");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1166 print("Expected an URL or a table with 'url' and 'modules' fields");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1167 print("See https://prosody.im/doc/prosodyctl#check for more information."); -- FIXME
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1168 return 1;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1169 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1170
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1171 local check_api;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1172 if probe_instance then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1173 local parsed_url = socket_url.parse(probe_instance);
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1174 if not parsed_url then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1175 print(("'connectivity_probe' is not a valid URL: %q"):format(probe_instance));
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1176 print("Set it to the URL of an XMPP Blackbox Exporter instance and try again");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1177 return 1;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1178 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1179 checker = parsed_url.host;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1180
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1181 function check_api(protocol, host)
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1182 local target = socket_url.build({scheme="xmpp",path=host});
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1183 local probe_module = probe_modules[protocol];
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1184 if not probe_module then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1185 return nil, "Checking protocol '"..protocol.."' is currently unsupported";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1186 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1187 return check_probe(probe_instance, probe_module, target);
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1188 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1189 else
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1190 check_api = check_ojn;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1191 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1192
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1193 for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1194 local modules, component_module = modulemanager.get_modules_for_host(host);
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1195 if component_module then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1196 modules:add(component_module)
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1197 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1198
11827 2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check Kim Alvefur <zash@zash.se> parents: 11826 diff changeset	1199 print("Checking external connectivity for "..host.." via "..checker)
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1200 local function check_connectivity(protocol)
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1201 local success, err = check_api(protocol, host);
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1202 if not success and err ~= nil then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1203 print((" %s: Failed to request check at API: %s"):format(protocol, err))
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1204 elseif success then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1205 print((" %s: Works"):format(protocol))
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1206 else
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1207 print((" %s: Check service failed to establish (secure) connection"):format(protocol))
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1208 ok = false
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1209 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1210 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1211
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1212 if modules:contains("c2s") then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1213 check_connectivity("xmpp-client")
11957 3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1214 if configmanager.get("*", "c2s_direct_tls_ports") then
3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1215 check_connectivity("xmpps-client");
3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1216 end
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1217 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1218
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1219 if modules:contains("s2s") then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1220 check_connectivity("xmpp-server")
11957 3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1221 if configmanager.get("*", "s2s_direct_tls_ports") then
3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1222 check_connectivity("xmpps-server");
3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks Kim Alvefur <zash@zash.se> parents: 11940 diff changeset	1223 end
11779 f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1224 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1225
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1226 print()
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1227 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1228 print("Note: The connectivity check only checks the reachability of the domain.")
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1229 print("Note: It does not ensure that the check actually reaches this specific prosody instance.")
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network Jonas Schäfer <jonas@wielicki.name> parents: 11778 diff changeset	1230 end
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1231
12377 317132bca8c0 prosodyctl: check: include TURN checks by default Matthew Wild <mwild1@gmail.com> parents: 12376 diff changeset	1232 if not what or what == "turn" then
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1233 local turn_enabled_hosts = {};
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1234 local turn_services = {};
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1235
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1236 for host in enabled_hosts() do
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1237 local has_external_turn = modulemanager.get_modules_for_host(host):contains("turn_external");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1238 if has_external_turn then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1239 table.insert(turn_enabled_hosts, host);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1240 local turn_host = configmanager.get(host, "turn_external_host") or host;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1241 local turn_port = configmanager.get(host, "turn_external_port") or 3478;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1242 local turn_secret = configmanager.get(host, "turn_external_secret");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1243 if not turn_secret then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1244 print("Error: Your configuration is missing a turn_external_secret for "..host);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1245 print("Error: TURN will not be advertised for this host.");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1246 ok = false;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1247 else
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1248 local turn_id = ("%s:%d"):format(turn_host, turn_port);
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1249 if turn_services[turn_id] and turn_services[turn_id].secret ~= turn_secret then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1250 print("Error: Your configuration contains multiple differing secrets");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1251 print(" for the TURN service at "..turn_id.." - we will only test one.");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1252 elseif not turn_services[turn_id] then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1253 turn_services[turn_id] = {
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1254 host = turn_host;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1255 port = turn_port;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1256 secret = turn_secret;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1257 };
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1258 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1259 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1260 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1261 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1262
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1263 if what == "turn" then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1264 local count = it.count(pairs(turn_services));
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1265 if count == 0 then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1266 print("Error: Unable to find any TURN services configured. Enable mod_turn_external!");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1267 else
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1268 print("Identified "..tostring(count).." TURN services.");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1269 print("");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1270 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1271 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1272
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1273 for turn_id, turn_service in pairs(turn_services) do
12377 317132bca8c0 prosodyctl: check: include TURN checks by default Matthew Wild <mwild1@gmail.com> parents: 12376 diff changeset	1274 print("Testing TURN service "..turn_id.."...");
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1275
12372 1ba451c10f41 prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	1276 local result = check_turn_service(turn_service, opts.ping);
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1277 if #result.warnings > 0 then
12381 d999c2b3e289 prosodyctl: check turn: fix formatting of multiple warnings Matthew Wild <mwild1@gmail.com> parents: 12380 diff changeset	1278 print(("%d warnings:\n"):format(#result.warnings));
d999c2b3e289 prosodyctl: check turn: fix formatting of multiple warnings Matthew Wild <mwild1@gmail.com> parents: 12380 diff changeset	1279 print(" "..table.concat(result.warnings, "\n "));
d999c2b3e289 prosodyctl: check turn: fix formatting of multiple warnings Matthew Wild <mwild1@gmail.com> parents: 12380 diff changeset	1280 print("");
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1281 end
12380 3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1282
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1283 if opts.verbose then
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1284 if result.external_ip then
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1285 print(("External IP: %s"):format(result.external_ip.address));
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1286 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1287 if result.relayed_addresses then
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1288 for i, relayed_address in ipairs(result.relayed_addresses) do
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1289 print(("Relayed address %d: %s:%d"):format(i, relayed_address.address, relayed_address.port));
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1290 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1291 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1292 if result.external_ip_pong then
12390 71b5c9b8b07a prosodyctl: check turn: warn about external port mismatches behind NAT Matthew Wild <mwild1@gmail.com> parents: 12385 diff changeset	1293 print(("TURN external address: %s:%d"):format(result.external_ip_pong.address, result.external_ip_pong.port));
12380 3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1294 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1295 end
3a702f37e87c prosodyctl: check turn: always show debug info even if test fails Matthew Wild <mwild1@gmail.com> parents: 12379 diff changeset	1296
12357 cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1297 if result.error then
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1298 print("Error: "..result.error.."\n");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1299 ok = false;
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1300 else
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1301 print("Success!\n");
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1302 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1303 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1304 end
cd11d7c4af8b util.prosodyctl: check turn: New command to verify STUN/TURN service is operational Matthew Wild <mwild1@gmail.com> parents: 12233 diff changeset	1305
10871 e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1306 if not ok then
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1307 print("Problems found, see above.");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1308 else
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1309 print("All checks passed, congratulations!");
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1310 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1311 return ok and 0 or 2;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1312 end
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1313
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1314 return {
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1315 check = check;
e5dee71d0ebb prosodyctl+util.prosodyctl.: Start breaking up the ever-growing prosodyctl Matthew Wild <mwild1@gmail.com>* parents: diff changeset	1316 };

prosody

71b5c9b8b07a

util/prosodyctl/check.lua

Software / code / prosody

Annotate

util/prosodyctl/check.lua @ 12390:71b5c9b8b07a 0.12

Software `/` code `/` prosody