Annotate

util/prosodyctl/check.lua @ 12317:b4f2027ef917

util.prosodyctl: Warn about enabled public registration in 'check config'
author Matthew Wild <mwild1@gmail.com>
date Wed, 02 Mar 2022 15:22:12 +0000
parent 12233:e4530bdbf5f3
child 12318:239ce74aa6a4
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 local configmanager = require "core.configmanager";
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 local show_usage = require "util.prosodyctl".show_usage;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 local show_warning = require "util.prosodyctl".show_warning;
11780
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running
Kim Alvefur <zash@zash.se>
parents: 11779
diff changeset
4 local is_prosody_running = require "util.prosodyctl".isrunning;
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 local dependencies = require "util.dependencies";
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 local socket = require "socket";
11827
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
7 local socket_url = require "socket.url";
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 local jid_split = require "util.jid".prepped_split;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 local modulemanager = require "core.modulemanager";
11827
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
10 local async = require "util.async";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
11 local httputil = require "util.http";
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12
11826
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents: 11807
diff changeset
13 local function check_ojn(check_type, target_host)
11779
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
14 local http = require "net.http"; -- .new({});
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
15 local json = require "util.json";
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
16
11826
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents: 11807
diff changeset
17 local response, err = async.wait_for(http.request(
11827
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
18 ("https://observe.jabber.network/api/v1/check/%s"):format(httputil.urlencode(check_type)),
11779
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
19 {
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
20 method="POST",
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
21 headers={["Accept"] = "application/json"; ["Content-Type"] = "application/json"},
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
22 body=json.encode({target=target_host}),
11826
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents: 11807
diff changeset
23 }));
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents: 11807
diff changeset
24
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents: 11807
diff changeset
25 if not response then
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents: 11807
diff changeset
26 return false, err;
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents: 11807
diff changeset
27 end
11779
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
28
11826
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents: 11807
diff changeset
29 if response.code ~= 200 then
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents: 11807
diff changeset
30 return false, ("API replied with non-200 code: %d"):format(response.code);
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents: 11807
diff changeset
31 end
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents: 11807
diff changeset
32
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents: 11807
diff changeset
33 local decoded_body, err = json.decode(response.body);
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents: 11807
diff changeset
34 if decoded_body == nil then
e1c4cc5d0ef8 prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents: 11807
diff changeset
35 return false, ("Failed to parse API JSON: %s"):format(err)
11779
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
36 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
37
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
38 local success = decoded_body["success"];
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
39 return success == true, nil;
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
40 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
41
11827
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
42 local function check_probe(base_url, probe_module, target)
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
43 local http = require "net.http"; -- .new({});
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
44 local params = httputil.formencode({ module = probe_module; target = target })
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
45 local response, err = async.wait_for(http.request(base_url .. "?" .. params));
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
46
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
47 if not response then return false, err; end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
48
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
49 if response.code ~= 200 then return false, ("API replied with non-200 code: %d"):format(response.code); end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
50
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
51 for line in response.body:gmatch("[^\r\n]+") do
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
52 local probe_success = line:match("^probe_success%s+(%d+)");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
53
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
54 if probe_success == "1" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
55 return true;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
56 elseif probe_success == "0" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
57 return false;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
58 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
59 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
60 return false, "Probe endpoint did not return a success status";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
61 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
62
11779
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
63 local function skip_bare_jid_hosts(host)
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
64 if jid_split(host) then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
65 -- See issue #779
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
66 return false;
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
67 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
68 return true;
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
69 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
70
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
71 local function check(arg)
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
72 if arg[1] == "--help" then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
73 show_usage([[check]], [[Perform basic checks on your Prosody installation]]);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
74 return 1;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
75 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
76 local what = table.remove(arg, 1);
11798
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
77 local array = require "util.array";
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
78 local set = require "util.set";
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
79 local it = require "util.iterators";
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
80 local ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
81 local function disabled_hosts(host, conf) return host ~= "*" and conf.enabled ~= false; end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
82 local function enabled_hosts() return it.filter(disabled_hosts, pairs(configmanager.getconfig())); end
11779
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
83 if not (what == nil or what == "disabled" or what == "config" or what == "dns" or what == "certs" or what == "connectivity") then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
84 show_warning("Don't know how to check '%s'. Try one of 'config', 'dns', 'certs', 'disabled' or 'connectivity'.", what);
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
85 show_warning("Note: The connectivity check will connect to a remote server.");
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
86 return 1;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
87 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
88 if not what or what == "disabled" then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
89 local disabled_hosts_set = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
90 for host, host_options in it.filter("*", pairs(configmanager.getconfig())) do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
91 if host_options.enabled == false then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
92 disabled_hosts_set:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
93 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
94 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
95 if not disabled_hosts_set:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
96 local msg = "Checks will be skipped for these disabled hosts: %s";
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
97 if what then msg = "These hosts are disabled: %s"; end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
98 show_warning(msg, tostring(disabled_hosts_set));
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
99 if what then return 0; end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
100 print""
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
101 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
102 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
103 if not what or what == "config" then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
104 print("Checking config...");
11798
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
105 local obsolete = set.new({ --> remove
12118
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings
Kim Alvefur <zash@zash.se>
parents: 12099
diff changeset
106 "archive_cleanup_interval",
11634
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
107 "cross_domain_bosh",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
108 "cross_domain_websocket",
12118
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings
Kim Alvefur <zash@zash.se>
parents: 12099
diff changeset
109 "dns_timeout",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings
Kim Alvefur <zash@zash.se>
parents: 12099
diff changeset
110 "muc_log_cleanup_interval",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings
Kim Alvefur <zash@zash.se>
parents: 12099
diff changeset
111 "s2s_dns_resolvers",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings
Kim Alvefur <zash@zash.se>
parents: 12099
diff changeset
112 "setgid",
30d55809d9a6 util.prosodyctl.check: Add some more obsolete settings
Kim Alvefur <zash@zash.se>
parents: 12099
diff changeset
113 "setuid",
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
114 });
12159
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
115 local function instead_use(kind, name, value)
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
116 if kind == "option" then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
117 if value then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
118 return string.format("instead, use '%s = %q'", name, value);
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
119 else
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
120 return string.format("instead, use '%s'", name);
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
121 end
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
122 elseif kind == "module" then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
123 return string.format("instead, add %q to '%s'", name, value or "modules_enabled");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
124 elseif kind == "community" then
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
125 return string.format("instead, add %q from %s", name, value or "prosody-modules");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
126 end
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
127 return kind
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
128 end
11798
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
129 local deprecated_replacements = {
12159
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
130 anonymous_login = instead_use("option", "authentication", "anonymous");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
131 daemonize = "instead, use the --daemonize/-D or --foreground/-F command line flags";
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
132 disallow_s2s = instead_use("module", "s2s");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
133 no_daemonize = "instead, use the --daemonize/-D or --foreground/-F command line flags";
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
134 require_encryption = "instead, use 'c2s_require_encryption' and 's2s_require_encryption'";
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
135 vcard_compatibility = instead_use("community", "mod_compat_vcard");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
136 use_libevent = instead_use("option", "network_backend", "event");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
137 whitelist_registration_only = instead_use("option", "allowlist_registration_only");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
138 registration_whitelist = instead_use("option", "registration_allowlist");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
139 registration_blacklist = instead_use("option", "registration_blocklist");
aa299551f8c6 util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents: 12158
diff changeset
140 blacklist_on_registration_throttle_overload = instead_use("blocklist_on_registration_throttle_overload");
11798
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
141 };
11800
60018637f5d4 util.prosodyctl.check: Nudge towards plural port options
Kim Alvefur <zash@zash.se>
parents: 11799
diff changeset
142 -- FIXME all the singular _port and _interface options are supposed to be deprecated too
11798
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
143 local deprecated_ports = { bosh = "http", legacy_ssl = "c2s_direct_tls" };
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
144 local port_suffixes = set.new({ "port", "ports", "interface", "interfaces", "ssl" });
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
145 for port, replacement in pairs(deprecated_ports) do
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
146 for suffix in port_suffixes do
11800
60018637f5d4 util.prosodyctl.check: Nudge towards plural port options
Kim Alvefur <zash@zash.se>
parents: 11799
diff changeset
147 local rsuffix = (suffix == "port" or suffix == "interface") and suffix.."s" or suffix;
12158
7ff3699c1653 util.prosodyctl.check: Move word to ease future translations
Kim Alvefur <zash@zash.se>
parents: 12157
diff changeset
148 deprecated_replacements[port.."_"..suffix] = "instead, use '"..replacement.."_"..rsuffix.."'"
11798
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
149 end
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
150 end
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
151 local deprecated = set.new(array.collect(it.keys(deprecated_replacements)));
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
152 local known_global_options = set.new({
11635
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
153 "access_control_allow_credentials",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
154 "access_control_allow_headers",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
155 "access_control_allow_methods",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
156 "access_control_max_age",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
157 "admin_socket",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
158 "body_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
159 "bosh_max_inactivity",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
160 "bosh_max_polling",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
161 "bosh_max_wait",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
162 "buffer_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
163 "c2s_close_timeout",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
164 "c2s_stanza_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
165 "c2s_tcp_keepalives",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
166 "c2s_timeout",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
167 "component_stanza_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
168 "component_tcp_keepalives",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
169 "consider_bosh_secure",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
170 "consider_websocket_secure",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
171 "console_banner",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
172 "console_prettyprint_settings",
11634
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
173 "daemonize",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
174 "gc",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
175 "http_default_host",
11635
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
176 "http_errors_always_show",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
177 "http_errors_default_message",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
178 "http_errors_detailed",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
179 "http_errors_messages",
11833
bd86ab8122d9 util.prosodyctl.check: Add two known globals from mod_http
Kim Alvefur <zash@zash.se>
parents: 11827
diff changeset
180 "http_max_buffer_size",
bd86ab8122d9 util.prosodyctl.check: Add two known globals from mod_http
Kim Alvefur <zash@zash.se>
parents: 11827
diff changeset
181 "http_max_content_size",
11634
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
182 "installer_plugin_path",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
183 "limits",
11635
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
184 "limits_resolution",
11634
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
185 "log",
11635
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
186 "multiplex_buffer_size",
11634
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
187 "network_backend",
11635
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
188 "network_default_read_size",
11634
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
189 "network_settings",
11940
2d82e4245aa3 util.prosodyctl.check: Add mod_http_openmetrics settings to known globals
Kim Alvefur <zash@zash.se>
parents: 11925
diff changeset
190 "openmetrics_allow_cidr",
2d82e4245aa3 util.prosodyctl.check: Add mod_http_openmetrics settings to known globals
Kim Alvefur <zash@zash.se>
parents: 11925
diff changeset
191 "openmetrics_allow_ips",
11634
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
192 "pidfile",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
193 "plugin_paths",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
194 "plugin_server",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
195 "prosodyctl_timeout",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
196 "prosody_group",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
197 "prosody_user",
11635
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
198 "run_as_root",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
199 "s2s_close_timeout",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
200 "s2s_insecure_domains",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
201 "s2s_require_encryption",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
202 "s2s_secure_auth",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
203 "s2s_secure_domains",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
204 "s2s_stanza_size_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
205 "s2s_tcp_keepalives",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
206 "s2s_timeout",
11634
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
207 "statistics",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
208 "statistics_config",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
209 "statistics_interval",
11635
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
210 "tcp_keepalives",
12099
b344edad61d3 core.certmanager: Rename preset option to 'tls_preset'
Kim Alvefur <zash@zash.se>
parents: 11957
diff changeset
211 "tls_profile",
11635
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
212 "trusted_proxies",
11634
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
213 "umask",
11635
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
214 "use_dane",
11634
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
215 "use_ipv4",
a6c87b4c0cdf util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents: 11617
diff changeset
216 "use_ipv6",
11635
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
217 "websocket_frame_buffer_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
218 "websocket_frame_fragment_limit",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
219 "websocket_get_response_body",
1b17b967838e util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents: 11634
diff changeset
220 "websocket_get_response_text",
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
221 });
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
222 local config = configmanager.getconfig();
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
223 -- Check that we have any global options (caused by putting a host at the top)
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
224 if it.count(it.filter("log", pairs(config["*"]))) == 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
225 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
226 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
227 print(" No global options defined. Perhaps you have put a host definition at the top")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
228 print(" of the config file? They should be at the bottom, see https://prosody.im/doc/configure#overview");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
229 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
230 if it.count(enabled_hosts()) == 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
231 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
232 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
233 if it.count(it.filter("*", pairs(config))) == 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
234 print(" No hosts are defined, please add at least one VirtualHost section")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
235 elseif config["*"]["enabled"] == false then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
236 print(" No hosts are enabled. Remove enabled = false from the global section or put enabled = true under at least one VirtualHost section")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
237 else
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
238 print(" All hosts are disabled. Remove enabled = false from at least one VirtualHost section")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
239 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
240 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
241 if not config["*"].modules_enabled then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
242 print(" No global modules_enabled is set?");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
243 local suggested_global_modules;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
244 for host, options in enabled_hosts() do --luacheck: ignore 213/host
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
245 if not options.component_module and options.modules_enabled then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
246 suggested_global_modules = set.intersection(suggested_global_modules or set.new(options.modules_enabled), set.new(options.modules_enabled));
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
247 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
248 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
249 if suggested_global_modules and not suggested_global_modules:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
250 print(" Consider moving these modules into modules_enabled in the global section:")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
251 print(" "..tostring(suggested_global_modules / function (x) return ("%q"):format(x) end));
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
252 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
253 print();
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
254 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
255
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
256 do -- Check for modules enabled both normally and as components
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
257 local modules = set.new(config["*"]["modules_enabled"]);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
258 for host, options in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
259 local component_module = options.component_module;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
260 if component_module and modules:contains(component_module) then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
261 print((" mod_%s is enabled both in modules_enabled and as Component %q %q"):format(component_module, host, component_module));
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
262 print(" This means the service is enabled on all VirtualHosts as well as the Component.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
263 print(" Are you sure this what you want? It may cause unexpected behaviour.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
264 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
265 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
266 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
267
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
268 -- Check for global options under hosts
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
269 local global_options = set.new(it.to_array(it.keys(config["*"])));
11798
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
270 local obsolete_global_options = set.intersection(global_options, obsolete);
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
271 if not obsolete_global_options:empty() then
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
272 print("");
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
273 print(" You have some obsolete options you can remove from the global section:");
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
274 print(" "..tostring(obsolete_global_options))
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
275 ok = false;
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
276 end
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
277 local deprecated_global_options = set.intersection(global_options, deprecated);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
278 if not deprecated_global_options:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
279 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
280 print(" You have some deprecated options in the global section:");
11798
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
281 for option in deprecated_global_options do
12158
7ff3699c1653 util.prosodyctl.check: Move word to ease future translations
Kim Alvefur <zash@zash.se>
parents: 12157
diff changeset
282 print((" '%s' -- %s"):format(option, deprecated_replacements[option]));
11798
ba88060fa145 util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents: 11783
diff changeset
283 end
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
284 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
285 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
286 for host, options in it.filter(function (h) return h ~= "*" end, pairs(configmanager.getconfig())) do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
287 local host_options = set.new(it.to_array(it.keys(options)));
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
288 local misplaced_options = set.intersection(host_options, known_global_options);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
289 for name in pairs(options) do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
290 if name:match("^interfaces?")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
291 or name:match("_ports?$") or name:match("_interfaces?$")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
292 or (name:match("_ssl$") and not name:match("^[cs]2s_ssl$")) then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
293 misplaced_options:add(name);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
294 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
295 end
11799
8c9ec2db1d95 util.prosodyctl.check: Fix to not treat some options as misplaced
Kim Alvefur <zash@zash.se>
parents: 11798
diff changeset
296 -- FIXME These _could_ be misplaced, but we would have to check where the corresponding module is loaded to be sure
8c9ec2db1d95 util.prosodyctl.check: Fix to not treat some options as misplaced
Kim Alvefur <zash@zash.se>
parents: 11798
diff changeset
297 misplaced_options:exclude(set.new({ "external_service_port", "turn_external_port" }));
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
298 if not misplaced_options:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
299 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
300 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
301 local n = it.count(misplaced_options);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
302 print(" You have "..n.." option"..(n>1 and "s " or " ").."set under "..host.." that should be");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
303 print(" in the global section of the config file, above any VirtualHost or Component definitions,")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
304 print(" see https://prosody.im/doc/configure#overview for more information.")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
305 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
306 print(" You need to move the following option"..(n>1 and "s" or "")..": "..table.concat(it.to_array(misplaced_options), ", "));
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
307 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
308 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
309 for host, options in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
310 local host_options = set.new(it.to_array(it.keys(options)));
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
311 local subdomain = host:match("^[^.]+");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
312 if not(host_options:contains("component_module")) and (subdomain == "jabber" or subdomain == "xmpp"
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
313 or subdomain == "chat" or subdomain == "im") then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
314 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
315 print(" Suggestion: If "..host.. " is a new host with no real users yet, consider renaming it now to");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
316 print(" "..host:gsub("^[^.]+%.", "")..". You can use SRV records to redirect XMPP clients and servers to "..host..".");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
317 print(" For more information see: https://prosody.im/doc/dns");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
318 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
319 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
320 local all_modules = set.new(config["*"].modules_enabled);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
321 local all_options = set.new(it.to_array(it.keys(config["*"])));
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
322 for host in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
323 all_options:include(set.new(it.to_array(it.keys(config[host]))));
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
324 all_modules:include(set.new(config[host].modules_enabled));
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
325 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
326 for mod in all_modules do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
327 if mod:match("^mod_") then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
328 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
329 print(" Modules in modules_enabled should not have the 'mod_' prefix included.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
330 print(" Change '"..mod.."' to '"..mod:match("^mod_(.*)").."'.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
331 elseif mod:match("^auth_") then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
332 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
333 print(" Authentication modules should not be added to modules_enabled,");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
334 print(" but be specified in the 'authentication' option.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
335 print(" Remove '"..mod.."' from modules_enabled and instead add");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
336 print(" authentication = '"..mod:match("^auth_(.*)").."'");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
337 print(" For more information see https://prosody.im/doc/authentication");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
338 elseif mod:match("^storage_") then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
339 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
340 print(" storage modules should not be added to modules_enabled,");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
341 print(" but be specified in the 'storage' option.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
342 print(" Remove '"..mod.."' from modules_enabled and instead add");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
343 print(" storage = '"..mod:match("^storage_(.*)").."'");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
344 print(" For more information see https://prosody.im/doc/storage");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
345 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
346 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
347 if all_modules:contains("vcard") and all_modules:contains("vcard_legacy") then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
348 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
349 print(" Both mod_vcard_legacy and mod_vcard are enabled but they conflict");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
350 print(" with each other. Remove one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
351 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
352 if all_modules:contains("pep") and all_modules:contains("pep_simple") then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
353 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
354 print(" Both mod_pep_simple and mod_pep are enabled but they conflict");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
355 print(" with each other. Remove one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
356 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
357 for host, host_config in pairs(config) do --luacheck: ignore 213/host
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
358 if type(rawget(host_config, "storage")) == "string" and rawget(host_config, "default_storage") then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
359 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
360 print(" The 'default_storage' option is not needed if 'storage' is set to a string.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
361 break;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
362 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
363 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
364 local require_encryption = set.intersection(all_options, set.new({
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
365 "require_encryption", "c2s_require_encryption", "s2s_require_encryption"
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
366 })):empty();
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
367 local ssl = dependencies.softreq"ssl";
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
368 if not ssl then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
369 if not require_encryption then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
370 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
371 print(" You require encryption but LuaSec is not available.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
372 print(" Connections will fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
373 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
374 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
375 elseif not ssl.loadcertificate then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
376 if all_options:contains("s2s_secure_auth") then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
377 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
378 print(" You have set s2s_secure_auth but your version of LuaSec does ");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
379 print(" not support certificate validation, so all s2s connections will");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
380 print(" fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
381 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
382 elseif all_options:contains("s2s_secure_domains") then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
383 local secure_domains = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
384 for host in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
385 if config[host].s2s_secure_auth == true then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
386 secure_domains:add("*");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
387 else
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
388 secure_domains:include(set.new(config[host].s2s_secure_domains));
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
389 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
390 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
391 if not secure_domains:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
392 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
393 print(" You have set s2s_secure_domains but your version of LuaSec does ");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
394 print(" not support certificate validation, so s2s connections to/from ");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
395 print(" these domains will fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
396 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
397 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
398 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
399 elseif require_encryption and not all_modules:contains("tls") then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
400 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
401 print(" You require encryption but mod_tls is not enabled.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
402 print(" Connections will fail.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
403 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
404 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
405
12317
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
406 do
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
407 local global_modules = set.new(config["*"].modules_enabled);
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
408 local registration_enabled_hosts = {};
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
409 for host in enabled_hosts() do
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
410 local host_modules = set.new(config[host].modules_enabled) + global_modules;
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
411 local allow_registration = config[host].allow_registration;
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
412 local mod_register = host_modules:contains("register");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
413 local mod_register_ibr = host_modules:contains("register_ibr");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
414 local mod_invites_register = host_modules:contains("invites_register");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
415 local registration_invite_only = config[host].registration_invite_only;
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
416 local is_vhost = not config[host].component_module;
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
417 if is_vhost and (mod_register_ibr or (mod_register and allow_registration))
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
418 and not (mod_invites_register and registration_invite_only) then
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
419 table.insert(registration_enabled_hosts, host);
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
420 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
421 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
422 if #registration_enabled_hosts > 0 then
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
423 table.sort(registration_enabled_hosts);
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
424 print("");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
425 print(" Public registration is enabled on:");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
426 print(" "..table.concat(registration_enabled_hosts, ", "));
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
427 print("");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
428 print(" If this is intentional, review our guidelines on running a public server");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
429 print(" at https://prosody.im/doc/public_servers - otherwise, consider switching to");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
430 print(" invite-based registration, which is more secure.");
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
431 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
432 end
b4f2027ef917 util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents: 12233
diff changeset
433
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
434 print("Done.\n");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
435 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
436 if not what or what == "dns" then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
437 local dns = require "net.dns";
10971
3cdb4a7cb406 util.prosodyctl.check: Use net.unbound for DNS if available
Kim Alvefur <zash@zash.se>
parents: 10932
diff changeset
438 pcall(function ()
11645
3be346c5b940 util.prosodyctl.check: Reload unbound to ensure hosts.txt is ignored
Kim Alvefur <zash@zash.se>
parents: 11635
diff changeset
439 local unbound = require"net.unbound";
11617
166f8e1d82b0 util.prosodyctl.check: Ensure that libunbound does not check hosts file
Kim Alvefur <zash@zash.se>
parents: 11616
diff changeset
440 local unbound_config = configmanager.get("*", "unbound") or {};
166f8e1d82b0 util.prosodyctl.check: Ensure that libunbound does not check hosts file
Kim Alvefur <zash@zash.se>
parents: 11616
diff changeset
441 unbound_config.hoststxt = false; -- don't look at /etc/hosts
166f8e1d82b0 util.prosodyctl.check: Ensure that libunbound does not check hosts file
Kim Alvefur <zash@zash.se>
parents: 11616
diff changeset
442 configmanager.set("*", "unbound", unbound_config);
12233
e4530bdbf5f3 util.prosodyctl.check: Fix reset of libunbound before DNS checks
Kim Alvefur <zash@zash.se>
parents: 12231
diff changeset
443 unbound.dns.purge(); -- ensure the above config is used
11645
3be346c5b940 util.prosodyctl.check: Reload unbound to ensure hosts.txt is ignored
Kim Alvefur <zash@zash.se>
parents: 11635
diff changeset
444 dns = unbound.dns;
10971
3cdb4a7cb406 util.prosodyctl.check: Use net.unbound for DNS if available
Kim Alvefur <zash@zash.se>
parents: 10932
diff changeset
445 end)
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
446 local idna = require "util.encodings".idna;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
447 local ip = require "util.ip";
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
448 local c2s_ports = set.new(configmanager.get("*", "c2s_ports") or {5222});
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
449 local s2s_ports = set.new(configmanager.get("*", "s2s_ports") or {5269});
11778
f254fd16218a mod_c2s: Rename Direct TLS listener 'c2s_direct_tls' for clarity
Kim Alvefur <zash@zash.se>
parents: 11777
diff changeset
450 local c2s_tls_ports = set.new(configmanager.get("*", "c2s_direct_tls_ports") or {});
11776
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
451 local s2s_tls_ports = set.new(configmanager.get("*", "s2s_direct_tls_ports") or {});
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
452
12230
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents: 12218
diff changeset
453 if set.new(configmanager.get("*", "modules_enabled")):contains("net_multiplex") then
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents: 12218
diff changeset
454 local multiplex_ports = set.new(configmanager.get("*", "ports") or {});
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents: 12218
diff changeset
455 local multiplex_tls_ports = set.new(configmanager.get("*", "ssl_ports") or {});
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents: 12218
diff changeset
456 if not multiplex_ports:empty() then
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents: 12218
diff changeset
457 c2s_ports = c2s_ports + multiplex_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents: 12218
diff changeset
458 s2s_ports = s2s_ports + multiplex_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents: 12218
diff changeset
459 end
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents: 12218
diff changeset
460 if not multiplex_tls_ports:empty() then
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents: 12218
diff changeset
461 c2s_tls_ports = c2s_tls_ports + multiplex_tls_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents: 12218
diff changeset
462 s2s_tls_ports = s2s_tls_ports + multiplex_tls_ports;
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents: 12218
diff changeset
463 end
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents: 12218
diff changeset
464 end
f590058d8d99 util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents: 12218
diff changeset
465
11776
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
466 local c2s_srv_required, s2s_srv_required, c2s_tls_srv_required, s2s_tls_srv_required;
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
467 if not c2s_ports:contains(5222) then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
468 c2s_srv_required = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
469 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
470 if not s2s_ports:contains(5269) then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
471 s2s_srv_required = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
472 end
11615
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents: 11613
diff changeset
473 if not c2s_tls_ports:empty() then
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents: 11613
diff changeset
474 c2s_tls_srv_required = true;
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents: 11613
diff changeset
475 end
11776
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
476 if not s2s_tls_ports:empty() then
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
477 s2s_tls_srv_required = true;
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
478 end
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
479
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
480 local problem_hosts = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
481
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
482 local external_addresses, internal_addresses = set.new(), set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
483
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
484 local fqdn = socket.dns.tohostname(socket.dns.gethostname());
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
485 if fqdn then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
486 do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
487 local res = dns.lookup(idna.to_ascii(fqdn), "A");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
488 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
489 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
490 external_addresses:add(record.a);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
491 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
492 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
493 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
494 do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
495 local res = dns.lookup(idna.to_ascii(fqdn), "AAAA");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
496 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
497 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
498 external_addresses:add(record.aaaa);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
499 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
500 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
501 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
502 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
503
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
504 local local_addresses = require"util.net".local_addresses() or {};
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
505
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
506 for addr in it.values(local_addresses) do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
507 if not ip.new_ip(addr).private then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
508 external_addresses:add(addr);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
509 else
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
510 internal_addresses:add(addr);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
511 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
512 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
513
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
514 if external_addresses:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
515 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
516 print(" Failed to determine the external addresses of this server. Checks may be inaccurate.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
517 c2s_srv_required, s2s_srv_required = true, true;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
518 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
519
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
520 local v6_supported = not not socket.tcp6;
11924
53e68227c2c0 util.prosodyctl.check: Respect use_ipv4/v6 in proxy65 check
Kim Alvefur <zash@zash.se>
parents: 11923
diff changeset
521 local use_ipv4 = configmanager.get("*", "use_ipv4") ~= false;
53e68227c2c0 util.prosodyctl.check: Respect use_ipv4/v6 in proxy65 check
Kim Alvefur <zash@zash.se>
parents: 11923
diff changeset
522 local use_ipv6 = v6_supported and configmanager.get("*", "use_ipv6") ~= false;
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
523
11655
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents: 11654
diff changeset
524 local function trim_dns_name(n)
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents: 11654
diff changeset
525 return (n:gsub("%.$", ""));
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents: 11654
diff changeset
526 end
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents: 11654
diff changeset
527
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
528 for jid, host_options in enabled_hosts() do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
529 local all_targets_ok, some_targets_ok = true, false;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
530 local node, host = jid_split(jid);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
531
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
532 local modules, component_module = modulemanager.get_modules_for_host(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
533 if component_module then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
534 modules:add(component_module);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
535 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
536
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
537 local is_component = not not host_options.component_module;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
538 print("Checking DNS for "..(is_component and "component" or "host").." "..jid.."...");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
539 if node then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
540 print("Only the domain part ("..host..") is used in DNS.")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
541 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
542 local target_hosts = set.new();
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
543 if modules:contains("c2s") then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
544 local res = dns.lookup("_xmpp-client._tcp."..idna.to_ascii(host)..".", "SRV");
11613
c8a9f77d48fd util.prosodyctl.check: Fix for net.dns vs unbound API difference
Kim Alvefur <zash@zash.se>
parents: 11612
diff changeset
545 if res and #res > 0 then
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
546 for _, record in ipairs(res) do
10932
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents: 10871
diff changeset
547 if record.srv.target == "." then -- TODO is this an error if mod_c2s is enabled?
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents: 10871
diff changeset
548 print(" 'xmpp-client' service disabled by pointing to '.'"); -- FIXME Explain better what this is
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents: 10871
diff changeset
549 break;
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents: 10871
diff changeset
550 end
11655
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents: 11654
diff changeset
551 local target = trim_dns_name(record.srv.target);
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents: 11654
diff changeset
552 target_hosts:add(target);
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
553 if not c2s_ports:contains(record.srv.port) then
11655
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents: 11654
diff changeset
554 print(" SRV target "..target.." contains unknown client port: "..record.srv.port);
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
555 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
556 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
557 else
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
558 if c2s_srv_required then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
559 print(" No _xmpp-client SRV record found for "..host..", but it looks like you need one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
560 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
561 else
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
562 target_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
563 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
564 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
565 end
11615
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents: 11613
diff changeset
566 if modules:contains("c2s") and c2s_tls_srv_required then
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents: 11613
diff changeset
567 local res = dns.lookup("_xmpps-client._tcp."..idna.to_ascii(host)..".", "SRV");
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents: 11613
diff changeset
568 if res and #res > 0 then
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents: 11613
diff changeset
569 for _, record in ipairs(res) do
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents: 11613
diff changeset
570 if record.srv.target == "." then -- TODO is this an error if mod_c2s is enabled?
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents: 11613
diff changeset
571 print(" 'xmpps-client' service disabled by pointing to '.'"); -- FIXME Explain better what this is
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents: 11613
diff changeset
572 break;
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents: 11613
diff changeset
573 end
11655
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents: 11654
diff changeset
574 local target = trim_dns_name(record.srv.target);
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents: 11654
diff changeset
575 target_hosts:add(target);
11615
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents: 11613
diff changeset
576 if not c2s_tls_ports:contains(record.srv.port) then
11655
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents: 11654
diff changeset
577 print(" SRV target "..target.." contains unknown Direct TLS client port: "..record.srv.port);
11615
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents: 11613
diff changeset
578 end
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents: 11613
diff changeset
579 end
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents: 11613
diff changeset
580 else
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents: 11613
diff changeset
581 print(" No _xmpps-client SRV record found for "..host..", but it looks like you need one.");
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents: 11613
diff changeset
582 all_targets_ok = false;
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents: 11613
diff changeset
583 end
8e16fd976c57 util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents: 11613
diff changeset
584 end
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
585 if modules:contains("s2s") then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
586 local res = dns.lookup("_xmpp-server._tcp."..idna.to_ascii(host)..".", "SRV");
11613
c8a9f77d48fd util.prosodyctl.check: Fix for net.dns vs unbound API difference
Kim Alvefur <zash@zash.se>
parents: 11612
diff changeset
587 if res and #res > 0 then
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
588 for _, record in ipairs(res) do
10932
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents: 10871
diff changeset
589 if record.srv.target == "." then -- TODO Is this an error if mod_s2s is enabled?
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents: 10871
diff changeset
590 print(" 'xmpp-server' service disabled by pointing to '.'"); -- FIXME Explain better what this is
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents: 10871
diff changeset
591 break;
ea4a7619058f util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents: 10871
diff changeset
592 end
11655
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents: 11654
diff changeset
593 local target = trim_dns_name(record.srv.target);
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents: 11654
diff changeset
594 target_hosts:add(target);
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
595 if not s2s_ports:contains(record.srv.port) then
11655
bbf50525faa5 util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents: 11654
diff changeset
596 print(" SRV target "..target.." contains unknown server port: "..record.srv.port);
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
597 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
598 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
599 else
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
600 if s2s_srv_required then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
601 print(" No _xmpp-server SRV record found for "..host..", but it looks like you need one.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
602 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
603 else
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
604 target_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
605 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
606 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
607 end
11776
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
608 if modules:contains("s2s") and s2s_tls_srv_required then
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
609 local res = dns.lookup("_xmpps-server._tcp."..idna.to_ascii(host)..".", "SRV");
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
610 if res and #res > 0 then
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
611 for _, record in ipairs(res) do
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
612 if record.srv.target == "." then -- TODO is this an error if mod_s2s is enabled?
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
613 print(" 'xmpps-server' service disabled by pointing to '.'"); -- FIXME Explain better what this is
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
614 break;
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
615 end
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
616 local target = trim_dns_name(record.srv.target);
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
617 target_hosts:add(target);
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
618 if not s2s_tls_ports:contains(record.srv.port) then
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
619 print(" SRV target "..target.." contains unknown Direct TLS server port: "..record.srv.port);
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
620 end
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
621 end
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
622 else
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
623 print(" No _xmpps-server SRV record found for "..host..", but it looks like you need one.");
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
624 all_targets_ok = false;
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
625 end
1132a1f1ca5a util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents: 11655
diff changeset
626 end
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
627 if target_hosts:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
628 target_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
629 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
630
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
631 if target_hosts:contains("localhost") then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
632 print(" Target 'localhost' cannot be accessed from other servers");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
633 target_hosts:remove("localhost");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
634 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
635
12217
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
636 local function check_address(target)
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
637 local A, AAAA = dns.lookup(idna.to_ascii(target), "A"), dns.lookup(idna.to_ascii(target), "AAAA");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
638 local prob = {};
12231
ca8453129ade util.prosodyctl.check: Fix A/AAAA check for proxy65 and http
Kim Alvefur <zash@zash.se>
parents: 12230
diff changeset
639 if use_ipv4 and not (A and #A > 0) then table.insert(prob, "A"); end
ca8453129ade util.prosodyctl.check: Fix A/AAAA check for proxy65 and http
Kim Alvefur <zash@zash.se>
parents: 12230
diff changeset
640 if use_ipv6 and not (AAAA and #AAAA > 0) then table.insert(prob, "AAAA"); end
12217
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
641 return prob;
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
642 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
643
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
644 if modules:contains("proxy65") then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
645 local proxy65_target = configmanager.get(host, "proxy65_address") or host;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
646 if type(proxy65_target) == "string" then
12217
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
647 local prob = check_address(proxy65_target);
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
648 if #prob > 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
649 print(" File transfer proxy "..proxy65_target.." has no "..table.concat(prob, "/")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
650 .." record. Create one or set 'proxy65_address' to the correct host/IP.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
651 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
652 else
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
653 print(" proxy65_address for "..host.." should be set to a string, unable to perform DNS check");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
654 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
655 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
656
12217
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
657 local known_http_modules = set.new { "bosh"; "http_files"; "http_file_share"; "http_openmetrics"; "websocket" };
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
658 local function contains_match(hayset, needle)
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
659 for member in hayset do if member:find(needle) then return true end end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
660 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
661
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
662 if modules:contains("http") or not set.intersection(modules, known_http_modules):empty()
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
663 or contains_match(modules, "^http_") or contains_match(modules, "_web$") then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
664
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
665 local http_host = configmanager.get(host, "http_host") or host;
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
666 local http_internal_host = http_host;
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
667 local http_url = configmanager.get(host, "http_external_url");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
668 if http_url then
12218
0795e1ccf3d8 util.prosodyctl.check: Fix use of LuaSocket URL parser
Kim Alvefur <zash@zash.se>
parents: 12217
diff changeset
669 local url_parse = require "socket.url".parse;
12217
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
670 local external_url_parts = url_parse(http_url);
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
671 if external_url_parts then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
672 http_host = external_url_parts.host;
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
673 else
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
674 print(" The 'http_external_url' setting is not a valid URL");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
675 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
676 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
677
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
678 local prob = check_address(http_host);
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
679 if #prob > 1 then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
680 print(" HTTP service " .. http_host .. " has no " .. table.concat(prob, "/") .. " record. Create one or change "
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
681 .. (http_url and "'http_external_url'" or "'http_host'").." to the correct host.");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
682 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
683
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
684 if http_host ~= http_internal_host then
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
685 print(" Ensure the reverse proxy sets the HTTP Host header to '" .. http_internal_host .. "'");
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
686 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
687 end
39043233de04 util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents: 12159
diff changeset
688
11652
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false
Kim Alvefur <zash@zash.se>
parents: 11651
diff changeset
689 if not use_ipv4 and not use_ipv6 then
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false
Kim Alvefur <zash@zash.se>
parents: 11651
diff changeset
690 print(" Both IPv6 and IPv4 are disabled, Prosody will not listen on any ports");
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false
Kim Alvefur <zash@zash.se>
parents: 11651
diff changeset
691 print(" nor be able to connect to any remote servers.");
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false
Kim Alvefur <zash@zash.se>
parents: 11651
diff changeset
692 all_targets_ok = false;
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false
Kim Alvefur <zash@zash.se>
parents: 11651
diff changeset
693 end
887d7b15e21b util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false
Kim Alvefur <zash@zash.se>
parents: 11651
diff changeset
694
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
695 for target_host in target_hosts do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
696 local host_ok_v4, host_ok_v6;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
697 do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
698 local res = dns.lookup(idna.to_ascii(target_host), "A");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
699 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
700 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
701 if external_addresses:contains(record.a) then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
702 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
703 host_ok_v4 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
704 elseif internal_addresses:contains(record.a) then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
705 host_ok_v4 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
706 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
707 print(" "..target_host.." A record points to internal address, external connections might fail");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
708 else
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
709 print(" "..target_host.." A record points to unknown address "..record.a);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
710 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
711 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
712 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
713 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
714 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
715 do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
716 local res = dns.lookup(idna.to_ascii(target_host), "AAAA");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
717 if res then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
718 for _, record in ipairs(res) do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
719 if external_addresses:contains(record.aaaa) then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
720 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
721 host_ok_v6 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
722 elseif internal_addresses:contains(record.aaaa) then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
723 host_ok_v6 = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
724 some_targets_ok = true;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
725 print(" "..target_host.." AAAA record points to internal address, external connections might fail");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
726 else
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
727 print(" "..target_host.." AAAA record points to unknown address "..record.aaaa);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
728 all_targets_ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
729 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
730 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
731 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
732 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
733
11653
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents: 11652
diff changeset
734 if host_ok_v4 and not use_ipv4 then
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents: 11652
diff changeset
735 print(" Host "..target_host.." does seem to resolve to this server but IPv4 has been disabled");
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents: 11652
diff changeset
736 all_targets_ok = false;
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents: 11652
diff changeset
737 end
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents: 11652
diff changeset
738
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents: 11652
diff changeset
739 if host_ok_v6 and not use_ipv6 then
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents: 11652
diff changeset
740 print(" Host "..target_host.." does seem to resolve to this server but IPv6 has been disabled");
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents: 11652
diff changeset
741 all_targets_ok = false;
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents: 11652
diff changeset
742 end
51141309ffc4 util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents: 11652
diff changeset
743
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
744 local bad_protos = {}
11651
c9f46d28ed7e util.prosodyctl.check: Silence IP protocol mismatches when disabled
Kim Alvefur <zash@zash.se>
parents: 11645
diff changeset
745 if use_ipv4 and not host_ok_v4 then
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
746 table.insert(bad_protos, "IPv4");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
747 end
11651
c9f46d28ed7e util.prosodyctl.check: Silence IP protocol mismatches when disabled
Kim Alvefur <zash@zash.se>
parents: 11645
diff changeset
748 if use_ipv6 and not host_ok_v6 then
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
749 table.insert(bad_protos, "IPv6");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
750 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
751 if #bad_protos > 0 then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
752 print(" Host "..target_host.." does not seem to resolve to this server ("..table.concat(bad_protos, "/")..")");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
753 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
754 if host_ok_v6 and not v6_supported then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
755 print(" Host "..target_host.." has AAAA records, but your version of LuaSocket does not support IPv6.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
756 print(" Please see https://prosody.im/doc/ipv6 for more information.");
11925
3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false
Kim Alvefur <zash@zash.se>
parents: 11924
diff changeset
757 elseif host_ok_v6 and not use_ipv6 then
3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false
Kim Alvefur <zash@zash.se>
parents: 11924
diff changeset
758 print(" Host "..target_host.." has AAAA records, but IPv6 is disabled.");
3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false
Kim Alvefur <zash@zash.se>
parents: 11924
diff changeset
759 -- TODO Tell them to drop the AAAA records or enable IPv6?
3e0d03a74285 util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false
Kim Alvefur <zash@zash.se>
parents: 11924
diff changeset
760 print(" Please see https://prosody.im/doc/ipv6 for more information.");
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
761 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
762 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
763 if not all_targets_ok then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
764 print(" "..(some_targets_ok and "Only some" or "No").." targets for "..host.." appear to resolve to this server.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
765 if is_component then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
766 print(" DNS records are necessary if you want users on other servers to access this component.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
767 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
768 problem_hosts:add(host);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
769 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
770 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
771 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
772 if not problem_hosts:empty() then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
773 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
774 print("For more information about DNS configuration please see https://prosody.im/doc/dns");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
775 print("");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
776 ok = false;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
777 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
778 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
779 if not what or what == "certs" then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
780 local cert_ok;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
781 print"Checking certificates..."
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
782 local x509_verify_identity = require"util.x509".verify_identity;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
783 local create_context = require "core.certmanager".create_context;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
784 local ssl = dependencies.softreq"ssl";
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
785 -- local datetime_parse = require"util.datetime".parse_x509;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
786 local load_cert = ssl and ssl.loadcertificate;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
787 -- or ssl.cert_from_pem
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
788 if not ssl then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
789 print("LuaSec not available, can't perform certificate checks")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
790 if what == "certs" then cert_ok = false end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
791 elseif not load_cert then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
792 print("This version of LuaSec (" .. ssl._VERSION .. ") does not support certificate checking");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
793 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
794 else
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
795 for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
796 print("Checking certificate for "..host);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
797 -- First, let's find out what certificate this host uses.
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
798 local host_ssl_config = configmanager.rawget(host, "ssl")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
799 or configmanager.rawget(host:match("%.(.*)"), "ssl");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
800 local global_ssl_config = configmanager.rawget("*", "ssl");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
801 local ok, err, ssl_config = create_context(host, "server", host_ssl_config, global_ssl_config);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
802 if not ok then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
803 print(" Error: "..err);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
804 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
805 elseif not ssl_config.certificate then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
806 print(" No 'certificate' found for "..host)
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
807 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
808 elseif not ssl_config.key then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
809 print(" No 'key' found for "..host)
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
810 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
811 else
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
812 local key, err = io.open(ssl_config.key); -- Permissions check only
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
813 if not key then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
814 print(" Could not open "..ssl_config.key..": "..err);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
815 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
816 else
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
817 key:close();
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
818 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
819 local cert_fh, err = io.open(ssl_config.certificate); -- Load the file.
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
820 if not cert_fh then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
821 print(" Could not open "..ssl_config.certificate..": "..err);
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
822 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
823 else
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
824 print(" Certificate: "..ssl_config.certificate)
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
825 local cert = load_cert(cert_fh:read"*a"); cert_fh:close();
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
826 if not cert:validat(os.time()) then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
827 print(" Certificate has expired.")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
828 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
829 elseif not cert:validat(os.time() + 86400) then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
830 print(" Certificate expires within one day.")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
831 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
832 elseif not cert:validat(os.time() + 86400*7) then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
833 print(" Certificate expires within one week.")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
834 elseif not cert:validat(os.time() + 86400*31) then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
835 print(" Certificate expires within one month.")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
836 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
837 if configmanager.get(host, "component_module") == nil
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
838 and not x509_verify_identity(host, "_xmpp-client", cert) then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
839 print(" Not valid for client connections to "..host..".")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
840 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
841 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
842 if (not (configmanager.get(host, "anonymous_login")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
843 or configmanager.get(host, "authentication") == "anonymous"))
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
844 and not x509_verify_identity(host, "_xmpp-server", cert) then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
845 print(" Not valid for server-to-server connections to "..host..".")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
846 cert_ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
847 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
848 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
849 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
850 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
851 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
852 if cert_ok == false then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
853 print("")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
854 print("For more information about certificates please see https://prosody.im/doc/certificates");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
855 ok = false
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
856 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
857 print("")
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
858 end
11779
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
859 -- intentionally not doing this by default
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
860 if what == "connectivity" then
11782
d93107de52dd util.prosodyctl.check: Ignore unused "ok" variable [luacheck]
Kim Alvefur <zash@zash.se>
parents: 11780
diff changeset
861 local _, prosody_is_running = is_prosody_running();
11780
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running
Kim Alvefur <zash@zash.se>
parents: 11779
diff changeset
862 if configmanager.get("*", "pidfile") and not prosody_is_running then
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running
Kim Alvefur <zash@zash.se>
parents: 11779
diff changeset
863 print("Prosody does not appear to be running, which is required for this test.");
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running
Kim Alvefur <zash@zash.se>
parents: 11779
diff changeset
864 print("Start it and then try again.");
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running
Kim Alvefur <zash@zash.se>
parents: 11779
diff changeset
865 return 1;
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running
Kim Alvefur <zash@zash.se>
parents: 11779
diff changeset
866 end
98ae95235775 util.prosodyctl.check: Refuse to do ojn test unless prosody is running
Kim Alvefur <zash@zash.se>
parents: 11779
diff changeset
867
11827
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
868 local checker = "observe.jabber.network";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
869 local probe_instance;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
870 local probe_modules = {
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
871 ["xmpp-client"] = "c2s_normal_auth";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
872 ["xmpp-server"] = "s2s_normal";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
873 ["xmpps-client"] = nil; -- TODO
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
874 ["xmpps-server"] = nil; -- TODO
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
875 };
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
876 local probe_settings = configmanager.get("*", "connectivity_probe");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
877 if type(probe_settings) == "string" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
878 probe_instance = probe_settings;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
879 elseif type(probe_settings) == "table" and type(probe_settings.url) == "string" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
880 probe_instance = probe_settings.url;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
881 if type(probe_settings.modules) == "table" then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
882 probe_modules = probe_settings.modules;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
883 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
884 elseif probe_settings ~= nil then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
885 print("The 'connectivity_probe' setting not understood.");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
886 print("Expected an URL or a table with 'url' and 'modules' fields");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
887 print("See https://prosody.im/doc/prosodyctl#check for more information."); -- FIXME
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
888 return 1;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
889 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
890
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
891 local check_api;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
892 if probe_instance then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
893 local parsed_url = socket_url.parse(probe_instance);
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
894 if not parsed_url then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
895 print(("'connectivity_probe' is not a valid URL: %q"):format(probe_instance));
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
896 print("Set it to the URL of an XMPP Blackbox Exporter instance and try again");
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
897 return 1;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
898 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
899 checker = parsed_url.host;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
900
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
901 function check_api(protocol, host)
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
902 local target = socket_url.build({scheme="xmpp",path=host});
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
903 local probe_module = probe_modules[protocol];
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
904 if not probe_module then
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
905 return nil, "Checking protocol '"..protocol.."' is currently unsupported";
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
906 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
907 return check_probe(probe_instance, probe_module, target);
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
908 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
909 else
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
910 check_api = check_ojn;
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
911 end
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
912
11779
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
913 for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
914 local modules, component_module = modulemanager.get_modules_for_host(host);
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
915 if component_module then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
916 modules:add(component_module)
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
917 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
918
11827
2359519260ec prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents: 11826
diff changeset
919 print("Checking external connectivity for "..host.." via "..checker)
11779
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
920 local function check_connectivity(protocol)
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
921 local success, err = check_api(protocol, host);
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
922 if not success and err ~= nil then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
923 print((" %s: Failed to request check at API: %s"):format(protocol, err))
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
924 elseif success then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
925 print((" %s: Works"):format(protocol))
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
926 else
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
927 print((" %s: Check service failed to establish (secure) connection"):format(protocol))
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
928 ok = false
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
929 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
930 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
931
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
932 if modules:contains("c2s") then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
933 check_connectivity("xmpp-client")
11957
3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks
Kim Alvefur <zash@zash.se>
parents: 11940
diff changeset
934 if configmanager.get("*", "c2s_direct_tls_ports") then
3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks
Kim Alvefur <zash@zash.se>
parents: 11940
diff changeset
935 check_connectivity("xmpps-client");
3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks
Kim Alvefur <zash@zash.se>
parents: 11940
diff changeset
936 end
11779
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
937 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
938
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
939 if modules:contains("s2s") then
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
940 check_connectivity("xmpp-server")
11957
3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks
Kim Alvefur <zash@zash.se>
parents: 11940
diff changeset
941 if configmanager.get("*", "s2s_direct_tls_ports") then
3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks
Kim Alvefur <zash@zash.se>
parents: 11940
diff changeset
942 check_connectivity("xmpps-server");
3a7ce7df7806 util.prosodyctl.check: Support direct TLS connectivity checks
Kim Alvefur <zash@zash.se>
parents: 11940
diff changeset
943 end
11779
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
944 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
945
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
946 print()
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
947 end
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
948 print("Note: The connectivity check only checks the reachability of the domain.")
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
949 print("Note: It does not ensure that the check actually reaches this specific prosody instance.")
f4f0bdaeabd2 prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents: 11778
diff changeset
950 end
10871
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
951 if not ok then
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
952 print("Problems found, see above.");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
953 else
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
954 print("All checks passed, congratulations!");
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
955 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
956 return ok and 0 or 2;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
957 end
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
958
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
959 return {
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
960 check = check;
e5dee71d0ebb prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
961 };