Software / code / prosody
Annotate
util/prosodyctl/check.lua @ 13216:fcc052ca1652 0.12
util.prosodyctl.check: Get some config options via minimal moduleapi #896
The module API has certain coercion features that are useful.
Fixes traceback reported in #1812 and other duplicates
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 17 Jul 2023 14:03:13 +0200 |
| parent | 13121:332e95f75dbb |
| child | 13217:b264ea91e930 |
| rev | line source |
|---|---|
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local configmanager = require "core.configmanager"; |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
2 local moduleapi = require "core.moduleapi"; |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 local show_usage = require "util.prosodyctl".show_usage; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local show_warning = require "util.prosodyctl".show_warning; |
|
11780
98ae95235775
util.prosodyctl.check: Refuse to do ojn test unless prosody is running
Kim Alvefur <zash@zash.se>
parents:
11779
diff
changeset
|
5 local is_prosody_running = require "util.prosodyctl".isrunning; |
|
12372
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
6 local parse_args = require "util.argparse".parse; |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 local dependencies = require "util.dependencies"; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 local socket = require "socket"; |
|
11827
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
9 local socket_url = require "socket.url"; |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 local jid_split = require "util.jid".prepped_split; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 local modulemanager = require "core.modulemanager"; |
|
11827
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
12 local async = require "util.async"; |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
13 local httputil = require "util.http"; |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
15 local function api(host) |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
16 return setmetatable({ name = "prosodyctl.check"; host = host; log = prosody.log }, { __index = moduleapi }) |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
17 end |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
18 |
|
11826
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11807
diff
changeset
|
19 local function check_ojn(check_type, target_host) |
|
11779
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
20 local http = require "net.http"; -- .new({}); |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
21 local json = require "util.json"; |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
22 |
|
11826
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11807
diff
changeset
|
23 local response, err = async.wait_for(http.request( |
|
11827
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
24 ("https://observe.jabber.network/api/v1/check/%s"):format(httputil.urlencode(check_type)), |
|
11779
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
25 { |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
26 method="POST", |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
27 headers={["Accept"] = "application/json"; ["Content-Type"] = "application/json"}, |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
28 body=json.encode({target=target_host}), |
|
11826
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11807
diff
changeset
|
29 })); |
|
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11807
diff
changeset
|
30 |
|
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11807
diff
changeset
|
31 if not response then |
|
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11807
diff
changeset
|
32 return false, err; |
|
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11807
diff
changeset
|
33 end |
|
11779
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
34 |
|
11826
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11807
diff
changeset
|
35 if response.code ~= 200 then |
|
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11807
diff
changeset
|
36 return false, ("API replied with non-200 code: %d"):format(response.code); |
|
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11807
diff
changeset
|
37 end |
|
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11807
diff
changeset
|
38 |
|
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11807
diff
changeset
|
39 local decoded_body, err = json.decode(response.body); |
|
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11807
diff
changeset
|
40 if decoded_body == nil then |
|
e1c4cc5d0ef8
prosodyctl: Use HTTP client in promise mode for connectivity check
Kim Alvefur <zash@zash.se>
parents:
11807
diff
changeset
|
41 return false, ("Failed to parse API JSON: %s"):format(err) |
|
11779
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
42 end |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
43 |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
44 local success = decoded_body["success"]; |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
45 return success == true, nil; |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
46 end |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
47 |
|
11827
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
48 local function check_probe(base_url, probe_module, target) |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
49 local http = require "net.http"; -- .new({}); |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
50 local params = httputil.formencode({ module = probe_module; target = target }) |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
51 local response, err = async.wait_for(http.request(base_url .. "?" .. params)); |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
52 |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
53 if not response then return false, err; end |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
54 |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
55 if response.code ~= 200 then return false, ("API replied with non-200 code: %d"):format(response.code); end |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
56 |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
57 for line in response.body:gmatch("[^\r\n]+") do |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
58 local probe_success = line:match("^probe_success%s+(%d+)"); |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
59 |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
60 if probe_success == "1" then |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
61 return true; |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
62 elseif probe_success == "0" then |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
63 return false; |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
64 end |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
65 end |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
66 return false, "Probe endpoint did not return a success status"; |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
67 end |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
68 |
|
12372
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
69 local function check_turn_service(turn_service, ping_service) |
|
12385
92b35a41bb3c
prosodyctl: check turn: compare correct addresses for relay mismatch detection (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
12384
diff
changeset
|
70 local ip = require "util.ip"; |
|
12357
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
71 local stun = require "net.stun"; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
72 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
73 -- Create UDP socket for communication with the server |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
74 local sock = assert(require "socket".udp()); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
75 sock:setsockname("*", 0); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
76 sock:setpeername(turn_service.host, turn_service.port); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
77 sock:settimeout(10); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
78 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
79 -- Helper function to receive a packet |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
80 local function receive_packet() |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
81 local raw_packet, err = sock:receive(); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
82 if not raw_packet then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
83 return nil, err; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
84 end |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
85 return stun.new_packet():deserialize(raw_packet); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
86 end |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
87 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
88 local result = { warnings = {} }; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
89 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
90 -- Send a "binding" query, i.e. a request for our external IP/port |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
91 local bind_query = stun.new_packet("binding", "request"); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
92 bind_query:add_attribute("software", "prosodyctl check turn"); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
93 sock:send(bind_query:serialize()); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
94 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
95 local bind_result, err = receive_packet(); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
96 if not bind_result then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
97 result.error = "No STUN response: "..err; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
98 return result; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
99 elseif bind_result:is_err_resp() then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
100 result.error = ("STUN server returned error: %d (%s)"):format(bind_result:get_error()); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
101 return result; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
102 elseif not bind_result:is_success_resp() then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
103 result.error = ("Unexpected STUN response: %d (%s)"):format(bind_result:get_type()); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
104 return result; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
105 end |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
106 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
107 result.external_ip = bind_result:get_xor_mapped_address(); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
108 if not result.external_ip then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
109 result.error = "STUN server did not return an address"; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
110 return result; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
111 end |
|
12384
53b4549c2209
prosodyctl: check turn: Add check for private IP returned from STUN.
Matthew Wild <mwild1@gmail.com>
parents:
12383
diff
changeset
|
112 if ip.new_ip(result.external_ip.address).private then |
|
53b4549c2209
prosodyctl: check turn: Add check for private IP returned from STUN.
Matthew Wild <mwild1@gmail.com>
parents:
12383
diff
changeset
|
113 table.insert(result.warnings, "STUN returned a private IP! Is the TURN server behind a NAT and misconfigured?"); |
|
53b4549c2209
prosodyctl: check turn: Add check for private IP returned from STUN.
Matthew Wild <mwild1@gmail.com>
parents:
12383
diff
changeset
|
114 end |
|
12357
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
115 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
116 -- Send a TURN "allocate" request. Expected to fail due to auth, but |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
117 -- necessary to obtain a valid realm/nonce from the server. |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
118 local pre_request = stun.new_packet("allocate", "request"); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
119 sock:send(pre_request:serialize()); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
120 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
121 local pre_result, err = receive_packet(); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
122 if not pre_result then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
123 result.error = "No initial TURN response: "..err; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
124 return result; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
125 elseif pre_result:is_success_resp() then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
126 result.error = "TURN server does not have authentication enabled"; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
127 return result; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
128 end |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
129 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
130 local realm = pre_result:get_attribute("realm"); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
131 local nonce = pre_result:get_attribute("nonce"); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
132 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
133 if not realm then |
|
12383
a9b6ed86b573
prosodyctl: check turn: improve warning text to suggest issues
Matthew Wild <mwild1@gmail.com>
parents:
12382
diff
changeset
|
134 table.insert(result.warnings, "TURN server did not return an authentication realm. Is authentication enabled?"); |
|
12357
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
135 end |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
136 if not nonce then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
137 table.insert(result.warnings, "TURN server did not return a nonce"); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
138 end |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
139 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
140 -- Use the configured secret to obtain temporary user/pass credentials |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
141 local turn_user, turn_pass = stun.get_user_pass_from_secret(turn_service.secret); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
142 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
143 -- Send a TURN allocate request, will fail if auth is wrong |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
144 local alloc_request = stun.new_packet("allocate", "request"); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
145 alloc_request:add_requested_transport("udp"); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
146 alloc_request:add_attribute("username", turn_user); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
147 if realm then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
148 alloc_request:add_attribute("realm", realm); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
149 end |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
150 if nonce then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
151 alloc_request:add_attribute("nonce", nonce); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
152 end |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
153 local key = stun.get_long_term_auth_key(realm or turn_service.host, turn_user, turn_pass); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
154 alloc_request:add_message_integrity(key); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
155 sock:send(alloc_request:serialize()); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
156 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
157 -- Check the response |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
158 local alloc_response, err = receive_packet(); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
159 if not alloc_response then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
160 result.error = "TURN server did not response to allocation request: "..err; |
|
12466
9ee41552bca0
util.prosodyctl: check turn: ensure a result is always returned from a check (thanks eTaurus)
Matthew Wild <mwild1@gmail.com>
parents:
12441
diff
changeset
|
161 return result; |
|
12357
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
162 elseif alloc_response:is_err_resp() then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
163 result.error = ("TURN allocation failed: %d (%s)"):format(alloc_response:get_error()); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
164 return result; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
165 elseif not alloc_response:is_success_resp() then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
166 result.error = ("Unexpected TURN response: %d (%s)"):format(alloc_response:get_type()); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
167 return result; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
168 end |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
169 |
|
12375
ea5e46601cfb
prosodyctl: check turn: show relayed address(es) in verbose mode
Matthew Wild <mwild1@gmail.com>
parents:
12373
diff
changeset
|
170 result.relayed_addresses = alloc_response:get_xor_relayed_addresses(); |
|
ea5e46601cfb
prosodyctl: check turn: show relayed address(es) in verbose mode
Matthew Wild <mwild1@gmail.com>
parents:
12373
diff
changeset
|
171 |
|
12372
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
172 if not ping_service then |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
173 -- Success! We won't be running the relay test. |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
174 return result; |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
175 end |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
176 |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
177 -- Run the relay test - i.e. send a binding request to ping_service |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
178 -- and receive a response. |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
179 |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
180 -- Resolve the IP of the ping service |
|
12373
5417ec7e2ee8
prosodyctl: check turn: Allow specifying port for the ping service
Matthew Wild <mwild1@gmail.com>
parents:
12372
diff
changeset
|
181 local ping_host, ping_port = ping_service:match("^([^:]+):(%d+)$"); |
|
5417ec7e2ee8
prosodyctl: check turn: Allow specifying port for the ping service
Matthew Wild <mwild1@gmail.com>
parents:
12372
diff
changeset
|
182 if ping_host then |
|
5417ec7e2ee8
prosodyctl: check turn: Allow specifying port for the ping service
Matthew Wild <mwild1@gmail.com>
parents:
12372
diff
changeset
|
183 ping_port = tonumber(ping_port); |
|
5417ec7e2ee8
prosodyctl: check turn: Allow specifying port for the ping service
Matthew Wild <mwild1@gmail.com>
parents:
12372
diff
changeset
|
184 else |
|
5417ec7e2ee8
prosodyctl: check turn: Allow specifying port for the ping service
Matthew Wild <mwild1@gmail.com>
parents:
12372
diff
changeset
|
185 -- Only a hostname specified, use default STUN port |
|
5417ec7e2ee8
prosodyctl: check turn: Allow specifying port for the ping service
Matthew Wild <mwild1@gmail.com>
parents:
12372
diff
changeset
|
186 ping_host, ping_port = ping_service, 3478; |
|
5417ec7e2ee8
prosodyctl: check turn: Allow specifying port for the ping service
Matthew Wild <mwild1@gmail.com>
parents:
12372
diff
changeset
|
187 end |
|
12416
19fd28239e73
prosodyctl: check turn: Fail with error if our own address is supplied for the ping test
Matthew Wild <mwild1@gmail.com>
parents:
12414
diff
changeset
|
188 |
|
19fd28239e73
prosodyctl: check turn: Fail with error if our own address is supplied for the ping test
Matthew Wild <mwild1@gmail.com>
parents:
12414
diff
changeset
|
189 if ping_host == turn_service.host then |
|
19fd28239e73
prosodyctl: check turn: Fail with error if our own address is supplied for the ping test
Matthew Wild <mwild1@gmail.com>
parents:
12414
diff
changeset
|
190 result.error = ("Unable to perform ping test: please supply an external STUN server address. See https://prosody.im/doc/turn#prosodyctl-check"); |
|
19fd28239e73
prosodyctl: check turn: Fail with error if our own address is supplied for the ping test
Matthew Wild <mwild1@gmail.com>
parents:
12414
diff
changeset
|
191 return result; |
|
19fd28239e73
prosodyctl: check turn: Fail with error if our own address is supplied for the ping test
Matthew Wild <mwild1@gmail.com>
parents:
12414
diff
changeset
|
192 end |
|
19fd28239e73
prosodyctl: check turn: Fail with error if our own address is supplied for the ping test
Matthew Wild <mwild1@gmail.com>
parents:
12414
diff
changeset
|
193 |
|
12373
5417ec7e2ee8
prosodyctl: check turn: Allow specifying port for the ping service
Matthew Wild <mwild1@gmail.com>
parents:
12372
diff
changeset
|
194 local ping_service_ip, err = socket.dns.toip(ping_host); |
|
12372
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
195 if not ping_service_ip then |
|
12379
6ac3c580c00d
prosodyctl: check turn: Clearer error when unable to resolve external service host
Matthew Wild <mwild1@gmail.com>
parents:
12377
diff
changeset
|
196 result.error = "Unable to resolve ping service hostname: "..err; |
|
12372
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
197 return result; |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
198 end |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
199 |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
200 -- Ask the TURN server to allow packets from the ping service IP |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
201 local perm_request = stun.new_packet("create-permission"); |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
202 perm_request:add_xor_peer_address(ping_service_ip); |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
203 perm_request:add_attribute("username", turn_user); |
|
12382
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12381
diff
changeset
|
204 if realm then |
|
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12381
diff
changeset
|
205 perm_request:add_attribute("realm", realm); |
|
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12381
diff
changeset
|
206 end |
|
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12381
diff
changeset
|
207 if nonce then |
|
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12381
diff
changeset
|
208 perm_request:add_attribute("nonce", nonce); |
|
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12381
diff
changeset
|
209 end |
|
12372
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
210 perm_request:add_message_integrity(key); |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
211 sock:send(perm_request:serialize()); |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
212 |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
213 local perm_response, err = receive_packet(); |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
214 if not perm_response then |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
215 result.error = "No response from TURN server when requesting peer permission: "..err; |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
216 return result; |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
217 elseif perm_response:is_err_resp() then |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
218 result.error = ("TURN permission request failed: %d (%s)"):format(perm_response:get_error()); |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
219 return result; |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
220 elseif not perm_response:is_success_resp() then |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
221 result.error = ("Unexpected TURN response: %d (%s)"):format(perm_response:get_type()); |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
222 return result; |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
223 end |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
224 |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
225 -- Ask the TURN server to relay a STUN binding request to the ping server |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
226 local ping_data = stun.new_packet("binding"):serialize(); |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
227 |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
228 local ping_request = stun.new_packet("send", "indication"); |
|
12373
5417ec7e2ee8
prosodyctl: check turn: Allow specifying port for the ping service
Matthew Wild <mwild1@gmail.com>
parents:
12372
diff
changeset
|
229 ping_request:add_xor_peer_address(ping_service_ip, ping_port); |
|
12372
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
230 ping_request:add_attribute("data", ping_data); |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
231 ping_request:add_attribute("username", turn_user); |
|
12382
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12381
diff
changeset
|
232 if realm then |
|
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12381
diff
changeset
|
233 ping_request:add_attribute("realm", realm); |
|
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12381
diff
changeset
|
234 end |
|
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12381
diff
changeset
|
235 if nonce then |
|
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12381
diff
changeset
|
236 ping_request:add_attribute("nonce", nonce); |
|
574cf096a426
prosodyctl: check turn: fix traceback when server does not provide realm/nonce
Matthew Wild <mwild1@gmail.com>
parents:
12381
diff
changeset
|
237 end |
|
12372
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
238 ping_request:add_message_integrity(key); |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
239 sock:send(ping_request:serialize()); |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
240 |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
241 local ping_response, err = receive_packet(); |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
242 if not ping_response then |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
243 result.error = "No response from ping server ("..ping_service_ip.."): "..err; |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
244 return result; |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
245 elseif not ping_response:is_indication() or select(2, ping_response:get_method()) ~= "data" then |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
246 result.error = ("Unexpected TURN response: %s %s"):format(select(2, ping_response:get_method()), select(2, ping_response:get_type())); |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
247 return result; |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
248 end |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
249 |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
250 local pong_data = ping_response:get_attribute("data"); |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
251 if not pong_data then |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
252 result.error = "No data relayed from remote server"; |
|
12466
9ee41552bca0
util.prosodyctl: check turn: ensure a result is always returned from a check (thanks eTaurus)
Matthew Wild <mwild1@gmail.com>
parents:
12441
diff
changeset
|
253 return result; |
|
12372
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
254 end |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
255 local pong = stun.new_packet():deserialize(pong_data); |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
256 |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
257 result.external_ip_pong = pong:get_xor_mapped_address(); |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
258 if not result.external_ip_pong then |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
259 result.error = "Ping server did not return an address"; |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
260 return result; |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
261 end |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
262 |
|
12390
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
263 local relay_address_found, relay_port_matches; |
|
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
264 for _, relayed_address in ipairs(result.relayed_addresses) do |
|
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
265 if relayed_address.address == result.external_ip_pong.address then |
|
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
266 relay_address_found = true; |
|
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
267 relay_port_matches = result.external_ip_pong.port == relayed_address.port; |
|
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
268 end |
|
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
269 end |
|
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
270 if not relay_address_found then |
|
12383
a9b6ed86b573
prosodyctl: check turn: improve warning text to suggest issues
Matthew Wild <mwild1@gmail.com>
parents:
12382
diff
changeset
|
271 table.insert(result.warnings, "TURN external IP vs relay address mismatch! Is the TURN server behind a NAT and misconfigured?"); |
|
12390
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
272 elseif not relay_port_matches then |
|
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
273 table.insert(result.warnings, "External port does not match reported relay port! This is probably caused by a NAT in front of the TURN server."); |
|
12383
a9b6ed86b573
prosodyctl: check turn: improve warning text to suggest issues
Matthew Wild <mwild1@gmail.com>
parents:
12382
diff
changeset
|
274 end |
|
a9b6ed86b573
prosodyctl: check turn: improve warning text to suggest issues
Matthew Wild <mwild1@gmail.com>
parents:
12382
diff
changeset
|
275 |
|
12372
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
276 -- |
|
12357
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
277 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
278 return result; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
279 end |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
280 |
|
11779
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
281 local function skip_bare_jid_hosts(host) |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
282 if jid_split(host) then |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
283 -- See issue #779 |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
284 return false; |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
285 end |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
286 return true; |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
287 end |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
288 |
|
12372
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
289 local check_opts = { |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
290 short_params = { |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
291 h = "help", v = "verbose"; |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
292 }; |
|
12376
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12375
diff
changeset
|
293 value_params = { |
|
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12375
diff
changeset
|
294 ping = true; |
|
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12375
diff
changeset
|
295 }; |
|
12372
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
296 }; |
|
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
297 |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
298 local function check(arg) |
|
12372
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
299 if arg[1] == "help" or arg[1] == "--help" then |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
300 show_usage([[check]], [[Perform basic checks on your Prosody installation]]); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
301 return 1; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
302 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
303 local what = table.remove(arg, 1); |
|
12376
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12375
diff
changeset
|
304 local opts, opts_err, opts_info = parse_args(arg, check_opts); |
|
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12375
diff
changeset
|
305 if opts_err == "missing-value" then |
|
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12375
diff
changeset
|
306 print("Error: Expected a value after '"..opts_info.."'"); |
|
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12375
diff
changeset
|
307 return 1; |
|
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12375
diff
changeset
|
308 elseif opts_err == "param-not-found" then |
|
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12375
diff
changeset
|
309 print("Error: Unknown parameter: "..opts_info); |
|
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12375
diff
changeset
|
310 return 1; |
|
10353ad0ca7a
prosodyctl: check: Slightly improved argument handling
Matthew Wild <mwild1@gmail.com>
parents:
12375
diff
changeset
|
311 end |
|
11798
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
312 local array = require "util.array"; |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
313 local set = require "util.set"; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
314 local it = require "util.iterators"; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
315 local ok = true; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
316 local function disabled_hosts(host, conf) return host ~= "*" and conf.enabled ~= false; end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
317 local function enabled_hosts() return it.filter(disabled_hosts, pairs(configmanager.getconfig())); end |
|
12357
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
318 if not (what == nil or what == "disabled" or what == "config" or what == "dns" or what == "certs" or what == "connectivity" or what == "turn") then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
319 show_warning("Don't know how to check '%s'. Try one of 'config', 'dns', 'certs', 'disabled', 'turn' or 'connectivity'.", what); |
|
11779
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
320 show_warning("Note: The connectivity check will connect to a remote server."); |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
321 return 1; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
322 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
323 if not what or what == "disabled" then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
324 local disabled_hosts_set = set.new(); |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
325 for host in it.filter("*", pairs(configmanager.getconfig())) do |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
326 if api(host):get_option_boolean("enabled") == false then |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
327 disabled_hosts_set:add(host); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
328 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
329 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
330 if not disabled_hosts_set:empty() then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
331 local msg = "Checks will be skipped for these disabled hosts: %s"; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
332 if what then msg = "These hosts are disabled: %s"; end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
333 show_warning(msg, tostring(disabled_hosts_set)); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
334 if what then return 0; end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
335 print"" |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
336 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
337 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
338 if not what or what == "config" then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
339 print("Checking config..."); |
|
12441
dc6263625069
prosodyctl: check config: Report paths of loaded configuration files (fixed #1729)
Matthew Wild <mwild1@gmail.com>
parents:
12416
diff
changeset
|
340 |
|
dc6263625069
prosodyctl: check config: Report paths of loaded configuration files (fixed #1729)
Matthew Wild <mwild1@gmail.com>
parents:
12416
diff
changeset
|
341 if what == "config" then |
|
dc6263625069
prosodyctl: check config: Report paths of loaded configuration files (fixed #1729)
Matthew Wild <mwild1@gmail.com>
parents:
12416
diff
changeset
|
342 local files = configmanager.files(); |
|
dc6263625069
prosodyctl: check config: Report paths of loaded configuration files (fixed #1729)
Matthew Wild <mwild1@gmail.com>
parents:
12416
diff
changeset
|
343 print(" The following configuration files have been loaded:"); |
|
dc6263625069
prosodyctl: check config: Report paths of loaded configuration files (fixed #1729)
Matthew Wild <mwild1@gmail.com>
parents:
12416
diff
changeset
|
344 print(" - "..table.concat(files, "\n - ")); |
|
dc6263625069
prosodyctl: check config: Report paths of loaded configuration files (fixed #1729)
Matthew Wild <mwild1@gmail.com>
parents:
12416
diff
changeset
|
345 end |
|
dc6263625069
prosodyctl: check config: Report paths of loaded configuration files (fixed #1729)
Matthew Wild <mwild1@gmail.com>
parents:
12416
diff
changeset
|
346 |
|
11798
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
347 local obsolete = set.new({ --> remove |
|
12118
30d55809d9a6
util.prosodyctl.check: Add some more obsolete settings
Kim Alvefur <zash@zash.se>
parents:
12099
diff
changeset
|
348 "archive_cleanup_interval", |
|
30d55809d9a6
util.prosodyctl.check: Add some more obsolete settings
Kim Alvefur <zash@zash.se>
parents:
12099
diff
changeset
|
349 "dns_timeout", |
|
30d55809d9a6
util.prosodyctl.check: Add some more obsolete settings
Kim Alvefur <zash@zash.se>
parents:
12099
diff
changeset
|
350 "muc_log_cleanup_interval", |
|
30d55809d9a6
util.prosodyctl.check: Add some more obsolete settings
Kim Alvefur <zash@zash.se>
parents:
12099
diff
changeset
|
351 "s2s_dns_resolvers", |
|
30d55809d9a6
util.prosodyctl.check: Add some more obsolete settings
Kim Alvefur <zash@zash.se>
parents:
12099
diff
changeset
|
352 "setgid", |
|
30d55809d9a6
util.prosodyctl.check: Add some more obsolete settings
Kim Alvefur <zash@zash.se>
parents:
12099
diff
changeset
|
353 "setuid", |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
354 }); |
|
12159
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
355 local function instead_use(kind, name, value) |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
356 if kind == "option" then |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
357 if value then |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
358 return string.format("instead, use '%s = %q'", name, value); |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
359 else |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
360 return string.format("instead, use '%s'", name); |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
361 end |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
362 elseif kind == "module" then |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
363 return string.format("instead, add %q to '%s'", name, value or "modules_enabled"); |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
364 elseif kind == "community" then |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
365 return string.format("instead, add %q from %s", name, value or "prosody-modules"); |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
366 end |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
367 return kind |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
368 end |
|
11798
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
369 local deprecated_replacements = { |
|
12159
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
370 anonymous_login = instead_use("option", "authentication", "anonymous"); |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
371 daemonize = "instead, use the --daemonize/-D or --foreground/-F command line flags"; |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
372 disallow_s2s = instead_use("module", "s2s"); |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
373 no_daemonize = "instead, use the --daemonize/-D or --foreground/-F command line flags"; |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
374 require_encryption = "instead, use 'c2s_require_encryption' and 's2s_require_encryption'"; |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
375 vcard_compatibility = instead_use("community", "mod_compat_vcard"); |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
376 use_libevent = instead_use("option", "network_backend", "event"); |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
377 whitelist_registration_only = instead_use("option", "allowlist_registration_only"); |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
378 registration_whitelist = instead_use("option", "registration_allowlist"); |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
379 registration_blacklist = instead_use("option", "registration_blocklist"); |
|
aa299551f8c6
util.prosodyctl.check: Parameterize replacement instructions
Kim Alvefur <zash@zash.se>
parents:
12158
diff
changeset
|
380 blacklist_on_registration_throttle_overload = instead_use("blocklist_on_registration_throttle_overload"); |
|
12898
4255db0f8e58
util.prosodyctl.check: Suggest 'http_cors_override' instead of older CORS settings
Kim Alvefur <zash@zash.se>
parents:
12842
diff
changeset
|
381 cross_domain_bosh = "instead, use 'http_cors_override', see https://prosody.im/doc/http#cross-domain-cors-support"; |
|
4255db0f8e58
util.prosodyctl.check: Suggest 'http_cors_override' instead of older CORS settings
Kim Alvefur <zash@zash.se>
parents:
12842
diff
changeset
|
382 cross_domain_websocket = "instead, use 'http_cors_override', see https://prosody.im/doc/http#cross-domain-cors-support"; |
|
11798
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
383 }; |
|
11800
60018637f5d4
util.prosodyctl.check: Nudge towards plural port options
Kim Alvefur <zash@zash.se>
parents:
11799
diff
changeset
|
384 -- FIXME all the singular _port and _interface options are supposed to be deprecated too |
|
11798
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
385 local deprecated_ports = { bosh = "http", legacy_ssl = "c2s_direct_tls" }; |
|
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
386 local port_suffixes = set.new({ "port", "ports", "interface", "interfaces", "ssl" }); |
|
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
387 for port, replacement in pairs(deprecated_ports) do |
|
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
388 for suffix in port_suffixes do |
|
11800
60018637f5d4
util.prosodyctl.check: Nudge towards plural port options
Kim Alvefur <zash@zash.se>
parents:
11799
diff
changeset
|
389 local rsuffix = (suffix == "port" or suffix == "interface") and suffix.."s" or suffix; |
|
12158
7ff3699c1653
util.prosodyctl.check: Move word to ease future translations
Kim Alvefur <zash@zash.se>
parents:
12157
diff
changeset
|
390 deprecated_replacements[port.."_"..suffix] = "instead, use '"..replacement.."_"..rsuffix.."'" |
|
11798
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
391 end |
|
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
392 end |
|
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
393 local deprecated = set.new(array.collect(it.keys(deprecated_replacements))); |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
394 local known_global_options = set.new({ |
|
11635
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
395 "access_control_allow_credentials", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
396 "access_control_allow_headers", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
397 "access_control_allow_methods", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
398 "access_control_max_age", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
399 "admin_socket", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
400 "body_size_limit", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
401 "bosh_max_inactivity", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
402 "bosh_max_polling", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
403 "bosh_max_wait", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
404 "buffer_size_limit", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
405 "c2s_close_timeout", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
406 "c2s_stanza_size_limit", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
407 "c2s_tcp_keepalives", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
408 "c2s_timeout", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
409 "component_stanza_size_limit", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
410 "component_tcp_keepalives", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
411 "consider_bosh_secure", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
412 "consider_websocket_secure", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
413 "console_banner", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
414 "console_prettyprint_settings", |
|
11634
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
415 "daemonize", |
|
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
416 "gc", |
|
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
417 "http_default_host", |
|
11635
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
418 "http_errors_always_show", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
419 "http_errors_default_message", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
420 "http_errors_detailed", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
421 "http_errors_messages", |
|
11833
bd86ab8122d9
util.prosodyctl.check: Add two known globals from mod_http
Kim Alvefur <zash@zash.se>
parents:
11827
diff
changeset
|
422 "http_max_buffer_size", |
|
bd86ab8122d9
util.prosodyctl.check: Add two known globals from mod_http
Kim Alvefur <zash@zash.se>
parents:
11827
diff
changeset
|
423 "http_max_content_size", |
|
11634
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
424 "installer_plugin_path", |
|
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
425 "limits", |
|
11635
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
426 "limits_resolution", |
|
11634
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
427 "log", |
|
11635
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
428 "multiplex_buffer_size", |
|
11634
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
429 "network_backend", |
|
11635
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
430 "network_default_read_size", |
|
11634
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
431 "network_settings", |
|
11940
2d82e4245aa3
util.prosodyctl.check: Add mod_http_openmetrics settings to known globals
Kim Alvefur <zash@zash.se>
parents:
11925
diff
changeset
|
432 "openmetrics_allow_cidr", |
|
2d82e4245aa3
util.prosodyctl.check: Add mod_http_openmetrics settings to known globals
Kim Alvefur <zash@zash.se>
parents:
11925
diff
changeset
|
433 "openmetrics_allow_ips", |
|
11634
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
434 "pidfile", |
|
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
435 "plugin_paths", |
|
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
436 "plugin_server", |
|
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
437 "prosodyctl_timeout", |
|
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
438 "prosody_group", |
|
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
439 "prosody_user", |
|
11635
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
440 "run_as_root", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
441 "s2s_close_timeout", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
442 "s2s_insecure_domains", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
443 "s2s_require_encryption", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
444 "s2s_secure_auth", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
445 "s2s_secure_domains", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
446 "s2s_stanza_size_limit", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
447 "s2s_tcp_keepalives", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
448 "s2s_timeout", |
|
11634
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
449 "statistics", |
|
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
450 "statistics_config", |
|
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
451 "statistics_interval", |
|
11635
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
452 "tcp_keepalives", |
|
12099
b344edad61d3
core.certmanager: Rename preset option to 'tls_preset'
Kim Alvefur <zash@zash.se>
parents:
11957
diff
changeset
|
453 "tls_profile", |
|
11635
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
454 "trusted_proxies", |
|
11634
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
455 "umask", |
|
11635
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
456 "use_dane", |
|
11634
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
457 "use_ipv4", |
|
a6c87b4c0cdf
util.prosodyctl.check: Format, sort option listings into canonical form
Kim Alvefur <zash@zash.se>
parents:
11617
diff
changeset
|
458 "use_ipv6", |
|
11635
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
459 "websocket_frame_buffer_limit", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
460 "websocket_frame_fragment_limit", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
461 "websocket_get_response_body", |
|
1b17b967838e
util.prosodyctl.check: Collect options from all global plugins
Kim Alvefur <zash@zash.se>
parents:
11634
diff
changeset
|
462 "websocket_get_response_text", |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
463 }); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
464 local config = configmanager.getconfig(); |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
465 local global = api("*"); |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
466 -- Check that we have any global options (caused by putting a host at the top) |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
467 if it.count(it.filter("log", pairs(config["*"]))) == 0 then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
468 ok = false; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
469 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
470 print(" No global options defined. Perhaps you have put a host definition at the top") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
471 print(" of the config file? They should be at the bottom, see https://prosody.im/doc/configure#overview"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
472 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
473 if it.count(enabled_hosts()) == 0 then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
474 ok = false; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
475 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
476 if it.count(it.filter("*", pairs(config))) == 0 then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
477 print(" No hosts are defined, please add at least one VirtualHost section") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
478 elseif config["*"]["enabled"] == false then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
479 print(" No hosts are enabled. Remove enabled = false from the global section or put enabled = true under at least one VirtualHost section") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
480 else |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
481 print(" All hosts are disabled. Remove enabled = false from at least one VirtualHost section") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
482 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
483 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
484 if not config["*"].modules_enabled then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
485 print(" No global modules_enabled is set?"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
486 local suggested_global_modules; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
487 for host, options in enabled_hosts() do --luacheck: ignore 213/host |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
488 if not options.component_module and options.modules_enabled then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
489 suggested_global_modules = set.intersection(suggested_global_modules or set.new(options.modules_enabled), set.new(options.modules_enabled)); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
490 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
491 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
492 if suggested_global_modules and not suggested_global_modules:empty() then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
493 print(" Consider moving these modules into modules_enabled in the global section:") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
494 print(" "..tostring(suggested_global_modules / function (x) return ("%q"):format(x) end)); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
495 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
496 print(); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
497 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
498 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
499 do -- Check for modules enabled both normally and as components |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
500 local modules = global:get_option_set("modules_enabled"); |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
501 for host, options in enabled_hosts() do |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
502 local component_module = options.component_module; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
503 if component_module and modules:contains(component_module) then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
504 print((" mod_%s is enabled both in modules_enabled and as Component %q %q"):format(component_module, host, component_module)); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
505 print(" This means the service is enabled on all VirtualHosts as well as the Component."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
506 print(" Are you sure this what you want? It may cause unexpected behaviour."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
507 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
508 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
509 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
510 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
511 -- Check for global options under hosts |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
512 local global_options = set.new(it.to_array(it.keys(config["*"]))); |
|
11798
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
513 local obsolete_global_options = set.intersection(global_options, obsolete); |
|
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
514 if not obsolete_global_options:empty() then |
|
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
515 print(""); |
|
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
516 print(" You have some obsolete options you can remove from the global section:"); |
|
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
517 print(" "..tostring(obsolete_global_options)) |
|
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
518 ok = false; |
|
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
519 end |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
520 local deprecated_global_options = set.intersection(global_options, deprecated); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
521 if not deprecated_global_options:empty() then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
522 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
523 print(" You have some deprecated options in the global section:"); |
|
11798
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
524 for option in deprecated_global_options do |
|
12158
7ff3699c1653
util.prosodyctl.check: Move word to ease future translations
Kim Alvefur <zash@zash.se>
parents:
12157
diff
changeset
|
525 print((" '%s' -- %s"):format(option, deprecated_replacements[option])); |
|
11798
ba88060fa145
util.prosodyctl.check: Suggest replacements for deprecated options #1684
Kim Alvefur <zash@zash.se>
parents:
11783
diff
changeset
|
526 end |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
527 ok = false; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
528 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
529 for host, options in it.filter(function (h) return h ~= "*" end, pairs(configmanager.getconfig())) do |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
530 local host_options = set.new(it.to_array(it.keys(options))); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
531 local misplaced_options = set.intersection(host_options, known_global_options); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
532 for name in pairs(options) do |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
533 if name:match("^interfaces?") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
534 or name:match("_ports?$") or name:match("_interfaces?$") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
535 or (name:match("_ssl$") and not name:match("^[cs]2s_ssl$")) then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
536 misplaced_options:add(name); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
537 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
538 end |
|
11799
8c9ec2db1d95
util.prosodyctl.check: Fix to not treat some options as misplaced
Kim Alvefur <zash@zash.se>
parents:
11798
diff
changeset
|
539 -- FIXME These _could_ be misplaced, but we would have to check where the corresponding module is loaded to be sure |
|
8c9ec2db1d95
util.prosodyctl.check: Fix to not treat some options as misplaced
Kim Alvefur <zash@zash.se>
parents:
11798
diff
changeset
|
540 misplaced_options:exclude(set.new({ "external_service_port", "turn_external_port" })); |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
541 if not misplaced_options:empty() then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
542 ok = false; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
543 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
544 local n = it.count(misplaced_options); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
545 print(" You have "..n.." option"..(n>1 and "s " or " ").."set under "..host.." that should be"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
546 print(" in the global section of the config file, above any VirtualHost or Component definitions,") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
547 print(" see https://prosody.im/doc/configure#overview for more information.") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
548 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
549 print(" You need to move the following option"..(n>1 and "s" or "")..": "..table.concat(it.to_array(misplaced_options), ", ")); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
550 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
551 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
552 for host, options in enabled_hosts() do |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
553 local host_options = set.new(it.to_array(it.keys(options))); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
554 local subdomain = host:match("^[^.]+"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
555 if not(host_options:contains("component_module")) and (subdomain == "jabber" or subdomain == "xmpp" |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
556 or subdomain == "chat" or subdomain == "im") then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
557 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
558 print(" Suggestion: If "..host.. " is a new host with no real users yet, consider renaming it now to"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
559 print(" "..host:gsub("^[^.]+%.", "")..". You can use SRV records to redirect XMPP clients and servers to "..host.."."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
560 print(" For more information see: https://prosody.im/doc/dns"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
561 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
562 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
563 local all_modules = set.new(config["*"].modules_enabled); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
564 local all_options = set.new(it.to_array(it.keys(config["*"]))); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
565 for host in enabled_hosts() do |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
566 all_options:include(set.new(it.to_array(it.keys(config[host])))); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
567 all_modules:include(set.new(config[host].modules_enabled)); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
568 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
569 for mod in all_modules do |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
570 if mod:match("^mod_") then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
571 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
572 print(" Modules in modules_enabled should not have the 'mod_' prefix included."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
573 print(" Change '"..mod.."' to '"..mod:match("^mod_(.*)").."'."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
574 elseif mod:match("^auth_") then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
575 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
576 print(" Authentication modules should not be added to modules_enabled,"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
577 print(" but be specified in the 'authentication' option."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
578 print(" Remove '"..mod.."' from modules_enabled and instead add"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
579 print(" authentication = '"..mod:match("^auth_(.*)").."'"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
580 print(" For more information see https://prosody.im/doc/authentication"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
581 elseif mod:match("^storage_") then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
582 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
583 print(" storage modules should not be added to modules_enabled,"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
584 print(" but be specified in the 'storage' option."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
585 print(" Remove '"..mod.."' from modules_enabled and instead add"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
586 print(" storage = '"..mod:match("^storage_(.*)").."'"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
587 print(" For more information see https://prosody.im/doc/storage"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
588 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
589 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
590 if all_modules:contains("vcard") and all_modules:contains("vcard_legacy") then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
591 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
592 print(" Both mod_vcard_legacy and mod_vcard are enabled but they conflict"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
593 print(" with each other. Remove one."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
594 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
595 if all_modules:contains("pep") and all_modules:contains("pep_simple") then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
596 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
597 print(" Both mod_pep_simple and mod_pep are enabled but they conflict"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
598 print(" with each other. Remove one."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
599 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
600 for host, host_config in pairs(config) do --luacheck: ignore 213/host |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
601 if type(rawget(host_config, "storage")) == "string" and rawget(host_config, "default_storage") then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
602 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
603 print(" The 'default_storage' option is not needed if 'storage' is set to a string."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
604 break; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
605 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
606 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
607 local require_encryption = set.intersection(all_options, set.new({ |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
608 "require_encryption", "c2s_require_encryption", "s2s_require_encryption" |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
609 })):empty(); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
610 local ssl = dependencies.softreq"ssl"; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
611 if not ssl then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
612 if not require_encryption then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
613 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
614 print(" You require encryption but LuaSec is not available."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
615 print(" Connections will fail."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
616 ok = false; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
617 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
618 elseif not ssl.loadcertificate then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
619 if all_options:contains("s2s_secure_auth") then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
620 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
621 print(" You have set s2s_secure_auth but your version of LuaSec does "); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
622 print(" not support certificate validation, so all s2s connections will"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
623 print(" fail."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
624 ok = false; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
625 elseif all_options:contains("s2s_secure_domains") then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
626 local secure_domains = set.new(); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
627 for host in enabled_hosts() do |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
628 if api(host):get_option_boolean("s2s_secure_auth") then |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
629 secure_domains:add("*"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
630 else |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
631 secure_domains:include(api(host):get_option_set("s2s_secure_domains", {})); |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
632 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
633 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
634 if not secure_domains:empty() then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
635 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
636 print(" You have set s2s_secure_domains but your version of LuaSec does "); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
637 print(" not support certificate validation, so s2s connections to/from "); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
638 print(" these domains will fail."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
639 ok = false; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
640 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
641 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
642 elseif require_encryption and not all_modules:contains("tls") then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
643 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
644 print(" You require encryption but mod_tls is not enabled."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
645 print(" Connections will fail."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
646 ok = false; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
647 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
648 |
|
12317
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
649 do |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
650 local registration_enabled_hosts = {}; |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
651 for host in enabled_hosts() do |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
652 local host_modules, component = modulemanager.get_modules_for_host(host); |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
653 local hostapi = api(host); |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
654 local allow_registration = hostapi:get_option_boolean("allow_registration", false); |
|
12317
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
655 local mod_register = host_modules:contains("register"); |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
656 local mod_register_ibr = host_modules:contains("register_ibr"); |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
657 local mod_invites_register = host_modules:contains("invites_register"); |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
658 local registration_invite_only = hostapi:get_option_boolean("registration_invite_only", true); |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
659 local is_vhost = not component; |
|
12317
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
660 if is_vhost and (mod_register_ibr or (mod_register and allow_registration)) |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
661 and not (mod_invites_register and registration_invite_only) then |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
662 table.insert(registration_enabled_hosts, host); |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
663 end |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
664 end |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
665 if #registration_enabled_hosts > 0 then |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
666 table.sort(registration_enabled_hosts); |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
667 print(""); |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
668 print(" Public registration is enabled on:"); |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
669 print(" "..table.concat(registration_enabled_hosts, ", ")); |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
670 print(""); |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
671 print(" If this is intentional, review our guidelines on running a public server"); |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
672 print(" at https://prosody.im/doc/public_servers - otherwise, consider switching to"); |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
673 print(" invite-based registration, which is more secure."); |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
674 end |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
675 end |
|
b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
676 |
|
12318
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
677 do |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
678 local orphan_components = {}; |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
679 local referenced_components = set.new(); |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
680 local enabled_hosts_set = set.new(); |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
681 for host in it.filter("*", pairs(configmanager.getconfig())) do |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
682 local hostapi = api(host); |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
683 if hostapi:get_option_boolean("enabled", true) then |
|
12318
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
684 enabled_hosts_set:add(host); |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
685 for _, disco_item in ipairs(hostapi:get_option_array("disco_items", {})) do |
|
12318
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
686 referenced_components:add(disco_item[1]); |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
687 end |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
688 end |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
689 end |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
690 for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
691 local is_component = not not select(2, modulemanager.get_modules_for_host(host)); |
|
12318
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
692 if is_component then |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
693 local parent_domain = host:match("^[^.]+%.(.+)$"); |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
694 local is_orphan = not (enabled_hosts_set:contains(parent_domain) or referenced_components:contains(host)); |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
695 if is_orphan then |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
696 table.insert(orphan_components, host); |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
697 end |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
698 end |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
699 end |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
700 if #orphan_components > 0 then |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
701 table.sort(orphan_components); |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
702 print(""); |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
703 print(" Your configuration contains the following unreferenced components:\n"); |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
704 print(" "..table.concat(orphan_components, "\n ")); |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
705 print(""); |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
706 print(" Clients may not be able to discover these services because they are not linked to"); |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
707 print(" any VirtualHost. They are automatically linked if they are direct subdomains of a"); |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
708 print(" VirtualHost. Alternatively, you can explicitly link them using the disco_items option."); |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
709 print(" For more information see https://prosody.im/doc/modules/mod_disco#items"); |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
710 end |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
711 end |
|
239ce74aa6a4
util.prosodyctl: check: warn about unreferenced components, suggest disco_items
Matthew Wild <mwild1@gmail.com>
parents:
12317
diff
changeset
|
712 |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
713 print("Done.\n"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
714 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
715 if not what or what == "dns" then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
716 local dns = require "net.dns"; |
|
10971
3cdb4a7cb406
util.prosodyctl.check: Use net.unbound for DNS if available
Kim Alvefur <zash@zash.se>
parents:
10932
diff
changeset
|
717 pcall(function () |
|
11645
3be346c5b940
util.prosodyctl.check: Reload unbound to ensure hosts.txt is ignored
Kim Alvefur <zash@zash.se>
parents:
11635
diff
changeset
|
718 local unbound = require"net.unbound"; |
|
3be346c5b940
util.prosodyctl.check: Reload unbound to ensure hosts.txt is ignored
Kim Alvefur <zash@zash.se>
parents:
11635
diff
changeset
|
719 dns = unbound.dns; |
|
10971
3cdb4a7cb406
util.prosodyctl.check: Use net.unbound for DNS if available
Kim Alvefur <zash@zash.se>
parents:
10932
diff
changeset
|
720 end) |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
721 local idna = require "util.encodings".idna; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
722 local ip = require "util.ip"; |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
723 local global = api("*"); |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
724 local c2s_ports = global:get_option_set("c2s_ports", {5222}); |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
725 local s2s_ports = global:get_option_set("s2s_ports", {5269}); |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
726 local c2s_tls_ports = global:get_option_set("c2s_direct_tls_ports", {}); |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
727 local s2s_tls_ports = global:get_option_set("s2s_direct_tls_ports", {}); |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
728 |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
729 local global_enabled = set.new(); |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
730 for host in enabled_hosts() do |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
731 global_enabled:include(modulemanager.get_modules_for_host(host)); |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
732 end |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
733 if global_enabled:contains("net_multiplex") then |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
734 local multiplex_ports = global:get_option_set("ports", {}); |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
735 local multiplex_tls_ports = global:get_option_set("ssl_ports", {}); |
|
12230
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12218
diff
changeset
|
736 if not multiplex_ports:empty() then |
|
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12218
diff
changeset
|
737 c2s_ports = c2s_ports + multiplex_ports; |
|
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12218
diff
changeset
|
738 s2s_ports = s2s_ports + multiplex_ports; |
|
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12218
diff
changeset
|
739 end |
|
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12218
diff
changeset
|
740 if not multiplex_tls_ports:empty() then |
|
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12218
diff
changeset
|
741 c2s_tls_ports = c2s_tls_ports + multiplex_tls_ports; |
|
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12218
diff
changeset
|
742 s2s_tls_ports = s2s_tls_ports + multiplex_tls_ports; |
|
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12218
diff
changeset
|
743 end |
|
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12218
diff
changeset
|
744 end |
|
f590058d8d99
util.prosodyctl.check: Include multiplexed ports in DNS checks #1704
Kim Alvefur <zash@zash.se>
parents:
12218
diff
changeset
|
745 |
|
11776
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
746 local c2s_srv_required, s2s_srv_required, c2s_tls_srv_required, s2s_tls_srv_required; |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
747 if not c2s_ports:contains(5222) then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
748 c2s_srv_required = true; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
749 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
750 if not s2s_ports:contains(5269) then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
751 s2s_srv_required = true; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
752 end |
|
11615
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11613
diff
changeset
|
753 if not c2s_tls_ports:empty() then |
|
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11613
diff
changeset
|
754 c2s_tls_srv_required = true; |
|
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11613
diff
changeset
|
755 end |
|
11776
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
756 if not s2s_tls_ports:empty() then |
|
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
757 s2s_tls_srv_required = true; |
|
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
758 end |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
759 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
760 local problem_hosts = set.new(); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
761 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
762 local external_addresses, internal_addresses = set.new(), set.new(); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
763 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
764 local fqdn = socket.dns.tohostname(socket.dns.gethostname()); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
765 if fqdn then |
|
13121
332e95f75dbb
util.prosodyctl.check: Fix error where hostname can't be turned into A label
Kim Alvefur <zash@zash.se>
parents:
12898
diff
changeset
|
766 local fqdn_a = idna.to_ascii(fqdn); |
|
332e95f75dbb
util.prosodyctl.check: Fix error where hostname can't be turned into A label
Kim Alvefur <zash@zash.se>
parents:
12898
diff
changeset
|
767 if fqdn_a then |
|
332e95f75dbb
util.prosodyctl.check: Fix error where hostname can't be turned into A label
Kim Alvefur <zash@zash.se>
parents:
12898
diff
changeset
|
768 local res = dns.lookup(fqdn_a, "A"); |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
769 if res then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
770 for _, record in ipairs(res) do |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
771 external_addresses:add(record.a); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
772 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
773 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
774 end |
|
13121
332e95f75dbb
util.prosodyctl.check: Fix error where hostname can't be turned into A label
Kim Alvefur <zash@zash.se>
parents:
12898
diff
changeset
|
775 if fqdn_a then |
|
332e95f75dbb
util.prosodyctl.check: Fix error where hostname can't be turned into A label
Kim Alvefur <zash@zash.se>
parents:
12898
diff
changeset
|
776 local res = dns.lookup(fqdn_a, "AAAA"); |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
777 if res then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
778 for _, record in ipairs(res) do |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
779 external_addresses:add(record.aaaa); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
780 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
781 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
782 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
783 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
784 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
785 local local_addresses = require"util.net".local_addresses() or {}; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
786 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
787 for addr in it.values(local_addresses) do |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
788 if not ip.new_ip(addr).private then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
789 external_addresses:add(addr); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
790 else |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
791 internal_addresses:add(addr); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
792 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
793 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
794 |
|
12320
f0be98bab9dd
prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config
Matthew Wild <mwild1@gmail.com>
parents:
12319
diff
changeset
|
795 -- Allow admin to specify additional (e.g. undiscoverable) IP addresses in the config |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
796 for _, address in ipairs(global:get_option_array("external_addresses", {})) do |
|
12320
f0be98bab9dd
prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config
Matthew Wild <mwild1@gmail.com>
parents:
12319
diff
changeset
|
797 external_addresses:add(address); |
|
f0be98bab9dd
prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config
Matthew Wild <mwild1@gmail.com>
parents:
12319
diff
changeset
|
798 end |
|
f0be98bab9dd
prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config
Matthew Wild <mwild1@gmail.com>
parents:
12319
diff
changeset
|
799 |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
800 if external_addresses:empty() then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
801 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
802 print(" Failed to determine the external addresses of this server. Checks may be inaccurate."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
803 c2s_srv_required, s2s_srv_required = true, true; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
804 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
805 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
806 local v6_supported = not not socket.tcp6; |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
807 local use_ipv4 = global:get_option_boolean("use_ipv4", true); |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
808 local use_ipv6 = global:get_option_boolean("use_ipv6", true); |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
809 |
|
11655
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11654
diff
changeset
|
810 local function trim_dns_name(n) |
|
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11654
diff
changeset
|
811 return (n:gsub("%.$", "")); |
|
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11654
diff
changeset
|
812 end |
|
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11654
diff
changeset
|
813 |
|
12319
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12318
diff
changeset
|
814 local unknown_addresses = set.new(); |
|
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12318
diff
changeset
|
815 |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
816 for jid in enabled_hosts() do |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
817 local all_targets_ok, some_targets_ok = true, false; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
818 local node, host = jid_split(jid); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
819 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
820 local modules, component_module = modulemanager.get_modules_for_host(host); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
821 if component_module then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
822 modules:add(component_module); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
823 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
824 |
|
12842
3edd39c55a8a
prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793)
Kim Alvefur <zash@zash.se>
parents:
12520
diff
changeset
|
825 -- TODO Refactor these DNS SRV checks since they are very similar |
|
3edd39c55a8a
prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793)
Kim Alvefur <zash@zash.se>
parents:
12520
diff
changeset
|
826 -- FIXME Suggest concrete actionable steps to correct issues so that |
|
3edd39c55a8a
prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793)
Kim Alvefur <zash@zash.se>
parents:
12520
diff
changeset
|
827 -- users don't have to copy-paste the message into the support chat and |
|
3edd39c55a8a
prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793)
Kim Alvefur <zash@zash.se>
parents:
12520
diff
changeset
|
828 -- ask what to do about it. |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
829 local is_component = not not component_module; |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
830 print("Checking DNS for "..(is_component and "component" or "host").." "..jid.."..."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
831 if node then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
832 print("Only the domain part ("..host..") is used in DNS.") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
833 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
834 local target_hosts = set.new(); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
835 if modules:contains("c2s") then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
836 local res = dns.lookup("_xmpp-client._tcp."..idna.to_ascii(host)..".", "SRV"); |
|
11613
c8a9f77d48fd
util.prosodyctl.check: Fix for net.dns vs unbound API difference
Kim Alvefur <zash@zash.se>
parents:
11612
diff
changeset
|
837 if res and #res > 0 then |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
838 for _, record in ipairs(res) do |
|
10932
ea4a7619058f
util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents:
10871
diff
changeset
|
839 if record.srv.target == "." then -- TODO is this an error if mod_c2s is enabled? |
|
ea4a7619058f
util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents:
10871
diff
changeset
|
840 print(" 'xmpp-client' service disabled by pointing to '.'"); -- FIXME Explain better what this is |
|
ea4a7619058f
util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents:
10871
diff
changeset
|
841 break; |
|
ea4a7619058f
util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents:
10871
diff
changeset
|
842 end |
|
11655
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11654
diff
changeset
|
843 local target = trim_dns_name(record.srv.target); |
|
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11654
diff
changeset
|
844 target_hosts:add(target); |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
845 if not c2s_ports:contains(record.srv.port) then |
|
11655
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11654
diff
changeset
|
846 print(" SRV target "..target.." contains unknown client port: "..record.srv.port); |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
847 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
848 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
849 else |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
850 if c2s_srv_required then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
851 print(" No _xmpp-client SRV record found for "..host..", but it looks like you need one."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
852 all_targets_ok = false; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
853 else |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
854 target_hosts:add(host); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
855 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
856 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
857 end |
|
12842
3edd39c55a8a
prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793)
Kim Alvefur <zash@zash.se>
parents:
12520
diff
changeset
|
858 if modules:contains("c2s") then |
|
11615
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11613
diff
changeset
|
859 local res = dns.lookup("_xmpps-client._tcp."..idna.to_ascii(host)..".", "SRV"); |
|
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11613
diff
changeset
|
860 if res and #res > 0 then |
|
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11613
diff
changeset
|
861 for _, record in ipairs(res) do |
|
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11613
diff
changeset
|
862 if record.srv.target == "." then -- TODO is this an error if mod_c2s is enabled? |
|
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11613
diff
changeset
|
863 print(" 'xmpps-client' service disabled by pointing to '.'"); -- FIXME Explain better what this is |
|
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11613
diff
changeset
|
864 break; |
|
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11613
diff
changeset
|
865 end |
|
11655
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11654
diff
changeset
|
866 local target = trim_dns_name(record.srv.target); |
|
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11654
diff
changeset
|
867 target_hosts:add(target); |
|
11615
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11613
diff
changeset
|
868 if not c2s_tls_ports:contains(record.srv.port) then |
|
11655
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11654
diff
changeset
|
869 print(" SRV target "..target.." contains unknown Direct TLS client port: "..record.srv.port); |
|
11615
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11613
diff
changeset
|
870 end |
|
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11613
diff
changeset
|
871 end |
|
12842
3edd39c55a8a
prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793)
Kim Alvefur <zash@zash.se>
parents:
12520
diff
changeset
|
872 elseif c2s_tls_srv_required then |
|
11615
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11613
diff
changeset
|
873 print(" No _xmpps-client SRV record found for "..host..", but it looks like you need one."); |
|
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11613
diff
changeset
|
874 all_targets_ok = false; |
|
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11613
diff
changeset
|
875 end |
|
8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
Kim Alvefur <zash@zash.se>
parents:
11613
diff
changeset
|
876 end |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
877 if modules:contains("s2s") then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
878 local res = dns.lookup("_xmpp-server._tcp."..idna.to_ascii(host)..".", "SRV"); |
|
11613
c8a9f77d48fd
util.prosodyctl.check: Fix for net.dns vs unbound API difference
Kim Alvefur <zash@zash.se>
parents:
11612
diff
changeset
|
879 if res and #res > 0 then |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
880 for _, record in ipairs(res) do |
|
10932
ea4a7619058f
util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents:
10871
diff
changeset
|
881 if record.srv.target == "." then -- TODO Is this an error if mod_s2s is enabled? |
|
ea4a7619058f
util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents:
10871
diff
changeset
|
882 print(" 'xmpp-server' service disabled by pointing to '.'"); -- FIXME Explain better what this is |
|
ea4a7619058f
util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents:
10871
diff
changeset
|
883 break; |
|
ea4a7619058f
util.prosodyctl.check: Fix traceback by handling SRV '.' target to
Kim Alvefur <zash@zash.se>
parents:
10871
diff
changeset
|
884 end |
|
11655
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11654
diff
changeset
|
885 local target = trim_dns_name(record.srv.target); |
|
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11654
diff
changeset
|
886 target_hosts:add(target); |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
887 if not s2s_ports:contains(record.srv.port) then |
|
11655
bbf50525faa5
util.prosodyctl.check: Normalize away trailing dot in some messages too
Kim Alvefur <zash@zash.se>
parents:
11654
diff
changeset
|
888 print(" SRV target "..target.." contains unknown server port: "..record.srv.port); |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
889 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
890 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
891 else |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
892 if s2s_srv_required then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
893 print(" No _xmpp-server SRV record found for "..host..", but it looks like you need one."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
894 all_targets_ok = false; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
895 else |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
896 target_hosts:add(host); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
897 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
898 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
899 end |
|
12842
3edd39c55a8a
prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793)
Kim Alvefur <zash@zash.se>
parents:
12520
diff
changeset
|
900 if modules:contains("s2s") then |
|
11776
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
901 local res = dns.lookup("_xmpps-server._tcp."..idna.to_ascii(host)..".", "SRV"); |
|
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
902 if res and #res > 0 then |
|
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
903 for _, record in ipairs(res) do |
|
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
904 if record.srv.target == "." then -- TODO is this an error if mod_s2s is enabled? |
|
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
905 print(" 'xmpps-server' service disabled by pointing to '.'"); -- FIXME Explain better what this is |
|
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
906 break; |
|
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
907 end |
|
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
908 local target = trim_dns_name(record.srv.target); |
|
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
909 target_hosts:add(target); |
|
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
910 if not s2s_tls_ports:contains(record.srv.port) then |
|
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
911 print(" SRV target "..target.." contains unknown Direct TLS server port: "..record.srv.port); |
|
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
912 end |
|
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
913 end |
|
12842
3edd39c55a8a
prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793)
Kim Alvefur <zash@zash.se>
parents:
12520
diff
changeset
|
914 elseif s2s_tls_srv_required then |
|
11776
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
915 print(" No _xmpps-server SRV record found for "..host..", but it looks like you need one."); |
|
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
916 all_targets_ok = false; |
|
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
917 end |
|
1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
Kim Alvefur <zash@zash.se>
parents:
11655
diff
changeset
|
918 end |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
919 if target_hosts:empty() then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
920 target_hosts:add(host); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
921 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
922 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
923 if target_hosts:contains("localhost") then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
924 print(" Target 'localhost' cannot be accessed from other servers"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
925 target_hosts:remove("localhost"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
926 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
927 |
|
12217
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
928 local function check_address(target) |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
929 local A, AAAA = dns.lookup(idna.to_ascii(target), "A"), dns.lookup(idna.to_ascii(target), "AAAA"); |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
930 local prob = {}; |
|
12231
ca8453129ade
util.prosodyctl.check: Fix A/AAAA check for proxy65 and http
Kim Alvefur <zash@zash.se>
parents:
12230
diff
changeset
|
931 if use_ipv4 and not (A and #A > 0) then table.insert(prob, "A"); end |
|
ca8453129ade
util.prosodyctl.check: Fix A/AAAA check for proxy65 and http
Kim Alvefur <zash@zash.se>
parents:
12230
diff
changeset
|
932 if use_ipv6 and not (AAAA and #AAAA > 0) then table.insert(prob, "AAAA"); end |
|
12217
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
933 return prob; |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
934 end |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
935 |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
936 if modules:contains("proxy65") then |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
937 local proxy65_target = api(host):get_option_string("proxy65_address", host); |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
938 if type(proxy65_target) == "string" then |
|
12217
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
939 local prob = check_address(proxy65_target); |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
940 if #prob > 0 then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
941 print(" File transfer proxy "..proxy65_target.." has no "..table.concat(prob, "/") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
942 .." record. Create one or set 'proxy65_address' to the correct host/IP."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
943 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
944 else |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
945 print(" proxy65_address for "..host.." should be set to a string, unable to perform DNS check"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
946 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
947 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
948 |
|
12217
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
949 local known_http_modules = set.new { "bosh"; "http_files"; "http_file_share"; "http_openmetrics"; "websocket" }; |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
950 local function contains_match(hayset, needle) |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
951 for member in hayset do if member:find(needle) then return true end end |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
952 end |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
953 |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
954 if modules:contains("http") or not set.intersection(modules, known_http_modules):empty() |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
955 or contains_match(modules, "^http_") or contains_match(modules, "_web$") then |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
956 |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
957 local http_host = api(host):get_option_string("http_host", host); |
|
12217
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
958 local http_internal_host = http_host; |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
959 local http_url = api(host):get_option_string("http_external_url"); |
|
12217
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
960 if http_url then |
|
12218
0795e1ccf3d8
util.prosodyctl.check: Fix use of LuaSocket URL parser
Kim Alvefur <zash@zash.se>
parents:
12217
diff
changeset
|
961 local url_parse = require "socket.url".parse; |
|
12217
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
962 local external_url_parts = url_parse(http_url); |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
963 if external_url_parts then |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
964 http_host = external_url_parts.host; |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
965 else |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
966 print(" The 'http_external_url' setting is not a valid URL"); |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
967 end |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
968 end |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
969 |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
970 local prob = check_address(http_host); |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
971 if #prob > 1 then |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
972 print(" HTTP service " .. http_host .. " has no " .. table.concat(prob, "/") .. " record. Create one or change " |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
973 .. (http_url and "'http_external_url'" or "'http_host'").." to the correct host."); |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
974 end |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
975 |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
976 if http_host ~= http_internal_host then |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
977 print(" Ensure the reverse proxy sets the HTTP Host header to '" .. http_internal_host .. "'"); |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
978 end |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
979 end |
|
39043233de04
util.prosodyctl.check: Add HTTP related DNS checks
Kim Alvefur <zash@zash.se>
parents:
12159
diff
changeset
|
980 |
|
11652
887d7b15e21b
util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false
Kim Alvefur <zash@zash.se>
parents:
11651
diff
changeset
|
981 if not use_ipv4 and not use_ipv6 then |
|
887d7b15e21b
util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false
Kim Alvefur <zash@zash.se>
parents:
11651
diff
changeset
|
982 print(" Both IPv6 and IPv4 are disabled, Prosody will not listen on any ports"); |
|
887d7b15e21b
util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false
Kim Alvefur <zash@zash.se>
parents:
11651
diff
changeset
|
983 print(" nor be able to connect to any remote servers."); |
|
887d7b15e21b
util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false
Kim Alvefur <zash@zash.se>
parents:
11651
diff
changeset
|
984 all_targets_ok = false; |
|
887d7b15e21b
util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false
Kim Alvefur <zash@zash.se>
parents:
11651
diff
changeset
|
985 end |
|
887d7b15e21b
util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to false
Kim Alvefur <zash@zash.se>
parents:
11651
diff
changeset
|
986 |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
987 for target_host in target_hosts do |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
988 local host_ok_v4, host_ok_v6; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
989 do |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
990 local res = dns.lookup(idna.to_ascii(target_host), "A"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
991 if res then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
992 for _, record in ipairs(res) do |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
993 if external_addresses:contains(record.a) then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
994 some_targets_ok = true; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
995 host_ok_v4 = true; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
996 elseif internal_addresses:contains(record.a) then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
997 host_ok_v4 = true; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
998 some_targets_ok = true; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
999 print(" "..target_host.." A record points to internal address, external connections might fail"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1000 else |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1001 print(" "..target_host.." A record points to unknown address "..record.a); |
|
12319
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12318
diff
changeset
|
1002 unknown_addresses:add(record.a); |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1003 all_targets_ok = false; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1004 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1005 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1006 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1007 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1008 do |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1009 local res = dns.lookup(idna.to_ascii(target_host), "AAAA"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1010 if res then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1011 for _, record in ipairs(res) do |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1012 if external_addresses:contains(record.aaaa) then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1013 some_targets_ok = true; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1014 host_ok_v6 = true; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1015 elseif internal_addresses:contains(record.aaaa) then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1016 host_ok_v6 = true; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1017 some_targets_ok = true; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1018 print(" "..target_host.." AAAA record points to internal address, external connections might fail"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1019 else |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1020 print(" "..target_host.." AAAA record points to unknown address "..record.aaaa); |
|
12319
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12318
diff
changeset
|
1021 unknown_addresses:add(record.aaaa); |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1022 all_targets_ok = false; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1023 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1024 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1025 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1026 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1027 |
|
11653
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11652
diff
changeset
|
1028 if host_ok_v4 and not use_ipv4 then |
|
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11652
diff
changeset
|
1029 print(" Host "..target_host.." does seem to resolve to this server but IPv4 has been disabled"); |
|
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11652
diff
changeset
|
1030 all_targets_ok = false; |
|
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11652
diff
changeset
|
1031 end |
|
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11652
diff
changeset
|
1032 |
|
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11652
diff
changeset
|
1033 if host_ok_v6 and not use_ipv6 then |
|
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11652
diff
changeset
|
1034 print(" Host "..target_host.." does seem to resolve to this server but IPv6 has been disabled"); |
|
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11652
diff
changeset
|
1035 all_targets_ok = false; |
|
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11652
diff
changeset
|
1036 end |
|
51141309ffc4
util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvX
Kim Alvefur <zash@zash.se>
parents:
11652
diff
changeset
|
1037 |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1038 local bad_protos = {} |
|
11651
c9f46d28ed7e
util.prosodyctl.check: Silence IP protocol mismatches when disabled
Kim Alvefur <zash@zash.se>
parents:
11645
diff
changeset
|
1039 if use_ipv4 and not host_ok_v4 then |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1040 table.insert(bad_protos, "IPv4"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1041 end |
|
11651
c9f46d28ed7e
util.prosodyctl.check: Silence IP protocol mismatches when disabled
Kim Alvefur <zash@zash.se>
parents:
11645
diff
changeset
|
1042 if use_ipv6 and not host_ok_v6 then |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1043 table.insert(bad_protos, "IPv6"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1044 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1045 if #bad_protos > 0 then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1046 print(" Host "..target_host.." does not seem to resolve to this server ("..table.concat(bad_protos, "/")..")"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1047 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1048 if host_ok_v6 and not v6_supported then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1049 print(" Host "..target_host.." has AAAA records, but your version of LuaSocket does not support IPv6."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1050 print(" Please see https://prosody.im/doc/ipv6 for more information."); |
|
11925
3e0d03a74285
util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false
Kim Alvefur <zash@zash.se>
parents:
11924
diff
changeset
|
1051 elseif host_ok_v6 and not use_ipv6 then |
|
3e0d03a74285
util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false
Kim Alvefur <zash@zash.se>
parents:
11924
diff
changeset
|
1052 print(" Host "..target_host.." has AAAA records, but IPv6 is disabled."); |
|
3e0d03a74285
util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false
Kim Alvefur <zash@zash.se>
parents:
11924
diff
changeset
|
1053 -- TODO Tell them to drop the AAAA records or enable IPv6? |
|
3e0d03a74285
util.prosodyctl.check: Highlight inconsistency of AAAA records and use_ipv6=false
Kim Alvefur <zash@zash.se>
parents:
11924
diff
changeset
|
1054 print(" Please see https://prosody.im/doc/ipv6 for more information."); |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1055 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1056 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1057 if not all_targets_ok then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1058 print(" "..(some_targets_ok and "Only some" or "No").." targets for "..host.." appear to resolve to this server."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1059 if is_component then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1060 print(" DNS records are necessary if you want users on other servers to access this component."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1061 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1062 problem_hosts:add(host); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1063 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1064 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1065 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1066 if not problem_hosts:empty() then |
|
12319
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12318
diff
changeset
|
1067 if not unknown_addresses:empty() then |
|
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12318
diff
changeset
|
1068 print(""); |
|
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12318
diff
changeset
|
1069 print("Some of your DNS records point to unknown IP addresses. This may be expected if your server"); |
|
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12318
diff
changeset
|
1070 print("is behind a NAT or proxy. The unrecognized addresses were:"); |
|
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12318
diff
changeset
|
1071 print(""); |
|
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12318
diff
changeset
|
1072 print(" Unrecognized: "..tostring(unknown_addresses)); |
|
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12318
diff
changeset
|
1073 print(""); |
|
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12318
diff
changeset
|
1074 print("The addresses we found on this system are:"); |
|
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12318
diff
changeset
|
1075 print(""); |
|
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12318
diff
changeset
|
1076 print(" Internal: "..tostring(internal_addresses)); |
|
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12318
diff
changeset
|
1077 print(" External: "..tostring(external_addresses)); |
|
8fc3c06f922d
prosodyctl: check dns: List discovered addresses for diagnostic purposes
Matthew Wild <mwild1@gmail.com>
parents:
12318
diff
changeset
|
1078 end |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1079 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1080 print("For more information about DNS configuration please see https://prosody.im/doc/dns"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1081 print(""); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1082 ok = false; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1083 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1084 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1085 if not what or what == "certs" then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1086 local cert_ok; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1087 print"Checking certificates..." |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1088 local x509_verify_identity = require"util.x509".verify_identity; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1089 local create_context = require "core.certmanager".create_context; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1090 local ssl = dependencies.softreq"ssl"; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1091 -- local datetime_parse = require"util.datetime".parse_x509; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1092 local load_cert = ssl and ssl.loadcertificate; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1093 -- or ssl.cert_from_pem |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1094 if not ssl then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1095 print("LuaSec not available, can't perform certificate checks") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1096 if what == "certs" then cert_ok = false end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1097 elseif not load_cert then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1098 print("This version of LuaSec (" .. ssl._VERSION .. ") does not support certificate checking"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1099 cert_ok = false |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1100 else |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1101 for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1102 print("Checking certificate for "..host); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1103 -- First, let's find out what certificate this host uses. |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1104 local host_ssl_config = configmanager.rawget(host, "ssl") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1105 or configmanager.rawget(host:match("%.(.*)"), "ssl"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1106 local global_ssl_config = configmanager.rawget("*", "ssl"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1107 local ok, err, ssl_config = create_context(host, "server", host_ssl_config, global_ssl_config); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1108 if not ok then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1109 print(" Error: "..err); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1110 cert_ok = false |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1111 elseif not ssl_config.certificate then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1112 print(" No 'certificate' found for "..host) |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1113 cert_ok = false |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1114 elseif not ssl_config.key then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1115 print(" No 'key' found for "..host) |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1116 cert_ok = false |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1117 else |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1118 local key, err = io.open(ssl_config.key); -- Permissions check only |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1119 if not key then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1120 print(" Could not open "..ssl_config.key..": "..err); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1121 cert_ok = false |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1122 else |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1123 key:close(); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1124 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1125 local cert_fh, err = io.open(ssl_config.certificate); -- Load the file. |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1126 if not cert_fh then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1127 print(" Could not open "..ssl_config.certificate..": "..err); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1128 cert_ok = false |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1129 else |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1130 print(" Certificate: "..ssl_config.certificate) |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1131 local cert = load_cert(cert_fh:read"*a"); cert_fh:close(); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1132 if not cert:validat(os.time()) then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1133 print(" Certificate has expired.") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1134 cert_ok = false |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1135 elseif not cert:validat(os.time() + 86400) then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1136 print(" Certificate expires within one day.") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1137 cert_ok = false |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1138 elseif not cert:validat(os.time() + 86400*7) then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1139 print(" Certificate expires within one week.") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1140 elseif not cert:validat(os.time() + 86400*31) then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1141 print(" Certificate expires within one month.") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1142 end |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
1143 if select(2, modulemanager.get_modules_for_host(host)) == nil |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1144 and not x509_verify_identity(host, "_xmpp-client", cert) then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1145 print(" Not valid for client connections to "..host..".") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1146 cert_ok = false |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1147 end |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
1148 if (not (api(host):get_option_boolean("anonymous_login", false) |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
1149 or api(host):get_option_string("authentication", "internal_hashed") == "anonymous")) |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1150 and not x509_verify_identity(host, "_xmpp-server", cert) then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1151 print(" Not valid for server-to-server connections to "..host..".") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1152 cert_ok = false |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1153 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1154 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1155 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1156 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1157 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1158 if cert_ok == false then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1159 print("") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1160 print("For more information about certificates please see https://prosody.im/doc/certificates"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1161 ok = false |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1162 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1163 print("") |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1164 end |
|
11779
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1165 -- intentionally not doing this by default |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1166 if what == "connectivity" then |
|
11782
d93107de52dd
util.prosodyctl.check: Ignore unused "ok" variable [luacheck]
Kim Alvefur <zash@zash.se>
parents:
11780
diff
changeset
|
1167 local _, prosody_is_running = is_prosody_running(); |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
1168 if api("*"):get_option_string("pidfile") and not prosody_is_running then |
|
11780
98ae95235775
util.prosodyctl.check: Refuse to do ojn test unless prosody is running
Kim Alvefur <zash@zash.se>
parents:
11779
diff
changeset
|
1169 print("Prosody does not appear to be running, which is required for this test."); |
|
98ae95235775
util.prosodyctl.check: Refuse to do ojn test unless prosody is running
Kim Alvefur <zash@zash.se>
parents:
11779
diff
changeset
|
1170 print("Start it and then try again."); |
|
98ae95235775
util.prosodyctl.check: Refuse to do ojn test unless prosody is running
Kim Alvefur <zash@zash.se>
parents:
11779
diff
changeset
|
1171 return 1; |
|
98ae95235775
util.prosodyctl.check: Refuse to do ojn test unless prosody is running
Kim Alvefur <zash@zash.se>
parents:
11779
diff
changeset
|
1172 end |
|
98ae95235775
util.prosodyctl.check: Refuse to do ojn test unless prosody is running
Kim Alvefur <zash@zash.se>
parents:
11779
diff
changeset
|
1173 |
|
11827
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1174 local checker = "observe.jabber.network"; |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1175 local probe_instance; |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1176 local probe_modules = { |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1177 ["xmpp-client"] = "c2s_normal_auth"; |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1178 ["xmpp-server"] = "s2s_normal"; |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1179 ["xmpps-client"] = nil; -- TODO |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1180 ["xmpps-server"] = nil; -- TODO |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1181 }; |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
1182 local probe_settings = api("*"):get_option_string("connectivity_probe"); |
|
11827
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1183 if type(probe_settings) == "string" then |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1184 probe_instance = probe_settings; |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1185 elseif type(probe_settings) == "table" and type(probe_settings.url) == "string" then |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1186 probe_instance = probe_settings.url; |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1187 if type(probe_settings.modules) == "table" then |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1188 probe_modules = probe_settings.modules; |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1189 end |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1190 elseif probe_settings ~= nil then |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1191 print("The 'connectivity_probe' setting not understood."); |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1192 print("Expected an URL or a table with 'url' and 'modules' fields"); |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1193 print("See https://prosody.im/doc/prosodyctl#check for more information."); -- FIXME |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1194 return 1; |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1195 end |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1196 |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1197 local check_api; |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1198 if probe_instance then |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1199 local parsed_url = socket_url.parse(probe_instance); |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1200 if not parsed_url then |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1201 print(("'connectivity_probe' is not a valid URL: %q"):format(probe_instance)); |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1202 print("Set it to the URL of an XMPP Blackbox Exporter instance and try again"); |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1203 return 1; |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1204 end |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1205 checker = parsed_url.host; |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1206 |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1207 function check_api(protocol, host) |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1208 local target = socket_url.build({scheme="xmpp",path=host}); |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1209 local probe_module = probe_modules[protocol]; |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1210 if not probe_module then |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1211 return nil, "Checking protocol '"..protocol.."' is currently unsupported"; |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1212 end |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1213 return check_probe(probe_instance, probe_module, target); |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1214 end |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1215 else |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1216 check_api = check_ojn; |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1217 end |
|
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1218 |
|
11779
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1219 for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1220 local modules, component_module = modulemanager.get_modules_for_host(host); |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1221 if component_module then |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1222 modules:add(component_module) |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1223 end |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1224 |
|
11827
2359519260ec
prosodyctl: Add alternate XMPP Blackbox Exporter connectivity check
Kim Alvefur <zash@zash.se>
parents:
11826
diff
changeset
|
1225 print("Checking external connectivity for "..host.." via "..checker) |
|
11779
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1226 local function check_connectivity(protocol) |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1227 local success, err = check_api(protocol, host); |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1228 if not success and err ~= nil then |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1229 print((" %s: Failed to request check at API: %s"):format(protocol, err)) |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1230 elseif success then |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1231 print((" %s: Works"):format(protocol)) |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1232 else |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1233 print((" %s: Check service failed to establish (secure) connection"):format(protocol)) |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1234 ok = false |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1235 end |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1236 end |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1237 |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1238 if modules:contains("c2s") then |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1239 check_connectivity("xmpp-client") |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
1240 if not api("*"):get_option_set("c2s_direct_tls_ports", {}):empty() then |
|
11957
3a7ce7df7806
util.prosodyctl.check: Support direct TLS connectivity checks
Kim Alvefur <zash@zash.se>
parents:
11940
diff
changeset
|
1241 check_connectivity("xmpps-client"); |
|
3a7ce7df7806
util.prosodyctl.check: Support direct TLS connectivity checks
Kim Alvefur <zash@zash.se>
parents:
11940
diff
changeset
|
1242 end |
|
11779
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1243 end |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1244 |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1245 if modules:contains("s2s") then |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1246 check_connectivity("xmpp-server") |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
1247 if not api("*"):get_option_set("s2s_direct_tls_ports", {}):empty() then |
|
11957
3a7ce7df7806
util.prosodyctl.check: Support direct TLS connectivity checks
Kim Alvefur <zash@zash.se>
parents:
11940
diff
changeset
|
1248 check_connectivity("xmpps-server"); |
|
3a7ce7df7806
util.prosodyctl.check: Support direct TLS connectivity checks
Kim Alvefur <zash@zash.se>
parents:
11940
diff
changeset
|
1249 end |
|
11779
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1250 end |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1251 |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1252 print() |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1253 end |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1254 print("Note: The connectivity check only checks the reachability of the domain.") |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1255 print("Note: It does not ensure that the check actually reaches this specific prosody instance.") |
|
f4f0bdaeabd2
prosodyctl: Add external connectivity check based on observe.jabber.network
Jonas Schäfer <jonas@wielicki.name>
parents:
11778
diff
changeset
|
1256 end |
|
12357
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1257 |
|
12377
317132bca8c0
prosodyctl: check: include TURN checks by default
Matthew Wild <mwild1@gmail.com>
parents:
12376
diff
changeset
|
1258 if not what or what == "turn" then |
|
12357
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1259 local turn_enabled_hosts = {}; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1260 local turn_services = {}; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1261 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1262 for host in enabled_hosts() do |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1263 local has_external_turn = modulemanager.get_modules_for_host(host):contains("turn_external"); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1264 if has_external_turn then |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
1265 local hostapi = api(host); |
|
12357
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1266 table.insert(turn_enabled_hosts, host); |
|
13216
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
1267 local turn_host = hostapi:get_option_string("turn_external_host", host); |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
1268 local turn_port = hostapi:get_option_number("turn_external_port", 3478); |
|
fcc052ca1652
util.prosodyctl.check: Get some config options via minimal moduleapi #896
Kim Alvefur <zash@zash.se>
parents:
13121
diff
changeset
|
1269 local turn_secret = hostapi:get_option_string("turn_external_secret"); |
|
12357
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1270 if not turn_secret then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1271 print("Error: Your configuration is missing a turn_external_secret for "..host); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1272 print("Error: TURN will not be advertised for this host."); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1273 ok = false; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1274 else |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1275 local turn_id = ("%s:%d"):format(turn_host, turn_port); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1276 if turn_services[turn_id] and turn_services[turn_id].secret ~= turn_secret then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1277 print("Error: Your configuration contains multiple differing secrets"); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1278 print(" for the TURN service at "..turn_id.." - we will only test one."); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1279 elseif not turn_services[turn_id] then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1280 turn_services[turn_id] = { |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1281 host = turn_host; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1282 port = turn_port; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1283 secret = turn_secret; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1284 }; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1285 end |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1286 end |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1287 end |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1288 end |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1289 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1290 if what == "turn" then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1291 local count = it.count(pairs(turn_services)); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1292 if count == 0 then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1293 print("Error: Unable to find any TURN services configured. Enable mod_turn_external!"); |
|
12488
3183f358a88f
util.prosodyctl.check: turn: Report lack of TURN services as a problem #1749
Kim Alvefur <zash@zash.se>
parents:
12466
diff
changeset
|
1294 ok = false; |
|
12357
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1295 else |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1296 print("Identified "..tostring(count).." TURN services."); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1297 print(""); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1298 end |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1299 end |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1300 |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1301 for turn_id, turn_service in pairs(turn_services) do |
|
12377
317132bca8c0
prosodyctl: check: include TURN checks by default
Matthew Wild <mwild1@gmail.com>
parents:
12376
diff
changeset
|
1302 print("Testing TURN service "..turn_id.."..."); |
|
12357
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1303 |
|
12372
1ba451c10f41
prosodyctl: check turn: Add support for testing data relay with an external STUN server via --ping
Matthew Wild <mwild1@gmail.com>
parents:
12362
diff
changeset
|
1304 local result = check_turn_service(turn_service, opts.ping); |
|
12357
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1305 if #result.warnings > 0 then |
|
12381
d999c2b3e289
prosodyctl: check turn: fix formatting of multiple warnings
Matthew Wild <mwild1@gmail.com>
parents:
12380
diff
changeset
|
1306 print(("%d warnings:\n"):format(#result.warnings)); |
|
d999c2b3e289
prosodyctl: check turn: fix formatting of multiple warnings
Matthew Wild <mwild1@gmail.com>
parents:
12380
diff
changeset
|
1307 print(" "..table.concat(result.warnings, "\n ")); |
|
d999c2b3e289
prosodyctl: check turn: fix formatting of multiple warnings
Matthew Wild <mwild1@gmail.com>
parents:
12380
diff
changeset
|
1308 print(""); |
|
12357
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1309 end |
|
12380
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
1310 |
|
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
1311 if opts.verbose then |
|
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
1312 if result.external_ip then |
|
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
1313 print(("External IP: %s"):format(result.external_ip.address)); |
|
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
1314 end |
|
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
1315 if result.relayed_addresses then |
|
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
1316 for i, relayed_address in ipairs(result.relayed_addresses) do |
|
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
1317 print(("Relayed address %d: %s:%d"):format(i, relayed_address.address, relayed_address.port)); |
|
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
1318 end |
|
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
1319 end |
|
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
1320 if result.external_ip_pong then |
|
12390
71b5c9b8b07a
prosodyctl: check turn: warn about external port mismatches behind NAT
Matthew Wild <mwild1@gmail.com>
parents:
12385
diff
changeset
|
1321 print(("TURN external address: %s:%d"):format(result.external_ip_pong.address, result.external_ip_pong.port)); |
|
12380
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
1322 end |
|
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
1323 end |
|
3a702f37e87c
prosodyctl: check turn: always show debug info even if test fails
Matthew Wild <mwild1@gmail.com>
parents:
12379
diff
changeset
|
1324 |
|
12357
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1325 if result.error then |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1326 print("Error: "..result.error.."\n"); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1327 ok = false; |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1328 else |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1329 print("Success!\n"); |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1330 end |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1331 end |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1332 end |
|
cd11d7c4af8b
util.prosodyctl: check turn: New command to verify STUN/TURN service is operational
Matthew Wild <mwild1@gmail.com>
parents:
12233
diff
changeset
|
1333 |
|
10871
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1334 if not ok then |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1335 print("Problems found, see above."); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1336 else |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1337 print("All checks passed, congratulations!"); |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1338 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1339 return ok and 0 or 2; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1340 end |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1341 |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1342 return { |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1343 check = check; |
|
e5dee71d0ebb
prosodyctl+util.prosodyctl.*: Start breaking up the ever-growing prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1344 }; |
