aboutsummaryrefslogtreecommitdiffstats
path: root/util/prosodyctl
diff options
context:
space:
mode:
Diffstat (limited to 'util/prosodyctl')
-rw-r--r--util/prosodyctl/check.lua84
1 files changed, 84 insertions, 0 deletions
diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua
index f2b84c7a..2ef3bbcb 100644
--- a/util/prosodyctl/check.lua
+++ b/util/prosodyctl/check.lua
@@ -505,6 +505,69 @@ local function check(arg)
ok = false;
end
+ do
+ local global_modules = set.new(config["*"].modules_enabled);
+ local registration_enabled_hosts = {};
+ for host in enabled_hosts() do
+ local host_modules = set.new(config[host].modules_enabled) + global_modules;
+ local allow_registration = config[host].allow_registration;
+ local mod_register = host_modules:contains("register");
+ local mod_register_ibr = host_modules:contains("register_ibr");
+ local mod_invites_register = host_modules:contains("invites_register");
+ local registration_invite_only = config[host].registration_invite_only;
+ local is_vhost = not config[host].component_module;
+ if is_vhost and (mod_register_ibr or (mod_register and allow_registration))
+ and not (mod_invites_register and registration_invite_only) then
+ table.insert(registration_enabled_hosts, host);
+ end
+ end
+ if #registration_enabled_hosts > 0 then
+ table.sort(registration_enabled_hosts);
+ print("");
+ print(" Public registration is enabled on:");
+ print(" "..table.concat(registration_enabled_hosts, ", "));
+ print("");
+ print(" If this is intentional, review our guidelines on running a public server");
+ print(" at https://prosody.im/doc/public_servers - otherwise, consider switching to");
+ print(" invite-based registration, which is more secure.");
+ end
+ end
+
+ do
+ local orphan_components = {};
+ local referenced_components = set.new();
+ local enabled_hosts_set = set.new();
+ for host, host_options in it.filter("*", pairs(configmanager.getconfig())) do
+ if host_options.enabled ~= false then
+ enabled_hosts_set:add(host);
+ for _, disco_item in ipairs(host_options.disco_items or {}) do
+ referenced_components:add(disco_item[1]);
+ end
+ end
+ end
+ for host, host_config in enabled_hosts() do
+ local is_component = not not host_config.component_module;
+ if is_component then
+ local parent_domain = host:match("^[^.]+%.(.+)$");
+ local is_orphan = not (enabled_hosts_set:contains(parent_domain) or referenced_components:contains(host));
+ if is_orphan then
+ table.insert(orphan_components, host);
+ end
+ end
+ end
+ if #orphan_components > 0 then
+ table.sort(orphan_components);
+ print("");
+ print(" Your configuration contains the following unreferenced components:\n");
+ print(" "..table.concat(orphan_components, "\n "));
+ print("");
+ print(" Clients may not be able to discover these services because they are not linked to");
+ print(" any VirtualHost. They are automatically linked if they are direct subdomains of a");
+ print(" VirtualHost. Alternatively, you can explicitly link them using the disco_items option.");
+ print(" For more information see https://prosody.im/doc/modules/mod_disco#items");
+ end
+ end
+
print("Done.\n");
end
if not what or what == "dns" then
@@ -585,6 +648,11 @@ local function check(arg)
end
end
+ -- Allow admin to specify additional (e.g. undiscoverable) IP addresses in the config
+ for _, address in ipairs(configmanager.get("*", "external_addresses") or {}) do
+ external_addresses:add(address);
+ end
+
if external_addresses:empty() then
print("");
print(" Failed to determine the external addresses of this server. Checks may be inaccurate.");
@@ -599,6 +667,8 @@ local function check(arg)
return (n:gsub("%.$", ""));
end
+ local unknown_addresses = set.new();
+
for jid, host_options in enabled_hosts() do
local all_targets_ok, some_targets_ok = true, false;
local node, host = jid_split(jid);
@@ -781,6 +851,7 @@ local function check(arg)
print(" "..target_host.." A record points to internal address, external connections might fail");
else
print(" "..target_host.." A record points to unknown address "..record.a);
+ unknown_addresses:add(record.a);
all_targets_ok = false;
end
end
@@ -799,6 +870,7 @@ local function check(arg)
print(" "..target_host.." AAAA record points to internal address, external connections might fail");
else
print(" "..target_host.." AAAA record points to unknown address "..record.aaaa);
+ unknown_addresses:add(record.aaaa);
all_targets_ok = false;
end
end
@@ -844,6 +916,18 @@ local function check(arg)
print("");
end
if not problem_hosts:empty() then
+ if not unknown_addresses:empty() then
+ print("");
+ print("Some of your DNS records point to unknown IP addresses. This may be expected if your server");
+ print("is behind a NAT or proxy. The unrecognized addresses were:");
+ print("");
+ print(" Unrecognized: "..tostring(unknown_addresses));
+ print("");
+ print("The addresses we found on this system are:");
+ print("");
+ print(" Internal: "..tostring(internal_addresses));
+ print(" External: "..tostring(external_addresses));
+ end
print("");
print("For more information about DNS configuration please see https://prosody.im/doc/dns");
print("");