diff options
Diffstat (limited to 'util/prosodyctl')
-rw-r--r-- | util/prosodyctl/check.lua | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua index f2b84c7a..2ef3bbcb 100644 --- a/util/prosodyctl/check.lua +++ b/util/prosodyctl/check.lua @@ -505,6 +505,69 @@ local function check(arg) ok = false; end + do + local global_modules = set.new(config["*"].modules_enabled); + local registration_enabled_hosts = {}; + for host in enabled_hosts() do + local host_modules = set.new(config[host].modules_enabled) + global_modules; + local allow_registration = config[host].allow_registration; + local mod_register = host_modules:contains("register"); + local mod_register_ibr = host_modules:contains("register_ibr"); + local mod_invites_register = host_modules:contains("invites_register"); + local registration_invite_only = config[host].registration_invite_only; + local is_vhost = not config[host].component_module; + if is_vhost and (mod_register_ibr or (mod_register and allow_registration)) + and not (mod_invites_register and registration_invite_only) then + table.insert(registration_enabled_hosts, host); + end + end + if #registration_enabled_hosts > 0 then + table.sort(registration_enabled_hosts); + print(""); + print(" Public registration is enabled on:"); + print(" "..table.concat(registration_enabled_hosts, ", ")); + print(""); + print(" If this is intentional, review our guidelines on running a public server"); + print(" at https://prosody.im/doc/public_servers - otherwise, consider switching to"); + print(" invite-based registration, which is more secure."); + end + end + + do + local orphan_components = {}; + local referenced_components = set.new(); + local enabled_hosts_set = set.new(); + for host, host_options in it.filter("*", pairs(configmanager.getconfig())) do + if host_options.enabled ~= false then + enabled_hosts_set:add(host); + for _, disco_item in ipairs(host_options.disco_items or {}) do + referenced_components:add(disco_item[1]); + end + end + end + for host, host_config in enabled_hosts() do + local is_component = not not host_config.component_module; + if is_component then + local parent_domain = host:match("^[^.]+%.(.+)$"); + local is_orphan = not (enabled_hosts_set:contains(parent_domain) or referenced_components:contains(host)); + if is_orphan then + table.insert(orphan_components, host); + end + end + end + if #orphan_components > 0 then + table.sort(orphan_components); + print(""); + print(" Your configuration contains the following unreferenced components:\n"); + print(" "..table.concat(orphan_components, "\n ")); + print(""); + print(" Clients may not be able to discover these services because they are not linked to"); + print(" any VirtualHost. They are automatically linked if they are direct subdomains of a"); + print(" VirtualHost. Alternatively, you can explicitly link them using the disco_items option."); + print(" For more information see https://prosody.im/doc/modules/mod_disco#items"); + end + end + print("Done.\n"); end if not what or what == "dns" then @@ -585,6 +648,11 @@ local function check(arg) end end + -- Allow admin to specify additional (e.g. undiscoverable) IP addresses in the config + for _, address in ipairs(configmanager.get("*", "external_addresses") or {}) do + external_addresses:add(address); + end + if external_addresses:empty() then print(""); print(" Failed to determine the external addresses of this server. Checks may be inaccurate."); @@ -599,6 +667,8 @@ local function check(arg) return (n:gsub("%.$", "")); end + local unknown_addresses = set.new(); + for jid, host_options in enabled_hosts() do local all_targets_ok, some_targets_ok = true, false; local node, host = jid_split(jid); @@ -781,6 +851,7 @@ local function check(arg) print(" "..target_host.." A record points to internal address, external connections might fail"); else print(" "..target_host.." A record points to unknown address "..record.a); + unknown_addresses:add(record.a); all_targets_ok = false; end end @@ -799,6 +870,7 @@ local function check(arg) print(" "..target_host.." AAAA record points to internal address, external connections might fail"); else print(" "..target_host.." AAAA record points to unknown address "..record.aaaa); + unknown_addresses:add(record.aaaa); all_targets_ok = false; end end @@ -844,6 +916,18 @@ local function check(arg) print(""); end if not problem_hosts:empty() then + if not unknown_addresses:empty() then + print(""); + print("Some of your DNS records point to unknown IP addresses. This may be expected if your server"); + print("is behind a NAT or proxy. The unrecognized addresses were:"); + print(""); + print(" Unrecognized: "..tostring(unknown_addresses)); + print(""); + print("The addresses we found on this system are:"); + print(""); + print(" Internal: "..tostring(internal_addresses)); + print(" External: "..tostring(external_addresses)); + end print(""); print("For more information about DNS configuration please see https://prosody.im/doc/dns"); print(""); |