From e06c97ca525af2d40134737336322551f0ad77b4 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Mon, 13 Nov 2023 09:58:56 +0100
Subject: util.prosodyctl.check: Disable https cert check if http_external_url
 set

This would indicate that a reverse proxy is used, which gets to be
responsible for that since it probably holds the actual cert.
---
 util/prosodyctl/check.lua | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'util/prosodyctl/check.lua')

diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua
index 8e4a4dc5..5e7087c5 100644
--- a/util/prosodyctl/check.lua
+++ b/util/prosodyctl/check.lua
@@ -1189,6 +1189,10 @@ local function check(arg)
 							or contains_match(modules, "_web$");
 
 						local http_host = api(host):get_option_string("http_host", host);
+						if api(host):get_option_string("http_external_url") then
+							-- Assumed behind a reverse proxy
+							http_loaded = false;
+						end
 						if http_loaded and not x509_verify_identity(http_host, nil, cert) then
 							print("    Not valid for HTTPS connections to "..host..".")
 							cert_ok = false
-- 
cgit v1.2.3