From e06c97ca525af2d40134737336322551f0ad77b4 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 13 Nov 2023 09:58:56 +0100 Subject: util.prosodyctl.check: Disable https cert check if http_external_url set This would indicate that a reverse proxy is used, which gets to be responsible for that since it probably holds the actual cert. --- util/prosodyctl/check.lua | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'util') diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua index 8e4a4dc5..5e7087c5 100644 --- a/util/prosodyctl/check.lua +++ b/util/prosodyctl/check.lua @@ -1189,6 +1189,10 @@ local function check(arg) or contains_match(modules, "_web$"); local http_host = api(host):get_option_string("http_host", host); + if api(host):get_option_string("http_external_url") then + -- Assumed behind a reverse proxy + http_loaded = false; + end if http_loaded and not x509_verify_identity(http_host, nil, cert) then print(" Not valid for HTTPS connections to "..host..".") cert_ok = false -- cgit v1.2.3