3 -- Copyright (C) 2008-2010 Matthew Wild
4 -- Copyright (C) 2008-2010 Waqas Hussain
6 -- This project is MIT/X11 licensed. Please see the
7 -- COPYING file in the source package for more information.
10 -- prosodyctl - command-line controller for Prosody XMPP server
12 -- Will be modified by configure script if run --
14 CFG_SOURCEDIR=os.getenv("PROSODY_SRCDIR");
15 CFG_CONFIGDIR=os.getenv("PROSODY_CFGDIR");
16 CFG_PLUGINDIR=os.getenv("PROSODY_PLUGINDIR");
17 CFG_DATADIR=os.getenv("PROSODY_DATADIR");
19 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
21 local function is_relative(path)
22 local path_sep = package.config:sub(1,1);
23 return ((path_sep == "/" and path:sub(1,1) ~= "/")
24 or (path_sep == "\\" and (path:sub(1,1) ~= "/" and path:sub(2,3) ~= ":\\")))
27 -- Tell Lua where to find our libraries
29 local function filter_relative_paths(path)
30 if is_relative(path) then return ""; end
32 local function sanitise_paths(paths)
33 return (paths:gsub("[^;]+;?", filter_relative_paths):gsub(";;+", ";"));
35 package.path = sanitise_paths(CFG_SOURCEDIR.."/?.lua;"..package.path);
36 package.cpath = sanitise_paths(CFG_SOURCEDIR.."/?.so;"..package.cpath);
39 -- Substitute ~ with path to home directory in data path
41 if os.getenv("HOME") then
42 CFG_DATADIR = CFG_DATADIR:gsub("^~", os.getenv("HOME"));
46 -- Global 'prosody' object
49 events = require "util.events".new();
51 lock_globals = function () end;
52 unlock_globals = function () end;
53 installed = CFG_SOURCEDIR ~= nil;
54 core_post_stanza = function () end; -- TODO: mod_router!
58 local dependencies = require "util.dependencies";
59 if not dependencies.check_dependencies() then
63 config = require "core.configmanager"
70 if arg[1] == "--config" and arg[2] then
71 table.insert(filenames, arg[2]);
73 table.insert(filenames, CFG_CONFIGDIR.."/"..arg[2]);
75 table.remove(arg, 1); table.remove(arg, 1);
77 for _, format in ipairs(config.parsers()) do
78 table.insert(filenames, (CFG_CONFIGDIR or ".").."/prosody.cfg."..format);
81 for _,_filename in ipairs(filenames) do
83 local file = io.open(filename);
86 ENV_CONFIG = filename;
87 CFG_CONFIGDIR = filename:match("^(.*)[\\/][^\\/]*$");
91 local ok, level, err = config.load(filename);
94 print("**************************");
95 if level == "parser" then
96 print("A problem occured while reading the config file "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua");
97 local err_line, err_message = tostring(err):match("%[string .-%]:(%d*): (.*)");
98 print("Error"..(err_line and (" on line "..err_line) or "")..": "..(err_message or tostring(err)));
100 elseif level == "file" then
101 print("Prosody was unable to find the configuration file.");
102 print("We looked for: "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua");
103 print("A sample config file is included in the Prosody download called prosody.cfg.lua.dist");
104 print("Copy or rename it to prosody.cfg.lua and edit as necessary.");
106 print("More help on configuring Prosody can be found at http://prosody.im/doc/configure");
108 print("**************************");
113 local original_logging_config = config.get("*", "log");
114 config.set("*", "log", { { levels = { min="info" }, to = "console" } });
116 local data_path = config.get("*", "data_path") or CFG_DATADIR or "data";
117 local custom_plugin_paths = config.get("*", "plugin_paths");
118 if custom_plugin_paths then
119 local path_sep = package.config:sub(3,3);
120 -- path1;path2;path3;defaultpath...
121 CFG_PLUGINDIR = table.concat(custom_plugin_paths, path_sep)..path_sep..(CFG_PLUGINDIR or "plugins");
123 prosody.paths = { source = CFG_SOURCEDIR, config = CFG_CONFIGDIR,
124 plugins = CFG_PLUGINDIR or "plugins", data = data_path };
126 if prosody.installed then
127 -- Change working directory to data path.
128 require "lfs".chdir(data_path);
131 require "core.loggingmanager"
133 dependencies.log_warnings();
135 -- Switch away from root and into the prosody user --
136 local switched_user, current_uid;
138 local want_pposix_version = "0.3.6";
139 local ok, pposix = pcall(require, "util.pposix");
141 if ok and pposix then
142 if pposix._VERSION ~= want_pposix_version then print(string.format("Unknown version (%s) of binary pposix module, expected %s", tostring(pposix._VERSION), want_pposix_version)); return; end
143 current_uid = pposix.getuid();
144 if current_uid == 0 then
146 local desired_user = config.get("*", "prosody_user") or "prosody";
147 local desired_group = config.get("*", "prosody_group") or desired_user;
148 local ok, err = pposix.setgid(desired_group);
150 ok, err = pposix.initgroups(desired_user);
153 ok, err = pposix.setuid(desired_user);
156 switched_user = true;
159 if not switched_user then
161 print("Warning: Couldn't switch to Prosody user/group '"..tostring(desired_user).."'/'"..tostring(desired_group).."': "..tostring(err));
165 -- Set our umask to protect data files
166 pposix.umask(config.get("*", "umask") or "027");
167 pposix.setenv("HOME", data_path);
168 pposix.setenv("PROSODY_CONFIG", ENV_CONFIG);
170 print("Error: Unable to load pposix module. Check that Prosody is installed correctly.")
171 print("For more help send the below error to us through http://prosody.im/discuss");
172 print(tostring(pposix))
176 local function test_writeable(filename)
177 local f, err = io.open(filename, "a");
185 local unwriteable_files = {};
186 if type(original_logging_config) == "string" and original_logging_config:sub(1,1) ~= "*" then
187 local ok, err = test_writeable(original_logging_config);
189 table.insert(unwriteable_files, err);
191 elseif type(original_logging_config) == "table" then
192 for _, rule in ipairs(original_logging_config) do
193 if rule.filename then
194 local ok, err = test_writeable(rule.filename);
196 table.insert(unwriteable_files, err);
202 if #unwriteable_files > 0 then
203 print("One of more of the Prosody log files are not");
204 print("writeable, please correct the errors and try");
205 print("starting prosodyctl again.");
207 for _, err in ipairs(unwriteable_files) do
215 local error_messages = setmetatable({
216 ["invalid-username"] = "The given username is invalid in a Jabber ID";
217 ["invalid-hostname"] = "The given hostname is invalid";
218 ["no-password"] = "No password was supplied";
219 ["no-such-user"] = "The given user does not exist on the server";
220 ["no-such-host"] = "The given hostname does not exist in the config";
221 ["unable-to-save-data"] = "Unable to store, perhaps you don't have permission?";
222 ["no-pidfile"] = "There is no 'pidfile' option in the configuration file, see http://prosody.im/doc/prosodyctl#pidfile for help";
223 ["invalid-pidfile"] = "The 'pidfile' option in the configuration file is not a string, see http://prosody.im/doc/prosodyctl#pidfile for help";
224 ["no-posix"] = "The mod_posix module is not enabled in the Prosody config file, see http://prosody.im/doc/prosodyctl for more info";
225 ["no-such-method"] = "This module has no commands";
226 ["not-running"] = "Prosody is not running";
227 }, { __index = function (t,k) return "Error: "..(tostring(k):gsub("%-", " "):gsub("^.", string.upper)); end });
229 hosts = prosody.hosts;
231 local function make_host(hostname)
234 events = prosody.events,
236 users = require "core.usermanager".new_null_provider(hostname)
240 for hostname, config in pairs(config.getconfig()) do
241 hosts[hostname] = make_host(hostname);
244 local modulemanager = require "core.modulemanager"
246 local prosodyctl = require "util.prosodyctl"
247 local socket = require "socket"
248 -----------------------
250 -- FIXME: Duplicate code waiting for util.startup
251 function read_version()
252 -- Try to determine version
253 local version_file = io.open((CFG_SOURCEDIR or ".").."/prosody.version");
254 prosody.version = "unknown";
256 prosody.version = version_file:read("*a"):gsub("%s*$", "");
257 version_file:close();
258 if #prosody.version == 12 and prosody.version:match("^[a-f0-9]+$") then
259 prosody.version = "hg:"..prosody.version;
262 local hg = require"util.mercurial";
263 local hgid = hg.check_id(CFG_SOURCEDIR or ".");
264 if hgid then prosody.version = "hg:" .. hgid; end
268 local show_message, show_warning = prosodyctl.show_message, prosodyctl.show_warning;
269 local show_usage = prosodyctl.show_usage;
270 local getchar, getpass = prosodyctl.getchar, prosodyctl.getpass;
271 local show_yesno = prosodyctl.show_yesno;
272 local show_prompt = prosodyctl.show_prompt;
273 local read_password = prosodyctl.read_password;
275 local jid_split = require "util.jid".prepped_split;
277 local prosodyctl_timeout = (config.get("*", "prosodyctl_timeout") or 5) * 2;
278 -----------------------
280 local command = arg[1];
282 function commands.adduser(arg)
283 if not arg[1] or arg[1] == "--help" then
284 show_usage([[adduser JID]], [[Create the specified user account in Prosody]]);
287 local user, host = jid_split(arg[1]);
288 if not user and host then
289 show_message [[Failed to understand JID, please supply the JID you want to create]]
290 show_usage [[adduser user@host]]
295 show_message [[Please specify a JID, including a host. e.g. alice@example.com]];
299 if not hosts[host] then
300 show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host)
301 show_warning("The user will not be able to log in until this is changed.");
302 hosts[host] = make_host(host);
305 if prosodyctl.user_exists{ user = user, host = host } then
306 show_message [[That user already exists]];
310 local password = read_password();
311 if not password then return 1; end
313 local ok, msg = prosodyctl.adduser { user = user, host = host, password = password };
315 if ok then return 0; end
321 function commands.passwd(arg)
322 if not arg[1] or arg[1] == "--help" then
323 show_usage([[passwd JID]], [[Set the password for the specified user account in Prosody]]);
326 local user, host = jid_split(arg[1]);
327 if not user and host then
328 show_message [[Failed to understand JID, please supply the JID you want to set the password for]]
329 show_usage [[passwd user@host]]
334 show_message [[Please specify a JID, including a host. e.g. alice@example.com]];
338 if not hosts[host] then
339 show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host)
340 show_warning("The user will not be able to log in until this is changed.");
341 hosts[host] = make_host(host);
344 if not prosodyctl.user_exists { user = user, host = host } then
345 show_message [[That user does not exist, use prosodyctl adduser to create a new user]]
349 local password = read_password();
350 if not password then return 1; end
352 local ok, msg = prosodyctl.passwd { user = user, host = host, password = password };
354 if ok then return 0; end
356 show_message(error_messages[msg])
360 function commands.deluser(arg)
361 if not arg[1] or arg[1] == "--help" then
362 show_usage([[deluser JID]], [[Permanently remove the specified user account from Prosody]]);
365 local user, host = jid_split(arg[1]);
366 if not user and host then
367 show_message [[Failed to understand JID, please supply the JID you want to set the password for]]
368 show_usage [[passwd user@host]]
373 show_message [[Please specify a JID, including a host. e.g. alice@example.com]];
377 if not hosts[host] then
378 show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host)
379 hosts[host] = make_host(host);
382 if not prosodyctl.user_exists { user = user, host = host } then
383 show_message [[That user does not exist on this server]]
387 local ok, msg = prosodyctl.deluser { user = user, host = host };
389 if ok then return 0; end
391 show_message(error_messages[msg])
395 function commands.start(arg)
396 if arg[1] == "--help" then
397 show_usage([[start]], [[Start Prosody]]);
400 local ok, ret = prosodyctl.isrunning();
402 show_message(error_messages[ret]);
407 local ok, ret = prosodyctl.getpid();
409 show_message("Couldn't get running Prosody's PID");
410 show_message(error_messages[ret]);
413 show_message("Prosody is already running with PID %s", ret or "(unknown)");
417 local ok, ret = prosodyctl.start();
419 local daemonize = config.get("*", "daemonize");
420 if daemonize == nil then
421 daemonize = prosody.installed;
426 local ok, running = prosodyctl.isrunning();
427 if ok and running then
430 show_message("Still waiting...");
431 elseif i >= prosodyctl_timeout then
432 show_message("Prosody is still not running. Please give it some time or check your log files for errors.");
438 show_message("Started");
443 show_message("Failed to start Prosody");
444 show_message(error_messages[ret])
448 function commands.status(arg)
449 if arg[1] == "--help" then
450 show_usage([[status]], [[Reports the running status of Prosody]]);
454 local ok, ret = prosodyctl.isrunning();
456 show_message(error_messages[ret]);
461 local ok, ret = prosodyctl.getpid();
463 show_message("Couldn't get running Prosody's PID");
464 show_message(error_messages[ret]);
467 show_message("Prosody is running with PID %s", ret or "(unknown)");
470 show_message("Prosody is not running");
471 if not switched_user and current_uid ~= 0 then
473 print(" You will also see this if prosodyctl is not running under");
474 print(" the same user account as Prosody. Try running as root (e.g. ");
475 print(" with 'sudo' in front) to gain access to Prosody's real status.");
482 function commands.stop(arg)
483 if arg[1] == "--help" then
484 show_usage([[stop]], [[Stop a running Prosody server]]);
488 if not prosodyctl.isrunning() then
489 show_message("Prosody is not running");
493 local ok, ret = prosodyctl.stop();
497 local ok, running = prosodyctl.isrunning();
498 if ok and not running then
501 show_message("Still waiting...");
502 elseif i >= prosodyctl_timeout then
503 show_message("Prosody is still running. Please give it some time or check your log files for errors.");
509 show_message("Stopped");
513 show_message(error_messages[ret]);
517 function commands.restart(arg)
518 if arg[1] == "--help" then
519 show_usage([[restart]], [[Restart a running Prosody server]]);
524 return commands.start(arg);
527 function commands.about(arg)
529 if arg[1] == "--help" then
530 show_usage([[about]], [[Show information about this Prosody installation]]);
535 local lfs = require "lfs";
536 local array = require "util.array";
537 local keys = require "util.iterators".keys;
538 local hg = require"util.mercurial";
539 local relpath = config.resolve_relative_path;
541 print("Prosody "..(prosody.version or "(unknown version)"));
543 print("# Prosody directories");
544 print("Data directory: "..relpath(pwd, data_path));
545 print("Config directory: "..relpath(pwd, CFG_CONFIGDIR or "."));
546 print("Source directory: "..relpath(pwd, CFG_SOURCEDIR or "."));
547 print("Plugin directories:")
548 print(" "..(prosody.paths.plugins:gsub("([^;]+);?", function(path)
550 path = config.resolve_relative_path(pwd, path);
551 local hgid, hgrepo = hg.check_id(path);
552 if not hgid and hgrepo then
553 return path.." - "..hgrepo .."!\n ";
555 -- 010452cfaf53 is the first commit in the prosody-modules repository
556 hgrepo = hgrepo == "010452cfaf53" and "prosody-modules";
557 return path..(hgid and " - "..(hgrepo or "HG").." rev: "..hgid or "")
561 print("# Lua environment");
562 print("Lua version: ", _G._VERSION);
564 print("Lua module search paths:");
565 for path in package.path:gmatch("[^;]+") do
569 print("Lua C module search paths:");
570 for path in package.cpath:gmatch("[^;]+") do
574 local luarocks_status = (pcall(require, "luarocks.loader") and "Installed ("..(package.loaded["luarocks.cfg"].program_version or "2.x+")..")")
575 or (pcall(require, "luarocks.require") and "Installed (1.x)")
577 print("LuaRocks: ", luarocks_status);
579 print("# Lua module versions");
580 local module_versions, longest_name = {}, 8;
581 local luaevent =dependencies.softreq"luaevent";
582 local ssl = dependencies.softreq"ssl";
583 for name, module in pairs(package.loaded) do
584 if type(module) == "table" and rawget(module, "_VERSION")
585 and name ~= "_G" and not name:match("%.") then
586 if #name > longest_name then
587 longest_name = #name;
589 module_versions[name] = module._VERSION;
592 local sorted_keys = array.collect(keys(module_versions)):sort();
593 for _, name in ipairs(array.collect(keys(module_versions)):sort()) do
594 print(name..":"..string.rep(" ", longest_name-#name), module_versions[name]);
599 function commands.reload(arg)
600 if arg[1] == "--help" then
601 show_usage([[reload]], [[Reload Prosody's configuration and re-open log files]]);
605 if not prosodyctl.isrunning() then
606 show_message("Prosody is not running");
610 local ok, ret = prosodyctl.reload();
613 show_message("Prosody log files re-opened and config file reloaded. You may need to reload modules for some changes to take effect.");
617 show_message(error_messages[ret]);
620 -- ejabberdctl compatibility
622 function commands.register(arg)
623 local user, host, password = unpack(arg);
624 if (not (user and host)) or arg[1] == "--help" then
625 if user ~= "--help" then
627 show_message [[No username specified]]
629 show_message [[Please specify which host you want to register the user on]];
632 show_usage("register USER HOST [PASSWORD]", "Register a user on the server, with the given password");
636 password = read_password();
638 show_message [[Unable to register user with no password]];
643 local ok, msg = prosodyctl.adduser { user = user, host = host, password = password };
645 if ok then return 0; end
647 show_message(error_messages[msg])
651 function commands.unregister(arg)
652 local user, host = unpack(arg);
653 if (not (user and host)) or arg[1] == "--help" then
654 if user ~= "--help" then
656 show_message [[No username specified]]
658 show_message [[Please specify which host you want to unregister the user from]];
661 show_usage("unregister USER HOST [PASSWORD]", "Permanently remove a user account from the server");
665 local ok, msg = prosodyctl.deluser { user = user, host = host };
667 if ok then return 0; end
669 show_message(error_messages[msg])
676 local cert_commands = {};
678 -- If a file already exists, ask if the user wants to use it or replace it
679 -- Backups the old file if replaced
680 local function use_existing(filename)
681 local attrs = lfs.attributes(filename);
683 if show_yesno(filename .. " exists, do you want to replace it? [y/n]") then
684 local backup = filename..".bkp~"..os.date("%FT%T", attrs.change);
685 os.rename(filename, backup);
686 show_message(filename.." backed up to "..backup);
688 -- Use the existing file
694 function cert_commands.config(arg)
695 if #arg >= 1 and arg[1] ~= "--help" then
696 local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf";
697 if use_existing(conf_filename) then
698 return nil, conf_filename;
700 local conf = openssl.config.new();
701 conf:from_prosody(hosts, config, arg);
702 show_message("Please provide details to include in the certificate config file.");
703 show_message("Leave the field empty to use the default value or '.' to exclude the field.")
704 for i, k in ipairs(openssl._DN_order) do
705 local v = conf.distinguished_name[k];
708 if k == "commonName" then
710 elseif k == "emailAddress" then
711 v = "xmpp@" .. arg[1];
712 elseif k == "countryName" then
713 local tld = arg[1]:match"%.([a-z]+)$";
714 if tld and #tld == 2 and tld ~= "uk" then
718 nv = show_prompt(("%s (%s):"):format(k, nv or v));
719 nv = (not nv or nv == "") and v or nv;
720 if nv:find"[\192-\252][\128-\191]+" then
721 conf.req.string_mask = "utf8only"
723 conf.distinguished_name[k] = nv ~= "." and nv or nil;
726 local conf_file, err = io.open(conf_filename, "w");
727 if not conf_file then
728 show_warning("Could not open OpenSSL config file for writing");
732 conf_file:write(conf:serialize());
735 show_message("Config written to " .. conf_filename);
736 return nil, conf_filename;
738 show_usage("cert config HOSTNAME [HOSTNAME+]", "Builds a certificate config file covering the supplied hostname(s)")
742 function cert_commands.key(arg)
743 if #arg >= 1 and arg[1] ~= "--help" then
744 local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key";
745 if use_existing(key_filename) then
746 return nil, key_filename;
748 os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions
749 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048);
750 local old_umask = pposix.umask("0377");
751 if openssl.genrsa{out=key_filename, key_size} then
752 os.execute(("chmod 400 '%s'"):format(key_filename));
753 show_message("Key written to ".. key_filename);
754 pposix.umask(old_umask);
755 return nil, key_filename;
757 show_message("There was a problem, see OpenSSL output");
759 show_usage("cert key HOSTNAME <bits>", "Generates a RSA key named HOSTNAME.key\n "
760 .."Prompts for a key size if none given")
764 function cert_commands.request(arg)
765 if #arg >= 1 and arg[1] ~= "--help" then
766 local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req";
767 if use_existing(req_filename) then
768 return nil, req_filename;
770 local _, key_filename = cert_commands.key({arg[1]});
771 local _, conf_filename = cert_commands.config(arg);
772 if openssl.req{new=true, key=key_filename, utf8=true, sha256=true, config=conf_filename, out=req_filename} then
773 show_message("Certificate request written to ".. req_filename);
775 show_message("There was a problem, see OpenSSL output");
778 show_usage("cert request HOSTNAME [HOSTNAME+]", "Generates a certificate request for the supplied hostname(s)")
782 function cert_commands.generate(arg)
783 if #arg >= 1 and arg[1] ~= "--help" then
784 local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt";
785 if use_existing(cert_filename) then
786 return nil, cert_filename;
788 local _, key_filename = cert_commands.key({arg[1]});
789 local _, conf_filename = cert_commands.config(arg);
791 if key_filename and conf_filename and cert_filename
792 and openssl.req{new=true, x509=true, nodes=true, key=key_filename,
793 days=365, sha256=true, utf8=true, config=conf_filename, out=cert_filename} then
794 show_message("Certificate written to ".. cert_filename);
796 show_message(("Example config:\n\nssl = {\n\tcertificate = %q;\n\tkey = %q;\n}"):format(cert_filename, key_filename));
798 show_message("There was a problem, see OpenSSL output");
801 show_usage("cert generate HOSTNAME [HOSTNAME+]", "Generates a self-signed certificate for the current hostname(s)")
805 function commands.cert(arg)
806 if #arg >= 1 and arg[1] ~= "--help" then
807 openssl = require "util.openssl";
809 local subcmd = table.remove(arg, 1);
810 if type(cert_commands[subcmd]) == "function" then
812 show_message"You need to supply at least one hostname"
815 if arg[1] ~= "--help" and not hosts[arg[1]] then
816 show_message(error_messages["no-such-host"]);
819 return cert_commands[subcmd](arg);
822 show_usage("cert config|request|generate|key", "Helpers for generating X.509 certificates and keys.")
825 function commands.check(arg)
826 if arg[1] == "--help" then
827 show_usage([[check]], [[Perform basic checks on your Prosody installation]]);
830 local what = table.remove(arg, 1);
831 local array, set = require "util.array", require "util.set";
832 local it = require "util.iterators";
834 local function disabled_hosts(host, conf) return host ~= "*" and conf.enabled ~= false; end
835 local function enabled_hosts() return it.filter(disabled_hosts, pairs(config.getconfig())); end
836 if not what or what == "disabled" then
837 local disabled_hosts = set.new();
838 for host, host_options in it.filter("*", pairs(config.getconfig())) do
839 if host_options.enabled == false then
840 disabled_hosts:add(host);
843 if not disabled_hosts:empty() then
844 local msg = "Checks will be skipped for these disabled hosts: %s";
845 if what then msg = "These hosts are disabled: %s"; end
846 show_warning(msg, tostring(disabled_hosts));
847 if what then return 0; end
851 if not what or what == "config" then
852 print("Checking config...");
853 local deprecated = set.new({
854 "bosh_ports", "disallow_s2s", "no_daemonize", "anonymous_login", "require_encryption",
856 local known_global_options = set.new({
857 "pidfile", "log", "plugin_paths", "prosody_user", "prosody_group", "daemonize",
858 "umask", "prosodyctl_timeout", "use_ipv6", "use_libevent", "network_settings",
859 "network_backend", "http_default_host",
861 local config = config.getconfig();
862 -- Check that we have any global options (caused by putting a host at the top)
863 if it.count(it.filter("log", pairs(config["*"]))) == 0 then
866 print(" No global options defined. Perhaps you have put a host definition at the top")
867 print(" of the config file? They should be at the bottom, see http://prosody.im/doc/configure#overview");
869 if it.count(enabled_hosts()) == 0 then
872 if it.count(it.filter("*", pairs(config))) == 0 then
873 print(" No hosts are defined, please add at least one VirtualHost section")
874 elseif config["*"]["enabled"] == false then
875 print(" No hosts are enabled. Remove enabled = false from the global section or put enabled = true under at least one VirtualHost section")
877 print(" All hosts are disabled. Remove enabled = false from at least one VirtualHost section")
880 if not config["*"].modules_enabled then
881 print(" No global modules_enabled is set?");
882 local suggested_global_modules;
883 for host, options in enabled_hosts() do
884 if not options.component_module and options.modules_enabled then
885 suggested_global_modules = set.intersection(suggested_global_modules or set.new(options.modules_enabled), set.new(options.modules_enabled));
888 if not suggested_global_modules:empty() then
889 print(" Consider moving these modules into modules_enabled in the global section:")
890 print(" "..tostring(suggested_global_modules / function (x) return ("%q"):format(x) end));
894 -- Check for global options under hosts
895 local global_options = set.new(it.to_array(it.keys(config["*"])));
896 local deprecated_global_options = set.intersection(global_options, deprecated);
897 if not deprecated_global_options:empty() then
899 print(" You have some deprecated options in the global section:");
900 print(" "..tostring(deprecated_global_options))
903 for host, options in enabled_hosts() do
904 local host_options = set.new(it.to_array(it.keys(options)));
905 local misplaced_options = set.intersection(host_options, known_global_options);
906 for name in pairs(options) do
907 if name:match("^interfaces?")
908 or name:match("_ports?$") or name:match("_interfaces?$")
909 or (name:match("_ssl$") and not name:match("^[cs]2s_ssl$")) then
910 misplaced_options:add(name);
913 if not misplaced_options:empty() then
916 local n = it.count(misplaced_options);
917 print(" You have "..n.." option"..(n>1 and "s " or " ").."set under "..host.." that should be");
918 print(" in the global section of the config file, above any VirtualHost or Component definitions,")
919 print(" see http://prosody.im/doc/configure#overview for more information.")
921 print(" You need to move the following option"..(n>1 and "s" or "")..": "..table.concat(it.to_array(misplaced_options), ", "));
923 local subdomain = host:match("^[^.]+");
924 if not(host_options:contains("component_module")) and (subdomain == "jabber" or subdomain == "xmpp"
925 or subdomain == "chat" or subdomain == "im") then
927 print(" Suggestion: If "..host.. " is a new host with no real users yet, consider renaming it now to");
928 print(" "..host:gsub("^[^.]+%.", "")..". You can use SRV records to redirect XMPP clients and servers to "..host..".");
929 print(" For more information see: http://prosody.im/doc/dns");
932 local all_modules = set.new(config["*"].modules_enabled);
933 local all_options = set.new(it.to_array(it.keys(config["*"])));
934 for host in enabled_hosts() do
935 all_options:include(set.new(it.to_array(it.keys(config[host]))));
936 all_modules:include(set.new(config[host].modules_enabled));
938 for mod in all_modules do
939 if mod:match("^mod_") then
941 print(" Modules in modules_enabled should not have the 'mod_' prefix included.");
942 print(" Change '"..mod.."' to '"..mod:match("^mod_(.*)").."'.");
943 elseif mod:match("^auth_") then
945 print(" Authentication modules should not be added to modules_enabled,");
946 print(" but be specified in the 'authentication' option.");
947 print(" Remove '"..mod.."' from modules_enabled and instead add");
948 print(" authentication = '"..mod:match("^auth_(.*)").."'");
949 print(" For more information see https://prosody.im/doc/authentication");
950 elseif mod:match("^storage_") then
952 print(" storage modules should not be added to modules_enabled,");
953 print(" but be specified in the 'storage' option.");
954 print(" Remove '"..mod.."' from modules_enabled and instead add");
955 print(" storage = '"..mod:match("^storage_(.*)").."'");
956 print(" For more information see https://prosody.im/doc/storage");
959 local ssl = dependencies.softreq"ssl";
961 if not set.intersection(all_options, set.new({"require_encryption", "c2s_require_encryption", "s2s_require_encryption"})):empty() then
963 print(" You require encryption but LuaSec is not available.");
964 print(" Connections will fail.");
967 elseif not ssl.loadcertificate then
968 if all_options:contains("s2s_secure_auth") then
970 print(" You have set s2s_secure_auth but your version of LuaSec does ");
971 print(" not support certificate validation, so all s2s connections will");
974 elseif all_options:contains("s2s_secure_domains") then
975 local secure_domains = set.new();
976 for host in enabled_hosts() do
977 if config[host].s2s_secure_auth == true then
978 secure_domains:add("*");
980 secure_domains:include(set.new(config[host].s2s_secure_domains));
983 if not secure_domains:empty() then
985 print(" You have set s2s_secure_domains but your version of LuaSec does ");
986 print(" not support certificate validation, so s2s connections to/from ");
987 print(" these domains will fail.");
995 if not what or what == "dns" then
996 local dns = require "net.dns";
997 local idna = require "util.encodings".idna;
998 local ip = require "util.ip";
999 local c2s_ports = set.new(config.get("*", "c2s_ports") or {5222});
1000 local s2s_ports = set.new(config.get("*", "s2s_ports") or {5269});
1002 local c2s_srv_required, s2s_srv_required;
1003 if not c2s_ports:contains(5222) then
1004 c2s_srv_required = true;
1006 if not s2s_ports:contains(5269) then
1007 s2s_srv_required = true;
1010 local problem_hosts = set.new();
1012 local external_addresses, internal_addresses = set.new(), set.new();
1014 local fqdn = socket.dns.tohostname(socket.dns.gethostname());
1016 local res = dns.lookup(idna.to_ascii(fqdn), "A");
1018 for _, record in ipairs(res) do
1019 external_addresses:add(record.a);
1022 local res = dns.lookup(idna.to_ascii(fqdn), "AAAA");
1024 for _, record in ipairs(res) do
1025 external_addresses:add(record.aaaa);
1030 local local_addresses = require"util.net".local_addresses() or {};
1032 for addr in it.values(local_addresses) do
1033 if not ip.new_ip(addr).private then
1034 external_addresses:add(addr);
1036 internal_addresses:add(addr);
1040 if external_addresses:empty() then
1042 print(" Failed to determine the external addresses of this server. Checks may be inaccurate.");
1043 c2s_srv_required, s2s_srv_required = true, true;
1046 local v6_supported = not not socket.tcp6;
1048 for host, host_options in enabled_hosts() do
1049 local all_targets_ok, some_targets_ok = true, false;
1051 local is_component = not not host_options.component_module;
1052 print("Checking DNS for "..(is_component and "component" or "host").." "..host.."...");
1053 local target_hosts = set.new();
1054 if not is_component then
1055 local res = dns.lookup("_xmpp-client._tcp."..idna.to_ascii(host)..".", "SRV");
1057 for _, record in ipairs(res) do
1058 target_hosts:add(record.srv.target);
1059 if not c2s_ports:contains(record.srv.port) then
1060 print(" SRV target "..record.srv.target.." contains unknown client port: "..record.srv.port);
1064 if c2s_srv_required then
1065 print(" No _xmpp-client SRV record found for "..host..", but it looks like you need one.");
1066 all_targst_ok = false;
1068 target_hosts:add(host);
1072 local res = dns.lookup("_xmpp-server._tcp."..idna.to_ascii(host)..".", "SRV");
1074 for _, record in ipairs(res) do
1075 target_hosts:add(record.srv.target);
1076 if not s2s_ports:contains(record.srv.port) then
1077 print(" SRV target "..record.srv.target.." contains unknown server port: "..record.srv.port);
1081 if s2s_srv_required then
1082 print(" No _xmpp-server SRV record found for "..host..", but it looks like you need one.");
1083 all_targets_ok = false;
1085 target_hosts:add(host);
1088 if target_hosts:empty() then
1089 target_hosts:add(host);
1092 if target_hosts:contains("localhost") then
1093 print(" Target 'localhost' cannot be accessed from other servers");
1094 target_hosts:remove("localhost");
1097 local modules = set.new(it.to_array(it.values(host_options.modules_enabled or {})))
1098 + set.new(it.to_array(it.values(config.get("*", "modules_enabled") or {})))
1099 + set.new({ config.get(host, "component_module") });
1101 if modules:contains("proxy65") then
1102 local proxy65_target = config.get(host, "proxy65_address") or host;
1103 local A, AAAA = dns.lookup(idna.to_ascii(proxy65_target), "A"), dns.lookup(idna.to_ascii(proxy65_target), "AAAA");
1106 table.insert(prob, "A");
1108 if v6_supported and not AAAA then
1109 table.insert(prob, "AAAA");
1112 print(" File transfer proxy "..proxy65_target.." has no "..table.concat(prob, "/").." record. Create one or set 'proxy65_address' to the correct host/IP.");
1116 for host in target_hosts do
1117 local host_ok_v4, host_ok_v6;
1118 local res = dns.lookup(idna.to_ascii(host), "A");
1120 for _, record in ipairs(res) do
1121 if external_addresses:contains(record.a) then
1122 some_targets_ok = true;
1124 elseif internal_addresses:contains(record.a) then
1126 some_targets_ok = true;
1127 print(" "..host.." A record points to internal address, external connections might fail");
1129 print(" "..host.." A record points to unknown address "..record.a);
1130 all_targets_ok = false;
1134 local res = dns.lookup(idna.to_ascii(host), "AAAA");
1136 for _, record in ipairs(res) do
1137 if external_addresses:contains(record.aaaa) then
1138 some_targets_ok = true;
1140 elseif internal_addresses:contains(record.aaaa) then
1142 some_targets_ok = true;
1143 print(" "..host.." AAAA record points to internal address, external connections might fail");
1145 print(" "..host.." AAAA record points to unknown address "..record.aaaa);
1146 all_targets_ok = false;
1151 local bad_protos = {}
1152 if not host_ok_v4 then
1153 table.insert(bad_protos, "IPv4");
1155 if not host_ok_v6 then
1156 table.insert(bad_protos, "IPv6");
1158 if #bad_protos > 0 then
1159 print(" Host "..host.." does not seem to resolve to this server ("..table.concat(bad_protos, "/")..")");
1161 if host_ok_v6 and not v6_supported then
1162 print(" Host "..host.." has AAAA records, but your version of LuaSocket does not support IPv6.");
1163 print(" Please see http://prosody.im/doc/ipv6 for more information.");
1166 if not all_targets_ok then
1167 print(" "..(some_targets_ok and "Only some" or "No").." targets for "..host.." appear to resolve to this server.");
1168 if is_component then
1169 print(" DNS records are necessary if you want users on other servers to access this component.");
1171 problem_hosts:add(host);
1175 if not problem_hosts:empty() then
1177 print("For more information about DNS configuration please see http://prosody.im/doc/dns");
1182 if not what or what == "certs" then
1184 print"Checking certificates..."
1185 local x509_verify_identity = require"util.x509".verify_identity;
1186 local ssl = dependencies.softreq"ssl";
1187 -- local datetime_parse = require"util.datetime".parse_x509;
1188 local load_cert = ssl and ssl.loadcertificate;
1189 -- or ssl.cert_from_pem
1191 print("LuaSec not available, can't perform certificate checks")
1192 if what == "certs" then cert_ok = false end
1193 elseif not load_cert then
1194 print("This version of LuaSec (" .. ssl._VERSION .. ") does not support certificate checking");
1197 for host in enabled_hosts() do
1198 print("Checking certificate for "..host);
1199 -- First, let's find out what certificate this host uses.
1200 local ssl_config = config.rawget(host, "ssl");
1201 if not ssl_config then
1202 local base_host = host:match("%.(.*)");
1203 ssl_config = config.get(base_host, "ssl");
1205 if not ssl_config then
1206 print(" No 'ssl' option defined for "..host)
1208 elseif not ssl_config.certificate then
1209 print(" No 'certificate' set in ssl option for "..host)
1211 elseif not ssl_config.key then
1212 print(" No 'key' set in ssl option for "..host)
1215 local key, err = io.open(ssl_config.key); -- Permissions check only
1217 print(" Could not open "..ssl_config.key..": "..err);
1222 local cert_fh, err = io.open(ssl_config.certificate); -- Load the file.
1224 print(" Could not open "..ssl_config.certificate..": "..err);
1227 print(" Certificate: "..ssl_config.certificate)
1228 local cert = load_cert(cert_fh:read"*a"); cert_fh = cert_fh:close();
1229 if not cert:validat(os.time()) then
1230 print(" Certificate has expired.")
1233 if config.get(host, "component_module") == nil
1234 and not x509_verify_identity(host, "_xmpp-client", cert) then
1235 print(" Not vaild for client connections to "..host..".")
1238 if (not (config.get(host, "anonymous_login")
1239 or config.get(host, "authentication") == "anonymous"))
1240 and not x509_verify_identity(host, "_xmpp-server", cert) then
1241 print(" Not vaild for server-to-server connections to "..host..".")
1247 if cert_ok == false then
1249 print("For more information about certificates please see http://prosody.im/doc/certificates");
1256 print("Problems found, see above.");
1258 print("All checks passed, congratulations!");
1260 return ok and 0 or 2;
1263 ---------------------
1265 if command and command:match("^mod_") then -- Is a command in a module
1266 local module_name = command:match("^mod_(.+)");
1267 local ret, err = modulemanager.load("*", module_name);
1269 show_message("Failed to load module '"..module_name.."': "..err);
1273 table.remove(arg, 1);
1275 local module = modulemanager.get_module("*", module_name);
1277 show_message("Failed to load module '"..module_name.."': Unknown error");
1281 if not modulemanager.module_has_method(module, "command") then
1282 show_message("Fail: mod_"..module_name.." does not support any commands");
1286 local ok, ret = modulemanager.call_module_method(module, "command", arg);
1288 if type(ret) == "number" then
1290 elseif type(ret) == "string" then
1295 show_message("Failed to execute command: "..error_messages[ret]);
1300 if not commands[command] then -- Show help for all commands
1301 function show_usage(usage, desc)
1306 print("prosodyctl - Manage a Prosody server");
1308 print("Usage: "..arg[0].." COMMAND [OPTIONS]");
1310 print("Where COMMAND may be one of:\n");
1312 local hidden_commands = require "util.set".new{ "register", "unregister", "addplugin" };
1313 local commands_order = { "adduser", "passwd", "deluser", "start", "stop", "restart", "reload", "about" };
1317 for _, command_name in ipairs(commands_order) do
1318 local command = commands[command_name];
1320 command{ "--help" };
1322 done[command_name] = true;
1326 for command_name, command in pairs(commands) do
1327 if not done[command_name] and not hidden_commands:contains(command_name) then
1328 command{ "--help" };
1330 done[command_name] = true;
1338 os.exit(commands[command]({ select(2, unpack(arg)) }));