-- Will be modified by configure script if run --
-CFG_SOURCEDIR=os.getenv("PROSODY_SRCDIR");
-CFG_CONFIGDIR=os.getenv("PROSODY_CFGDIR");
-CFG_PLUGINDIR=os.getenv("PROSODY_PLUGINDIR");
-CFG_DATADIR=os.getenv("PROSODY_DATADIR");
+CFG_SOURCEDIR=CFG_SOURCEDIR or os.getenv("PROSODY_SRCDIR");
+CFG_CONFIGDIR=CFG_CONFIGDIR or os.getenv("PROSODY_CFGDIR");
+CFG_PLUGINDIR=CFG_PLUGINDIR or os.getenv("PROSODY_PLUGINDIR");
+CFG_DATADIR=CFG_DATADIR or os.getenv("PROSODY_DATADIR");
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
print("A sample config file is included in the Prosody download called prosody.cfg.lua.dist");
print("Copy or rename it to prosody.cfg.lua and edit as necessary.");
end
- print("More help on configuring Prosody can be found at http://prosody.im/doc/configure");
+ print("More help on configuring Prosody can be found at https://prosody.im/doc/configure");
print("Good luck!");
print("**************************");
print("");
pposix.setenv("PROSODY_CONFIG", ENV_CONFIG);
else
print("Error: Unable to load pposix module. Check that Prosody is installed correctly.")
- print("For more help send the below error to us through http://prosody.im/discuss");
+ print("For more help send the below error to us through https://prosody.im/discuss");
print(tostring(pposix))
os.exit(1);
end
["no-such-user"] = "The given user does not exist on the server";
["no-such-host"] = "The given hostname does not exist in the config";
["unable-to-save-data"] = "Unable to store, perhaps you don't have permission?";
- ["no-pidfile"] = "There is no 'pidfile' option in the configuration file, see http://prosody.im/doc/prosodyctl#pidfile for help";
- ["invalid-pidfile"] = "The 'pidfile' option in the configuration file is not a string, see http://prosody.im/doc/prosodyctl#pidfile for help";
- ["no-posix"] = "The mod_posix module is not enabled in the Prosody config file, see http://prosody.im/doc/prosodyctl for more info";
+ ["no-pidfile"] = "There is no 'pidfile' option in the configuration file, see https://prosody.im/doc/prosodyctl#pidfile for help";
+ ["invalid-pidfile"] = "The 'pidfile' option in the configuration file is not a string, see https://prosody.im/doc/prosodyctl#pidfile for help";
+ ["no-posix"] = "The mod_posix module is not enabled in the Prosody config file, see https://prosody.im/doc/prosodyctl for more info";
["no-such-method"] = "This module has no commands";
["not-running"] = "Prosody is not running";
}, { __index = function (t,k) return "Error: "..(tostring(k):gsub("%-", " "):gsub("^.", string.upper)); end });
module_versions[name] = module._VERSION;
end
end
+ if luaevent then
+ module_versions["libevent"] = luaevent.core.libevent_version();
+ end
local sorted_keys = array.collect(keys(module_versions)):sort();
- for _, name in ipairs(array.collect(keys(module_versions)):sort()) do
+ for _, name in ipairs(sorted_keys) do
print(name..":"..string.rep(" ", longest_name-#name), module_versions[name]);
end
print("");
if use_existing(conf_filename) then
return nil, conf_filename;
end
+ local distinguished_name;
+ if arg[#arg]:find("^/") then
+ distinguished_name = table.remove(arg);
+ end
local conf = openssl.config.new();
conf:from_prosody(hosts, config, arg);
- show_message("Please provide details to include in the certificate config file.");
- show_message("Leave the field empty to use the default value or '.' to exclude the field.")
- for i, k in ipairs(openssl._DN_order) do
- local v = conf.distinguished_name[k];
- if v then
- local nv;
- if k == "commonName" then
- v = arg[1]
- elseif k == "emailAddress" then
- v = "xmpp@" .. arg[1];
- elseif k == "countryName" then
- local tld = arg[1]:match"%.([a-z]+)$";
- if tld and #tld == 2 and tld ~= "uk" then
- v = tld:upper();
+ if distinguished_name then
+ local dn = {};
+ for k, v in distinguished_name:gmatch("/([^=/]+)=([^/]+)") do
+ table.insert(dn, k);
+ dn[k] = v;
+ end
+ conf.distinguished_name = dn;
+ else
+ show_message("Please provide details to include in the certificate config file.");
+ show_message("Leave the field empty to use the default value or '.' to exclude the field.")
+ for i, k in ipairs(openssl._DN_order) do
+ local v = conf.distinguished_name[k];
+ if v then
+ local nv;
+ if k == "commonName" then
+ v = arg[1]
+ elseif k == "emailAddress" then
+ v = "xmpp@" .. arg[1];
+ elseif k == "countryName" then
+ local tld = arg[1]:match"%.([a-z]+)$";
+ if tld and #tld == 2 and tld ~= "uk" then
+ v = tld:upper();
+ end
end
+ nv = show_prompt(("%s (%s):"):format(k, nv or v));
+ nv = (not nv or nv == "") and v or nv;
+ if nv:find"[\192-\252][\128-\191]+" then
+ conf.req.string_mask = "utf8only"
+ end
+ conf.distinguished_name[k] = nv ~= "." and nv or nil;
end
- nv = show_prompt(("%s (%s):"):format(k, nv or v));
- nv = (not nv or nv == "") and v or nv;
- if nv:find"[\192-\252][\128-\191]+" then
- conf.req.string_mask = "utf8only"
- end
- conf.distinguished_name[k] = nv ~= "." and nv or nil;
end
end
local conf_file, err = io.open(conf_filename, "w");
print("Checking config...");
local deprecated = set.new({
"bosh_ports", "disallow_s2s", "no_daemonize", "anonymous_login", "require_encryption",
+ "vcard_compatibility",
});
local known_global_options = set.new({
"pidfile", "log", "plugin_paths", "prosody_user", "prosody_group", "daemonize",
ok = false;
print("");
print(" No global options defined. Perhaps you have put a host definition at the top")
- print(" of the config file? They should be at the bottom, see http://prosody.im/doc/configure#overview");
+ print(" of the config file? They should be at the bottom, see https://prosody.im/doc/configure#overview");
end
if it.count(enabled_hosts()) == 0 then
ok = false;
local n = it.count(misplaced_options);
print(" You have "..n.." option"..(n>1 and "s " or " ").."set under "..host.." that should be");
print(" in the global section of the config file, above any VirtualHost or Component definitions,")
- print(" see http://prosody.im/doc/configure#overview for more information.")
+ print(" see https://prosody.im/doc/configure#overview for more information.")
print("");
print(" You need to move the following option"..(n>1 and "s" or "")..": "..table.concat(it.to_array(misplaced_options), ", "));
end
print("");
print(" Suggestion: If "..host.. " is a new host with no real users yet, consider renaming it now to");
print(" "..host:gsub("^[^.]+%.", "")..". You can use SRV records to redirect XMPP clients and servers to "..host..".");
- print(" For more information see: http://prosody.im/doc/dns");
+ print(" For more information see: https://prosody.im/doc/dns");
end
end
local all_modules = set.new(config["*"].modules_enabled);
print(" For more information see https://prosody.im/doc/storage");
end
end
+ local require_encryption = set.intersection(all_options, set.new({"require_encryption", "c2s_require_encryption", "s2s_require_encryption"})):empty();
local ssl = dependencies.softreq"ssl";
if not ssl then
- if not set.intersection(all_options, set.new({"require_encryption", "c2s_require_encryption", "s2s_require_encryption"})):empty() then
+ if not require_encryption then
print("");
print(" You require encryption but LuaSec is not available.");
print(" Connections will fail.");
ok = false;
end
end
+ elseif require_encryption and not all_modules:contains("tls") then
+ print("");
+ print(" You require encryption but mod_tls is not enabled.");
+ print(" Connections will fail.");
+ ok = false;
end
print("Done.\n");
local v6_supported = not not socket.tcp6;
- for host, host_options in enabled_hosts() do
+ for jid, host_options in enabled_hosts() do
local all_targets_ok, some_targets_ok = true, false;
+ local node, host = jid_split(jid);
local is_component = not not host_options.component_module;
- print("Checking DNS for "..(is_component and "component" or "host").." "..host.."...");
+ print("Checking DNS for "..(is_component and "component" or "host").." "..jid.."...");
+ if node then
+ print("Only the domain part ("..host..") is used in DNS.")
+ end
local target_hosts = set.new();
if not is_component then
local res = dns.lookup("_xmpp-client._tcp."..idna.to_ascii(host)..".", "SRV");
else
if c2s_srv_required then
print(" No _xmpp-client SRV record found for "..host..", but it looks like you need one.");
- all_targst_ok = false;
+ all_targets_ok = false;
else
target_hosts:add(host);
end
end
if host_ok_v6 and not v6_supported then
print(" Host "..host.." has AAAA records, but your version of LuaSocket does not support IPv6.");
- print(" Please see http://prosody.im/doc/ipv6 for more information.");
+ print(" Please see https://prosody.im/doc/ipv6 for more information.");
end
end
if not all_targets_ok then
end
if not problem_hosts:empty() then
print("");
- print("For more information about DNS configuration please see http://prosody.im/doc/dns");
+ print("For more information about DNS configuration please see https://prosody.im/doc/dns");
print("");
ok = false;
end
local cert_ok;
print"Checking certificates..."
local x509_verify_identity = require"util.x509".verify_identity;
+ local create_context = require "core.certmanager".create_context;
local ssl = dependencies.softreq"ssl";
-- local datetime_parse = require"util.datetime".parse_x509;
local load_cert = ssl and ssl.loadcertificate;
for host in enabled_hosts() do
print("Checking certificate for "..host);
-- First, let's find out what certificate this host uses.
- local ssl_config = config.rawget(host, "ssl");
- if not ssl_config then
- local base_host = host:match("%.(.*)");
- ssl_config = config.get(base_host, "ssl");
- end
- if not ssl_config then
- print(" No 'ssl' option defined for "..host)
+ local host_ssl_config = config.rawget(host, "ssl")
+ or config.rawget(host:match("%.(.*)"), "ssl");
+ local global_ssl_config = config.rawget("*", "ssl");
+ local ok, err, ssl_config = create_context(host, "server", host_ssl_config, global_ssl_config);
+ if not ok then
+ print(" Error: "..err);
cert_ok = false
elseif not ssl_config.certificate then
- print(" No 'certificate' set in ssl option for "..host)
+ print(" No 'certificate' found for "..host)
cert_ok = false
elseif not ssl_config.key then
- print(" No 'key' set in ssl option for "..host)
+ print(" No 'key' found for "..host)
cert_ok = false
else
local key, err = io.open(ssl_config.key); -- Permissions check only
if not cert:validat(os.time()) then
print(" Certificate has expired.")
cert_ok = false
+ elseif not cert:validat(os.time() + 86400) then
+ print(" Certificate expires within one day.")
+ cert_ok = false
+ elseif not cert:validat(os.time() + 86400*7) then
+ print(" Certificate expires within one week.")
+ elseif not cert:validat(os.time() + 86400*31) then
+ print(" Certificate expires within one month.")
end
if config.get(host, "component_module") == nil
and not x509_verify_identity(host, "_xmpp-client", cert) then
- print(" Not vaild for client connections to "..host..".")
+ print(" Not valid for client connections to "..host..".")
cert_ok = false
end
if (not (config.get(host, "anonymous_login")
or config.get(host, "authentication") == "anonymous"))
and not x509_verify_identity(host, "_xmpp-server", cert) then
- print(" Not vaild for server-to-server connections to "..host..".")
+ print(" Not valid for server-to-server connections to "..host..".")
cert_ok = false
end
end
end
if cert_ok == false then
print("")
- print("For more information about certificates please see http://prosody.im/doc/certificates");
+ print("For more information about certificates please see https://prosody.im/doc/certificates");
ok = false
end
end