local cert_commands = {};
-local function ask_overwrite(filename)
- return lfs.attributes(filename) and not show_yesno("Overwrite "..filename .. "?");
+-- If a file already exists, ask if the user wants to use it or replace it
+-- Backups the old file if replaced
+local function use_existing(filename)
+ local attrs = lfs.attributes(filename);
+ if attrs then
+ if show_yesno(filename .. " exists, do you want to replace it? [y/n]") then
+ local backup = filename..".bkp~"..os.date("%FT%T", attrs.change);
+ os.rename(filename, backup);
+ show_message(filename.." backed up to "..backup);
+ else
+ -- Use the existing file
+ return true;
+ end
+ end
end
function cert_commands.config(arg)
if #arg >= 1 and arg[1] ~= "--help" then
local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf";
- if ask_overwrite(conf_filename) then
+ if use_existing(conf_filename) then
return nil, conf_filename;
end
local conf = openssl.config.new();
function cert_commands.key(arg)
if #arg >= 1 and arg[1] ~= "--help" then
local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key";
- if ask_overwrite(key_filename) then
+ if use_existing(key_filename) then
return nil, key_filename;
end
os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions
function cert_commands.request(arg)
if #arg >= 1 and arg[1] ~= "--help" then
local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req";
- if ask_overwrite(req_filename) then
+ if use_existing(req_filename) then
return nil, req_filename;
end
local _, key_filename = cert_commands.key({arg[1]});
function cert_commands.generate(arg)
if #arg >= 1 and arg[1] ~= "--help" then
local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt";
- if ask_overwrite(cert_filename) then
+ if use_existing(cert_filename) then
return nil, cert_filename;
end
local _, key_filename = cert_commands.key({arg[1]});
and openssl.req{new=true, x509=true, nodes=true, key=key_filename,
days=365, sha256=true, utf8=true, config=conf_filename, out=cert_filename} then
show_message("Certificate written to ".. cert_filename);
+ print();
+ show_message(("Example config:\n\nssl = {\n\tcertificate = %q;\n\tkey = %q;\n}"):format(cert_filename, key_filename));
else
show_message("There was a problem, see OpenSSL output");
end
print(" All hosts are disabled. Remove enabled = false from at least one VirtualHost section")
end
end
+ if not config["*"].modules_enabled then
+ print(" No global modules_enabled is set?");
+ local suggested_global_modules;
+ for host, options in enabled_hosts() do
+ if not options.component_module and options.modules_enabled then
+ suggested_global_modules = set.intersection(suggested_global_modules or set.new(options.modules_enabled), set.new(options.modules_enabled));
+ end
+ end
+ if not suggested_global_modules:empty() then
+ print(" Consider moving these modules into modules_enabled in the global section:")
+ print(" "..tostring(suggested_global_modules / function (x) return ("%q"):format(x) end));
+ end
+ print();
+ end
-- Check for global options under hosts
local global_options = set.new(it.to_array(it.keys(config["*"])));
local deprecated_global_options = set.intersection(global_options, deprecated);
for name in pairs(options) do
if name:match("^interfaces?")
or name:match("_ports?$") or name:match("_interfaces?$")
- or name:match("_ssl$") then
+ or (name:match("_ssl$") and not name:match("^[cs]2s_ssl$")) then
misplaced_options:add(name);
end
end
print(" For more information see: http://prosody.im/doc/dns");
end
end
+ local all_modules = set.new(config["*"].modules_enabled);
+ local all_options = set.new(it.to_array(it.keys(config["*"])));
+ for host in enabled_hosts() do
+ all_options:include(set.new(it.to_array(it.keys(config[host]))));
+ all_modules:include(set.new(config[host].modules_enabled));
+ end
+ for mod in all_modules do
+ if mod:match("^mod_") then
+ print("");
+ print(" Modules in modules_enabled should not have the 'mod_' prefix included.");
+ print(" Change '"..mod.."' to '"..mod:match("^mod_(.*)").."'.");
+ elseif mod:match("^auth_") then
+ print("");
+ print(" Authentication modules should not be added to modules_enabled,");
+ print(" but be specified in the 'authentication' option.");
+ print(" Remove '"..mod.."' from modules_enabled and instead add");
+ print(" authentication = '"..mod:match("^auth_(.*)").."'");
+ print(" For more information see https://prosody.im/doc/authentication");
+ elseif mod:match("^storage_") then
+ print("");
+ print(" storage modules should not be added to modules_enabled,");
+ print(" but be specified in the 'storage' option.");
+ print(" Remove '"..mod.."' from modules_enabled and instead add");
+ print(" storage = '"..mod:match("^storage_(.*)").."'");
+ print(" For more information see https://prosody.im/doc/storage");
+ end
+ end
+ local ssl = dependencies.softreq"ssl";
+ if not ssl then
+ if not set.intersection(all_options, set.new({"require_encryption", "c2s_require_encryption", "s2s_require_encryption"})):empty() then
+ print("");
+ print(" You require encryption but LuaSec is not available.");
+ print(" Connections will fail.");
+ ok = false;
+ end
+ elseif not ssl.loadcertificate then
+ if all_options:contains("s2s_secure_auth") then
+ print("");
+ print(" You have set s2s_secure_auth but your version of LuaSec does ");
+ print(" not support certificate validation, so all s2s connections will");
+ print(" fail.");
+ ok = false;
+ elseif all_options:contains("s2s_secure_domains") then
+ local secure_domains = set.new();
+ for host in enabled_hosts() do
+ if config[host].s2s_secure_auth == true then
+ secure_domains:add("*");
+ else
+ secure_domains:include(set.new(config[host].s2s_secure_domains));
+ end
+ end
+ if not secure_domains:empty() then
+ print("");
+ print(" You have set s2s_secure_domains but your version of LuaSec does ");
+ print(" not support certificate validation, so s2s connections to/from ");
+ print(" these domains will fail.");
+ ok = false;
+ end
+ end
+ end
print("Done.\n");
end
target_hosts:remove("localhost");
end
- local modules = set.new(it.to_array(it.values(host_options.modules_enabled)))
- + set.new(it.to_array(it.values(config.get("*", "modules_enabled"))))
+ local modules = set.new(it.to_array(it.values(host_options.modules_enabled or {})))
+ + set.new(it.to_array(it.values(config.get("*", "modules_enabled") or {})))
+ set.new({ config.get(host, "component_module") });
if modules:contains("proxy65") then