X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=prosodyctl;h=1a487fb5f54dbb5b8b897ee3f226f51eea09ebf0;hb=36c567ebc96fc65b364b348d8603412bd127b856;hp=ac0b7cd056e6256b0512505c7f3a5f698991b0ba;hpb=159546ccde62e1582dc9d71574b256ffb309d646;p=prosody.git

diff --git a/prosodyctl b/prosodyctl
index ac0b7cd0..1a487fb5 100755
--- a/prosodyctl
+++ b/prosodyctl
@@ -792,6 +792,8 @@ function cert_commands.generate(arg)
 			and openssl.req{new=true, x509=true, nodes=true, key=key_filename,
 				days=365, sha256=true, utf8=true, config=conf_filename, out=cert_filename} then
 			show_message("Certificate written to ".. cert_filename);
+			print();
+			show_message(("Example config:\n\nssl = {\n\tcertificate = %q;\n\tkey = %q;\n}"):format(cert_filename, key_filename));
 		else
 			show_message("There was a problem, see OpenSSL output");
 		end
@@ -875,6 +877,20 @@ function commands.check(arg)
 				print("    All hosts are disabled. Remove enabled = false from at least one VirtualHost section")
 			end
 		end
+		if not config["*"].modules_enabled then
+			print("    No global modules_enabled is set?");
+			local suggested_global_modules;
+			for host, options in enabled_hosts() do
+				if not options.component_module and options.modules_enabled then
+					suggested_global_modules = set.intersection(suggested_global_modules or set.new(options.modules_enabled), set.new(options.modules_enabled));
+				end
+			end
+			if not suggested_global_modules:empty() then
+				print("    Consider moving these modules into modules_enabled in the global section:")
+				print("    "..tostring(suggested_global_modules / function (x) return ("%q"):format(x) end));
+			end
+			print();
+		end
 		-- Check for global options under hosts
 		local global_options = set.new(it.to_array(it.keys(config["*"])));
 		local deprecated_global_options = set.intersection(global_options, deprecated);
@@ -890,7 +906,7 @@ function commands.check(arg)
 			for name in pairs(options) do
 				if name:match("^interfaces?")
 				or name:match("_ports?$") or name:match("_interfaces?$")
-				or name:match("_ssl$") then
+				or (name:match("_ssl$") and not name:match("^[cs]2s_ssl$")) then
 					misplaced_options:add(name);
 				end
 			end
@@ -913,11 +929,34 @@ function commands.check(arg)
 			   	print("     For more information see: http://prosody.im/doc/dns");
 			end
 		end
-		local all_options = set.new();
+		local all_modules = set.new(config["*"].modules_enabled);
+		local all_options = set.new(it.to_array(it.keys(config["*"])));
 		for host in enabled_hosts() do
 			all_options:include(set.new(it.to_array(it.keys(config[host]))));
+			all_modules:include(set.new(config[host].modules_enabled));
+		end
+		for mod in all_modules do
+			if mod:match("^mod_") then
+				print("");
+				print("    Modules in modules_enabled should not have the 'mod_' prefix included.");
+				print("    Change '"..mod.."' to '"..mod:match("^mod_(.*)").."'.");
+			elseif mod:match("^auth_") then
+				print("");
+				print("    Authentication modules should not be added to modules_enabled,");
+				print("    but be specified in the 'authentication' option.");
+				print("    Remove '"..mod.."' from modules_enabled and instead add");
+				print("        authentication = '"..mod:match("^auth_(.*)").."'");
+				print("    For more information see https://prosody.im/doc/authentication");
+			elseif mod:match("^storage_") then
+				print("");
+				print("    storage modules should not be added to modules_enabled,");
+				print("    but be specified in the 'storage' option.");
+				print("    Remove '"..mod.."' from modules_enabled and instead add");
+				print("        storage = '"..mod:match("^storage_(.*)").."'");
+				print("    For more information see https://prosody.im/doc/storage");
+			end
 		end
-		local ssl = nil, dependencies.softreq"ssl";
+		local ssl = dependencies.softreq"ssl";
 		if not ssl then
 			if not set.intersection(all_options, set.new({"require_encryption", "c2s_require_encryption", "s2s_require_encryption"})):empty() then
 				print("");
@@ -925,6 +964,30 @@ function commands.check(arg)
 				print("    Connections will fail.");
 				ok = false;
 			end
+		elseif not ssl.loadcertificate then
+			if all_options:contains("s2s_secure_auth") then
+				print("");
+				print("    You have set s2s_secure_auth but your version of LuaSec does ");
+				print("    not support certificate validation, so all s2s connections will");
+				print("    fail.");
+				ok = false;
+			elseif all_options:contains("s2s_secure_domains") then
+				local secure_domains = set.new();
+				for host in enabled_hosts() do
+					if config[host].s2s_secure_auth == true then
+						secure_domains:add("*");
+					else
+						secure_domains:include(set.new(config[host].s2s_secure_domains));
+					end
+				end
+				if not secure_domains:empty() then
+					print("");
+					print("    You have set s2s_secure_domains but your version of LuaSec does ");
+					print("    not support certificate validation, so s2s connections to/from ");
+					print("    these domains will fail.");
+					ok = false;
+				end
+			end
 		end
 		
 		print("Done.\n");
@@ -1031,8 +1094,8 @@ function commands.check(arg)
 				target_hosts:remove("localhost");
 			end
 			
-			local modules = set.new(it.to_array(it.values(host_options.modules_enabled)))
-			                + set.new(it.to_array(it.values(config.get("*", "modules_enabled"))))
+			local modules = set.new(it.to_array(it.values(host_options.modules_enabled or {})))
+			                + set.new(it.to_array(it.values(config.get("*", "modules_enabled") or {})))
 			                + set.new({ config.get(host, "component_module") });
 
 			if modules:contains("proxy65") then