3 -- Copyright (C) 2008-2010 Matthew Wild
4 -- Copyright (C) 2008-2010 Waqas Hussain
6 -- This project is MIT/X11 licensed. Please see the
7 -- COPYING file in the source package for more information.
10 -- prosodyctl - command-line controller for Prosody XMPP server
12 -- Will be modified by configure script if run --
14 CFG_SOURCEDIR=os.getenv("PROSODY_SRCDIR");
15 CFG_CONFIGDIR=os.getenv("PROSODY_CFGDIR");
16 CFG_PLUGINDIR=os.getenv("PROSODY_PLUGINDIR");
17 CFG_DATADIR=os.getenv("PROSODY_DATADIR");
19 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
21 local function is_relative(path)
22 local path_sep = package.config:sub(1,1);
23 return ((path_sep == "/" and path:sub(1,1) ~= "/")
24 or (path_sep == "\\" and (path:sub(1,1) ~= "/" and path:sub(2,3) ~= ":\\")))
27 -- Tell Lua where to find our libraries
29 local function filter_relative_paths(path)
30 if is_relative(path) then return ""; end
32 local function sanitise_paths(paths)
33 return (paths:gsub("[^;]+;?", filter_relative_paths):gsub(";;+", ";"));
35 package.path = sanitise_paths(CFG_SOURCEDIR.."/?.lua;"..package.path);
36 package.cpath = sanitise_paths(CFG_SOURCEDIR.."/?.so;"..package.cpath);
39 -- Substitute ~ with path to home directory in data path
41 if os.getenv("HOME") then
42 CFG_DATADIR = CFG_DATADIR:gsub("^~", os.getenv("HOME"));
46 -- Global 'prosody' object
49 events = require "util.events".new();
51 lock_globals = function () end;
52 unlock_globals = function () end;
53 installed = CFG_SOURCEDIR ~= nil;
54 core_post_stanza = function () end; -- TODO: mod_router!
58 local dependencies = require "util.dependencies";
59 if not dependencies.check_dependencies() then
63 config = require "core.configmanager"
70 if arg[1] == "--config" and arg[2] then
71 table.insert(filenames, arg[2]);
73 table.insert(filenames, CFG_CONFIGDIR.."/"..arg[2]);
75 table.remove(arg, 1); table.remove(arg, 1);
77 for _, format in ipairs(config.parsers()) do
78 table.insert(filenames, (CFG_CONFIGDIR or ".").."/prosody.cfg."..format);
81 for _,_filename in ipairs(filenames) do
83 local file = io.open(filename);
86 ENV_CONFIG = filename;
87 CFG_CONFIGDIR = filename:match("^(.*)[\\/][^\\/]*$");
91 local ok, level, err = config.load(filename);
94 print("**************************");
95 if level == "parser" then
96 print("A problem occured while reading the config file "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua");
97 local err_line, err_message = tostring(err):match("%[string .-%]:(%d*): (.*)");
98 print("Error"..(err_line and (" on line "..err_line) or "")..": "..(err_message or tostring(err)));
100 elseif level == "file" then
101 print("Prosody was unable to find the configuration file.");
102 print("We looked for: "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua");
103 print("A sample config file is included in the Prosody download called prosody.cfg.lua.dist");
104 print("Copy or rename it to prosody.cfg.lua and edit as necessary.");
106 print("More help on configuring Prosody can be found at http://prosody.im/doc/configure");
108 print("**************************");
113 local original_logging_config = config.get("*", "log");
114 config.set("*", "log", { { levels = { min="info" }, to = "console" } });
116 local data_path = config.get("*", "data_path") or CFG_DATADIR or "data";
117 local custom_plugin_paths = config.get("*", "plugin_paths");
118 if custom_plugin_paths then
119 local path_sep = package.config:sub(3,3);
120 -- path1;path2;path3;defaultpath...
121 CFG_PLUGINDIR = table.concat(custom_plugin_paths, path_sep)..path_sep..(CFG_PLUGINDIR or "plugins");
123 prosody.paths = { source = CFG_SOURCEDIR, config = CFG_CONFIGDIR,
124 plugins = CFG_PLUGINDIR or "plugins", data = data_path };
126 if prosody.installed then
127 -- Change working directory to data path.
128 require "lfs".chdir(data_path);
131 require "core.loggingmanager"
133 dependencies.log_warnings();
135 -- Switch away from root and into the prosody user --
136 local switched_user, current_uid;
138 local want_pposix_version = "0.3.6";
139 local ok, pposix = pcall(require, "util.pposix");
141 if ok and pposix then
142 if pposix._VERSION ~= want_pposix_version then print(string.format("Unknown version (%s) of binary pposix module, expected %s", tostring(pposix._VERSION), want_pposix_version)); return; end
143 current_uid = pposix.getuid();
144 if current_uid == 0 then
146 local desired_user = config.get("*", "prosody_user") or "prosody";
147 local desired_group = config.get("*", "prosody_group") or desired_user;
148 local ok, err = pposix.setgid(desired_group);
150 ok, err = pposix.initgroups(desired_user);
153 ok, err = pposix.setuid(desired_user);
156 switched_user = true;
159 if not switched_user then
161 print("Warning: Couldn't switch to Prosody user/group '"..tostring(desired_user).."'/'"..tostring(desired_group).."': "..tostring(err));
165 -- Set our umask to protect data files
166 pposix.umask(config.get("*", "umask") or "027");
167 pposix.setenv("HOME", data_path);
168 pposix.setenv("PROSODY_CONFIG", ENV_CONFIG);
170 print("Error: Unable to load pposix module. Check that Prosody is installed correctly.")
171 print("For more help send the below error to us through http://prosody.im/discuss");
172 print(tostring(pposix))
176 local function test_writeable(filename)
177 local f, err = io.open(filename, "a");
185 local unwriteable_files = {};
186 if type(original_logging_config) == "string" and original_logging_config:sub(1,1) ~= "*" then
187 local ok, err = test_writeable(original_logging_config);
189 table.insert(unwriteable_files, err);
191 elseif type(original_logging_config) == "table" then
192 for _, rule in ipairs(original_logging_config) do
193 if rule.filename then
194 local ok, err = test_writeable(rule.filename);
196 table.insert(unwriteable_files, err);
202 if #unwriteable_files > 0 then
203 print("One of more of the Prosody log files are not");
204 print("writeable, please correct the errors and try");
205 print("starting prosodyctl again.");
207 for _, err in ipairs(unwriteable_files) do
215 local error_messages = setmetatable({
216 ["invalid-username"] = "The given username is invalid in a Jabber ID";
217 ["invalid-hostname"] = "The given hostname is invalid";
218 ["no-password"] = "No password was supplied";
219 ["no-such-user"] = "The given user does not exist on the server";
220 ["no-such-host"] = "The given hostname does not exist in the config";
221 ["unable-to-save-data"] = "Unable to store, perhaps you don't have permission?";
222 ["no-pidfile"] = "There is no 'pidfile' option in the configuration file, see http://prosody.im/doc/prosodyctl#pidfile for help";
223 ["invalid-pidfile"] = "The 'pidfile' option in the configuration file is not a string, see http://prosody.im/doc/prosodyctl#pidfile for help";
224 ["no-posix"] = "The mod_posix module is not enabled in the Prosody config file, see http://prosody.im/doc/prosodyctl for more info";
225 ["no-such-method"] = "This module has no commands";
226 ["not-running"] = "Prosody is not running";
227 }, { __index = function (t,k) return "Error: "..(tostring(k):gsub("%-", " "):gsub("^.", string.upper)); end });
229 hosts = prosody.hosts;
231 local function make_host(hostname)
234 events = prosody.events,
237 users = require "core.usermanager".new_null_provider(hostname)
241 for hostname, config in pairs(config.getconfig()) do
242 hosts[hostname] = make_host(hostname);
245 local modulemanager = require "core.modulemanager"
247 local prosodyctl = require "util.prosodyctl"
248 local socket = require "socket"
249 -----------------------
251 -- FIXME: Duplicate code waiting for util.startup
252 function read_version()
253 -- Try to determine version
254 local version_file = io.open((CFG_SOURCEDIR or ".").."/prosody.version");
255 prosody.version = "unknown";
257 prosody.version = version_file:read("*a"):gsub("%s*$", "");
258 version_file:close();
259 if #prosody.version == 12 and prosody.version:match("^[a-f0-9]+$") then
260 prosody.version = "hg:"..prosody.version;
263 local hg = require"util.mercurial";
264 local hgid = hg.check_id(CFG_SOURCEDIR or ".");
265 if hgid then prosody.version = "hg:" .. hgid; end
269 local show_message, show_warning = prosodyctl.show_message, prosodyctl.show_warning;
270 local show_usage = prosodyctl.show_usage;
271 local getchar, getpass = prosodyctl.getchar, prosodyctl.getpass;
272 local show_yesno = prosodyctl.show_yesno;
273 local show_prompt = prosodyctl.show_prompt;
274 local read_password = prosodyctl.read_password;
276 local jid_split = require "util.jid".prepped_split;
278 local prosodyctl_timeout = (config.get("*", "prosodyctl_timeout") or 5) * 2;
279 -----------------------
281 local command = arg[1];
283 function commands.adduser(arg)
284 if not arg[1] or arg[1] == "--help" then
285 show_usage([[adduser JID]], [[Create the specified user account in Prosody]]);
288 local user, host = jid_split(arg[1]);
289 if not user and host then
290 show_message [[Failed to understand JID, please supply the JID you want to create]]
291 show_usage [[adduser user@host]]
296 show_message [[Please specify a JID, including a host. e.g. alice@example.com]];
300 if not hosts[host] then
301 show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host)
302 show_warning("The user will not be able to log in until this is changed.");
303 hosts[host] = make_host(host);
306 if prosodyctl.user_exists{ user = user, host = host } then
307 show_message [[That user already exists]];
311 local password = read_password();
312 if not password then return 1; end
314 local ok, msg = prosodyctl.adduser { user = user, host = host, password = password };
316 if ok then return 0; end
322 function commands.passwd(arg)
323 if not arg[1] or arg[1] == "--help" then
324 show_usage([[passwd JID]], [[Set the password for the specified user account in Prosody]]);
327 local user, host = jid_split(arg[1]);
328 if not user and host then
329 show_message [[Failed to understand JID, please supply the JID you want to set the password for]]
330 show_usage [[passwd user@host]]
335 show_message [[Please specify a JID, including a host. e.g. alice@example.com]];
339 if not hosts[host] then
340 show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host)
341 show_warning("The user will not be able to log in until this is changed.");
342 hosts[host] = make_host(host);
345 if not prosodyctl.user_exists { user = user, host = host } then
346 show_message [[That user does not exist, use prosodyctl adduser to create a new user]]
350 local password = read_password();
351 if not password then return 1; end
353 local ok, msg = prosodyctl.passwd { user = user, host = host, password = password };
355 if ok then return 0; end
357 show_message(error_messages[msg])
361 function commands.deluser(arg)
362 if not arg[1] or arg[1] == "--help" then
363 show_usage([[deluser JID]], [[Permanently remove the specified user account from Prosody]]);
366 local user, host = jid_split(arg[1]);
367 if not user and host then
368 show_message [[Failed to understand JID, please supply the JID to the user account you want to delete]]
369 show_usage [[deluser user@host]]
374 show_message [[Please specify a JID, including a host. e.g. alice@example.com]];
378 if not hosts[host] then
379 show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host)
380 hosts[host] = make_host(host);
383 if not prosodyctl.user_exists { user = user, host = host } then
384 show_message [[That user does not exist on this server]]
388 local ok, msg = prosodyctl.deluser { user = user, host = host };
390 if ok then return 0; end
392 show_message(error_messages[msg])
396 function commands.start(arg)
397 if arg[1] == "--help" then
398 show_usage([[start]], [[Start Prosody]]);
401 local ok, ret = prosodyctl.isrunning();
403 show_message(error_messages[ret]);
408 local ok, ret = prosodyctl.getpid();
410 show_message("Couldn't get running Prosody's PID");
411 show_message(error_messages[ret]);
414 show_message("Prosody is already running with PID %s", ret or "(unknown)");
418 local ok, ret = prosodyctl.start();
420 local daemonize = config.get("*", "daemonize");
421 if daemonize == nil then
422 daemonize = prosody.installed;
427 local ok, running = prosodyctl.isrunning();
428 if ok and running then
431 show_message("Still waiting...");
432 elseif i >= prosodyctl_timeout then
433 show_message("Prosody is still not running. Please give it some time or check your log files for errors.");
439 show_message("Started");
444 show_message("Failed to start Prosody");
445 show_message(error_messages[ret])
449 function commands.status(arg)
450 if arg[1] == "--help" then
451 show_usage([[status]], [[Reports the running status of Prosody]]);
455 local ok, ret = prosodyctl.isrunning();
457 show_message(error_messages[ret]);
462 local ok, ret = prosodyctl.getpid();
464 show_message("Couldn't get running Prosody's PID");
465 show_message(error_messages[ret]);
468 show_message("Prosody is running with PID %s", ret or "(unknown)");
471 show_message("Prosody is not running");
472 if not switched_user and current_uid ~= 0 then
474 print(" You will also see this if prosodyctl is not running under");
475 print(" the same user account as Prosody. Try running as root (e.g. ");
476 print(" with 'sudo' in front) to gain access to Prosody's real status.");
483 function commands.stop(arg)
484 if arg[1] == "--help" then
485 show_usage([[stop]], [[Stop a running Prosody server]]);
489 if not prosodyctl.isrunning() then
490 show_message("Prosody is not running");
494 local ok, ret = prosodyctl.stop();
498 local ok, running = prosodyctl.isrunning();
499 if ok and not running then
502 show_message("Still waiting...");
503 elseif i >= prosodyctl_timeout then
504 show_message("Prosody is still running. Please give it some time or check your log files for errors.");
510 show_message("Stopped");
514 show_message(error_messages[ret]);
518 function commands.restart(arg)
519 if arg[1] == "--help" then
520 show_usage([[restart]], [[Restart a running Prosody server]]);
525 return commands.start(arg);
528 function commands.about(arg)
530 if arg[1] == "--help" then
531 show_usage([[about]], [[Show information about this Prosody installation]]);
536 local lfs = require "lfs";
537 local array = require "util.array";
538 local keys = require "util.iterators".keys;
539 local hg = require"util.mercurial";
540 local relpath = config.resolve_relative_path;
542 print("Prosody "..(prosody.version or "(unknown version)"));
544 print("# Prosody directories");
545 print("Data directory: "..relpath(pwd, data_path));
546 print("Config directory: "..relpath(pwd, CFG_CONFIGDIR or "."));
547 print("Source directory: "..relpath(pwd, CFG_SOURCEDIR or "."));
548 print("Plugin directories:")
549 print(" "..(prosody.paths.plugins:gsub("([^;]+);?", function(path)
551 path = config.resolve_relative_path(pwd, path);
552 local hgid, hgrepo = hg.check_id(path);
553 if not hgid and hgrepo then
554 return path.." - "..hgrepo .."!\n ";
556 -- 010452cfaf53 is the first commit in the prosody-modules repository
557 hgrepo = hgrepo == "010452cfaf53" and "prosody-modules";
558 return path..(hgid and " - "..(hgrepo or "HG").." rev: "..hgid or "")
562 print("# Lua environment");
563 print("Lua version: ", _G._VERSION);
565 print("Lua module search paths:");
566 for path in package.path:gmatch("[^;]+") do
570 print("Lua C module search paths:");
571 for path in package.cpath:gmatch("[^;]+") do
575 local luarocks_status = (pcall(require, "luarocks.loader") and "Installed ("..(package.loaded["luarocks.cfg"].program_version or "2.x+")..")")
576 or (pcall(require, "luarocks.require") and "Installed (1.x)")
578 print("LuaRocks: ", luarocks_status);
580 print("# Lua module versions");
581 local module_versions, longest_name = {}, 8;
582 local luaevent =dependencies.softreq"luaevent";
583 local ssl = dependencies.softreq"ssl";
584 for name, module in pairs(package.loaded) do
585 if type(module) == "table" and rawget(module, "_VERSION")
586 and name ~= "_G" and not name:match("%.") then
587 if #name > longest_name then
588 longest_name = #name;
590 module_versions[name] = module._VERSION;
593 local sorted_keys = array.collect(keys(module_versions)):sort();
594 for _, name in ipairs(array.collect(keys(module_versions)):sort()) do
595 print(name..":"..string.rep(" ", longest_name-#name), module_versions[name]);
600 function commands.reload(arg)
601 if arg[1] == "--help" then
602 show_usage([[reload]], [[Reload Prosody's configuration and re-open log files]]);
606 if not prosodyctl.isrunning() then
607 show_message("Prosody is not running");
611 local ok, ret = prosodyctl.reload();
614 show_message("Prosody log files re-opened and config file reloaded. You may need to reload modules for some changes to take effect.");
618 show_message(error_messages[ret]);
621 -- ejabberdctl compatibility
623 function commands.register(arg)
624 local user, host, password = unpack(arg);
625 if (not (user and host)) or arg[1] == "--help" then
626 if user ~= "--help" then
628 show_message [[No username specified]]
630 show_message [[Please specify which host you want to register the user on]];
633 show_usage("register USER HOST [PASSWORD]", "Register a user on the server, with the given password");
637 password = read_password();
639 show_message [[Unable to register user with no password]];
644 local ok, msg = prosodyctl.adduser { user = user, host = host, password = password };
646 if ok then return 0; end
648 show_message(error_messages[msg])
652 function commands.unregister(arg)
653 local user, host = unpack(arg);
654 if (not (user and host)) or arg[1] == "--help" then
655 if user ~= "--help" then
657 show_message [[No username specified]]
659 show_message [[Please specify which host you want to unregister the user from]];
662 show_usage("unregister USER HOST [PASSWORD]", "Permanently remove a user account from the server");
666 local ok, msg = prosodyctl.deluser { user = user, host = host };
668 if ok then return 0; end
670 show_message(error_messages[msg])
677 local cert_commands = {};
679 -- If a file already exists, ask if the user wants to use it or replace it
680 -- Backups the old file if replaced
681 local function use_existing(filename)
682 local attrs = lfs.attributes(filename);
684 if show_yesno(filename .. " exists, do you want to replace it? [y/n]") then
685 local backup = filename..".bkp~"..os.date("%FT%T", attrs.change);
686 os.rename(filename, backup);
687 show_message(filename.." backed up to "..backup);
689 -- Use the existing file
695 function cert_commands.config(arg)
696 if #arg >= 1 and arg[1] ~= "--help" then
697 local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf";
698 if use_existing(conf_filename) then
699 return nil, conf_filename;
701 local conf = openssl.config.new();
702 conf:from_prosody(hosts, config, arg);
703 show_message("Please provide details to include in the certificate config file.");
704 show_message("Leave the field empty to use the default value or '.' to exclude the field.")
705 for i, k in ipairs(openssl._DN_order) do
706 local v = conf.distinguished_name[k];
709 if k == "commonName" then
711 elseif k == "emailAddress" then
712 v = "xmpp@" .. arg[1];
713 elseif k == "countryName" then
714 local tld = arg[1]:match"%.([a-z]+)$";
715 if tld and #tld == 2 and tld ~= "uk" then
719 nv = show_prompt(("%s (%s):"):format(k, nv or v));
720 nv = (not nv or nv == "") and v or nv;
721 if nv:find"[\192-\252][\128-\191]+" then
722 conf.req.string_mask = "utf8only"
724 conf.distinguished_name[k] = nv ~= "." and nv or nil;
727 local conf_file, err = io.open(conf_filename, "w");
728 if not conf_file then
729 show_warning("Could not open OpenSSL config file for writing");
733 conf_file:write(conf:serialize());
736 show_message("Config written to " .. conf_filename);
737 return nil, conf_filename;
739 show_usage("cert config HOSTNAME [HOSTNAME+]", "Builds a certificate config file covering the supplied hostname(s)")
743 function cert_commands.key(arg)
744 if #arg >= 1 and arg[1] ~= "--help" then
745 local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key";
746 if use_existing(key_filename) then
747 return nil, key_filename;
749 os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions
750 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048);
751 local old_umask = pposix.umask("0377");
752 if openssl.genrsa{out=key_filename, key_size} then
753 os.execute(("chmod 400 '%s'"):format(key_filename));
754 show_message("Key written to ".. key_filename);
755 pposix.umask(old_umask);
756 return nil, key_filename;
758 show_message("There was a problem, see OpenSSL output");
760 show_usage("cert key HOSTNAME <bits>", "Generates a RSA key named HOSTNAME.key\n "
761 .."Prompts for a key size if none given")
765 function cert_commands.request(arg)
766 if #arg >= 1 and arg[1] ~= "--help" then
767 local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req";
768 if use_existing(req_filename) then
769 return nil, req_filename;
771 local _, key_filename = cert_commands.key({arg[1]});
772 local _, conf_filename = cert_commands.config(arg);
773 if openssl.req{new=true, key=key_filename, utf8=true, sha256=true, config=conf_filename, out=req_filename} then
774 show_message("Certificate request written to ".. req_filename);
776 show_message("There was a problem, see OpenSSL output");
779 show_usage("cert request HOSTNAME [HOSTNAME+]", "Generates a certificate request for the supplied hostname(s)")
783 function cert_commands.generate(arg)
784 if #arg >= 1 and arg[1] ~= "--help" then
785 local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt";
786 if use_existing(cert_filename) then
787 return nil, cert_filename;
789 local _, key_filename = cert_commands.key({arg[1]});
790 local _, conf_filename = cert_commands.config(arg);
792 if key_filename and conf_filename and cert_filename
793 and openssl.req{new=true, x509=true, nodes=true, key=key_filename,
794 days=365, sha256=true, utf8=true, config=conf_filename, out=cert_filename} then
795 show_message("Certificate written to ".. cert_filename);
797 show_message(("Example config:\n\nssl = {\n\tcertificate = %q;\n\tkey = %q;\n}"):format(cert_filename, key_filename));
799 show_message("There was a problem, see OpenSSL output");
802 show_usage("cert generate HOSTNAME [HOSTNAME+]", "Generates a self-signed certificate for the current hostname(s)")
806 function commands.cert(arg)
807 if #arg >= 1 and arg[1] ~= "--help" then
808 openssl = require "util.openssl";
810 local subcmd = table.remove(arg, 1);
811 if type(cert_commands[subcmd]) == "function" then
813 show_message"You need to supply at least one hostname"
816 if arg[1] ~= "--help" and not hosts[arg[1]] then
817 show_message(error_messages["no-such-host"]);
820 return cert_commands[subcmd](arg);
823 show_usage("cert config|request|generate|key", "Helpers for generating X.509 certificates and keys.")
826 function commands.check(arg)
827 if arg[1] == "--help" then
828 show_usage([[check]], [[Perform basic checks on your Prosody installation]]);
831 local what = table.remove(arg, 1);
832 local array, set = require "util.array", require "util.set";
833 local it = require "util.iterators";
835 local function disabled_hosts(host, conf) return host ~= "*" and conf.enabled ~= false; end
836 local function enabled_hosts() return it.filter(disabled_hosts, pairs(config.getconfig())); end
837 if not what or what == "disabled" then
838 local disabled_hosts = set.new();
839 for host, host_options in it.filter("*", pairs(config.getconfig())) do
840 if host_options.enabled == false then
841 disabled_hosts:add(host);
844 if not disabled_hosts:empty() then
845 local msg = "Checks will be skipped for these disabled hosts: %s";
846 if what then msg = "These hosts are disabled: %s"; end
847 show_warning(msg, tostring(disabled_hosts));
848 if what then return 0; end
852 if not what or what == "config" then
853 print("Checking config...");
854 local deprecated = set.new({
855 "bosh_ports", "disallow_s2s", "no_daemonize", "anonymous_login", "require_encryption",
857 local known_global_options = set.new({
858 "pidfile", "log", "plugin_paths", "prosody_user", "prosody_group", "daemonize",
859 "umask", "prosodyctl_timeout", "use_ipv6", "use_libevent", "network_settings",
860 "network_backend", "http_default_host",
862 local config = config.getconfig();
863 -- Check that we have any global options (caused by putting a host at the top)
864 if it.count(it.filter("log", pairs(config["*"]))) == 0 then
867 print(" No global options defined. Perhaps you have put a host definition at the top")
868 print(" of the config file? They should be at the bottom, see http://prosody.im/doc/configure#overview");
870 if it.count(enabled_hosts()) == 0 then
873 if it.count(it.filter("*", pairs(config))) == 0 then
874 print(" No hosts are defined, please add at least one VirtualHost section")
875 elseif config["*"]["enabled"] == false then
876 print(" No hosts are enabled. Remove enabled = false from the global section or put enabled = true under at least one VirtualHost section")
878 print(" All hosts are disabled. Remove enabled = false from at least one VirtualHost section")
881 if not config["*"].modules_enabled then
882 print(" No global modules_enabled is set?");
883 local suggested_global_modules;
884 for host, options in enabled_hosts() do
885 if not options.component_module and options.modules_enabled then
886 suggested_global_modules = set.intersection(suggested_global_modules or set.new(options.modules_enabled), set.new(options.modules_enabled));
889 if not suggested_global_modules:empty() then
890 print(" Consider moving these modules into modules_enabled in the global section:")
891 print(" "..tostring(suggested_global_modules / function (x) return ("%q"):format(x) end));
895 -- Check for global options under hosts
896 local global_options = set.new(it.to_array(it.keys(config["*"])));
897 local deprecated_global_options = set.intersection(global_options, deprecated);
898 if not deprecated_global_options:empty() then
900 print(" You have some deprecated options in the global section:");
901 print(" "..tostring(deprecated_global_options))
904 for host, options in enabled_hosts() do
905 local host_options = set.new(it.to_array(it.keys(options)));
906 local misplaced_options = set.intersection(host_options, known_global_options);
907 for name in pairs(options) do
908 if name:match("^interfaces?")
909 or name:match("_ports?$") or name:match("_interfaces?$")
910 or (name:match("_ssl$") and not name:match("^[cs]2s_ssl$")) then
911 misplaced_options:add(name);
914 if not misplaced_options:empty() then
917 local n = it.count(misplaced_options);
918 print(" You have "..n.." option"..(n>1 and "s " or " ").."set under "..host.." that should be");
919 print(" in the global section of the config file, above any VirtualHost or Component definitions,")
920 print(" see http://prosody.im/doc/configure#overview for more information.")
922 print(" You need to move the following option"..(n>1 and "s" or "")..": "..table.concat(it.to_array(misplaced_options), ", "));
924 local subdomain = host:match("^[^.]+");
925 if not(host_options:contains("component_module")) and (subdomain == "jabber" or subdomain == "xmpp"
926 or subdomain == "chat" or subdomain == "im") then
928 print(" Suggestion: If "..host.. " is a new host with no real users yet, consider renaming it now to");
929 print(" "..host:gsub("^[^.]+%.", "")..". You can use SRV records to redirect XMPP clients and servers to "..host..".");
930 print(" For more information see: http://prosody.im/doc/dns");
933 local all_modules = set.new(config["*"].modules_enabled);
934 local all_options = set.new(it.to_array(it.keys(config["*"])));
935 for host in enabled_hosts() do
936 all_options:include(set.new(it.to_array(it.keys(config[host]))));
937 all_modules:include(set.new(config[host].modules_enabled));
939 for mod in all_modules do
940 if mod:match("^mod_") then
942 print(" Modules in modules_enabled should not have the 'mod_' prefix included.");
943 print(" Change '"..mod.."' to '"..mod:match("^mod_(.*)").."'.");
944 elseif mod:match("^auth_") then
946 print(" Authentication modules should not be added to modules_enabled,");
947 print(" but be specified in the 'authentication' option.");
948 print(" Remove '"..mod.."' from modules_enabled and instead add");
949 print(" authentication = '"..mod:match("^auth_(.*)").."'");
950 print(" For more information see https://prosody.im/doc/authentication");
951 elseif mod:match("^storage_") then
953 print(" storage modules should not be added to modules_enabled,");
954 print(" but be specified in the 'storage' option.");
955 print(" Remove '"..mod.."' from modules_enabled and instead add");
956 print(" storage = '"..mod:match("^storage_(.*)").."'");
957 print(" For more information see https://prosody.im/doc/storage");
960 local ssl = dependencies.softreq"ssl";
962 if not set.intersection(all_options, set.new({"require_encryption", "c2s_require_encryption", "s2s_require_encryption"})):empty() then
964 print(" You require encryption but LuaSec is not available.");
965 print(" Connections will fail.");
968 elseif not ssl.loadcertificate then
969 if all_options:contains("s2s_secure_auth") then
971 print(" You have set s2s_secure_auth but your version of LuaSec does ");
972 print(" not support certificate validation, so all s2s connections will");
975 elseif all_options:contains("s2s_secure_domains") then
976 local secure_domains = set.new();
977 for host in enabled_hosts() do
978 if config[host].s2s_secure_auth == true then
979 secure_domains:add("*");
981 secure_domains:include(set.new(config[host].s2s_secure_domains));
984 if not secure_domains:empty() then
986 print(" You have set s2s_secure_domains but your version of LuaSec does ");
987 print(" not support certificate validation, so s2s connections to/from ");
988 print(" these domains will fail.");
996 if not what or what == "dns" then
997 local dns = require "net.dns";
998 local idna = require "util.encodings".idna;
999 local ip = require "util.ip";
1000 local c2s_ports = set.new(config.get("*", "c2s_ports") or {5222});
1001 local s2s_ports = set.new(config.get("*", "s2s_ports") or {5269});
1003 local c2s_srv_required, s2s_srv_required;
1004 if not c2s_ports:contains(5222) then
1005 c2s_srv_required = true;
1007 if not s2s_ports:contains(5269) then
1008 s2s_srv_required = true;
1011 local problem_hosts = set.new();
1013 local external_addresses, internal_addresses = set.new(), set.new();
1015 local fqdn = socket.dns.tohostname(socket.dns.gethostname());
1017 local res = dns.lookup(idna.to_ascii(fqdn), "A");
1019 for _, record in ipairs(res) do
1020 external_addresses:add(record.a);
1023 local res = dns.lookup(idna.to_ascii(fqdn), "AAAA");
1025 for _, record in ipairs(res) do
1026 external_addresses:add(record.aaaa);
1031 local local_addresses = require"util.net".local_addresses() or {};
1033 for addr in it.values(local_addresses) do
1034 if not ip.new_ip(addr).private then
1035 external_addresses:add(addr);
1037 internal_addresses:add(addr);
1041 if external_addresses:empty() then
1043 print(" Failed to determine the external addresses of this server. Checks may be inaccurate.");
1044 c2s_srv_required, s2s_srv_required = true, true;
1047 local v6_supported = not not socket.tcp6;
1049 for host, host_options in enabled_hosts() do
1050 local all_targets_ok, some_targets_ok = true, false;
1052 local is_component = not not host_options.component_module;
1053 print("Checking DNS for "..(is_component and "component" or "host").." "..host.."...");
1054 local target_hosts = set.new();
1055 if not is_component then
1056 local res = dns.lookup("_xmpp-client._tcp."..idna.to_ascii(host)..".", "SRV");
1058 for _, record in ipairs(res) do
1059 target_hosts:add(record.srv.target);
1060 if not c2s_ports:contains(record.srv.port) then
1061 print(" SRV target "..record.srv.target.." contains unknown client port: "..record.srv.port);
1065 if c2s_srv_required then
1066 print(" No _xmpp-client SRV record found for "..host..", but it looks like you need one.");
1067 all_targst_ok = false;
1069 target_hosts:add(host);
1073 local res = dns.lookup("_xmpp-server._tcp."..idna.to_ascii(host)..".", "SRV");
1075 for _, record in ipairs(res) do
1076 target_hosts:add(record.srv.target);
1077 if not s2s_ports:contains(record.srv.port) then
1078 print(" SRV target "..record.srv.target.." contains unknown server port: "..record.srv.port);
1082 if s2s_srv_required then
1083 print(" No _xmpp-server SRV record found for "..host..", but it looks like you need one.");
1084 all_targets_ok = false;
1086 target_hosts:add(host);
1089 if target_hosts:empty() then
1090 target_hosts:add(host);
1093 if target_hosts:contains("localhost") then
1094 print(" Target 'localhost' cannot be accessed from other servers");
1095 target_hosts:remove("localhost");
1098 local modules = set.new(it.to_array(it.values(host_options.modules_enabled or {})))
1099 + set.new(it.to_array(it.values(config.get("*", "modules_enabled") or {})))
1100 + set.new({ config.get(host, "component_module") });
1102 if modules:contains("proxy65") then
1103 local proxy65_target = config.get(host, "proxy65_address") or host;
1104 local A, AAAA = dns.lookup(idna.to_ascii(proxy65_target), "A"), dns.lookup(idna.to_ascii(proxy65_target), "AAAA");
1107 table.insert(prob, "A");
1109 if v6_supported and not AAAA then
1110 table.insert(prob, "AAAA");
1113 print(" File transfer proxy "..proxy65_target.." has no "..table.concat(prob, "/").." record. Create one or set 'proxy65_address' to the correct host/IP.");
1117 for host in target_hosts do
1118 local host_ok_v4, host_ok_v6;
1119 local res = dns.lookup(idna.to_ascii(host), "A");
1121 for _, record in ipairs(res) do
1122 if external_addresses:contains(record.a) then
1123 some_targets_ok = true;
1125 elseif internal_addresses:contains(record.a) then
1127 some_targets_ok = true;
1128 print(" "..host.." A record points to internal address, external connections might fail");
1130 print(" "..host.." A record points to unknown address "..record.a);
1131 all_targets_ok = false;
1135 local res = dns.lookup(idna.to_ascii(host), "AAAA");
1137 for _, record in ipairs(res) do
1138 if external_addresses:contains(record.aaaa) then
1139 some_targets_ok = true;
1141 elseif internal_addresses:contains(record.aaaa) then
1143 some_targets_ok = true;
1144 print(" "..host.." AAAA record points to internal address, external connections might fail");
1146 print(" "..host.." AAAA record points to unknown address "..record.aaaa);
1147 all_targets_ok = false;
1152 local bad_protos = {}
1153 if not host_ok_v4 then
1154 table.insert(bad_protos, "IPv4");
1156 if not host_ok_v6 then
1157 table.insert(bad_protos, "IPv6");
1159 if #bad_protos > 0 then
1160 print(" Host "..host.." does not seem to resolve to this server ("..table.concat(bad_protos, "/")..")");
1162 if host_ok_v6 and not v6_supported then
1163 print(" Host "..host.." has AAAA records, but your version of LuaSocket does not support IPv6.");
1164 print(" Please see http://prosody.im/doc/ipv6 for more information.");
1167 if not all_targets_ok then
1168 print(" "..(some_targets_ok and "Only some" or "No").." targets for "..host.." appear to resolve to this server.");
1169 if is_component then
1170 print(" DNS records are necessary if you want users on other servers to access this component.");
1172 problem_hosts:add(host);
1176 if not problem_hosts:empty() then
1178 print("For more information about DNS configuration please see http://prosody.im/doc/dns");
1183 if not what or what == "certs" then
1185 print"Checking certificates..."
1186 local x509_verify_identity = require"util.x509".verify_identity;
1187 local ssl = dependencies.softreq"ssl";
1188 -- local datetime_parse = require"util.datetime".parse_x509;
1189 local load_cert = ssl and ssl.loadcertificate;
1190 -- or ssl.cert_from_pem
1192 print("LuaSec not available, can't perform certificate checks")
1193 if what == "certs" then cert_ok = false end
1194 elseif not load_cert then
1195 print("This version of LuaSec (" .. ssl._VERSION .. ") does not support certificate checking");
1198 for host in enabled_hosts() do
1199 print("Checking certificate for "..host);
1200 -- First, let's find out what certificate this host uses.
1201 local ssl_config = config.rawget(host, "ssl");
1202 if not ssl_config then
1203 local base_host = host:match("%.(.*)");
1204 ssl_config = config.get(base_host, "ssl");
1206 if not ssl_config then
1207 print(" No 'ssl' option defined for "..host)
1209 elseif not ssl_config.certificate then
1210 print(" No 'certificate' set in ssl option for "..host)
1212 elseif not ssl_config.key then
1213 print(" No 'key' set in ssl option for "..host)
1216 local key, err = io.open(ssl_config.key); -- Permissions check only
1218 print(" Could not open "..ssl_config.key..": "..err);
1223 local cert_fh, err = io.open(ssl_config.certificate); -- Load the file.
1225 print(" Could not open "..ssl_config.certificate..": "..err);
1228 print(" Certificate: "..ssl_config.certificate)
1229 local cert = load_cert(cert_fh:read"*a"); cert_fh = cert_fh:close();
1230 if not cert:validat(os.time()) then
1231 print(" Certificate has expired.")
1234 if config.get(host, "component_module") == nil
1235 and not x509_verify_identity(host, "_xmpp-client", cert) then
1236 print(" Not vaild for client connections to "..host..".")
1239 if (not (config.get(host, "anonymous_login")
1240 or config.get(host, "authentication") == "anonymous"))
1241 and not x509_verify_identity(host, "_xmpp-server", cert) then
1242 print(" Not vaild for server-to-server connections to "..host..".")
1248 if cert_ok == false then
1250 print("For more information about certificates please see http://prosody.im/doc/certificates");
1257 print("Problems found, see above.");
1259 print("All checks passed, congratulations!");
1261 return ok and 0 or 2;
1264 ---------------------
1266 if command and command:match("^mod_") then -- Is a command in a module
1267 local module_name = command:match("^mod_(.+)");
1268 local ret, err = modulemanager.load("*", module_name);
1270 show_message("Failed to load module '"..module_name.."': "..err);
1274 table.remove(arg, 1);
1276 local module = modulemanager.get_module("*", module_name);
1278 show_message("Failed to load module '"..module_name.."': Unknown error");
1282 if not modulemanager.module_has_method(module, "command") then
1283 show_message("Fail: mod_"..module_name.." does not support any commands");
1287 local ok, ret = modulemanager.call_module_method(module, "command", arg);
1289 if type(ret) == "number" then
1291 elseif type(ret) == "string" then
1296 show_message("Failed to execute command: "..error_messages[ret]);
1301 if not commands[command] then -- Show help for all commands
1302 function show_usage(usage, desc)
1307 print("prosodyctl - Manage a Prosody server");
1309 print("Usage: "..arg[0].." COMMAND [OPTIONS]");
1311 print("Where COMMAND may be one of:\n");
1313 local hidden_commands = require "util.set".new{ "register", "unregister", "addplugin" };
1314 local commands_order = { "adduser", "passwd", "deluser", "start", "stop", "restart", "reload", "about" };
1318 for _, command_name in ipairs(commands_order) do
1319 local command = commands[command_name];
1321 command{ "--help" };
1323 done[command_name] = true;
1327 for command_name, command in pairs(commands) do
1328 if not done[command_name] and not hidden_commands:contains(command_name) then
1329 command{ "--help" };
1331 done[command_name] = true;
1339 os.exit(commands[command]({ select(2, unpack(arg)) }));