Show pageBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ===== Setting up ZNC: an IRC bouncer ===== \\ ==== Firewall ==== The following ports have to be opened in your firewall: <code> 6697/tcp # IRC SSL </code> ---- \\ ==== ZNC ==== > [[https://en.wikipedia.org/wiki/ZNC|ZNC]] is an IRC network bouncer or BNC. It can detach the client from the actual IRC server, and also from selected channels. Multiple clients from different locations can connect to a single ZNC account simultaneously and therefore appear under the same nickname on IRC.\\ \\ === Installation === <code bash> sudo apt install znc </code> \\ === Creating a user account === <code bash> sudo useradd --create-home -d /var/lib/znc --system --shell /bin/false --comment "ZNC IRC Bouncer" --user-group znc </code> \\ === Creating a systemd unit file === <file bash /etc/systemd/system/znc.service> [Unit] Description=ZNC, an advanced IRC bouncer After=network-online.target [Service] ExecStart=/usr/bin/znc -f --datadir=/var/lib/znc User=znc [Install] WantedBy=multi-user.target </file> \\ === Configuration === <code bash> sudo -u znc /usr/bin/znc --datadir=/var/lib/znc --makeconf </code> <code bash> [ ?? ] Listen on port (1025 to 65534): 6697 [ ?? ] Listen using SSL (yes/no) [no]: yes [ ?? ] Listen using both IPv4 and IPv6 (yes/no) [yes]: yes [ ?? ] Username (alphanumeric): user1 [ ?? ] Enter password: ****** [ ?? ] Confirm password: ***** [ ?? ] Nick [admin]: user1 [ ?? ] Alternate nick [admin_]: user1_ [ ?? ] Ident [admin]: user1 [ ?? ] Real name [Got ZNC?]: User One [ ?? ] Set up a network? (yes/no) [yes]: yes [ ?? ] Name [freenode]: freenode [ ?? ] Server host [chat.freenode.net]: chat.freenode.net [ ?? ] Server uses SSL? (yes/no) [yes]: yes [ ?? ] Server port (1 to 65535) [6697]: 6697 [ ?? ] Server password (probably empty): [ ?? ] Launch ZNC now? (yes/no) [yes]: no </code> \\ === SSL certificates === The ''znc.pem'' is a concatination of the private key and the full certficate chain. In case you use Let's Encrypt: <code bash> sudo su -c 'cat /etc/letsencrypt/live/quietlife.nl/{privkey,fullchain}.pem > /var/lib/znc/znc.pem' </code> == Strong ciphers == <file bash /var/lib/znc/configs/znc.conf> SSLCertFile = /var/lib/znc/znc.pem SSLProtocols = -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2 SSLCiphers = AES384+EECDH:AES384+EDH:AES256+EECDH:AES256+EDH </file> \\ === Enabling and starting the daemon === <code bash> sudo systemctl enable znc.service sudo systemctl start znc.service </code> ---- \\ ==== Client configuration ==== <code bash> sudo apt install hexchat </code> \\ <code> HexChat > Network List > Add > quietlife.nl Edit > Servers: quietlife.nl/+6697 [x] Connect to this network automatically [x] Use SSL for all the servers on this network Login method: Default Password: <ZNC user password> Character set: UTF-8 (Unicode) Close > Connect </code> \\ === Enabling SASL for NickServ authentication === From the Freenode menu, run: <code> /znc LoadMod sasl /query *sasl </code> From the SASL menu, run: <code> set $username $password </code> (Use your Freenode NickServ credentials.) ---- \\ ==== SSL certificate renewal ==== Unlike Apache, nginx, Dovecot and Postfix, ZNC does not shortly run as root when started in order to read from ''/etc/ssl/'' or ''/etc/letsencrypt/''. So certificates have to be copied to the ''/var/lib/znc'' directory. If you use Let's Encrypt, this means that you have to renew those copies every three months. This can be automated with a script you run as ''root'': <code bash> #!/bin/bash cat /etc/letsencrypt/live/quietlife.nl/{privkey,fullchain}.pem > /var/lib/znc/znc.pem chown znc:znc /var/lib/znc/znc.pem chmod 600 /var/lib/znc/znc.pem systemctl restart znc.service </code>