Blame
Date:
Thu Jan 27 05:00:26 2022
UTC
Message:
Daily backup
11
2021-12-17
text=(:title Providing TLS for Ngircd:)%0a%0a!! Prerequisites%0a%0aBefore you can enable TLS for ngircd, you must first have a properly-signed [[acme-client/configure|SSL cert]].%0a%0aCheck to see if you have the following two files:%0a%0a[@%0a/etc/ssl/example.com.fullchain.pem%0a/etc/ssl/private/example.com.key%0a@]%0a%0aYou will, of course, need to replace example.com with your actual hostname.%0a%0a!! Copying the cert and key%0a%0aWe'll need to copy the cert and key into /etc/ngircd/%0a%0a[@%0a$ doas cp /etc/ssl/example.com.fullchain.pem /etc/ngircd/%0a$ doas cp /etc/ssl/private/example.com.key /etc/ngircd/%0a@]%0a%0aIn /etc/ngircd/ngircd.conf, change the following lines in the [SSL] block:%0a%0a[@%0a # SSL Server Key Certificate%0a CertFile = /etc/ngircd/example.com.fullchain.pem%0a...%0a # SSL Server Key%0a KeyFile = /etc/ngircd/example.com.key%0a...%0a # Additional Listen Ports that expect SSL/TLS encrypted connections%0a Ports = 6697, 9999, 16697%0a@]%0a%0a''Optional'': If you want to have a DHFile,%0a%0a[@%0a$ doas openssl dhparam -out /etc/ngircd/dhparams.pem 2048%0a$ doas chown _ngircd:_ngircd /etc/ngircd/dhparams.pem%0a@]%0a%0aThen, uncomment @@DHFile = /etc/ngircd/dhparams.pem@@ in /etc/ngircd/ngircd.conf.
18
2021-12-17
diff:1612975377:1612975216:=1,18c1,4%0a%3c (:title Providing TLS for Ngircd:)%0a%3c %0a%3c !! Prerequisites%0a%3c %0a%3c Before you can enable TLS for ngircd, you must first have a properly-signed [[acme-client/configure|SSL cert]].%0a%3c %0a%3c Check to see if you have the following two files:%0a%3c %0a%3c [@%0a%3c /etc/ssl/example.com.fullchain.pem%0a%3c /etc/ssl/private/example.com.key%0a%3c @]%0a%3c %0a%3c You will, of course, need to replace example.com with your actual hostname.%0a%3c %0a%3c !! Copying the cert and key%0a%3c %0a%3c We'll need to copy the cert and key into /etc/ngircd/%0a---%0a> !! SSL%0a> %0a> Use [[openbsd/acme-client|acme-client]] to get an SSL certificate signed by Let's Encrypt.%0a> %0a
24
2021-12-17
diff:1612973225:1612973133:=1,4c1,2%0a%3c !! SSL%0a%3c %0a%3c Use [[openbsd/acme-client|acme-client]] to get an SSL certificate signed by Let's Encrypt.%0a%3c %0a---%0a> In the server block, for Host, it is better to use a [[openbsd/dns|symbolic hostname]] (don't use an IP address).%0a> %0a6,7c4,9%0a%3c $ doas cp /etc/ssl/example.com.fullchain.pem /etc/ngircd/%0a%3c $ doas cp /etc/ssl/private/example.com.key /etc/ngircd/%0a---%0a> [Server]%0a> Name = irc.example.ircnow.org%0a> Host = irc.example.ircnow.org%0a> Port = 6667%0a> MyPassword = password12345%0a> PeerPassword = password12345%0a10,11c12,17%0a%3c In /etc/ngircd/ngircd.conf, change the following lines in the [SSL] block:%0a%3c %0a---%0a> Notice that Host = irc.example.ircnow.org and not an IP address like 1.2.3.4. This makes it less work to configure when the other server changes its IP address.%0a> %0a> !! SSL%0a> %0a> Use [[openbsd/acme-client|acme-client]] to get an SSL certificate signed by Let's Encrypt.%0a> %0a12a19,25%0a> $ doas cp /etc/ssl/example.com.fullchain.pem /etc/ngircd/%0a> $ doas cp /etc/ssl/private/example.com.key /etc/ngircd/%0a> @]%0a> %0a> In /etc/ngircd/ngircd.conf, change the following lines in the [SSL] block:%0a> %0a> [@%0a30c43,85%0a%3c Then, uncomment @@DHFile = /etc/ngircd/dhparams.pem@@ in /etc/ngircd/ngircd.conf.%0a\ No newline at end of file%0a---%0a> Then, uncomment @@DHFile = /etc/ngircd/dhparams.pem@@ in /etc/ngircd/ngircd.conf.%0a> %0a> !! Autostart%0a> %0a> To automatically restart ngIRCd if it was terminated unexpectedly, create a script in /usr/local/libexec/project/ngircd.sh:%0a> %0a> [@%0a> doas touch /usr/local/libexec/project/ngircd.sh%0a> doas chmod +x /usr/local/libexec/project/ngircd.sh%0a> @]%0a> %0a> Inside /usr/local/libexec/project/ngircd.sh:%0a> %0a> [@%0a> #!/bin/sh%0a> %0a> SERVICE_NAME="ngircd"%0a> SERVICE_USER="_ngircd"%0a> SERVICE_PID="/var/ngircd/var/run/ngircd/ngircd.pid"%0a> %0a> if ! pgrep -u $SERVICE_USER -x "$SERVICE_NAME" > /dev/null%0a> then%0a> if [ -f $SERVICE_PID ]; then%0a> rm -f $SERVICE_PID%0a> rcctl -d start $SERVICE_NAME%0a> fi%0a> fi%0a> @]%0a> %0a> Add this as a cronjob:%0a> %0a> [@%0a> $ doas crontab -e%0a> %0a> * * * * * /usr/local/libexec/project/checker_ngircd.sh > /dev/null 2>&1%0a> @]%0a> %0a> For the solution to work, you need to enable the use of pid files in /etc/ngircd/ngircd.conf:%0a> [@%0a> PidFile = /var/run/ngircd/ngircd.pid%0a> @]%0a> %0a> Make sure to configure [[openbsd/hopm|hopm]].%0a
27
2021-12-17
diff:1612973133:1612973133:=1,85d0%0a%3c In the server block, for Host, it is better to use a [[openbsd/dns|symbolic hostname]] (don't use an IP address).%0a%3c %0a%3c [@%0a%3c [Server]%0a%3c Name = irc.example.ircnow.org%0a%3c Host = irc.example.ircnow.org%0a%3c Port = 6667%0a%3c MyPassword = password12345%0a%3c PeerPassword = password12345%0a%3c @]%0a%3c %0a%3c Notice that Host = irc.example.ircnow.org and not an IP address like 1.2.3.4. This makes it less work to configure when the other server changes its IP address.%0a%3c %0a%3c !! SSL%0a%3c %0a%3c Use [[openbsd/acme-client|acme-client]] to get an SSL certificate signed by Let's Encrypt.%0a%3c %0a%3c [@%0a%3c $ doas cp /etc/ssl/example.com.fullchain.pem /etc/ngircd/%0a%3c $ doas cp /etc/ssl/private/example.com.key /etc/ngircd/%0a%3c @]%0a%3c %0a%3c In /etc/ngircd/ngircd.conf, change the following lines in the [SSL] block:%0a%3c %0a%3c [@%0a%3c # SSL Server Key Certificate%0a%3c CertFile = /etc/ngircd/example.com.fullchain.pem%0a%3c ...%0a%3c # SSL Server Key%0a%3c KeyFile = /etc/ngircd/example.com.key%0a%3c ...%0a%3c # Additional Listen Ports that expect SSL/TLS encrypted connections%0a%3c Ports = 6697, 9999, 16697%0a%3c @]%0a%3c %0a%3c ''Optional'': If you want to have a DHFile,%0a%3c %0a%3c [@%0a%3c $ doas openssl dhparam -out /etc/ngircd/dhparams.pem 2048%0a%3c $ doas chown _ngircd:_ngircd /etc/ngircd/dhparams.pem%0a%3c @]%0a%3c %0a%3c Then, uncomment @@DHFile = /etc/ngircd/dhparams.pem@@ in /etc/ngircd/ngircd.conf.%0a%3c %0a%3c !! Autostart%0a%3c %0a%3c To automatically restart ngIRCd if it was terminated unexpectedly, create a script in /usr/local/libexec/project/ngircd.sh:%0a%3c %0a%3c [@%0a%3c doas touch /usr/local/libexec/project/ngircd.sh%0a%3c doas chmod +x /usr/local/libexec/project/ngircd.sh%0a%3c @]%0a%3c %0a%3c Inside /usr/local/libexec/project/ngircd.sh:%0a%3c %0a%3c [@%0a%3c #!/bin/sh%0a%3c %0a%3c SERVICE_NAME="ngircd"%0a%3c SERVICE_USER="_ngircd"%0a%3c SERVICE_PID="/var/ngircd/var/run/ngircd/ngircd.pid"%0a%3c %0a%3c if ! pgrep -u $SERVICE_USER -x "$SERVICE_NAME" > /dev/null%0a%3c then%0a%3c if [ -f $SERVICE_PID ]; then%0a%3c rm -f $SERVICE_PID%0a%3c rcctl -d start $SERVICE_NAME%0a%3c fi%0a%3c fi%0a%3c @]%0a%3c %0a%3c Add this as a cronjob:%0a%3c %0a%3c [@%0a%3c $ doas crontab -e%0a%3c %0a%3c * * * * * /usr/local/libexec/project/checker_ngircd.sh > /dev/null 2>&1%0a%3c @]%0a%3c %0a%3c For the solution to work, you need to enable the use of pid files in /etc/ngircd/ngircd.conf:%0a%3c [@%0a%3c PidFile = /var/run/ngircd/ngircd.pid%0a%3c @]%0a%3c %0a%3c Make sure to configure [[openbsd/hopm|hopm]].%0a