version=pmwiki-2.2.130 ordered=1 urlencoded=1 agent=w3m/0.5.3+git20210102 author=jrmu charset=UTF-8 csum= ctime=1627439470 host=38.87.162.8 name=Znc.Install rev=51 targets=Znc.Patch,Ftp.Usage,Tar.Usage,Tcpip.Ports,Tls.Overview,IPv4.Overview,IPv6.Overview,Acme-client.Configure,Dns.Vhost,Dns.Overview,DNS.RDNS,Dns.Records,Host.Usage,Kill.Usage,Ps.Usage,Tcpip.Sockets,Bouncer.Bouncer,Crontab.Edit text=(:title Install ZNC from Source:)%0a%0a!! Overview%0a%0a[[https://wiki.znc.in|ZNC]] is an IRC bouncer. It runs on a server and stays connected after you turn off your computer or phone. It saves chat messages and replays them when you reconnect, and also helps to hide your IP address. If you are running it on IRCNow, your server may also offer DDoS protection to keep you online.%0a%0a!! Compiling from Source%0a%0a!!! Patched Source%0a%0aDue to a bug in OpenBSD 6.9, we have applied a [[znc/patch|custom patch to ZNC]]:%0a%0a[@%0a$ cd ~%0a$ ftp https://ircnow.org/software/znc-1.8.2b.tar.gz%0a@]%0a%0aOn OpenBSD, [[ftp/usage|ftp]] can also be used to download files from the web.%0a%0aFor [[tar/usage|tar]], the options xvzf stand for e(x)tract, (v)erbose, un(z)ip, and (f)ile.%0a%0a[@%0a$ tar xvzf znc-1.8.2b.tar.gz%0a@]%0a%0a!!! Building ZNC%0a%0aNext, we build ZNC:%0a%0a[@%0a$ cd znc-1.8.2%0a$ mkdir build%0a$ cd build%0a@]%0a%0aWe then use cmake to configure the files to install to ~/.local, then make and make install:%0a%0a[@%0a$ cmake .. -DCMAKE_INSTALL_PREFIX="$HOME/.local"%0a$ make%0a$ make install%0a@]%0a%0aYou should see this message:%0a%0a[@%0a ZNC was successfully installed.%0a You can use '/home/username/.local/bin/znc --makeconf'%0a to generate a config file.%0a%0a If you need help with using ZNC, please visit our wiki at:%0a http://znc.in%0a@]%0a%0a!! Creating znc.conf%0a%0aFollow the instructions to generate the config file:%0a%0a[@%0a$ ~/.local/bin/znc --makeconf%0a[ .. ] Checking for list of available modules...%0a[ ** ] %0a[ ** ] -- Global settings --%0a[ ** ] %0a[ ?? ] Listen on port (1025 to 65534): %0a@]%0a%0aIf you are on a shell account, you must use the [[tcpip/ports|ports]] that were reserved for your username.%0a%0a'''WARNING:''' Shell accounts users must '''not''' randomly choose ports. Shell accounts servers often have firewalls in place that will block ports not reserved to you. If you are unable to connect to ZNC, double check to see if the firewall is blocking the connection.%0a%0a[@%0a[ ?? ] Listen using SSL (yes/no) [no]: yes%0a[ ?? ] Listen using both IPv4 and IPv6 (yes/no) [yes]: no%0a@]%0a%0a[[tls/overview|SSL]] helps to encrypt messages sent between client and server. In other words, if you turn it on, messages sent from your IRC program to ZNC are kept secure. It's more trouble to set up, and some older IRC programs don't support it, so some users prefer to turn off SSL.%0a%0a'''WARNING''': Do '''not''' listen to both IPv4 and IPv6. There appears to be a bug in ZNC v1.8.2 on OpenBSD 6.9 where selecting 'yes' will cause IPv4 to stop working. Instead, as shown later in the guide, you can create separate listeners to allow listening for both IPv4 and IPv6.%0a%0a[[IPv4/overview|IPv4]] is the default networking protocol. [[IPv6/overview|IPv6]] is becoming more popular now, especially for mobile devices.%0a%0a[@%0a[ .. ] Verifying the listener...%0a[ ** ] Unable to locate pem file: [/home/username/.znc/znc.pem], creating it%0a[ .. ] Writing Pem file [/home/username/.znc/znc.pem]...%0a[ ** ] Enabled global modules [webadmin]%0a@]%0a%0aZNC will automatically create its own SSL certificate. This certificate, however, will be self-signed and hence will show up as invalid or untrusted by your IRC client. If you'd like a properly signed SSL certificate, ask your sysadmin or request one yourself using [[acme-client/configure|acme-client]].%0a%0a[@%0a[ ** ] %0a[ ** ] -- Admin user settings --%0a[ ** ] %0a[ ?? ] Username (alphanumeric): username%0a[ ?? ] Enter password: %0a[ ?? ] Confirm password: %0a[ ?? ] Nick [username]: %0a[ ?? ] Alternate nick [username_]: %0a[ ?? ] Ident [username]: %0a[ ?? ] Real name (optional): username%0a@]%0a%0a!!! Bindhosts%0a%0aNext, you'll be asked to specify an optional bindhost. The bindhost will give you a nice-looking vhost, like @@username@username.example.com@@.%0a%0a'''WARNING''': You cannot pick any arbitrary [[dns/vhost|bindhost]] that you want. If your bindhost does not work, your vhost will not show up properly, and you may not be able to connect at all!%0a%0aA vhost must have proper [[dns/overview|forward]] and [[DNS/rDNS|reverse DNS]] [[dns/records|records]] to work. If you're using an IRCNow shell account, you should have been provided with one at registration. You can also ask your sysadmin to change it for you, or leave it blank.%0a%0aTo test if your bindhost works properly, check the [[host/usage|host]] guide. You will want to run host on your bindhost:%0a%0a[@%0a$ host username.example.com%0ausername.example.com has address 192.168.1.1%0ausername.example.com has IPv6 address 2001:bd8::%0a@]%0a%0aYour bindhost should show both an IPv4 and IPv6 address. If it's missing an IPv4 address, it can '''only''' connect by IPv6 to an IRC network. If it's missing an IPv6 address, then it can '''only''' connect by IPv4 to an IRC network. If it's missing both, it '''cannot''' connect to '''any''' network.%0a%0aFor this reason, you don't want to put an IPv6 address directly into the bindhost. This prevents ZNC from being able to connect to an IPv4 only network. Instead, you want to use a hostname that has both [[dns/records|A and AAAA records]] defined in [[dns/overview|DNS]].%0a%0a[@%0a[ ?? ] Bind host (optional): username.example.com%0a@]%0a%0a!!! User Modules%0a%0aYou'll want to enable all the user modules:%0a%0a[@%0a[ ** ] Enabled user modules [chansaver, controlpanel]%0a[ ** ] %0a@]%0a%0a!!! Set Up a Network%0a%0aYou can optionally set up a network at this stage:%0a%0a[@%0a[ ?? ] Set up a network? (yes/no) [yes]: yes %0a[ ** ] %0a[ ** ] -- Network settings --%0a[ ** ] %0a[ ?? ] Name [freenode]: ircnow%0a[ ?? ] Server host (host only): irc6.ircnow.org%0a[ ?? ] Server uses SSL? (yes/no) [no]: yes%0a[ ?? ] Server port (1 to 65535) [6697]: %0a[ ?? ] Server password (probably empty): %0a[ ?? ] Initial channels: #ircnow%0a[ ** ] Enabled network modules [simple_away]%0a[ ** ] %0a[ .. ] Writing config [/home/username/.znc/configs/znc.conf]...%0a@]%0a%0aThis will cause ZNC to automatically connect to your favorite network (IRCNow).%0a%0aNext, it's better '''not''' to launch ZNC. There are still some settings you will want to add and configure:%0a%0a[@%0a[ ** ] To connect to this ZNC you need to connect to it as your IRC server%0a[ ** ] using the port that you supplied. You have to supply your login info%0a[ ** ] as the IRC server password like this: user/network:pass.%0a[ ** ] %0a[ ** ] Try something like this in your IRC client...%0a[ ** ] /server %3cznc_server_ip> +12345 username:%3cpass>%0a[ ** ] %0a[ ** ] To manage settings, users and networks, point your web browser to%0a[ ** ] https://%3cznc_server_ip>:12345/%0a[ ** ] %0a[ ?? ] Launch ZNC now? (yes/no) [yes]: no%0a@]%0a%0a!!! Stop ZNC%0a%0aIf you accidentally launch ZNC, you will see:%0a%0a[@%0a[ .. ] Opening config [/home/username/.znc/configs/znc.conf]...%0a[ .. ] Loading global module [webadmin]...%0a[ .. ] Binding to port [+12345]...%0a[ ** ] Loading user [username]%0a[ ** ] Loading network [ircnow]%0a[ .. ] Loading network module [simple_away]...%0a[ >> ] [/home/username/.local/lib/znc/simple_away.so]%0a[ .. ] Adding 1 servers...%0a[ .. ] Loading user module [chansaver]...%0a[ .. ] Loading user module [controlpanel]...%0a[ .. ] Forking into the background...%0a[ >> ] [pid: 86542]%0a[ ** ] ZNC 1.8.2 - https://znc.in%0a@]%0a%0aTo stop ZNC once it is launched, you can [[kill/usage|kill]] it:%0a%0a[@%0a$ kill -TERM %3cpid>%0a@]%0a%0aYou will want to replace %3cpid> with the [[ps/usage|process ID]] you see above (86542):%0a%0a[@%0a$ kill -TERM 86542%0a@]%0a%0aThis will send a (TERM)ination signal to ZNC so that it dies.%0a%0a'''NOTE''': You will need to replace 8542 with your process ID.%0a%0aIf you don't know the process ID, you can type:%0a%0a[@%0a$ ps -U %3cusername> | grep znc%0a@]%0a%0aReplace %3cusername> with your username.%0a%0a!! Recreate znc.conf%0a%0aIf at any time you mess up the configuration, you can delete your znc.conf%0aand rerun the makeconf command again:%0a%0a[@%0a$ rm ~/.znc/configs/znc.conf%0a$ ~/.local/bin/znc --makeconf%0a@]%0a%0a!! Configuration%0a%0aHere are some recommended changes to make to the default znc.conf so that it works nicely. Replace the top portion of znc.conf with these settings:%0a%0a[@%0aAnonIPLimit = 10000%0aAuthOnlyViaModule = false%0aConfigWriteDelay = 60%0aConnectDelay = 1%0aHideVersion = false%0aMaxBufferSize = 10000%0aProtectWebSessions = true%0aServerThrottle = 1%0aVersion = 1.8.2%0a@]%0a%0a'''WARNING''': Do not duplicate listeners or settings, or else ZNC will fail.%0a%0aFor a full explanation of these settings, please consult the [[https://wiki.znc.in/Configuration|ZNC wiki]].%0a%0aNext, we load the following modules:%0a%0a[@%0aLoadModule = chansaver%0aLoadModule = adminlog%0aLoadModule = certauth%0aPidFile = /home/znc/.znc/znc.pid%0a@]%0a%0aIf you want to store logs on the shell account, you can add this line:%0a%0a[@%0aLoadModule = log%0a@]%0a%0a'''NOTE''': sysadmins can read logs stored on the server. Also, in the event of a security breach, an attacker can also read these logs.%0a%0a!!! SSL certs (Optional)%0a%0aIf you want properly validating SSL certs, you can add these lines to set the paths for the SSL files:%0a%0a[@%0aSSLCertFile = /home/znc/.znc/username.example.com.crt%0aSSLKeyFile = /home/znc/.znc/username.example.com.key%0aSSLDHParamFile = /home/znc/.znc/dhparam.pem%0a@]%0a%0a'''NOTE''': For the SSL certs, you will need to ask the admin. You will need to replace username.example.com with the unique hostname that your admin provides.%0a%0a'''WARNING: If you did not yet generate your own SSL certs, don't add these lines!%0a%0a!!! Listeners%0a%0aNext, you'll want to create listeners. Each listener specifies a unique combination of IP address and port ([[tcpip/sockets|a TCP socket]]):%0a%0a[@%0a%3cListener listener0>%0a AllowIRC = true%0a AllowWeb = false%0a Host = 192.168.1.1%0a IPv4 = true%0a IPv6 = false%0a Port = 1337%0a SSL = false%0a URIPrefix = /%0a%3c/Listener>%0a%0a%3cListener listener1>%0a AllowIRC = true%0a AllowWeb = false%0a Host = 192.168.1.1%0a IPv4 = true%0a IPv6 = false%0a Port = 31337%0a SSL = true%0a URIPrefix = /%0a%3c/Listener>%0a%0a%3cListener listener2>%0a AllowIRC = true%0a AllowWeb = false%0a Host = 2001:db8::%0a IPv4 = false%0a IPv6 = true%0a Port = 1337%0a SSL = false%0a URIPrefix = /%0a%3c/Listener>%0a%0a%3cListener listener3>%0a AllowIRC = true%0a AllowWeb = false%0a Host = 2001:db8::%0a IPv4 = false%0a IPv6 = true%0a Port = 31337%0a SSL = true%0a URIPrefix = /%0a%3c/Listener>%0a@]%0a%0a@@Host = 192.168.1.1@@ and @@Port = 1337@@ tells ZNC to [[tcpip/sockets|listen]] on that IP address. You '''must''' replace 192.168.1.1 and 2001:db8:: with your real IP addresses and you '''must''' replace 1337 and 31337 with the ports you were given during account registration.%0a%0a'''WARNING''': If you don't use the correct IP address and port, ZNC may refuse to launch, or you may be unable to connect.%0a%0aYou can find your IP addresses by running host on your unique hostname:%0a%0a[@%0a$ host username.example.com%0ausername.example.com has address 198.51.100.1%0ausername.example.com has IPv6 address fe80:c001:d00d::%0a@]%0a%0a'''WARNING''': You must replace 192.168.1.1 and 2001:db8:: with your real IP address, or znc will fail to launch.%0a%0a!! Run ZNC%0a%0aTo start ZNC right away:%0a%0a[@%0a$ ~/.local/bin/znc >> ~/.znc/znc.log 2>&1 &%0a@]%0a%0aThis will store all znc log messages to ~/.znc/znc.log. If ZNC fails to start or crashes, you can consult this file for the full error log.%0a%0a!! Connecting to ZNC%0a%0aFrom here, you will want to consult the [[bouncer/bouncer|ZNC client guides]]%0ato see how to connect to ZNC.%0a%0a!! Creating a cronjob%0a%0aYou will want to create a [[crontab/edit|cronjob]] which will restart znc every 5 minutes in case it ever crashes.%0a%0aThen, type:%0a%0a[@%0a$ crontab -e%0a*/5 * * * * ~/.local/bin/znc >> ~/.znc/znc.log 2>&1 &%0a@]%0a%0a'''NOTE:''' znc checks its own pid to see if it is running and quits if it is. Keep in mind this in mind when using cron to restart processes like this.%0a%0a!! Troubleshooting%0a%0aIf you run into errors, check the error log in ~/.znc/znc.log, or turn on debugging:%0a%0a[@%0a~/.local/bin/znc -D%0a@]%0a%0a!! Changing Password%0a%0aIf you forget the password set during --makeconf, you can generate a new one:%0a%0a[@%0a$ znc --makepass %0a[ ** ] Type your new password.%0a[ ?? ] Enter password: %0a[ ?? ] Confirm password: %0a[ ** ] Kill ZNC process, if it's running.%0a[ ** ] Then replace password in the %3cUser> section of your config with this:%0a%3cPass password>%0a Method = sha256%0a Hash = 49396054dc8263b573d11c9c01e43f89ee772f6dc89b3c630e6dffa9acea4a3e%0a Salt = ovexwSL50cC?jE2eCM?x%0a %3c/Pass>%0a[ ** ] After that start ZNC again, and you should be able to login with the new password.%0a@]%0a%0aThis gives the password block needed to use in your [[https://wiki.znc.in/Configuration|/home/znc/home/znc/.znc/configs/znc.conf]] file. %0a%0aFollow the instructions above: kill ZNC, edit your znc.conf to use the new password block, then restart znc. The new user section of your config will look something like this:%0a%0a[@%0a%3cUser username>%0a %3cPass password>%0a Method = sha256%0a Hash = 49396054dc8263b573d11c9c01e43f89ee772f6dc89b3c630e6dffa9acea4a3e%0a Salt = ovexwSL50cC?jE2eCM?x%0a %3c/Pass>%0a Admin = true%0a Nick = username%0a AltNick = username_%0a Ident = username%0a LoadModule = chansaver%0a LoadModule = controlpanel%0a%0a %3cNetwork example>%0a LoadModule = simple_away%0a Server = irc.example.com +6697 %0a %3cChan #channel>%0a %3c/Chan>%0a %3c/Network>%0a%3c/User>%0a@]%0a%0a!! Copying SSL certs (optional)%0a%0aIf you want to have properly validating SSL certs, your sysadmin can provide them for you in your ~/ssl/ folder. We will need to create a symbolic link for them to your znc folder:%0a%0a[@%0a$ ln -s ~/ssl/username.example.com.crt ~/.znc/username.example.com.crt%0a$ ln -s ~/ssl/username.example.com.key ~/.znc/username.example.com.key%0a@]%0a%0aYou must replace username.example.com with your actual hostname.%0a%0aAfterwards, we can create a dhparam file:%0a%0a[@%0a$ openssl dhparam -out ~/.znc/dhparam.pem 2048%0a@]%0a time=1673135883 title=Install ZNC from Source author:1673135883=jrmu diff:1673135883:1656696439:=269c269%0a%3c If you want properly validating SSL certs, you can add these lines to set the paths for the SSL files:%0a---%0a> If you want properly validating SSL certs, you can add these lines to set the paths for the SSL files and process ID (pid) files:%0a host:1673135883=38.87.162.8 author:1656696439=jrmu diff:1656696439:1654758817:=23a24,51%0a> @]%0a> %0a> !!! Upstream Source%0a> %0a> You can choose to use the upstream source code, but you must apply patches to get it to build properly.%0a> %0a> '''WARNING''': You must patch znc-1.8.2 to avoid a threading bug that causes segfaults and to fix a bug in the schat module.%0a> %0a> First, download the latest stable release:%0a> %0a> [@%0a> $ cd ~%0a> $ ftp https://znc.in/releases/znc-1.8.2.tar.gz%0a> @]%0a> %0a> It's best to verify the [[gpg/verify|gpg signature]]:%0a> %0a> [@%0a> $ doas pkg_add gnupg%0a> $ ftp https://znc.in/releases/znc-1.8.2.tar.gz.sig%0a> $ gpg2 --recv-key D5823CACB477191CAC0075555AE420CC0209989E%0a> $ gpg2 --verify znc-1.8.2.tar.gz.sig znc-1.8.2.tar.gz%0a> @]%0a> %0a> Next, [[tar/usage|extract and unzip]] the files:%0a> %0a> [@%0a> $ tar xvzf znc-1.8.2.tar.gz %0a host:1656696439=38.87.162.8 author:1654758817=jrmu diff:1654758817:1654758678:=258,261c258,260%0a%3c !! Configuration%0a%3c %0a%3c Here are some recommended changes to make to the default znc.conf so that it works nicely. Replace the top portion of znc.conf with these settings:%0a%3c %0a---%0a> !! Changing Password%0a> If you forget the password you set during the --makeconf, you can generate a new one like this:%0a> %0a263,271c262,273%0a%3c AnonIPLimit = 10000%0a%3c AuthOnlyViaModule = false%0a%3c ConfigWriteDelay = 60%0a%3c ConnectDelay = 1%0a%3c HideVersion = false%0a%3c MaxBufferSize = 10000%0a%3c ProtectWebSessions = true%0a%3c ServerThrottle = 1%0a%3c Version = 1.8.2%0a---%0a> $ znc --makepass %0a> [ ** ] Type your new password.%0a> [ ?? ] Enter password: %0a> [ ?? ] Confirm password: %0a> [ ** ] Kill ZNC process, if it's running.%0a> [ ** ] Then replace password in the %3cUser> section of your config with this:%0a> %3cPass password>%0a> Method = sha256%0a> Hash = 49396054dc8263b573d11c9c01e43f89ee772f6dc89b3c630e6dffa9acea4a3e%0a> Salt = ovexwSL50cC?jE2eCM?x%0a> %3c/Pass>%0a> [ ** ] After that start ZNC again, and you should be able to login with the new password.%0a274,279c276,279%0a%3c '''WARNING''': Do not duplicate listeners or settings, or else ZNC will fail.%0a%3c %0a%3c For a full explanation of these settings, please consult the [[https://wiki.znc.in/Configuration|ZNC wiki]].%0a%3c %0a%3c Next, we load the following modules:%0a%3c %0a---%0a> The example output above shows the hash generated for a password of "password". This gives you the password block you need to use in your [[https://wiki.znc.in/Configuration|/home/znc/home/znc/.znc/configs/znc.conf]] file. %0a> %0a> Follow the instructions above: kill ZNC, then edit your znc.conf to use the new password block. The new user section of your config will look something like this:%0a> %0a281,284c281,300%0a%3c LoadModule = chansaver%0a%3c LoadModule = adminlog%0a%3c LoadModule = certauth%0a%3c PidFile = /home/znc/.znc/znc.pid%0a---%0a> %3cUser username>%0a> %3cPass password>%0a> Method = sha256%0a> Hash = 49396054dc8263b573d11c9c01e43f89ee772f6dc89b3c630e6dffa9acea4a3e%0a> Salt = ovexwSL50cC?jE2eCM?x%0a> %3c/Pass>%0a> Admin = true%0a> Nick = username%0a> AltNick = username_%0a> Ident = username%0a> LoadModule = chansaver%0a> LoadModule = controlpanel%0a> %0a> %3cNetwork example>%0a> LoadModule = simple_away%0a> Server = irc.example.com +6697 %0a> %3cChan #channel>%0a> %3c/Chan>%0a> %3c/Network>%0a> %3c/User>%0a287,288c303,306%0a%3c If you want to store logs on the shell account, you can add this line:%0a%3c %0a---%0a> !! Copying SSL certs (optional)%0a> %0a> If you want to have properly validating SSL certs, your sysadmin can provide them for you in your ~/ssl/ folder. We will need to create a symbolic link for them to your znc folder:%0a> %0a290c308,309%0a%3c LoadModule = log%0a---%0a> $ ln -s ~/ssl/username.example.com.crt ~/.znc/username.example.com.crt%0a> $ ln -s ~/ssl/username.example.com.key ~/.znc/username.example.com.key%0a293,298c312,315%0a%3c '''NOTE''': sysadmins can read logs stored on the server. Also, in the event of a security breach, an attacker can also read these logs.%0a%3c %0a%3c !!! SSL certs (Optional)%0a%3c %0a%3c If you want properly validating SSL certs, you can add these lines to set the paths for the SSL files and process ID (pid) files:%0a%3c %0a---%0a> You must replace username.example.com with your actual hostname.%0a> %0a> Afterwards, we can create a dhparam file:%0a> %0a300,302c317%0a%3c SSLCertFile = /home/znc/.znc/username.example.com.crt%0a%3c SSLKeyFile = /home/znc/.znc/username.example.com.key%0a%3c SSLDHParamFile = /home/znc/.znc/dhparam.pem%0a---%0a> $ openssl dhparam -out ~/.znc/dhparam.pem 2048%0a305,312c320,323%0a%3c '''NOTE''': For the SSL certs, you will need to ask the admin. You will need to replace username.example.com with the unique hostname that your admin provides.%0a%3c %0a%3c '''WARNING: If you did not yet generate your own SSL certs, don't add these lines!%0a%3c %0a%3c !!! Listeners%0a%3c %0a%3c Next, you'll want to create listeners. Each listener specifies a unique combination of IP address and port ([[tcpip/sockets|a TCP socket]]):%0a%3c %0a---%0a> !! Configuration%0a> %0a> Here are some recommended changes to make to the default znc.conf so that it works nicely. Replace the top portion of znc.conf with these settings:%0a> %0a313a325,375%0a> AnonIPLimit = 10000%0a> AuthOnlyViaModule = false%0a> ConfigWriteDelay = 60%0a> ConnectDelay = 1%0a> HideVersion = false%0a> MaxBufferSize = 10000%0a> ProtectWebSessions = true%0a> ServerThrottle = 1%0a> Version = 1.8.2%0a> @]%0a> %0a> '''WARNING''': Do not duplicate listeners or settings, or else ZNC will fail.%0a> %0a> For a full explanation of these settings, please consult the [[https://wiki.znc.in/Configuration|ZNC wiki]].%0a> %0a> Next, we load the following modules:%0a> %0a> [@%0a> LoadModule = chansaver%0a> LoadModule = adminlog%0a> LoadModule = certauth%0a> PidFile = /home/znc/.znc/znc.pid%0a> @]%0a> %0a> If you want to store logs on the shell account, you can add this line:%0a> %0a> [@%0a> LoadModule = log%0a> @]%0a> %0a> '''NOTE''': sysadmins can read logs stored on the server. Also, in the event of a security breach, an attacker can also read these logs.%0a> %0a> !!! SSL certs (Optional)%0a> %0a> If you want properly validating SSL certs, you can add these lines to set the paths for the SSL files and process ID (pid) files:%0a> %0a> [@%0a> SSLCertFile = /home/znc/.znc/username.example.com.crt%0a> SSLKeyFile = /home/znc/.znc/username.example.com.key%0a> SSLDHParamFile = /home/znc/.znc/dhparam.pem%0a> @]%0a> %0a> '''NOTE''': For the SSL certs, you will need to ask the admin. You will need to replace username.example.com with the unique hostname that your admin provides.%0a> %0a> '''WARNING: If you did not yet generate your own SSL certs, don't add these lines!%0a> %0a> !!! Listeners%0a> %0a> Next, you'll want to create listeners. Each listener specifies a unique combination of IP address and port ([[tcpip/sockets|a TCP socket]]):%0a> %0a> [@%0a407,469d468%0a%3c @]%0a%3c %0a%3c !! Changing Password%0a%3c %0a%3c If you forget the password set during --makeconf, you can generate a new one:%0a%3c %0a%3c [@%0a%3c $ znc --makepass %0a%3c [ ** ] Type your new password.%0a%3c [ ?? ] Enter password: %0a%3c [ ?? ] Confirm password: %0a%3c [ ** ] Kill ZNC process, if it's running.%0a%3c [ ** ] Then replace password in the %3cUser> section of your config with this:%0a%3c %3cPass password>%0a%3c Method = sha256%0a%3c Hash = 49396054dc8263b573d11c9c01e43f89ee772f6dc89b3c630e6dffa9acea4a3e%0a%3c Salt = ovexwSL50cC?jE2eCM?x%0a%3c %3c/Pass>%0a%3c [ ** ] After that start ZNC again, and you should be able to login with the new password.%0a%3c @]%0a%3c %0a%3c This gives the password block needed to use in your [[https://wiki.znc.in/Configuration|/home/znc/home/znc/.znc/configs/znc.conf]] file. %0a%3c %0a%3c Follow the instructions above: kill ZNC, edit your znc.conf to use the new password block, then restart znc. The new user section of your config will look something like this:%0a%3c %0a%3c [@%0a%3c %3cUser username>%0a%3c %3cPass password>%0a%3c Method = sha256%0a%3c Hash = 49396054dc8263b573d11c9c01e43f89ee772f6dc89b3c630e6dffa9acea4a3e%0a%3c Salt = ovexwSL50cC?jE2eCM?x%0a%3c %3c/Pass>%0a%3c Admin = true%0a%3c Nick = username%0a%3c AltNick = username_%0a%3c Ident = username%0a%3c LoadModule = chansaver%0a%3c LoadModule = controlpanel%0a%3c %0a%3c %3cNetwork example>%0a%3c LoadModule = simple_away%0a%3c Server = irc.example.com +6697 %0a%3c %3cChan #channel>%0a%3c %3c/Chan>%0a%3c %3c/Network>%0a%3c %3c/User>%0a%3c @]%0a%3c %0a%3c !! Copying SSL certs (optional)%0a%3c %0a%3c If you want to have properly validating SSL certs, your sysadmin can provide them for you in your ~/ssl/ folder. We will need to create a symbolic link for them to your znc folder:%0a%3c %0a%3c [@%0a%3c $ ln -s ~/ssl/username.example.com.crt ~/.znc/username.example.com.crt%0a%3c $ ln -s ~/ssl/username.example.com.key ~/.znc/username.example.com.key%0a%3c @]%0a%3c %0a%3c You must replace username.example.com with your actual hostname.%0a%3c %0a%3c Afterwards, we can create a dhparam file:%0a%3c %0a%3c [@%0a%3c $ openssl dhparam -out ~/.znc/dhparam.pem 2048%0a host:1654758817=38.87.162.154 author:1654758678=jrmu diff:1654758678:1654758652:=188c188%0a%3c Next, it's better '''not''' to launch ZNC. There are still some settings you will want to add and configure:%0a---%0a> Next, it's better *not* to launch ZNC. There are still some settings you will want to add and configure:%0a host:1654758678=38.87.162.154 author:1654758652=jrmu diff:1654758652:1654758533:=39,40c39,40%0a%3c It's best to verify the [[gpg/verify|gpg signature]]:%0a%3c %0a---%0a> We recommend you verify the [[gpg/verify|gpg signature]]:%0a> %0a188c188%0a%3c Next, it's better *not* to launch ZNC. There are still some settings you will want to add and configure:%0a---%0a> Next, I recommend *not* launching ZNC. There are still some settings you will want to add and configure:%0a host:1654758652=38.87.162.154 author:1654758533=jrmu diff:1654758533:1654475506:minor=107c107%0a%3c '''WARNING''': Do '''not''' listen to both IPv4 and IPv6. There appears to be a bug in ZNC v1.8.2 on OpenBSD 6.9 where selecting 'yes' will cause IPv4 to stop working. Instead, as shown later in the guide, you can create separate listeners to allow listening for both IPv4 and IPv6.%0a---%0a> '''WARNING''': Do '''not''' listen to both IPv4 and IPv6. There appears to be a bug in ZNC v1.8.2 on OpenBSD 6.9 where selecting 'yes' will cause IPv4 to stop working. Instead, as shown later in the guide, you can create separate listeners to allow listening to both IPv4 and IPv6.%0a host:1654758533=38.87.162.154 author:1654475506=jrmu diff:1654475506:1654475346:=369,370c369,370%0a%3c '''WARNING: If you did not yet generate your own SSL certs, don't add these lines!%0a%3c %0a---%0a> '''WARNING: You must '''not''' use username.example.com or else your SSL certificates will not load properly and your ZNC will not be able to offer SSL encryption. If you do not have your own SSL certs, then don't add these lines!%0a> %0a421,423c421%0a%3c @@Host = 192.168.1.1@@ and @@Port = 1337@@ tells ZNC to [[tcpip/sockets|listen]] on that IP address. You '''must''' replace 192.168.1.1 and 2001:db8:: with your real IP addresses and you '''must''' replace 1337 and 31337 with the ports you were given during account registration.%0a%3c %0a%3c '''WARNING''': If you don't use the correct IP address and port, ZNC may refuse to launch, or you may be unable to connect.%0a---%0a> @@Host = 192.168.1.1@@ and @@Port = 1337@@ tells ZNC to [[tcpip/sockets|listen]] on that IP address. You '''must''' replace 192.168.1.1 and 2001:db8:: with your real IP addresses and you '''must''' replace 1337 and 31337 with the ports you were given during account registration. If you don't use the correct IP address and port, ZNC may refuse to launch, or you may be unable to connect.%0a host:1654475506=38.87.162.154 author:1654475346=jrmu diff:1654475346:1654475217:=276,278c276,277%0a%3c The example output above shows the hash generated for a password of "password". This gives you the password block you need to use in your [[https://wiki.znc.in/Configuration|/home/znc/home/znc/.znc/configs/znc.conf]] file. %0a%3c %0a%3c Follow the instructions above: kill ZNC, then edit your znc.conf to use the new password block. The new user section of your config will look something like this:%0a---%0a> The example output above shows the hash generated for a password of "password". This gives you the password block you need to add to your [[https://wiki.znc.in/Configuration|/home/znc/home/znc/.znc/configs/znc.conf]] file. %0a> '''NOTE:''' You'll need to replace the original generated Pass = line. The new user section of your config will look something like this:%0a host:1654475346=38.87.162.154 author:1654475217=jrmu diff:1654475217:1654474890:=262c262%0a%3c $ znc --makepass %0a---%0a> # /usr/sbin/chroot -u znc -g znc /home/znc znc --makepass %0a host:1654475217=38.87.162.154 author:1654474890=jrmu diff:1654474890:1654474823:=137c137%0a%3c '''WARNING''': You cannot pick any arbitrary [[dns/vhost|bindhost]] that you want. If your bindhost does not work, your vhost will not show up properly, and you may not be able to connect at all!%0a---%0a> '''WARNING''': You cannot pick any arbitrary [[dns/vhost|bindhost]] that you want. If you bindhost does not work, your vhost will not show up properly, and you may not be able to connect at all!%0a host:1654474890=38.87.162.154 author:1654474823=jrmu diff:1654474823:1654474806:=11c11%0a%3c Due to a bug in OpenBSD 6.9, we have applied a [[znc/patch|custom patch to ZNC]]:%0a---%0a> Due to a bug in OpenBSD, we have applied a [[znc/patch|custom patch to ZNC]]:%0a host:1654474823=38.87.162.154 author:1654474806=jrmu diff:1654474806:1654474779:=11c11%0a%3c Due to a bug in OpenBSD, we have applied a [[znc/patch|custom patch to ZNC]]:%0a---%0a> Due to a bug in OpenBSD 6.9, we have applied a [[znc/patch|custom patch to ZNC]]:%0a host:1654474806=38.87.162.154 author:1654474779=jrmu diff:1654474779:1652935636:=11,12c11,12%0a%3c Due to a bug in OpenBSD 6.9, we have applied a [[znc/patch|custom patch to ZNC]]:%0a%3c %0a---%0a> Due to a bug in OpenBSD 6.9, we have applied a custom patch to ZNC to avoid segfaults on multicore servers:%0a> %0a14,15c14,23%0a%3c $ cd ~%0a%3c $ ftp https://ircnow.org/software/znc-1.8.2b.tar.gz%0a---%0a> diff -ru znc-1.8.2-old/src/main.cpp znc-1.8.2-new/src/main.cpp%0a> --- znc-1.8.2-old/src/main.cpp Mon Sep 7 18:57:50 2020%0a> +++ znc-1.8.2-new/src/main.cpp Thu Dec 24 17:04:37 2020%0a> @@ -292,6 +292,7 @@%0a> }%0a> %0a> int main(int argc, char** argv) {%0a> + pthread_attr_t a; pthread_attr_init(&a);%0a> CString sConfig;%0a> CString sDataDir = "";%0a18,21c26,27%0a%3c On OpenBSD, [[ftp/usage|ftp]] can also be used to download files from the web.%0a%3c %0a%3c For [[tar/usage|tar]], the options xvzf stand for e(x)tract, (v)erbose, un(z)ip, and (f)ile.%0a%3c %0a---%0a> The schat module also needs patching for [[libressl/intro|libreSSL]]:%0a> %0a23c29,42%0a%3c $ tar xvzf znc-1.8.2b.tar.gz%0a---%0a> --- modules/schat.cpp.orig%0a> +++ modules/schat.cpp%0a> @@ -25,8 +25,8 @@%0a> #include %3cznc/User.h>%0a> #include %3cznc/IRCNetwork.h>%0a> %0a> -#if !defined(OPENSSL_VERSION_NUMBER) || defined(LIBRESSL_VERSION_NUMBER) || \%0a> - OPENSSL_VERSION_NUMBER %3c 0x10100007%0a> +#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER %3c 0x10100007 || \%0a> + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER %3c 0x3040000fL)%0a> /* SSL_SESSION was made opaque in OpenSSL 1.1.0, cipher accessor was added 2%0a> weeks before the public release.%0a> See openssl/openssl@e92813234318635639dba0168c7ef5568757449b.%0a> */%0a26,33c45,98%0a%3c !!! Upstream Source%0a%3c %0a%3c You can choose to use the upstream source code, but you must apply patches to get it to build properly.%0a%3c %0a%3c '''WARNING''': You must patch znc-1.8.2 to avoid a threading bug that causes segfaults and to fix a bug in the schat module.%0a%3c %0a%3c First, download the latest stable release:%0a%3c %0a---%0a> @@crypt.cpp@@ also needs to be patched:%0a> %0a> [@%0a> DH_set0_pqg() has been available since LibreSSL version 2.7. This version%0a> won't compile with opaque DH in LibreSSL 3.5.%0a> %0a> Index: modules/crypt.cpp%0a> --- modules/crypt.cpp.orig%0a> +++ modules/crypt.cpp%0a> @@ -68,7 +68,7 @@ class CCryptMod : public CModule {%0a> CString m_sPrivKey;%0a> CString m_sPubKey;%0a> %0a> -#if OPENSSL_VERSION_NUMBER %3c 0X10100000L || defined(LIBRESSL_VERSION_NUMBER)%0a> +#if OPENSSL_VERSION_NUMBER %3c 0X10100000L%0a> static int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g) {%0a> /* If the fields p and g in dh are nullptr, the corresponding input%0a> * parameters MUST be non-nullptr. q may remain nullptr.%0a> @]%0a> %0a> [@%0a> diff -u znc-1.8.2/CMakeLists.txt.orig znc-1.8.2/CMakeLists.txt%0a> --- znc-1.8.2/CMakeLists.txt.orig Mon Sep 7 18:57:50 2020%0a> +++ znc-1.8.2/CMakeLists.txt Fri May 6 03:50:26 2022%0a> @@ -44,6 +44,7 @@%0a> include(TestCXX11)%0a> set(CMAKE_CXX_STANDARD 11)%0a> set(CMAKE_CXX_STANDARD_REQUIRED true)%0a> +set(CMAKE_CXX_FLAGS "-DHAVE_OPAQUE_SSL" CACHE STRING "compile flags" FORCE)%0a> if(NOT CYGWIN)%0a> # We don't want to use -std=gnu++11 instead of -std=c++11, but among other%0a> # things, -std=c++11 on cygwin defines __STRICT_ANSI__ which makes cygwin%0a> @]%0a> %0a> IRCNow provides a patched version of ZNC:%0a> %0a> [@%0a> $ cd ~%0a> $ ftp https://ircnow.org/software/znc-1.8.2b.tar.gz%0a> @]%0a> %0a> On OpenBSD, [[ftp/usage|ftp]] can also be used to download files from the web.%0a> %0a> For [[tar/usage|tar]], the options xvzf stand for e(x)tract, (v)erbose, un(z)ip, and (f)ile.%0a> %0a> [@%0a> $ tar xvzf znc-1.8.2b.tar.gz%0a> @]%0a> %0a> !!! Upstream Source%0a> %0a> You can choose to use the upstream source code, but you must apply patches to get it to build properly.%0a> %0a> '''WARNING''': If you are on OpenBSD 7.0, you must patch znc-1.8.2 to avoid a threading bug that causes segfaults and to fix a bug in the schat module.%0a host:1654474779=38.87.162.154 author:1652935636=jrmu diff:1652935636:1651874548:=135c135%0a%3c $ cmake .. -DCMAKE_INSTALL_PREFIX="$HOME/.local"%0a---%0a> $ cmake ..%0a host:1652935636=38.87.162.8 author:1651874548=jrmu diff:1651874548:1651823904:=135c135%0a%3c $ cmake ..%0a---%0a> $ cmake .. -DCMAKE_INSTALL_PREFIX="$HOME/.local"%0a host:1651874548=38.87.162.154 author:1651823904=jrmu diff:1651823904:1651823622:=43,76d42%0a%3c @]%0a%3c %0a%3c @@crypt.cpp@@ also needs to be patched:%0a%3c %0a%3c [@%0a%3c DH_set0_pqg() has been available since LibreSSL version 2.7. This version%0a%3c won't compile with opaque DH in LibreSSL 3.5.%0a%3c %0a%3c Index: modules/crypt.cpp%0a%3c --- modules/crypt.cpp.orig%0a%3c +++ modules/crypt.cpp%0a%3c @@ -68,7 +68,7 @@ class CCryptMod : public CModule {%0a%3c CString m_sPrivKey;%0a%3c CString m_sPubKey;%0a%3c %0a%3c -#if OPENSSL_VERSION_NUMBER %3c 0X10100000L || defined(LIBRESSL_VERSION_NUMBER)%0a%3c +#if OPENSSL_VERSION_NUMBER %3c 0X10100000L%0a%3c static int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g) {%0a%3c /* If the fields p and g in dh are nullptr, the corresponding input%0a%3c * parameters MUST be non-nullptr. q may remain nullptr.%0a%3c @]%0a%3c %0a%3c [@%0a%3c diff -u znc-1.8.2/CMakeLists.txt.orig znc-1.8.2/CMakeLists.txt%0a%3c --- znc-1.8.2/CMakeLists.txt.orig Mon Sep 7 18:57:50 2020%0a%3c +++ znc-1.8.2/CMakeLists.txt Fri May 6 03:50:26 2022%0a%3c @@ -44,6 +44,7 @@%0a%3c include(TestCXX11)%0a%3c set(CMAKE_CXX_STANDARD 11)%0a%3c set(CMAKE_CXX_STANDARD_REQUIRED true)%0a%3c +set(CMAKE_CXX_FLAGS "-DHAVE_OPAQUE_SSL" CACHE STRING "compile flags" FORCE)%0a%3c if(NOT CYGWIN)%0a%3c # We don't want to use -std=gnu++11 instead of -std=c++11, but among other%0a%3c # things, -std=c++11 on cygwin defines __STRICT_ANSI__ which makes cygwin%0a host:1651823904=38.87.162.154 author:1651823622=jrmu diff:1651823622:1647356519:=49c49%0a%3c $ ftp https://ircnow.org/software/znc-1.8.2b.tar.gz%0a---%0a> $ ftp https://ircnow.org/software/znc-1.8.2a.tar.gz%0a57c57%0a%3c $ tar xvzf znc-1.8.2b.tar.gz%0a---%0a> $ tar xvzf znc-1.8.2a.tar.gz%0a host:1651823622=38.87.162.8 author:1647356519=jrmu diff:1647356519:1645129632:=35c35,36%0a%3c -#if !defined(OPENSSL_VERSION_NUMBER) || defined(LIBRESSL_VERSION_NUMBER) || \%0a---%0a> -#if !defined(OPENSSL_VERSION_NUMBER) || defined(LIBRESSL_VERS%0a> ION_NUMBER) || \%0a37,39c38,43%0a%3c +#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER %3c 0x10100007 || \%0a%3c + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER %3c 0x3040000fL)%0a%3c /* SSL_SESSION was made opaque in OpenSSL 1.1.0, cipher accessor was added 2%0a---%0a> +#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBE%0a> R %3c 0x10100007 || \%0a> + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUM%0a> BER %3c 0x3040000fL)%0a> /* SSL_SESSION was made opaque in OpenSSL 1.1.0, cipher acces%0a> sor was added 2%0a host:1647356519=38.87.162.8 author:1645129632=izzyb csum:1645129632=added note to Creating a Cronjob; added Changing Password section diff:1645129632:1642876856:=296,298c296,299%0a%3c !! Changing Password%0a%3c If you forget the password you set during the --makeconf, you can generate a new one like this:%0a%3c %0a---%0a> !! Copying SSL certs (optional)%0a> %0a> If you want to have properly validating SSL certs, your sysadmin can provide them for you in your ~/ssl/ folder. We will need to create a symbolic link for them to your znc folder:%0a> %0a300,311c301,302%0a%3c # /usr/sbin/chroot -u znc -g znc /home/znc znc --makepass %0a%3c [ ** ] Type your new password.%0a%3c [ ?? ] Enter password: %0a%3c [ ?? ] Confirm password: %0a%3c [ ** ] Kill ZNC process, if it's running.%0a%3c [ ** ] Then replace password in the %3cUser> section of your config with this:%0a%3c %3cPass password>%0a%3c Method = sha256%0a%3c Hash = 49396054dc8263b573d11c9c01e43f89ee772f6dc89b3c630e6dffa9acea4a3e%0a%3c Salt = ovexwSL50cC?jE2eCM?x%0a%3c %3c/Pass>%0a%3c [ ** ] After that start ZNC again, and you should be able to login with the new password.%0a---%0a> $ ln -s ~/ssl/username.example.com.crt ~/.znc/username.example.com.crt%0a> $ ln -s ~/ssl/username.example.com.key ~/.znc/username.example.com.key%0a314,316c305,308%0a%3c The example output above shows the hash generated for a password of "password". This gives you the password block you need to add to your [[https://wiki.znc.in/Configuration|/home/znc/home/znc/.znc/configs/znc.conf]] file. %0a%3c '''NOTE:''' You'll need to replace the original generated Pass = line. The new user section of your config will look something like this:%0a%3c %0a---%0a> You must replace username.example.com with your actual hostname.%0a> %0a> Afterwards, we can create a dhparam file:%0a> %0a318,337c310%0a%3c %3cUser username>%0a%3c %3cPass password>%0a%3c Method = sha256%0a%3c Hash = 49396054dc8263b573d11c9c01e43f89ee772f6dc89b3c630e6dffa9acea4a3e%0a%3c Salt = ovexwSL50cC?jE2eCM?x%0a%3c %3c/Pass>%0a%3c Admin = true%0a%3c Nick = username%0a%3c AltNick = username_%0a%3c Ident = username%0a%3c LoadModule = chansaver%0a%3c LoadModule = controlpanel%0a%3c %0a%3c %3cNetwork example>%0a%3c LoadModule = simple_away%0a%3c Server = irc.example.com +6697 %0a%3c %3cChan #channel>%0a%3c %3c/Chan>%0a%3c %3c/Network>%0a%3c %3c/User>%0a---%0a> $ openssl dhparam -out ~/.znc/dhparam.pem 2048%0a340,343c313,316%0a%3c !! Copying SSL certs (optional)%0a%3c %0a%3c If you want to have properly validating SSL certs, your sysadmin can provide them for you in your ~/ssl/ folder. We will need to create a symbolic link for them to your znc folder:%0a%3c %0a---%0a> !! Configuration%0a> %0a> Here are some recommended changes to make to the default znc.conf so that it works nicely. Replace the top portion of znc.conf with these settings:%0a> %0a345,346c318,326%0a%3c $ ln -s ~/ssl/username.example.com.crt ~/.znc/username.example.com.crt%0a%3c $ ln -s ~/ssl/username.example.com.key ~/.znc/username.example.com.key%0a---%0a> AnonIPLimit = 10000%0a> AuthOnlyViaModule = false%0a> ConfigWriteDelay = 60%0a> ConnectDelay = 1%0a> HideVersion = false%0a> MaxBufferSize = 10000%0a> ProtectWebSessions = true%0a> ServerThrottle = 1%0a> Version = 1.8.2%0a349,352c329,334%0a%3c You must replace username.example.com with your actual hostname.%0a%3c %0a%3c Afterwards, we can create a dhparam file:%0a%3c %0a---%0a> '''WARNING''': Do not duplicate listeners or settings, or else ZNC will fail.%0a> %0a> For a full explanation of these settings, please consult the [[https://wiki.znc.in/Configuration|ZNC wiki]].%0a> %0a> Next, we load the following modules:%0a> %0a354c336,339%0a%3c $ openssl dhparam -out ~/.znc/dhparam.pem 2048%0a---%0a> LoadModule = chansaver%0a> LoadModule = adminlog%0a> LoadModule = certauth%0a> PidFile = /home/znc/.znc/znc.pid%0a357,360c342,343%0a%3c !! Configuration%0a%3c %0a%3c Here are some recommended changes to make to the default znc.conf so that it works nicely. Replace the top portion of znc.conf with these settings:%0a%3c %0a---%0a> If you want to store logs on the shell account, you can add this line:%0a> %0a362,370c345%0a%3c AnonIPLimit = 10000%0a%3c AuthOnlyViaModule = false%0a%3c ConfigWriteDelay = 60%0a%3c ConnectDelay = 1%0a%3c HideVersion = false%0a%3c MaxBufferSize = 10000%0a%3c ProtectWebSessions = true%0a%3c ServerThrottle = 1%0a%3c Version = 1.8.2%0a---%0a> LoadModule = log%0a373,378c348,353%0a%3c '''WARNING''': Do not duplicate listeners or settings, or else ZNC will fail.%0a%3c %0a%3c For a full explanation of these settings, please consult the [[https://wiki.znc.in/Configuration|ZNC wiki]].%0a%3c %0a%3c Next, we load the following modules:%0a%3c %0a---%0a> '''NOTE''': sysadmins can read logs stored on the server. Also, in the event of a security breach, an attacker can also read these logs.%0a> %0a> !!! SSL certs (Optional)%0a> %0a> If you want properly validating SSL certs, you can add these lines to set the paths for the SSL files and process ID (pid) files:%0a> %0a380,383c355,357%0a%3c LoadModule = chansaver%0a%3c LoadModule = adminlog%0a%3c LoadModule = certauth%0a%3c PidFile = /home/znc/.znc/znc.pid%0a---%0a> SSLCertFile = /home/znc/.znc/username.example.com.crt%0a> SSLKeyFile = /home/znc/.znc/username.example.com.key%0a> SSLDHParamFile = /home/znc/.znc/dhparam.pem%0a386,387c360,367%0a%3c If you want to store logs on the shell account, you can add this line:%0a%3c %0a---%0a> '''NOTE''': For the SSL certs, you will need to ask the admin. You will need to replace username.example.com with the unique hostname that your admin provides.%0a> %0a> '''WARNING: You must '''not''' use username.example.com or else your SSL certificates will not load properly and your ZNC will not be able to offer SSL encryption. If you do not have your own SSL certs, then don't add these lines!%0a> %0a> !!! Listeners%0a> %0a> Next, you'll want to create listeners. Each listener specifies a unique combination of IP address and port ([[tcpip/sockets|a TCP socket]]):%0a> %0a389,412d368%0a%3c LoadModule = log%0a%3c @]%0a%3c %0a%3c '''NOTE''': sysadmins can read logs stored on the server. Also, in the event of a security breach, an attacker can also read these logs.%0a%3c %0a%3c !!! SSL certs (Optional)%0a%3c %0a%3c If you want properly validating SSL certs, you can add these lines to set the paths for the SSL files and process ID (pid) files:%0a%3c %0a%3c [@%0a%3c SSLCertFile = /home/znc/.znc/username.example.com.crt%0a%3c SSLKeyFile = /home/znc/.znc/username.example.com.key%0a%3c SSLDHParamFile = /home/znc/.znc/dhparam.pem%0a%3c @]%0a%3c %0a%3c '''NOTE''': For the SSL certs, you will need to ask the admin. You will need to replace username.example.com with the unique hostname that your admin provides.%0a%3c %0a%3c '''WARNING: You must '''not''' use username.example.com or else your SSL certificates will not load properly and your ZNC will not be able to offer SSL encryption. If you do not have your own SSL certs, then don't add these lines!%0a%3c %0a%3c !!! Listeners%0a%3c %0a%3c Next, you'll want to create listeners. Each listener specifies a unique combination of IP address and port ([[tcpip/sockets|a TCP socket]]):%0a%3c %0a%3c [@%0a495,496d450%0a%3c %0a%3c '''NOTE:''' znc checks its own pid to see if it is running and quits if it is. Keep in mind this in mind when using cron to restart processes like this.%0a host:1645129632=68.148.177.239 author:1642876856=Naglfar csum:1642876856=Move content to crontab page diff:1642876856:1637191693:=443,446c443,452%0a%3c You will want to create a [[crontab/edit|cronjob]] which will restart znc every 5 minutes in case it ever crashes.%0a%3c %0a%3c Then, type:%0a%3c %0a---%0a> You will want to create a [[cronjob/intro|cronjob]] which will restart znc every 5 minutes in case it ever crashes.%0a> %0a> By default, crontab will use whatever editor is stored in the VISUAL or EDITOR environmental variable, or vi if both are undefined. If you want to change the editor, type:%0a> %0a> [@%0a> $ export EDITOR=%3cprogram>%0a> $ export VISUAL=%3cprogram>%0a> @]%0a> %0a> Replace %3cprogram> with your actual editor. Then, type:%0a host:1642876856=92.191.225.58 author:1637191693=jrmu diff:1637191693:1633442977:=9,12c9,12%0a%3c !!! Patched Source%0a%3c %0a%3c Due to a bug in OpenBSD 6.9, we have applied a custom patch to ZNC to avoid segfaults on multicore servers:%0a%3c %0a---%0a> !!! Getting the Source%0a> %0a> First, download the latest stable release:%0a> %0a14,23c14%0a%3c diff -ru znc-1.8.2-old/src/main.cpp znc-1.8.2-new/src/main.cpp%0a%3c --- znc-1.8.2-old/src/main.cpp Mon Sep 7 18:57:50 2020%0a%3c +++ znc-1.8.2-new/src/main.cpp Thu Dec 24 17:04:37 2020%0a%3c @@ -292,6 +292,7 @@%0a%3c }%0a%3c %0a%3c int main(int argc, char** argv) {%0a%3c + pthread_attr_t a; pthread_attr_init(&a);%0a%3c CString sConfig;%0a%3c CString sDataDir = "";%0a---%0a> $ ftp https://znc.in/releases/znc-1.8.2.tar.gz%0a26,27c17,20%0a%3c The schat module also needs patching for [[libressl/intro|libreSSL]]:%0a%3c %0a---%0a> On OpenBSD, [[ftp/usage|ftp]] can also be used to download files from the web.%0a> %0a> Next, extract and unzip the files:%0a> %0a29,46c22%0a%3c --- modules/schat.cpp.orig%0a%3c +++ modules/schat.cpp%0a%3c @@ -25,8 +25,8 @@%0a%3c #include %3cznc/User.h>%0a%3c #include %3cznc/IRCNetwork.h>%0a%3c %0a%3c -#if !defined(OPENSSL_VERSION_NUMBER) || defined(LIBRESSL_VERS%0a%3c ION_NUMBER) || \%0a%3c - OPENSSL_VERSION_NUMBER %3c 0x10100007%0a%3c +#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBE%0a%3c R %3c 0x10100007 || \%0a%3c + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUM%0a%3c BER %3c 0x3040000fL)%0a%3c /* SSL_SESSION was made opaque in OpenSSL 1.1.0, cipher acces%0a%3c sor was added 2%0a%3c weeks before the public release.%0a%3c See openssl/openssl@e92813234318635639dba0168c7ef5568757449b.%0a%3c */%0a---%0a> $ tar xvzf znc-1.8.2.tar.gz %0a48,50c24,28%0a%3c %0a%3c IRCNow provides a patched version of ZNC:%0a%3c %0a---%0a> %0a> For [[tar/usage|tar]], the options xvzf stand for e(x)tract, (v)erbose, un(z)ip, and (f)ile.%0a> %0a> '''WARNING''': OpenBSD 6.9 may contain a bug that causes ZNC to crash with a segmentation fault. To avoid this, we recommend using IRCNow's custom patched znc:%0a> %0a52d29%0a%3c $ cd ~%0a53a31%0a> $ tar xvzf znc-1.8.2a.tar.gz %0a56,59c34,37%0a%3c On OpenBSD, [[ftp/usage|ftp]] can also be used to download files from the web.%0a%3c %0a%3c For [[tar/usage|tar]], the options xvzf stand for e(x)tract, (v)erbose, un(z)ip, and (f)ile.%0a%3c %0a---%0a> The rest of the steps are identical if you use IRCNow's custom-patched znc.%0a> %0a> !!! Building ZNC%0a> %0a61,99c39,41%0a%3c $ tar xvzf znc-1.8.2a.tar.gz%0a%3c @]%0a%3c %0a%3c !!! Upstream Source%0a%3c %0a%3c You can choose to use the upstream source code, but you must apply patches to get it to build properly.%0a%3c %0a%3c '''WARNING''': If you are on OpenBSD 7.0, you must patch znc-1.8.2 to avoid a threading bug that causes segfaults and to fix a bug in the schat module.%0a%3c %0a%3c First, download the latest stable release:%0a%3c %0a%3c [@%0a%3c $ cd ~%0a%3c $ ftp https://znc.in/releases/znc-1.8.2.tar.gz%0a%3c @]%0a%3c %0a%3c We recommend you verify the [[gpg/verify|gpg signature]]:%0a%3c %0a%3c [@%0a%3c $ doas pkg_add gnupg%0a%3c $ ftp https://znc.in/releases/znc-1.8.2.tar.gz.sig%0a%3c $ gpg2 --recv-key D5823CACB477191CAC0075555AE420CC0209989E%0a%3c $ gpg2 --verify znc-1.8.2.tar.gz.sig znc-1.8.2.tar.gz%0a%3c @]%0a%3c %0a%3c Next, [[tar/usage|extract and unzip]] the files:%0a%3c %0a%3c [@%0a%3c $ tar xvzf znc-1.8.2.tar.gz %0a%3c @]%0a%3c %0a%3c !!! Building ZNC%0a%3c %0a%3c Next, we build ZNC:%0a%3c %0a%3c [@%0a%3c $ cd znc-1.8.2%0a%3c $ mkdir build%0a%3c $ cd build%0a---%0a> $ cd znc-1.8.2%0a> $ mkdir build%0a> $ cd build/%0a host:1637191693=38.87.162.8 author:1633442977=mkf csum:1633442977=nasty, we already have webadmin by default and this casues znc not to run.:( diff:1633442977:1633442976:= host:1633442977=190.2.131.205 author:1633442976=mkf csum:1633442976=nasty, we already have webadmin by default and this casues znc not to run.:( diff:1633442976:1628128636:=279a280%0a> LoadModule = webadmin%0a host:1633442976=190.2.131.205 author:1628128636=jrmu diff:1628128636:1628128470:=387,395d386%0a%3c %0a%3c By default, crontab will use whatever editor is stored in the VISUAL or EDITOR environmental variable, or vi if both are undefined. If you want to change the editor, type:%0a%3c %0a%3c [@%0a%3c $ export EDITOR=%3cprogram>%0a%3c $ export VISUAL=%3cprogram>%0a%3c @]%0a%3c %0a%3c Replace %3cprogram> with your actual editor. Then, type:%0a host:1628128636=38.87.162.8 author:1628128470=jrmu diff:1628128470:1628128356:=385,386d384%0a%3c %0a%3c You will want to create a [[cronjob/intro|cronjob]] which will restart znc every 5 minutes in case it ever crashes.%0a host:1628128470=38.87.162.8 author:1628128356=jrmu diff:1628128356:1627452520:=383,389d382%0a%3c %0a%3c !! Creating a cronjob%0a%3c %0a%3c [@%0a%3c $ crontab -e%0a%3c */5 * * * * ~/.local/bin/znc >> ~/.znc/znc.log 2>&1 &%0a%3c @]%0a host:1628128356=38.87.162.8 author:1627452520=jrmu diff:1627452520:1627451881:=68c68%0a%3c $ ~/.local/bin/znc --makeconf%0a---%0a> $ /home/username/.local/bin/znc --makeconf%0a115,116c115,116%0a%3c Next, you'll be asked to specify an optional bindhost. The bindhost will give you a nice-looking vhost, like @@username@username.example.com@@.%0a%3c %0a---%0a> Next, you'll be asked to specify an optional bindhost. The bindhost will give you a nice-looking vhost, like username@username.example.com.%0a> %0a369,378d368%0a%3c !! Run ZNC%0a%3c %0a%3c To start ZNC right away:%0a%3c %0a%3c [@%0a%3c $ ~/.local/bin/znc >> ~/.znc/znc.log 2>&1 &%0a%3c @]%0a%3c %0a%3c This will store all znc log messages to ~/.znc/znc.log. If ZNC fails to start or crashes, you can consult this file for the full error log.%0a%3c %0a386,390c376,381%0a%3c If you run into errors, check the error log in ~/.znc/znc.log, or turn on debugging:%0a%3c %0a%3c [@%0a%3c ~/.local/bin/znc -D%0a%3c @]%0a---%0a> If you're getting bindhost not set messages, you have two options:%0a> %0a> # Clear the bindhost%0a> # Fix your DNS records%0a> %0a> You will know%0a host:1627452520=38.87.162.8 author:1627451881=jrmu diff:1627451881:1627451826:= host:1627451881=38.87.162.8 author:1627451826=jrmu diff:1627451826:1627451646:=269,272c269%0a%3c @]%0a%3c %0a%3c '''WARNING''': Do not duplicate listeners or settings, or else ZNC will fail.%0a%3c %0a---%0a> %0a380,381d376%0a%3c %0a%3c You will know%0a host:1627451826=38.87.162.8 author:1627451646=jrmu diff:1627451646:1627451262:= host:1627451646=38.87.162.8 author:1627451262=jrmu diff:1627451262:1627450804:=238,241c238,241%0a%3c !! Copying SSL certs (optional)%0a%3c %0a%3c If you want to have properly validating SSL certs, your sysadmin can provide them for you in your ~/ssl/ folder. We will need to create a symbolic link for them to your znc folder:%0a%3c %0a---%0a> !! Configuration%0a> %0a> Here are some recommended changes to make to the default znc.conf so that it works nicely. Replace the top portion of znc.conf with these settings:%0a> %0a243,259d242%0a%3c $ ln -s ~/ssl/username.example.com.crt ~/.znc/username.example.com.crt%0a%3c $ ln -s ~/ssl/username.example.com.key ~/.znc/username.example.com.key%0a%3c @]%0a%3c %0a%3c You must replace username.example.com with your actual hostname.%0a%3c %0a%3c Afterwards, we can create a dhparam file:%0a%3c %0a%3c [@%0a%3c $ openssl dhparam -out ~/.znc/dhparam.pem 2048%0a%3c @]%0a%3c %0a%3c !! Configuration%0a%3c %0a%3c Here are some recommended changes to make to the default znc.conf so that it works nicely. Replace the top portion of znc.conf with these settings:%0a%3c %0a%3c [@%0a295,296c278%0a%3c SSLCertFile = /home/znc/.znc/username.example.com.crt%0a%3c SSLKeyFile = /home/znc/.znc/username.example.com.key%0a---%0a> SSLCertFile = /home/znc/.znc/username.example.com.fullchain.pem%0a297a280%0a> SSLKeyFile = /home/znc/.znc/username.example.com.key%0a host:1627451262=38.87.162.8 author:1627450804=jrmu diff:1627450804:1627450128:=262d261%0a%3c PidFile = /home/znc/.znc/znc.pid%0a273,276c272,273%0a%3c !!! SSL certs (Optional)%0a%3c %0a%3c If you want properly validating SSL certs, you can add these lines to set the paths for the SSL files and process ID (pid) files:%0a%3c %0a---%0a> Next, we set the paths for the SSL files and process ID (pid) files:%0a> %0a280a278%0a> PidFile = /home/znc/.znc/znc.pid%0a283,286c281,284%0a%3c '''NOTE''': For the SSL certs, you will need to ask the admin. You will need to replace username.example.com with the unique hostname that your admin provides.%0a%3c %0a%3c '''WARNING: You must '''not''' use username.example.com or else your SSL certificates will not load properly and your ZNC will not be able to offer SSL encryption. If you do not have your own SSL certs, then don't add these lines!%0a%3c %0a---%0a> Replace username.example.com with your unique hostname.%0a> %0a> '''WARNING: You must '''not''' use username.example.com or else your SSL certificates will not load properly and your ZNC will not be able to offer SSL encryption.%0a> %0a289,290c287,288%0a%3c Next, you'll want to create listeners. Each listener specifies a unique combination of IP address and port ([[tcpip/sockets|a TCP socket]]):%0a%3c %0a---%0a> Next, you'll want to create 5 listeners. Each listener specifies a unique combination of IP address and port (a TCP socket):%0a> %0a334a333,354%0a> %0a> %3cListener listener4>%0a> AllowIRC = true%0a> AllowWeb = false%0a> Host = 127.0.0.1%0a> IPv4 = true%0a> IPv6 = false%0a> Port = 1337%0a> SSL = false%0a> URIPrefix = /%0a> %3c/Listener>%0a> %0a> %3cListener listener5>%0a> AllowIRC = false%0a> AllowWeb = true%0a> Host = 127.0.0.1%0a> IPv4 = true%0a> IPv6 = false%0a> Port = 1338%0a> SSL = false%0a> URIPrefix = /%0a> %3c/Listener>%0a336,347d355%0a%3c %0a%3c @@Host = 192.168.1.1@@ and @@Port = 1337@@ tells ZNC to [[tcpip/sockets|listen]] on that IP address. You '''must''' replace 192.168.1.1 and 2001:db8:: with your real IP addresses and you '''must''' replace 1337 and 31337 with the ports you were given during account registration. If you don't use the correct IP address and port, ZNC may refuse to launch, or you may be unable to connect.%0a%3c %0a%3c You can find your IP addresses by running host on your unique hostname:%0a%3c %0a%3c [@%0a%3c $ host username.example.com%0a%3c username.example.com has address 198.51.100.1%0a%3c username.example.com has IPv6 address fe80:c001:d00d::%0a%3c @]%0a%3c %0a%3c '''WARNING''': You must replace 192.168.1.1 and 2001:db8:: with your real IP address, or znc will fail to launch.%0a host:1627450804=38.87.162.8 author:1627450128=jrmu diff:1627450128:1627449536:=5,6c5,6%0a%3c [[https://wiki.znc.in|ZNC]] is an IRC bouncer. It runs on a server and stays connected after you turn off your computer or phone. It saves chat messages and replays them when you reconnect, and also helps to hide your IP address. If you are running it on IRCNow, your server may also offer DDoS protection to keep you online.%0a%3c %0a---%0a> ZNC is an IRC bouncer. It runs on a server and stays connected after you turn off your computer or phone. It saves chat messages and replays them when you reconnect, and also helps to hide your IP address. If you are running it on IRCNow, your server may also offer DDoS protection to keep you online.%0a> %0a137,138d136%0a%3c !!! User Modules%0a%3c %0a146,147d143%0a%3c !!! Set Up a Network%0a%3c %0a184,185d179%0a%3c !!! Stop ZNC%0a%3c %0a228,229d221%0a%3c !! Recreate znc.conf%0a%3c %0a247a240,245%0a> LoadModule = chansaver%0a> LoadModule = lastseen%0a> LoadModule = adminlog%0a> LoadModule = identfile%0a> LoadModule = webadmin%0a> LoadModule = certauth%0a252,256c250,253%0a%3c %0a%3c For a full explanation of these settings, please consult the [[https://wiki.znc.in/Configuration|ZNC wiki]].%0a%3c %0a%3c Next, we load the following modules:%0a%3c %0a---%0a> @]%0a> %0a> Next, we set the paths for the SSL files and process ID (pid) files:%0a> %0a258,261c255,258%0a%3c LoadModule = chansaver%0a%3c LoadModule = adminlog%0a%3c LoadModule = webadmin%0a%3c LoadModule = certauth%0a---%0a> SSLCertFile = /home/znc/.znc/my.example.com.fullchain.pem%0a> SSLDHParamFile = /home/znc/.znc/dhparam.pem%0a> SSLKeyFile = /home/znc/.znc/my.example.com.key%0a> PidFile = /home/znc/.znc/znc.pid%0a264,288c261,263%0a%3c If you want to store logs on the shell account, you can add this line:%0a%3c %0a%3c [@%0a%3c LoadModule = log%0a%3c @]%0a%3c %0a%3c '''NOTE''': sysadmins can read logs stored on the server. Also, in the event of a security breach, an attacker can also read these logs.%0a%3c %0a%3c Next, we set the paths for the SSL files and process ID (pid) files:%0a%3c %0a%3c [@%0a%3c SSLCertFile = /home/znc/.znc/username.example.com.fullchain.pem%0a%3c SSLDHParamFile = /home/znc/.znc/dhparam.pem%0a%3c SSLKeyFile = /home/znc/.znc/username.example.com.key%0a%3c PidFile = /home/znc/.znc/znc.pid%0a%3c @]%0a%3c %0a%3c Replace username.example.com with your unique hostname.%0a%3c %0a%3c '''WARNING: You must '''not''' use username.example.com or else your SSL certificates will not load properly and your ZNC will not be able to offer SSL encryption.%0a%3c %0a%3c !!! Listeners%0a%3c %0a%3c Next, you'll want to create 5 listeners. Each listener specifies a unique combination of IP address and port (a TCP socket):%0a%3c %0a---%0a> Replace my.example.com with your unique %0a> %0a> '''WARNING: You%0a host:1627450128=38.87.162.8 author:1627449536=mkf diff:1627449536:1627449470:minor=264c264%0a%3c [@%0a---%0a> %0a host:1627449536=198.251.81.133 author:1627449470=jrmu diff:1627449470:1627449436:=338,342d337%0a%3c %0a%3c If you're getting bindhost not set messages, you have two options:%0a%3c %0a%3c # Clear the bindhost%0a%3c # Fix your DNS records%0a host:1627449470=38.87.162.8 author:1627449436=jrmu diff:1627449436:1627449406:=336,337d335%0a%3c %0a%3c !! Troubleshooting%0a host:1627449436=38.87.162.8 author:1627449406=jrmu diff:1627449406:1627448863:=113,114d112%0a%3c !!! Bindhosts%0a%3c %0a117,131c115,116%0a%3c '''WARNING''': You cannot pick any arbitrary [[dns/vhost|bindhost]] that you want. If you bindhost does not work, your vhost will not show up properly, and you may not be able to connect at all!%0a%3c %0a%3c A vhost must have proper [[dns/overview|forward]] and [[DNS/rDNS|reverse DNS]] [[dns/records|records]] to work. If you're using an IRCNow shell account, you should have been provided with one at registration. You can also ask your sysadmin to change it for you, or leave it blank.%0a%3c %0a%3c To test if your bindhost works properly, check the [[host/usage|host]] guide. You will want to run host on your bindhost:%0a%3c %0a%3c [@%0a%3c $ host username.example.com%0a%3c username.example.com has address 192.168.1.1%0a%3c username.example.com has IPv6 address 2001:bd8::%0a%3c @]%0a%3c %0a%3c Your bindhost should show both an IPv4 and IPv6 address. If it's missing an IPv4 address, it can '''only''' connect by IPv6 to an IRC network. If it's missing an IPv6 address, then it can '''only''' connect by IPv4 to an IRC network. If it's missing both, it '''cannot''' connect to '''any''' network.%0a%3c %0a%3c For this reason, you don't want to put an IPv6 address directly into the bindhost. This prevents ZNC from being able to connect to an IPv4 only network. Instead, you want to use a hostname that has both [[dns/records|A and AAAA records]] defined in [[dns/overview|DNS]].%0a---%0a> '''WARNING''': You cannot pick any arbitrary [[dns/vhost|vhost]] that you want. A vhost must have proper [[dns/overview|forward]] and [[DNS/rDNS|reverse DNS]] [[dns/records|records]]. If you're using an IRCNow shell account, you should have been provided with one at registration. You can also ask your sysadmin to change it for you, or leave it blank.%0a> %0a host:1627449406=38.87.162.8 author:1627448863=jrmu diff:1627448863:1627448795:=9,10d8%0a%3c !!! Getting the Source%0a%3c %0a30,31c28,29%0a%3c $ ftp https://ircnow.org/software/znc-1.8.2a.tar.gz%0a%3c $ tar xvzf znc-1.8.2a.tar.gz %0a---%0a> $ ftp https://ircnow.org/software/znc-1.8.2.tar.gz%0a> $ tar xvzf znc-1.8.2.tar.gz %0a35,36d32%0a%3c %0a%3c !!! Building ZNC%0a host:1627448863=38.87.162.8 author:1627448795=jrmu diff:1627448795:1627448514:=24,32d23%0a%3c %0a%3c '''WARNING''': OpenBSD 6.9 may contain a bug that causes ZNC to crash with a segmentation fault. To avoid this, we recommend using IRCNow's custom patched znc:%0a%3c %0a%3c [@%0a%3c $ ftp https://ircnow.org/software/znc-1.8.2.tar.gz%0a%3c $ tar xvzf znc-1.8.2.tar.gz %0a%3c @]%0a%3c %0a%3c The rest of the steps are identical if you use IRCNow's custom-patched znc.%0a host:1627448795=38.87.162.8 author:1627448514=jrmu diff:1627448514:1627445963:=172c172%0a%3c $ kill -TERM %3cpid>%0a---%0a> $ pkill znc%0a174,191d173%0a%3c %0a%3c You will want to replace %3cpid> with the [[ps/usage|process ID]] you see above (86542):%0a%3c %0a%3c [@%0a%3c $ kill -TERM 86542%0a%3c @]%0a%3c %0a%3c This will send a (TERM)ination signal to ZNC so that it dies.%0a%3c %0a%3c '''NOTE''': You will need to replace 8542 with your process ID.%0a%3c %0a%3c If you don't know the process ID, you can type:%0a%3c %0a%3c [@%0a%3c $ ps -U %3cusername> | grep znc%0a%3c @]%0a%3c %0a%3c Replace %3cusername> with your username.%0a host:1627448514=38.87.162.8 author:1627445963=mkf csum:1627445963=simpler diff:1627445963:1627445527:=169,170c169,170%0a%3c To stop ZNC once it is launched, you can [[kill/usage|kill]] it:%0a%3c %0a---%0a> To stop ZNC once it is launched, you can [[kill/usage|kill]] it by its [[ps/usage|process ID]]:%0a> %0a172c172%0a%3c $ pkill znc%0a---%0a> $ kill -TERM %3cpid>%0a175,177c175,176%0a%3c If at any time you mess up the configuration, you can delete your znc.conf%0a%3c and rerun the makeconf command again:%0a%3c %0a---%0a> You will want to replace %3cpid> with the process ID you see above (86542):%0a> %0a179,180c178,196%0a%3c $ rm ~/.znc/configs/znc.conf%0a%3c $ ~/.local/bin/znc --makeconf%0a---%0a> $ kill -TERM 86542%0a> @]%0a> %0a> This will send a (TERM)ination signal to ZNC so that it dies.%0a> %0a> If you don't know the process ID, you can type:%0a> %0a> [@%0a> $ ps -U %3cusername> | grep znc%0a> @]%0a> %0a> Replace %3cusername> with your username.%0a> %0a> If at any time you mess up the configuration, you can delete your znc.conf%0a> and rerun the makeconf command again:%0a> %0a> [@%0a> $ rm /home/username/.znc/configs/znc.conf%0a> $ /home/username/.local/bin/znc --makeconf%0a host:1627445963=198.251.81.133 author:1627445527=jrmu diff:1627445527:1627445277:=5c5%0a%3c ZNC is an IRC bouncer. It runs on a server and stays connected after you turn off your computer or phone. It saves chat messages and replays them when you reconnect, and also helps to hide your IP address. If you are running it on IRCNow, your server may also offer DDoS protection to keep you online.%0a---%0a> ZNC is an IRC bouncer. It runs on a server and stays connected after you turn off your computer or phone. It saves chat messages and replay sthem when you reconnect, and also helps to hide your IP address. If you are running it on IRCNow, your server may also offer DDoS protection to keep you online.%0a host:1627445527=38.87.162.8 author:1627445277=jrmu diff:1627445277:1627444432:=201,299c201%0a%3c Here are some recommended changes to make to the default znc.conf so that it works nicely. Replace the top portion of znc.conf with these settings:%0a%3c %0a%3c [@%0a%3c AnonIPLimit = 10000%0a%3c AuthOnlyViaModule = false%0a%3c ConfigWriteDelay = 60%0a%3c ConnectDelay = 1%0a%3c HideVersion = false%0a%3c LoadModule = chansaver%0a%3c LoadModule = lastseen%0a%3c LoadModule = adminlog%0a%3c LoadModule = identfile%0a%3c LoadModule = webadmin%0a%3c LoadModule = certauth%0a%3c MaxBufferSize = 10000%0a%3c ProtectWebSessions = true%0a%3c ServerThrottle = 1%0a%3c Version = 1.8.2%0a%3c @]%0a%3c %0a%3c Next, we set the paths for the SSL files and process ID (pid) files:%0a%3c %0a%3c [@%0a%3c SSLCertFile = /home/znc/.znc/my.example.com.fullchain.pem%0a%3c SSLDHParamFile = /home/znc/.znc/dhparam.pem%0a%3c SSLKeyFile = /home/znc/.znc/my.example.com.key%0a%3c PidFile = /home/znc/.znc/znc.pid%0a%3c @]%0a%3c %0a%3c Replace my.example.com with your unique %0a%3c %0a%3c '''WARNING: You%0a%3c %0a%3c %3cListener listener0>%0a%3c AllowIRC = true%0a%3c AllowWeb = false%0a%3c Host = 192.168.1.1%0a%3c IPv4 = true%0a%3c IPv6 = false%0a%3c Port = 1337%0a%3c SSL = false%0a%3c URIPrefix = /%0a%3c %3c/Listener>%0a%3c %0a%3c %3cListener listener1>%0a%3c AllowIRC = true%0a%3c AllowWeb = false%0a%3c Host = 192.168.1.1%0a%3c IPv4 = true%0a%3c IPv6 = false%0a%3c Port = 31337%0a%3c SSL = true%0a%3c URIPrefix = /%0a%3c %3c/Listener>%0a%3c %0a%3c %3cListener listener2>%0a%3c AllowIRC = true%0a%3c AllowWeb = false%0a%3c Host = 2001:db8::%0a%3c IPv4 = false%0a%3c IPv6 = true%0a%3c Port = 1337%0a%3c SSL = false%0a%3c URIPrefix = /%0a%3c %3c/Listener>%0a%3c %0a%3c %3cListener listener3>%0a%3c AllowIRC = true%0a%3c AllowWeb = false%0a%3c Host = 2001:db8::%0a%3c IPv4 = false%0a%3c IPv6 = true%0a%3c Port = 31337%0a%3c SSL = true%0a%3c URIPrefix = /%0a%3c %3c/Listener>%0a%3c %0a%3c %3cListener listener4>%0a%3c AllowIRC = true%0a%3c AllowWeb = false%0a%3c Host = 127.0.0.1%0a%3c IPv4 = true%0a%3c IPv6 = false%0a%3c Port = 1337%0a%3c SSL = false%0a%3c URIPrefix = /%0a%3c %3c/Listener>%0a%3c %0a%3c %3cListener listener5>%0a%3c AllowIRC = false%0a%3c AllowWeb = true%0a%3c Host = 127.0.0.1%0a%3c IPv4 = true%0a%3c IPv6 = false%0a%3c Port = 1338%0a%3c SSL = false%0a%3c URIPrefix = /%0a%3c %3c/Listener>%0a%3c @]%0a---%0a> %0a host:1627445277=38.87.162.8 author:1627444432=jrmu diff:1627444432:1627444103:=201,204d200%0a%3c %0a%3c %0a%3c !! Connecting to ZNC%0a%3c %0a206a203,204%0a> %0a> %0a host:1627444432=38.87.162.8 author:1627444103=jrmu diff:1627444103:1627443701:=50,51d49%0a%3c !! Creating znc.conf%0a%3c %0a172c170%0a%3c $ kill -TERM %3cpid>%0a---%0a> %0a174,199d171%0a%3c %0a%3c You will want to replace %3cpid> with the process ID you see above (86542):%0a%3c %0a%3c [@%0a%3c $ kill -TERM 86542%0a%3c @]%0a%3c %0a%3c This will send a (TERM)ination signal to ZNC so that it dies.%0a%3c %0a%3c If you don't know the process ID, you can type:%0a%3c %0a%3c [@%0a%3c $ ps -U %3cusername> | grep znc%0a%3c @]%0a%3c %0a%3c Replace %3cusername> with your username.%0a%3c %0a%3c If at any time you mess up the configuration, you can delete your znc.conf%0a%3c and rerun the makeconf command again:%0a%3c %0a%3c [@%0a%3c $ rm /home/username/.znc/configs/znc.conf%0a%3c $ /home/username/.local/bin/znc --makeconf%0a%3c @]%0a%3c %0a%3c !! Configuration%0a host:1627444103=38.87.162.8 author:1627443701=jrmu diff:1627443701:1627442952:=67c67%0a%3c [ ?? ] Listen using both IPv4 and IPv6 (yes/no) [yes]: no%0a---%0a> [ ?? ] Listen using both IPv4 and IPv6 (yes/no) [yes]: %0a72,73d71%0a%3c '''WARNING''': Do '''not''' listen to both IPv4 and IPv6. There appears to be a bug in ZNC v1.8.2 on OpenBSD 6.9 where selecting 'yes' will cause IPv4 to stop working. Instead, as shown later in the guide, you can create separate listeners to allow listening to both IPv4 and IPv6.%0a%3c %0a133,134c131,132%0a%3c Next, I recommend *not* launching ZNC. There are still some settings you will want to add and configure:%0a%3c %0a---%0a> Next, launch ZNC:%0a> %0a146c144%0a%3c [ ?? ] Launch ZNC now? (yes/no) [yes]: no%0a---%0a> [ ?? ] Launch ZNC now? (yes/no) [yes]: yes%0a149,150c147,148%0a%3c If you accidentally launch ZNC, you will see:%0a%3c %0a---%0a> If all goes well, you will see:%0a> %0a167,172d164%0a%3c To stop ZNC once it is launched, you can [[kill/usage|kill]] it by its [[ps/usage|process ID]]:%0a%3c %0a%3c [@%0a%3c %0a%3c @]%0a%3c %0a175,176d166%0a%3c %0a%3c %0a host:1627443701=38.87.162.8 author:1627442952=jrmu diff:1627442952:1627441707:=98,99c98,99%0a%3c '''WARNING''': You cannot pick any arbitrary [[dns/vhost|vhost]] that you want. A vhost must have proper [[dns/overview|forward]] and [[DNS/rDNS|reverse DNS]] [[dns/records|records]]. If you're using an IRCNow shell account, you should have been provided with one at registration. You can also ask your sysadmin to change it for you, or leave it blank.%0a%3c %0a---%0a> '''WARNING''': You cannot pick any arbitrary [[dns/vhost|vhost]] that you want. A vhost must have proper [[dns/overview|forward]] and [[DNS/rDNS|reverse DNS]] [[dns/records|records]].%0a> %0a101a102,104%0a> [ ** ] Enabled user modules [chansaver, controlpanel]%0a> [ ** ] %0a> [ ?? ] Set up a network? (yes/no) [yes]: %0a103,166d105%0a%3c %0a%3c You'll want to enable all the user modules:%0a%3c %0a%3c [@%0a%3c [ ** ] Enabled user modules [chansaver, controlpanel]%0a%3c [ ** ] %0a%3c @]%0a%3c %0a%3c You can optionally set up a network at this stage:%0a%3c %0a%3c [@%0a%3c [ ?? ] Set up a network? (yes/no) [yes]: yes %0a%3c [ ** ] %0a%3c [ ** ] -- Network settings --%0a%3c [ ** ] %0a%3c [ ?? ] Name [freenode]: ircnow%0a%3c [ ?? ] Server host (host only): irc6.ircnow.org%0a%3c [ ?? ] Server uses SSL? (yes/no) [no]: yes%0a%3c [ ?? ] Server port (1 to 65535) [6697]: %0a%3c [ ?? ] Server password (probably empty): %0a%3c [ ?? ] Initial channels: #ircnow%0a%3c [ ** ] Enabled network modules [simple_away]%0a%3c [ ** ] %0a%3c [ .. ] Writing config [/home/username/.znc/configs/znc.conf]...%0a%3c @]%0a%3c %0a%3c This will cause ZNC to automatically connect to your favorite network (IRCNow).%0a%3c %0a%3c Next, launch ZNC:%0a%3c %0a%3c [@%0a%3c [ ** ] To connect to this ZNC you need to connect to it as your IRC server%0a%3c [ ** ] using the port that you supplied. You have to supply your login info%0a%3c [ ** ] as the IRC server password like this: user/network:pass.%0a%3c [ ** ] %0a%3c [ ** ] Try something like this in your IRC client...%0a%3c [ ** ] /server %3cznc_server_ip> +12345 username:%3cpass>%0a%3c [ ** ] %0a%3c [ ** ] To manage settings, users and networks, point your web browser to%0a%3c [ ** ] https://%3cznc_server_ip>:12345/%0a%3c [ ** ] %0a%3c [ ?? ] Launch ZNC now? (yes/no) [yes]: yes%0a%3c @]%0a%3c %0a%3c If all goes well, you will see:%0a%3c %0a%3c [@%0a%3c [ .. ] Opening config [/home/username/.znc/configs/znc.conf]...%0a%3c [ .. ] Loading global module [webadmin]...%0a%3c [ .. ] Binding to port [+12345]...%0a%3c [ ** ] Loading user [username]%0a%3c [ ** ] Loading network [ircnow]%0a%3c [ .. ] Loading network module [simple_away]...%0a%3c [ >> ] [/home/username/.local/lib/znc/simple_away.so]%0a%3c [ .. ] Adding 1 servers...%0a%3c [ .. ] Loading user module [chansaver]...%0a%3c [ .. ] Loading user module [controlpanel]...%0a%3c [ .. ] Forking into the background...%0a%3c [ >> ] [pid: 86542]%0a%3c [ ** ] ZNC 1.8.2 - https://znc.in%0a%3c @]%0a%3c %0a%3c From here, you will want to consult the [[bouncer/bouncer|ZNC client guides]]%0a%3c to see how to connect to ZNC.%0a host:1627442952=38.87.162.8 author:1627441707=jrmu diff:1627441707:1627441483:=98c98%0a%3c '''WARNING''': You cannot pick any arbitrary [[dns/vhost|vhost]] that you want. A vhost must have proper [[dns/overview|forward]] and [[DNS/rDNS|reverse DNS]] [[dns/records|records]].%0a---%0a> '''WARNING''': You cannot pick any arbitrary [[dns/vhost|vhost]] that you want. A vhost must have proper [[dns/overview|forward]] and [[dns/rdns|reverse DNS]] [[dns/records|records]].%0a host:1627441707=38.87.162.8 author:1627441483=jrmu diff:1627441483:1627440688:=61,62c61,62%0a%3c If you are on a shell account, you must use the [[tcpip/ports|ports]] that were reserved for your username.%0a%3c %0a---%0a> If you are on a shell account, you must use the ports that were reserved for your username.%0a> %0a68,74d67%0a%3c @]%0a%3c %0a%3c [[tls/overview|SSL]] helps to encrypt messages sent between client and server. In other words, if you turn it on, messages sent from your IRC program to ZNC are kept secure. It's more trouble to set up, and some older IRC programs don't support it, so some users prefer to turn off SSL.%0a%3c %0a%3c [[IPv4/overview|IPv4]] is the default networking protocol. [[IPv6/overview|IPv6]] is becoming more popular now, especially for mobile devices.%0a%3c %0a%3c [@%0a79,83d71%0a%3c @]%0a%3c %0a%3c ZNC will automatically create its own SSL certificate. This certificate, however, will be self-signed and hence will show up as invalid or untrusted by your IRC client. If you'd like a properly signed SSL certificate, ask your sysadmin or request one yourself using [[acme-client/configure|acme-client]].%0a%3c %0a%3c [@%0a94,101c82%0a%3c @]%0a%3c %0a%3c Next, you'll be asked to specify an optional bindhost. The bindhost will give you a nice-looking vhost, like username@username.example.com.%0a%3c %0a%3c '''WARNING''': You cannot pick any arbitrary [[dns/vhost|vhost]] that you want. A vhost must have proper [[dns/overview|forward]] and [[dns/rdns|reverse DNS]] [[dns/records|records]].%0a%3c %0a%3c [@%0a%3c [ ?? ] Bind host (optional): username.example.com%0a---%0a> [ ?? ] Bind host (optional): username.shelltalk.net%0a host:1627441483=38.87.162.8 author:1627440688=jrmu diff:1627440688:1627439470:=1,10d0%0a%3c (:title Install ZNC from Source:)%0a%3c %0a%3c !! Overview%0a%3c %0a%3c ZNC is an IRC bouncer. It runs on a server and stays connected after you turn off your computer or phone. It saves chat messages and replay sthem when you reconnect, and also helps to hide your IP address. If you are running it on IRCNow, your server may also offer DDoS protection to keep you online.%0a%3c %0a%3c !! Compiling from Source%0a%3c %0a%3c First, download the latest stable release:%0a%3c %0a13,19d2%0a%3c @]%0a%3c %0a%3c On OpenBSD, [[ftp/usage|ftp]] can also be used to download files from the web.%0a%3c %0a%3c Next, extract and unzip the files:%0a%3c %0a%3c [@%0a21,25d3%0a%3c @]%0a%3c %0a%3c For [[tar/usage|tar]], the options xvzf stand for e(x)tract, (v)erbose, un(z)ip, and (f)ile.%0a%3c %0a%3c [@%0a28a7,9%0a> $ cmake .. -DCMAKE_INSTALL_PREFIX="$HOME/.local"%0a> $ make%0a> $ make install%0a31,32c12,13%0a%3c We then use cmake to configure the files to install to ~/.local, then make and make install:%0a%3c %0a---%0a> You should see this message:%0a> %0a34,41d14%0a%3c $ cmake .. -DCMAKE_INSTALL_PREFIX="$HOME/.local"%0a%3c $ make%0a%3c $ make install%0a%3c @]%0a%3c %0a%3c You should see this message:%0a%3c %0a%3c [@%0a48,85d20%0a%3c @]%0a%3c %0a%3c Follow the instructions to generate the config file:%0a%3c %0a%3c [@%0a%3c $ /home/username/.local/bin/znc --makeconf%0a%3c [ .. ] Checking for list of available modules...%0a%3c [ ** ] %0a%3c [ ** ] -- Global settings --%0a%3c [ ** ] %0a%3c [ ?? ] Listen on port (1025 to 65534): %0a%3c @]%0a%3c %0a%3c If you are on a shell account, you must use the ports that were reserved for your username.%0a%3c %0a%3c '''WARNING:''' Shell accounts users must '''not''' randomly choose ports. Shell accounts servers often have firewalls in place that will block ports not reserved to you. If you are unable to connect to ZNC, double check to see if the firewall is blocking the connection.%0a%3c %0a%3c [@%0a%3c [ ?? ] Listen using SSL (yes/no) [no]: yes%0a%3c [ ?? ] Listen using both IPv4 and IPv6 (yes/no) [yes]: %0a%3c [ .. ] Verifying the listener...%0a%3c [ ** ] Unable to locate pem file: [/home/username/.znc/znc.pem], creating it%0a%3c [ .. ] Writing Pem file [/home/username/.znc/znc.pem]...%0a%3c [ ** ] Enabled global modules [webadmin]%0a%3c [ ** ] %0a%3c [ ** ] -- Admin user settings --%0a%3c [ ** ] %0a%3c [ ?? ] Username (alphanumeric): username%0a%3c [ ?? ] Enter password: %0a%3c [ ?? ] Confirm password: %0a%3c [ ?? ] Nick [username]: %0a%3c [ ?? ] Alternate nick [username_]: %0a%3c [ ?? ] Ident [username]: %0a%3c [ ?? ] Real name (optional): username%0a%3c [ ?? ] Bind host (optional): username.shelltalk.net%0a%3c [ ** ] Enabled user modules [chansaver, controlpanel]%0a%3c [ ** ] %0a%3c [ ?? ] Set up a network? (yes/no) [yes]: %0a host:1627440688=38.87.162.8 author:1627439470=jrmu diff:1627439470:1627439470:=1,21d0%0a%3c [@%0a%3c $ ftp https://znc.in/releases/znc-1.8.2.tar.gz%0a%3c $ tar xvzf znc-1.8.2.tar.gz %0a%3c $ cd znc-1.8.2%0a%3c $ mkdir build%0a%3c $ cd build/%0a%3c $ cmake .. -DCMAKE_INSTALL_PREFIX="$HOME/.local"%0a%3c $ make%0a%3c $ make install%0a%3c @]%0a%3c %0a%3c You should see this message:%0a%3c %0a%3c [@%0a%3c ZNC was successfully installed.%0a%3c You can use '/home/username/.local/bin/znc --makeconf'%0a%3c to generate a config file.%0a%3c %0a%3c If you need help with using ZNC, please visit our wiki at:%0a%3c http://znc.in%0a%3c @]%0a host:1627439470=38.87.162.8