1 aa513bf8 2023-01-22 jrmu version=pmwiki-2.2.130 ordered=1 urlencoded=1
2 aa513bf8 2023-01-22 jrmu agent=w3m/0.5.3+git20210102
4 aa513bf8 2023-01-22 jrmu charset=UTF-8
6 aa513bf8 2023-01-22 jrmu ctime=1597726139
7 aa513bf8 2023-01-22 jrmu host=38.87.162.8
8 aa513bf8 2023-01-22 jrmu name=Openbsd.Znc
10 aa513bf8 2023-01-22 jrmu targets=Openbsd.Syspatch,Oidentd.Znc,Openbsd.Relayd,Openbsd.Nsd,Openbsd.Buyvm
11 aa513bf8 2023-01-22 jrmu text=(:redirect Znc.Chroot:)%0aYou will want to get a ddos-filtered IPv4 and an IPv6 subnet from your internet provider.%0a%0aCreate the user znc:%0a%0a[@%0a$ doas adduser%0a@]%0a%0a[@%0aName: znc%0aPassword: ****%0aFullname: znc%0aUid: 1001%0aGid: 1001 (znc)%0aGroups: znc %0aLogin Class: default%0aHOME: /home/znc%0aShell: /sbin/nologin%0aOK? (y/n) [y]: y%0a@]%0a%0aI am not sure if this is necessary, but in /etc/login.conf, I add the following:%0a%0a[@%0aznc:\%0a :openfiles-cur=4096:\%0a :openfiles-max=8182:\%0a :openfiles=4096:\%0a :stacksize-cur=48M:\%0a :stacksize-max=48M:\%0a :maxproc-max=infinity:\%0a :maxproc-cur=4096:\%0a :tc=daemon:%0a@]%0a%0a'''WARNING''': Use tabs and not spaces. Spaces will not parse properly.%0a%0aI check to make sure znc is set to the right login class.%0a%0a[@%0a$ doas vipw%0a@]%0a%0aThere should be a line with znc that looks like this (I check to make sure znc has the right login class; the '1001' is the uid, which you may find to be different from this example, but it should not be changed):%0a%0a[@%0aznc:*:1001:1001:znc:0:0:znc:/home/znc:/sbin/nologin%0a@]%0a%0aYou will want to run cap_mkdb:%0a%0a[@%0a$ doas cap_mkdb /etc/login.conf%0a@]%0a%0aNow change znc shell to /bin/ksh , then continue with the steps below.%0a%0a[@%0a$ doas su -c znc znc%0a$ ulimit -a%0atime(cpu-seconds) unlimited%0afile(blocks) unlimited%0acoredump(blocks) unlimited%0adata(kbytes) 33554432%0astack(kbytes) 32768%0alockedmem(kbytes) 329478%0amemory(kbytes) 985092%0anofiles(descriptors) 4096%0aprocesses 1310%0a@]%0a%0aI then set the default shell to /sbin/nologin (note: the '1001' is the uid, which you may find to be different from this example, but it should not be changed.):%0a%0a[@%0a$ doas vipw%0a%0a...%0a%0aznc:*:1001:1001:znc:0:0:znc:/home/znc:/sbin/nologin%0a@]%0a%0aInstall needed dependencies:%0a%0a[@%0a$ doas pkg_add icu4c-67.1%0a$ doas pkg_add boost-1.67.0p0%0a$ doas pkg_add cmake%0a@]%0a%0aThe below install scripts are tested for OpenBSD 6.8 [[openbsd/syspatch|stable]] and znc-1.8.2. It will put znc inside the chroot at /home/znc. Before you begin the installation, check that you are using OpenBSD 6.8 and that your system is patched:%0a%0a[@%0a$ uname -a%0aOpenBSD example.ircnow.org 6.8 GENERIC#97 amd64%0a$ doas syspatch%0a@]%0a%0a[@%0a$ cd ~%0a$ curl -L -O https://ircnow.org/software/znc-1.8.2a.tar.gz%0a$ tar xvzf znc-1.8.2a.tar.gz%0a$ cd znc-1.8.2%0a$ mkdir build%0a$ cd build%0a$ cmake ..%0a$ make%0a$ doas make install%0a@]%0a%0a'''NOTE''': A patched version of znc-1.8.2 release is used to prevent a threading bug. Please do '''not''' use the standard znc 1.8.2 release.%0a%0aThen run as root:%0a%0a[@%0amkdir -p /home/znc/usr/lib/%0amkdir -p /home/znc/usr/local/lib/pkgconfig%0amkdir -p /home/znc/usr/local/bin/%0amkdir -p /home/znc/usr/local/share/%0amkdir -p /home/znc/usr/local/man/man1/%0amkdir -p /home/znc/usr/libexec/%0amkdir -p /home/znc/etc/ssl%0amkdir -p /home/znc/dev/%0amkdir -p /home/znc/var/run/%0amkdir -p /home/znc/home/znc/.znc%0amknod -m 644 /home/znc/dev/random c 45 0%0amknod -m 644 /home/znc/dev/urandom c 45 2%0amknod -m 666 /home/znc/dev/null c 2 2%0acp /usr/lib/libc++.so.5.0 /home/znc/usr/lib/libc++.so.5.0%0acp /usr/lib/libc++abi.so.3.0 /home/znc/usr/lib/libc++abi.so.3.0%0acp /usr/lib/libc.so.96.0 /home/znc/usr/lib/libc.so.96.0%0acp /usr/lib/libcrypto.so.46.1 /home/znc/usr/lib/libcrypto.so.46.1%0acp /usr/lib/libm.so.10.1 /home/znc/usr/lib/libm.so.10.1%0acp /usr/lib/libpthread.so.26.1 /home/znc/usr/lib/libpthread.so.26.1%0acp /usr/lib/libssl.so.48.1 /home/znc/usr/lib/libssl.so.48.1%0acp /usr/lib/libz.so.5.0 /home/znc/usr/lib/libz.so.5.0%0acp /usr/libexec/ld.so /home/znc/usr/libexec/ld.so%0acp /etc/resolv.conf /home/znc/etc/resolv.conf%0acp /etc/ssl/cert.pem /home/znc/etc/ssl/cert.pem%0acp /var/run/ld.so.hints /home/znc/var/run/ld.so.hints%0acp /usr/local/bin/znc /home/znc/usr/local/bin/znc%0acp /usr/local/man/man1/znc.1 /home/znc/usr/local/man/man1/znc.1%0acp /usr/local/man/man1/znc-buildmod.1 /home/znc/usr/local/man/man1/znc-buildmod.1%0acp /usr/local/bin/znc-buildmod /home/znc/usr/local/bin/znc-buildmod%0acp /usr/local/lib/pkgconfig/znc.pc /home/znc/usr/local/lib/pkgconfig/znc.pc%0acp /usr/local/lib/libicuuc.so.18.0 /home/znc/usr/local/lib/%0acp /usr/local/lib/libicudata.so.18.0 /home/znc/usr/local/lib/%0acp /usr/local/lib/libboost_locale-mt.so.11.0 /home/znc/usr/local/lib/%0acp /usr/local/lib/libboost_chrono-mt.so.11.0 /home/znc/usr/local/lib/%0acp /usr/local/lib/libboost_system-mt.so.11.0 /home/znc/usr/local/lib/%0acp /usr/local/lib/libboost_thread-mt.so.11.0 /home/znc/usr/local/lib/%0acp /usr/local/lib/libicui18n.so.18.0 /home/znc/usr/local/lib/%0acp -R /usr/local/share/znc /home/znc/usr/local/share/%0acp -R /usr/local/lib/znc /home/znc/usr/local/lib/%0acp -R /usr/local/include/znc /home/znc/usr/local/include/%0achown -R znc:znc /home/znc/%0achown -R root:wheel /home/znc/dev /home/znc/etc /home/znc/usr /home/znc/var%0achmod -R o-rx /home/znc/home/znc/.znc/%0ausermod -G znc botnow%0ausermod -G znc _identd%0a@]%0a%0aAt first, you will need to create a conf file:%0a%0a[@%0a# export HOME=/home/znc/%0a# chroot -u znc -g znc /home/znc znc --makeconf%0a@]%0a%0a[@%0a[ .. ] Checking for list of available modules...%0a[ ** ] %0a[ ** ] -- Global settings --%0a[ ** ] %0a[ ?? ] Listen on port (1025 to 65534): 31337%0a[ ?? ] Listen using SSL (yes/no) [no]: yes%0a[ ?? ] Listen using both IPv4 and IPv6 (yes/no) [yes]: no%0a[ .. ] Verifying the listener...%0a[ ** ] Unable to locate pem file: [/home/znc/.znc/znc.pem], creating it%0a[ .. ] Writing Pem file [/home/znc/.znc/znc.pem]...%0a[ ** ] Enabled global modules [webadmin]%0a[ ** ] %0a[ ** ] -- Admin user settings --%0a[ ** ] %0a[ ?? ] Username (alphanumeric): %0a@]%0a%0a[@%0a# cp /etc/ssl/my.example.com.fullchain.pem /home/znc/home/znc/.znc/%0a# cp /etc/ssl/private/my.example.com.key /home/znc/home/znc/.znc/%0a# chown znc:znc /home/znc/home/znc/.znc/my.example.com.*%0a@]%0a%0aInside ~:%0a%0a[@%0a$ openssl dhparam -out dhparam.pem 2048%0a$ doas chown znc:znc dhparam.pem%0a$ doas mv dhparam.pem /home/znc/home/znc/.znc/%0a@]%0a%0aAfterwards, to run znc:%0a%0a[@%0a# export HOME=/home/znc%0a# /usr/sbin/chroot -u znc -g znc /home/znc znc >>/var/log/znc.log 2>&1 &%0a@]%0a%0aNow you must add this rule in /etc/pf.conf:%0a%0a[@%0apass in log quick proto tcp to port {http https} keep state (max-src-conn 30, max-src-conn-rate 20/60)%0apass in log quick proto tcp to port { 1337 31337 } keep state (max 3000, max-src-conn 200) #bnc%0a@]%0a%0a[@%0a$ doas pfctl -f /etc/pf.conf%0a@]%0a%0a(Here the steps are a bit out of chronology)%0a%0aTo start the bouncer, I run this command:%0a%0a[@%0a# HOME=/home/znc && /usr/sbin/chroot -u znc -g znc /home/znc znc >>/var/log/znc.log 2>&1 &%0a@]%0a%0aIf your bouncer is already online, make sure to save the config by logging into your irc client, connected to the bouncer:%0a%0a[@%0a/msg *status saveconfig%0a@]%0a%0aThen, go add this at the top of /home/znc/home/znc/.znc/configs/znc.conf (yes I deliberately ignore the warnings):%0a%0a[@%0aAnonIPLimit = 10000%0aAuthOnlyViaModule = false%0aConfigWriteDelay = 0%0aConnectDelay = 1%0aHideVersion = false%0aLoadModule = chansaver%0aLoadModule = lastseen%0aLoadModule = adminlog%0aLoadModule = identfile%0aLoadModule = webadmin%0aLoadModule = certauth%0aMaxBufferSize = 10000%0aProtectWebSessions = true%0aSSLCertFile = /home/znc/.znc/my.example.com.fullchain.pem%0aSSLDHParamFile = /home/znc/.znc/dhparam.pem%0aSSLKeyFile = /home/znc/.znc/my.example.com.key%0aPidFile = /home/znc/.znc/znc.pid%0aServerThrottle = 1%0aVersion = 1.8.2%0a%0a%3cListener listener0>%0a AllowIRC = true%0a AllowWeb = false%0a Host = 192.168.1.1%0a IPv4 = true%0a IPv6 = false%0a Port = 1337%0a SSL = false%0a URIPrefix = /%0a%3c/Listener>%0a%0a%3cListener listener1>%0a AllowIRC = true%0a AllowWeb = false%0a Host = 192.168.1.1%0a IPv4 = true%0a IPv6 = false%0a Port = 31337%0a SSL = true%0a URIPrefix = /%0a%3c/Listener>%0a%0a%3cListener listener2>%0a AllowIRC = true%0a AllowWeb = false%0a Host = 2001:db8::%0a IPv4 = false%0a IPv6 = true%0a Port = 1337%0a SSL = false%0a URIPrefix = /%0a%3c/Listener>%0a%0a%3cListener listener3>%0a AllowIRC = true%0a AllowWeb = false%0a Host = 2001:db8::%0a IPv4 = false%0a IPv6 = true%0a Port = 31337%0a SSL = true%0a URIPrefix = /%0a%3c/Listener>%0a%0a%3cListener listener4>%0a AllowIRC = true%0a AllowWeb = false%0a Host = 127.0.0.1%0a IPv4 = true%0a IPv6 = false%0a Port = 1337%0a SSL = false%0a URIPrefix = /%0a%3c/Listener>%0a%0a%3cListener listener5>%0a AllowIRC = false%0a AllowWeb = true%0a Host = 127.0.0.1%0a IPv4 = true%0a IPv6 = false%0a Port = 1338%0a SSL = false%0a URIPrefix = /%0a%3c/Listener>%0a@]%0a%0aWe will load the identfile module by default. This is necessary to provide proper ident using [[oidentd/znc|oidentd]]. Please follow the instructions in the link to configure ident.%0a%0aI have znc bind to port 1338 without SSL for the web server. I will later use [[openbsd/relayd|relayd]] to provide TLS acceleration on port 443.%0a%0aReplace with your own IP addresses. Then, on your irc client logged into the bouncer:%0a%0a[@%0a/msg *status rehash%0a@]%0a%0a[@%0a$ doas crontab -e%0a@]%0a%0aAdd a few lines to have ZNC reconnect every 5 minutes. ZNC will only connect if no other ZNC instance is running:%0a%0a[@%0aHOME=/home/znc%0a*/5 * * * * /usr/sbin/chroot -u znc -g znc /home/znc znc >>/var/log/znc.log 2>&1 &%0a@]%0a%0aTo test the connection (and SSL certificate), run:%0a%0a[@%0a$ openssl s_client -connect my.example.com:31337%0a@]%0a%0aMake sure you have the proper SSL cert configured.%0a%0aWhile you are at it, you will want to redirect any plaintext requests to the webpanel on port 80 to use SSL on port 443. Add this to /etc/httpd.conf:%0a%0a[@%0aserver "bnc.example.com" {%0a listen on * port 80%0a location "/.well-known/acme-challenge/*" {%0a root "/acme"%0a request strip 2%0a }%0a location * {%0a block return 302 "https://$HTTP_HOST$REQUEST_URI"%0a }%0a}%0a@]%0a%0aGo ahead and reboot the web server:%0a%0a[@%0a$ doas rcctl restart httpd%0a@]%0a%0aNote: If you are using IPv6 and IPv4 for the same listener, perl IO::Socket::INET is unable to connect. Use two separate listeners.%0a%0a'''Integration with the operating system'''%0a%0a[@%0adoas touch /etc/rc.d/znc%0adoas chmod +x /etc/rc.d/znc%0a@]%0a%0a [= %0a#!/bin/ksh%0a#%0a# $OpenBSD: znc,v 1.2 2020/01/21 19:27:07 rpe Exp $%0a%0adaemon_pidfile="/home/znc/home/znc/.znc/znc.pid"%0adaemon="env HOME=/home/znc /usr/sbin/chroot -u znc -g znc /home/znc znc"%0a%0a%0aservice_stop() {%0a if [ -f $daemon_pidfile ]; then%0a pid=$(sed 's/[^0-9]*//g' $daemon_pidfile)%0a kill $pid%0a fi%0a}%0a%0acase "$1" in%0a stop)%0a service_stop%0a ;;%0aesac%0a%0a%0a. /etc/rc.d/rc.subr%0a%0arc_reload=NO%0a%0arc_cmd $1%0a%0a%0a =]%0a%0a'''Automatic start'''%0a%0aAutomatic start of the service in case of a crash. %0a%0aThis prevents the loss of users due to software errors. Make sure your users feel good.%0a [=%0adoas mkdir /usr/local/project_name/%0adoas touch /usr/local/project_name/checker_znc.sh%0adoas chmod +x /usr/local/project_name/checker_znc.sh%0a =]%0a%0a [=%0a#!/bin/sh%0a%0aSERVICE_NAME="znc"%0aSERVICE_USER="znc"%0aSERVICE_PID="/home/znc/home/znc/.znc/znc.pid"%0a%0aif ! pgrep -u $SERVICE_USER -x "$SERVICE_NAME" > /dev/null%0athen%0a if [ -f $SERVICE_PID ]; then%0a rm -f $SERVICE_PID%0a rcctl -d restart $SERVICE_NAME%0a fi%0afi%0a%0a =]%0a%0a [=%0a doas crontab -e%0a =]%0a%0a [=%0a*/2 * * * * /usr/local/project_name/checker_znc.sh 2>&1 &%0a =]%0a%0a'''ZNC console'''%0a%0aConnect%0a [=%0a/quote PASS admin:mysuperadminpassqwerty%0a =]%0a%0aGenerate new pass for user%0a [=%0aGo to site: https://passwordsgenerator.net/%0aand disable "Include Symbols"%0aclick "generate password"%0aor you can create a password yourself (the password must be between 12 and 16 characters long and include numbers and letters)%0a =]%0a%0aUser login%0a [=%0ausername must be the same or derived from the network login (contain a suffix)%0a =]%0a%0aCreate new user%0a [=%0a/msg *controlpanel AddUser bob 12345678%0a/msg *controlpanel LoadModule bob perform%0a =]%0a%0aAdd network for new ner%0a [=%0a/msg *controlpanel AddNetwork bob IRCNow%0a/msg *controlpanel AddServer vasya IRCNow irc.ircnow.org +6697%0a/msg *controlpanel SetNetwork BindHost bob IRCNow 2703:6401:30:faa1:6184:399c:dae2:32a2%0a/msg *controlpanel help%0a =]%0a%0aSet channels%0a [=%0a/msg *controlpanel AddChan bob IRCNow #ircnow%0a =]%0a%0aSet pass (this must be done with a user account or offer to run this command yourself) %0a [=%0a/msg *perform add PRIVMSG NickServ IDENTIFY bob 12345678%0a/msg *perform help%0a =]%0a%0aReconnect user`s network%0a [=%0a/msg *controlpanel Reconnect bob IRCNow%0a =]%0a%0aSaving settings to disk (please save your changes to disk immediately)%0a [=%0a/msg *status SaveConfig%0a =]%0a%0aDeleting user and user entities%0a [=%0a/msg *controlpanel DelUser bob%0a/msg *controlpanel DelNetwork bob IRCNow%0a =]%0a%0a!! Custom vhosts%0a%0a'''WARNING''': do '''not''' set individual IPv6 addresses for a user's bindhost. Do not set a user's bindhost to be something like 2605:6400:10::. If you specify an IPv6 address for the bindhost, that user can *only* connect to networks that support IPv6. IPv4-only networks completely fail.%0a%0aIt is better to set the bindhost to be username.fruit.ircnow.org. Then, for the [[openbsd/nsd|nameserver]], create an AAAA record and an A record. That way, the bindhost will use IPv6 if the network is IPv6-only, and IPv4 if it is an IPv4-only network. This solution is more flexible and allows your user to fall back to IPv4 when IPv6 is not supported.%0a%0aIf a user requests to change their vhost, do not edit the bindhost -- all you need to do is update the rDNS record (see the [[openbsd/buyvm|buyvm web panel]]. Don't delete the bindhost or the DNS A/AAAA records.%0a%0aFor example, suppose the vhost was formerly user.fruit.ircnow.org. If the user wants to change it to example.com, you just need to update the rDNS to example.com, but leave the znc bindhost as username.fruit.ircnow.org and keep the A/AAAA records for username.fruit.ircnow.org.%0a%0aOnce example.com's AAAA record is working, and the rDNS has been configured properly, you can reconnect the user (either the user types @@/znc connect@@ or you type @@/msg *controlpanel reconnect %3cusername> %3cnetwork>@@), and the vhost will update properly.%0a%0aKeeping the old A/AAAA record and bindhost working will make it easier if the user changes vhosts or if their 3rd party dns server for example.com fails for whatever reason. This method will allow the user to still connect. Otherwise, if the 3rd party dns server fails for example.com (which frequently happens with cheap, free dns services), users will be unable to connect and blame you. %0a%0a!! Troubleshooting%0a%0aIf your user is getting disconnected, these are the most likely causes:%0a%0a# mismatch of ports or SSL (using plaintext on 6697 or SSL on 6667)%0a# SSL is not supported%0a# user has a server password where none belongs (most likely he confused server password with nickserv password)%0a# ident is not working%0a# ircd bans a certain username or ident for no good reason (the ircd mistakenly assumes your connection is a bot and glines it)%0a# typo of server name or IP address%0a# dns lookup error%0a%0aYou may be need to install icu4c-67.1 .%0a%0a!! WARNING%0a%0aIf a znc user has a bindhost that is IPv6 only but the network is IPv4 only, it will not connect.%0a%0aTo prevent this, you '''must be absolutely 100%25 certain''' that each bindhost is symbolic (such as username.fruit.ircnow.org) and that each hostname has a single A record and a single AAAA record in your DNS zone. If any part is misconfigured, users will be unable to connect.%0a%0aA quick way to check if there are DNS errors:%0a%0a[@%0a$ doas grep Host /home/znc/home/znc/.znc/configs/znc.conf | grep -v > ~/bindhost%0a$ vi ~/bindhost%0a@]%0a%0aThen with vi:%0a%0a[@%0a:%25s_.* = _host _g%0a@]%0a%0aThen:%0a%0a[@%0a$ sh ~/bindhost%0a@]%0a%0aIf you see any records there with only a single IPv4 address but no IPv6, or a single IPv6 but no IPv4, or any NXDOMAIN responses, you need to fix your DNS records. There should be exactly one shared IPv4 and one unique IPv6 for each hostname, and zero NXDOMAIN responses.%0a%0a!!! Missing libraries%0a%0aIf you are getting errors such as:%0a%0a[@%0ald.so: znc: can't load library 'libc++abi.so.2.1' %0a@]%0a%0aThen it could be due to the fact that you are on the wrong OpenBSD version (6.7 or earlier), you did not apply [[openbsd/syspatch|syspatch]], and you have not upgraded all dependencies:%0a%0a[@%0a$ doas syspatch%0a$ doas pkg_add -u%0a@]%0a%0aThen, delete the build folder and compile again.%0a%0a!! Adding ICU support%0a%0aCopy the following directories:%0a%0a[@%0a# cp -R /usr/local/share/icu /home/znc/usr/local/share/%0a# cp -R /usr/local/lib/icu /home/znc/usr/local/lib/%0a@]%0a%0aThen, restart BNC. Encoding options should be available.%0a%0a(The patched ZNC was made before ICU support is added. So, we cannot ensure that adding ICU support after the patch will not cause any other bugs.)%0a%0a!! Obsolete Setups%0a%0aThe old install script (tested for OpenBSD 6.7 and znc-1.7.5) is now '''obsoleted''':%0a%0a[@%0amkdir -p /home/znc/usr/lib/%0amkdir -p /home/znc/usr/libexec/%0amkdir -p /home/znc/etc/ssl%0amkdir -p /home/znc/dev/%0amkdir -p /home/znc/var/run/%0amkdir -p /home/znc/home/znc/%0amknod -m 644 /home/znc/dev/random c 45 0%0amknod -m 644 /home/znc/dev/urandom c 45 2%0amknod -m 666 /home/znc/dev/null c 2 2%0acp /usr/lib/libc++.so.5.0 /home/znc/usr/lib/libc++.so.5.0%0acp /usr/lib/libc++abi.so.3.0 /home/znc/usr/lib/libc++abi.so.3.0%0acp /usr/lib/libc.so.96.0 /home/znc/usr/lib/libc.so.96.0%0acp /usr/lib/libcrypto.so.46.1 /home/znc/usr/lib/libcrypto.so.46.1%0acp /usr/lib/libm.so.10.1 /home/znc/usr/lib/libm.so.10.1%0acp /usr/lib/libpthread.so.26.1 /home/znc/usr/lib/libpthread.so.26.1%0acp /usr/lib/libssl.so.48.1 /home/znc/usr/lib/libssl.so.48.1%0acp /usr/lib/libz.so.5.0 /home/znc/usr/lib/libz.so.5.0%0acp /usr/libexec/ld.so /home/znc/usr/libexec/ld.so%0acp /etc/resolv.conf /home/znc/etc/resolv.conf%0acp /etc/ssl/cert.pem /home/znc/etc/ssl/cert.pem%0acp /var/run/ld.so.hints /home/znc/var/run/ld.so.hints%0apkg_add -B /home/znc znc%0achown -R root:wheel /home/znc/dev /home/znc/etc /home/znc/usr /home/znc/var%0achown -R znc:znc /home/znc/%0ausermod -G znc botnow%0ausermod -G znc _identd%0a@]%0a%0a!! Running znc in debug mode%0a%0a[@%0a$ cd ~%0a$ curl -L -O https://znc.in/releases/znc-1.8.2.tar.gz%0a$ tar xvzf znc-1.8.2.tar.gz%0a$ cd znc-1.8.2%0a$ mkdir build%0a$ cd build%0a$ ../configure --enable-debug CXX=c++%0a$ gmake%0a$ doas make install%0a@]%0a%0a[@%0amkdir -p /home/znc/usr/lib/%0amkdir -p /home/znc/usr/local/lib/pkgconfig%0amkdir -p /home/znc/usr/local/bin/%0amkdir -p /home/znc/usr/local/share/%0amkdir -p /home/znc/usr/local/man/man1/%0amkdir -p /home/znc/usr/libexec/%0amkdir -p /home/znc/etc/ssl%0amkdir -p /home/znc/dev/%0amkdir -p /home/znc/var/run/%0amkdir -p /home/znc/home/znc/%0amknod -m 644 /home/znc/dev/random c 45 0%0amknod -m 644 /home/znc/dev/urandom c 45 2%0amknod -m 666 /home/znc/dev/null c 2 2%0acp /usr/lib/libc++.so.5.0 /home/znc/usr/lib/libc++.so.5.0 %0acp /usr/lib/libc++abi.so.3.0 /home/znc/usr/lib/libc++abi.so.3.0%0acp /usr/lib/libc.so.96.0 /home/znc/usr/lib/libc.so.96.0%0acp /usr/lib/libcrypto.so.46.1 /home/znc/usr/lib/libcrypto.so.46.1%0acp /usr/lib/libm.so.10.1 /home/znc/usr/lib/libm.so.10.1%0acp /usr/lib/libpthread.so.26.1 /home/znc/usr/lib/libpthread.so.26.1%0acp /usr/lib/libssl.so.48.1 /home/znc/usr/lib/libssl.so.48.1%0acp /usr/lib/libz.so.5.0 /home/znc/usr/lib/libz.so.5.0%0acp /usr/libexec/ld.so /home/znc/usr/libexec/ld.so%0acp /etc/resolv.conf /home/znc/etc/resolv.conf%0acp /etc/ssl/cert.pem /home/znc/etc/ssl/cert.pem%0acp /var/run/ld.so.hints /home/znc/var/run/ld.so.hints%0acp /usr/local/bin/znc /home/znc/usr/local/bin/znc%0acp /usr/local/man/man1/znc.1 /home/znc/usr/local/man/man1/znc.1%0acp /usr/local/man/man1/znc-buildmod.1 /home/znc/usr/local/man/man1/znc-buildmod.1%0acp /usr/local/bin/znc-buildmod /home/znc/usr/local/bin/znc-buildmod%0acp /usr/local/lib/pkgconfig/znc.pc /home/znc/usr/local/lib/pkgconfig/znc.pc%0acp /usr/local/lib/libicuuc.so.18.0 /home/znc/usr/local/lib/%0acp /usr/local/lib/libicudata.so.18.0 /home/znc/usr/local/lib/%0acp /usr/local/lib/libboost_locale-mt.so.11.0 /home/znc/usr/local/lib/%0acp /usr/local/lib/libboost_system-mt.so.11.0 /home/znc/usr/local/lib/%0acp /usr/local/lib/libboost_thread-mt.so.11.0 /home/znc/usr/local/lib/%0acp /usr/local/lib/libboost_chrono-mt.so.11.0 /home/znc/usr/local/lib/%0acp /usr/local/lib/libicui18n.so.18.0 /home/znc/usr/local/lib/%0acp -R /usr/local/share/znc /home/znc/usr/local/share/%0acp -R /usr/local/lib/znc /home/znc/usr/local/lib/%0acp -R /usr/local/include/znc /home/znc/usr/local/include/%0achown -R znc:znc /home/znc/%0achown -R root:wheel /home/znc/dev /home/znc/etc /home/znc/usr /home/znc/var%0achmod -R o-rx /home/znc/home/znc/.znc/%0ausermod -G znc botnow%0ausermod -G znc _identd%0a@]%0a%0a$ doas gdb chroot%0a%0a
12 aa513bf8 2023-01-22 jrmu time=1626432193
13 aa513bf8 2023-01-22 jrmu author:1626432193=jrmu
14 aa513bf8 2023-01-22 jrmu diff:1626432193:1613133739:=1d0%0a%3c (:redirect Znc.Chroot:)%0a
15 aa513bf8 2023-01-22 jrmu host:1626432193=38.87.162.8
16 aa513bf8 2023-01-22 jrmu author:1613133739=jrmu
17 aa513bf8 2023-01-22 jrmu diff:1613133739:1611802427:=323c323%0a%3c We will load the identfile module by default. This is necessary to provide proper ident using [[oidentd/znc|oidentd]]. Please follow the instructions in the link to configure ident.%0a---%0a> We will load the identfile module by default. This is necessary to provide proper ident using [[openbsd/oidentd|oidentd]]. Please follow the instructions in the link to configure ident.%0a
18 aa513bf8 2023-01-22 jrmu host:1613133739=198.251.81.119
19 aa513bf8 2023-01-22 jrmu author:1611802427=jrmu
20 aa513bf8 2023-01-22 jrmu diff:1611802427:1611802340:=155d154%0a%3c chown -R znc:znc /home/znc/%0a156a156%0a> chown -R znc:znc /home/znc/%0a624,626c624%0a%3c chown -R znc:znc /home/znc/%0a%3c usermod -G znc botnow%0a%3c usermod -G znc _identd%0a---%0a> chown -R znc:znc /home/znc/home/znc/%0a684d681%0a%3c chown -R znc:znc /home/znc/%0a685a683%0a> chown -R znc:znc /home/znc/%0a
21 aa513bf8 2023-01-22 jrmu host:1611802427=125.231.24.226
22 aa513bf8 2023-01-22 jrmu author:1611802340=jrmu
23 aa513bf8 2023-01-22 jrmu diff:1611802340:1611802168:=683c683,684%0a%3c chown -R znc:znc /home/znc/%0a---%0a> chown -R znc:znc /home/znc/home/znc/%0a> chown -R znc:daemon /home/znc/home/znc/.znc/%0a685,686d685%0a%3c usermod -G znc botnow%0a%3c usermod -G znc _identd%0a
24 aa513bf8 2023-01-22 jrmu host:1611802340=125.231.24.226
25 aa513bf8 2023-01-22 jrmu author:1611802168=jrmu
26 aa513bf8 2023-01-22 jrmu diff:1611802168:1611279146:=156c156,157%0a%3c chown -R znc:znc /home/znc/%0a---%0a> chown -R znc:znc /home/znc/home/znc/%0a> chown -R znc:daemon /home/znc/home/znc/.znc/%0a158,159d158%0a%3c usermod -G znc botnow%0a%3c usermod -G znc _identd%0a
27 aa513bf8 2023-01-22 jrmu host:1611802168=125.231.24.226
28 aa513bf8 2023-01-22 jrmu author:1611279146=wiz
29 aa513bf8 2023-01-22 jrmu diff:1611279146:1611153746:=384,394c384,392%0a%3c # $OpenBSD: znc,v 1.2 2020/01/21 19:27:07 rpe Exp $%0a%3c %0a%3c daemon_pidfile="/home/znc/home/znc/.znc/znc.pid"%0a%3c daemon="env HOME=/home/znc /usr/sbin/chroot -u znc -g znc /home/znc znc"%0a%3c %0a%3c %0a%3c service_stop() {%0a%3c if [ -f $daemon_pidfile ]; then%0a%3c pid=$(sed 's/[^0-9]*//g' $daemon_pidfile)%0a%3c kill $pid%0a%3c fi%0a---%0a> # $OpenBSD: znc,v 1.2 2018/01/11 19:27:07 rpe Exp $%0a> %0a> daemon="znc"%0a> chroot_exec="env HOME=/home/znc /usr/sbin/chroot -u _znc -g _znc /home/znc"%0a> %0a> . /etc/rc.d/rc.subr%0a> %0a> rc_start() {%0a> ${rcexec} "$chroot_exec ${daemon} ${daemon_flags}"%0a397,405d394%0a%3c case "$1" in%0a%3c stop)%0a%3c service_stop%0a%3c ;;%0a%3c esac%0a%3c %0a%3c %0a%3c . /etc/rc.d/rc.subr%0a%3c %0a410c399%0a%3c %0a---%0a> echo $rcexec%0a
30 aa513bf8 2023-01-22 jrmu host:1611279146=77.100.11.104
31 aa513bf8 2023-01-22 jrmu author:1611153746=jrmu
32 aa513bf8 2023-01-22 jrmu diff:1611153746:1611149544:=150d149%0a%3c cp /usr/local/lib/libboost_thread-mt.so.11.0 /home/znc/usr/local/lib/%0a
33 aa513bf8 2023-01-22 jrmu host:1611153746=125.224.21.52
34 aa513bf8 2023-01-22 jrmu author:1611149544=jrmu
35 aa513bf8 2023-01-22 jrmu diff:1611149544:1611140794:=149d148%0a%3c cp /usr/local/lib/libboost_system-mt.so.11.0 /home/znc/usr/local/lib/%0a
36 aa513bf8 2023-01-22 jrmu host:1611149544=125.224.21.52
37 aa513bf8 2023-01-22 jrmu author:1611140794=jrmu
38 aa513bf8 2023-01-22 jrmu diff:1611140794:1610926137:=13,14c13,14%0a%3c Uid: 1001%0a%3c Gid: 1001 (znc)%0a---%0a> Uid: 10%0a> Gid: 1017 (znc)%0a
39 aa513bf8 2023-01-22 jrmu host:1611140794=125.224.21.52
40 aa513bf8 2023-01-22 jrmu author:1610926137=jrmu
41 aa513bf8 2023-01-22 jrmu diff:1610926137:1610925946:=149d148%0a%3c cp /usr/local/lib/libicui18n.so.18.0 /home/znc/usr/local/lib/%0a
42 aa513bf8 2023-01-22 jrmu host:1610926137=125.224.21.52
43 aa513bf8 2023-01-22 jrmu author:1610925946=jrmu
44 aa513bf8 2023-01-22 jrmu diff:1610925946:1610925857:=148d147%0a%3c cp /usr/local/lib/libboost_chrono-mt.so.11.0 /home/znc/usr/local/lib/%0a
45 aa513bf8 2023-01-22 jrmu host:1610925946=125.224.21.52
46 aa513bf8 2023-01-22 jrmu author:1610925857=jrmu
47 aa513bf8 2023-01-22 jrmu diff:1610925857:1610341483:=147d146%0a%3c cp /usr/local/lib/libboost_locale-mt.so.11.0 /home/znc/usr/local/lib/%0a
48 aa513bf8 2023-01-22 jrmu host:1610925857=125.224.21.52
49 aa513bf8 2023-01-22 jrmu author:1610341483=Noxturnix
50 aa513bf8 2023-01-22 jrmu diff:1610341483:1610339459:=146a147,148%0a> cp -R /usr/local/share/icu /home/znc/usr/local/share/%0a> cp -R /usr/local/lib/icu /home/znc/usr/local/lib/%0a565,577d566%0a%3c %0a%3c !! Adding ICU support%0a%3c %0a%3c Copy the following directories:%0a%3c %0a%3c [@%0a%3c # cp -R /usr/local/share/icu /home/znc/usr/local/share/%0a%3c # cp -R /usr/local/lib/icu /home/znc/usr/local/lib/%0a%3c @]%0a%3c %0a%3c Then, restart BNC. Encoding options should be available.%0a%3c %0a%3c (The patched ZNC was made before ICU support is added. So, we cannot ensure that adding ICU support after the patch will not cause any other bugs.)%0a
51 aa513bf8 2023-01-22 jrmu host:1610341483=2601:646:8601:3010:beeb:beeb:beeb:cafe
52 aa513bf8 2023-01-22 jrmu author:1610339459=Noxturnix
53 aa513bf8 2023-01-22 jrmu diff:1610339459:1610287161:=147,148d146%0a%3c cp -R /usr/local/share/icu /home/znc/usr/local/share/%0a%3c cp -R /usr/local/lib/icu /home/znc/usr/local/lib/%0a
54 aa513bf8 2023-01-22 jrmu host:1610339459=2601:646:8601:3010:beeb:beeb:beeb:cafe
55 aa513bf8 2023-01-22 jrmu author:1610287161=jrmu
56 aa513bf8 2023-01-22 jrmu diff:1610287161:1610281549:=524,527c524,531%0a%3c If a znc user has a bindhost that is IPv6 only but the network is IPv4 only, it will not connect.%0a%3c %0a%3c To prevent this, you '''must be absolutely 100%25 certain''' that each bindhost is symbolic (such as username.fruit.ircnow.org) and that each hostname has a single A record and a single AAAA record in your DNS zone. If any part is misconfigured, users will be unable to connect.%0a%3c %0a---%0a> If a znc user has a bindhost that is IPv6 only but the network is IPv4 only, it will segfault:%0a> %0a> TDNS: initiating resolving of [irc.example.net] and bindhost [user.fruit.ircnow.org] Segmentation fault (core dumped)%0a> %0a> This causes all your users to disconnect!%0a> %0a> To prevent this, you '''must be absolutely 100%25 certain''' that each bindhost is symbolic (such as username.fruit.ircnow.org) and that each hostname has a single A record and a single AAAA record in your DNS zone. If any part is misconfigured, it could cause your ZNC to crash every few hours mysteriously!%0a> %0a529d532%0a%3c %0a549,552c552,555%0a%3c !!! Missing libraries%0a%3c %0a%3c If you are getting errors such as:%0a%3c %0a---%0a> !! Obsolete Setups%0a> %0a> The old install script (tested for OpenBSD 6.7 and znc-1.7.5) is now '''obsoleted''':%0a> %0a554,570d556%0a%3c ld.so: znc: can't load library 'libc++abi.so.2.1' %0a%3c @]%0a%3c %0a%3c Then it could be due to the fact that you are on the wrong OpenBSD version (6.7 or earlier), you did not apply [[openbsd/syspatch|syspatch]], and you have not upgraded all dependencies:%0a%3c %0a%3c [@%0a%3c $ doas syspatch%0a%3c $ doas pkg_add -u%0a%3c @]%0a%3c %0a%3c Then, delete the build folder and compile again.%0a%3c %0a%3c !! Obsolete Setups%0a%3c %0a%3c The old install script (tested for OpenBSD 6.7 and znc-1.7.5) is now '''obsoleted''':%0a%3c %0a%3c [@%0a658,659c644%0a%3c $ doas gdb chroot%0a%3c %0a---%0a> $ doas gdb chroot%0a\ No newline at end of file%0a
57 aa513bf8 2023-01-22 jrmu host:1610287161=125.224.19.86
58 aa513bf8 2023-01-22 jrmu author:1610281549=jrmu
59 aa513bf8 2023-01-22 jrmu diff:1610281549:1610281348:=90,96c90,91%0a%3c The below install scripts are tested for OpenBSD 6.8 [[openbsd/syspatch|stable]] and znc-1.8.2. It will put znc inside the chroot at /home/znc. Before you begin the installation, check that you are using OpenBSD 6.8 and that your system is patched:%0a%3c %0a%3c [@%0a%3c $ uname -a%0a%3c OpenBSD example.ircnow.org 6.8 GENERIC#97 amd64%0a%3c $ doas syspatch%0a%3c @]%0a---%0a> Run this install script (tested for OpenBSD 6.8 [[openbsd/syspatch|stable]] and znc-1.8.2) as root to put znc inside the chroot at /home/znc:%0a> %0a
60 aa513bf8 2023-01-22 jrmu host:1610281549=125.224.19.86
61 aa513bf8 2023-01-22 jrmu author:1610281348=jrmu
62 aa513bf8 2023-01-22 jrmu diff:1610281348:1610280281:=90c90%0a%3c Run this install script (tested for OpenBSD 6.8 [[openbsd/syspatch|stable]] and znc-1.8.2) as root to put znc inside the chroot at /home/znc:%0a---%0a> Run this install script (tested for OpenBSD 6.8 and znc-1.8.2) as root to put znc inside the chroot at /home/znc:%0a
63 aa513bf8 2023-01-22 jrmu host:1610281348=125.224.19.86
64 aa513bf8 2023-01-22 jrmu author:1610280281=jrmu
65 aa513bf8 2023-01-22 jrmu diff:1610280281:1610272314:=118c118%0a%3c mkdir -p /home/znc/home/znc/.znc%0a---%0a> mkdir -p /home/znc/home/znc/%0a
66 aa513bf8 2023-01-22 jrmu host:1610280281=125.224.19.86
67 aa513bf8 2023-01-22 jrmu author:1610272314=jrmu
68 aa513bf8 2023-01-22 jrmu diff:1610272314:1610111093:=87d86%0a%3c $ doas pkg_add cmake%0a
69 aa513bf8 2023-01-22 jrmu host:1610272314=125.224.19.86
70 aa513bf8 2023-01-22 jrmu author:1610111093=jrmu
71 aa513bf8 2023-01-22 jrmu diff:1610111093:1610103302:=633,634d632%0a%3c chown -R znc:daemon /home/znc/home/znc/.znc/%0a%3c chmod -R o-rx /home/znc/home/znc/.znc/%0a
72 aa513bf8 2023-01-22 jrmu host:1610111093=125.224.19.86
73 aa513bf8 2023-01-22 jrmu author:1610103302=jrmu
74 aa513bf8 2023-01-22 jrmu diff:1610103302:1610103253:=
75 aa513bf8 2023-01-22 jrmu host:1610103302=125.224.19.86
76 aa513bf8 2023-01-22 jrmu author:1610103253=jrmu
77 aa513bf8 2023-01-22 jrmu diff:1610103253:1610078845:=145,146d144%0a%3c chown -R znc:daemon /home/znc/home/znc/.znc/%0a%3c chmod -R o-rx /home/znc/home/znc/.znc/%0a
78 aa513bf8 2023-01-22 jrmu host:1610103253=125.224.19.86
79 aa513bf8 2023-01-22 jrmu author:1610078845=jrmu
80 aa513bf8 2023-01-22 jrmu diff:1610078845:1609587886:=82,83c82,83%0a%3c Install needed dependencies:%0a%3c %0a---%0a> Run this install script (tested for OpenBSD 6.8 and znc-1.8.2) as root to put znc inside the chroot at /home/znc:%0a> %0a85,91d84%0a%3c $ doas pkg_add icu4c-67.1%0a%3c $ doas pkg_add boost-1.67.0p0%0a%3c @]%0a%3c %0a%3c Run this install script (tested for OpenBSD 6.8 and znc-1.8.2) as root to put znc inside the chroot at /home/znc:%0a%3c %0a%3c [@%0a100a94,95%0a> $ doas pkg_add icu4c-67.1%0a> $ doas pkg_add boost-1.67.0p0%0a
81 aa513bf8 2023-01-22 jrmu host:1610078845=125.224.19.86
82 aa513bf8 2023-01-22 jrmu author:1609587886=jrmu
83 aa513bf8 2023-01-22 jrmu diff:1609587886:1609064291:=95d94%0a%3c $ doas pkg_add boost-1.67.0p0%0a
84 aa513bf8 2023-01-22 jrmu host:1609587886=125.231.63.134
85 aa513bf8 2023-01-22 jrmu author:1609064291=fizi
86 aa513bf8 2023-01-22 jrmu diff:1609064291:1609064213:=
87 aa513bf8 2023-01-22 jrmu host:1609064291=39.42.29.159
88 aa513bf8 2023-01-22 jrmu author:1609064213=jrmu
89 aa513bf8 2023-01-22 jrmu diff:1609064213:1608863653:=87c87%0a%3c $ tar xvzf znc-1.8.2a.tar.gz%0a---%0a> $ tar xvzf znc-1.8.2.tar.gz%0a
90 aa513bf8 2023-01-22 jrmu host:1609064213=198.251.81.119
91 aa513bf8 2023-01-22 jrmu author:1608863653=jrmu
92 aa513bf8 2023-01-22 jrmu diff:1608863653:1608863397:=96,97d95%0a%3c %0a%3c '''NOTE''': A patched version of znc-1.8.2 release is used to prevent a threading bug. Please do '''not''' use the standard znc 1.8.2 release.%0a
93 aa513bf8 2023-01-22 jrmu host:1608863653=198.251.81.119
94 aa513bf8 2023-01-22 jrmu author:1608863397=jrmu
95 aa513bf8 2023-01-22 jrmu diff:1608863397:1608848760:=86c86%0a%3c $ curl -L -O https://ircnow.org/software/znc-1.8.2a.tar.gz%0a---%0a> $ curl -L -O https://znc.in/releases/znc-1.8.2.tar.gz%0a
96 aa513bf8 2023-01-22 jrmu host:1608863397=198.251.81.119
97 aa513bf8 2023-01-22 jrmu author:1608848760=jrmu
98 aa513bf8 2023-01-22 jrmu diff:1608848760:1608722128:=94d93%0a%3c $ doas pkg_add icu4c-67.1%0a
99 aa513bf8 2023-01-22 jrmu host:1608848760=198.251.81.119
100 aa513bf8 2023-01-22 jrmu author:1608722128=jrmu
101 aa513bf8 2023-01-22 jrmu diff:1608722128:1608722072:=575c575%0a%3c $ gmake%0a---%0a> $ make%0a
102 aa513bf8 2023-01-22 jrmu host:1608722128=198.251.81.119
103 aa513bf8 2023-01-22 jrmu author:1608722072=jrmu
104 aa513bf8 2023-01-22 jrmu diff:1608722072:1608718303:=567,577c567%0a%3c [@%0a%3c $ cd ~%0a%3c $ curl -L -O https://znc.in/releases/znc-1.8.2.tar.gz%0a%3c $ tar xvzf znc-1.8.2.tar.gz%0a%3c $ cd znc-1.8.2%0a%3c $ mkdir build%0a%3c $ cd build%0a%3c $ ../configure --enable-debug CXX=c++%0a%3c $ make%0a%3c $ doas make install%0a%3c @]%0a---%0a> ../configure --enable-debug%0a
105 aa513bf8 2023-01-22 jrmu host:1608722072=198.251.81.119
106 aa513bf8 2023-01-22 jrmu author:1608718303=jrmu
107 aa513bf8 2023-01-22 jrmu diff:1608718303:1608692900:=215c215%0a%3c ConnectDelay = 1%0a---%0a> ConnectDelay = 5%0a229,230c229,230%0a%3c ServerThrottle = 1%0a%3c Version = 1.8.2%0a---%0a> ServerThrottle = 30%0a> Version = 1.7.5%0a
108 aa513bf8 2023-01-22 jrmu host:1608718303=198.251.81.119
109 aa513bf8 2023-01-22 jrmu author:1608692900=jrmu
110 aa513bf8 2023-01-22 jrmu diff:1608692900:1608692453:=
111 aa513bf8 2023-01-22 jrmu host:1608692900=198.251.81.119
112 aa513bf8 2023-01-22 jrmu author:1608692453=jrmu
113 aa513bf8 2023-01-22 jrmu diff:1608692453:1608614909:=564,614d563%0a%3c %0a%3c !! Running znc in debug mode%0a%3c %0a%3c ../configure --enable-debug%0a%3c %0a%3c [@%0a%3c mkdir -p /home/znc/usr/lib/%0a%3c mkdir -p /home/znc/usr/local/lib/pkgconfig%0a%3c mkdir -p /home/znc/usr/local/bin/%0a%3c mkdir -p /home/znc/usr/local/share/%0a%3c mkdir -p /home/znc/usr/local/man/man1/%0a%3c mkdir -p /home/znc/usr/libexec/%0a%3c mkdir -p /home/znc/etc/ssl%0a%3c mkdir -p /home/znc/dev/%0a%3c mkdir -p /home/znc/var/run/%0a%3c mkdir -p /home/znc/home/znc/%0a%3c mknod -m 644 /home/znc/dev/random c 45 0%0a%3c mknod -m 644 /home/znc/dev/urandom c 45 2%0a%3c mknod -m 666 /home/znc/dev/null c 2 2%0a%3c cp /usr/lib/libc++.so.5.0 /home/znc/usr/lib/libc++.so.5.0 %0a%3c cp /usr/lib/libc++abi.so.3.0 /home/znc/usr/lib/libc++abi.so.3.0%0a%3c cp /usr/lib/libc.so.96.0 /home/znc/usr/lib/libc.so.96.0%0a%3c cp /usr/lib/libcrypto.so.46.1 /home/znc/usr/lib/libcrypto.so.46.1%0a%3c cp /usr/lib/libm.so.10.1 /home/znc/usr/lib/libm.so.10.1%0a%3c cp /usr/lib/libpthread.so.26.1 /home/znc/usr/lib/libpthread.so.26.1%0a%3c cp /usr/lib/libssl.so.48.1 /home/znc/usr/lib/libssl.so.48.1%0a%3c cp /usr/lib/libz.so.5.0 /home/znc/usr/lib/libz.so.5.0%0a%3c cp /usr/libexec/ld.so /home/znc/usr/libexec/ld.so%0a%3c cp /etc/resolv.conf /home/znc/etc/resolv.conf%0a%3c cp /etc/ssl/cert.pem /home/znc/etc/ssl/cert.pem%0a%3c cp /var/run/ld.so.hints /home/znc/var/run/ld.so.hints%0a%3c cp /usr/local/bin/znc /home/znc/usr/local/bin/znc%0a%3c cp /usr/local/man/man1/znc.1 /home/znc/usr/local/man/man1/znc.1%0a%3c cp /usr/local/man/man1/znc-buildmod.1 /home/znc/usr/local/man/man1/znc-buildmod.1%0a%3c cp /usr/local/bin/znc-buildmod /home/znc/usr/local/bin/znc-buildmod%0a%3c cp /usr/local/lib/pkgconfig/znc.pc /home/znc/usr/local/lib/pkgconfig/znc.pc%0a%3c cp /usr/local/lib/libicuuc.so.18.0 /home/znc/usr/local/lib/%0a%3c cp /usr/local/lib/libicudata.so.18.0 /home/znc/usr/local/lib/%0a%3c cp /usr/local/lib/libboost_locale-mt.so.11.0 /home/znc/usr/local/lib/%0a%3c cp /usr/local/lib/libboost_system-mt.so.11.0 /home/znc/usr/local/lib/%0a%3c cp /usr/local/lib/libboost_thread-mt.so.11.0 /home/znc/usr/local/lib/%0a%3c cp /usr/local/lib/libboost_chrono-mt.so.11.0 /home/znc/usr/local/lib/%0a%3c cp /usr/local/lib/libicui18n.so.18.0 /home/znc/usr/local/lib/%0a%3c cp -R /usr/local/share/znc /home/znc/usr/local/share/%0a%3c cp -R /usr/local/lib/znc /home/znc/usr/local/lib/%0a%3c cp -R /usr/local/include/znc /home/znc/usr/local/include/%0a%3c chown -R root:wheel /home/znc/dev /home/znc/etc /home/znc/usr /home/znc/var%0a%3c chown -R znc:znc /home/znc/home/znc/%0a%3c @]%0a%3c %0a%3c $ doas gdb chroot%0a\ No newline at end of file%0a
114 aa513bf8 2023-01-22 jrmu host:1608692453=198.251.81.119
115 aa513bf8 2023-01-22 jrmu author:1608614909=jrmu
116 aa513bf8 2023-01-22 jrmu diff:1608614909:1608612414:=502,503d501%0a%3c You may be need to install icu4c-67.1 .%0a%3c %0a563c561%0a%3c @]%0a---%0a> @]%0a\ No newline at end of file%0a
117 aa513bf8 2023-01-22 jrmu host:1608614909=38.81.163.7
118 aa513bf8 2023-01-22 jrmu author:1608612414=jrmu
119 aa513bf8 2023-01-22 jrmu diff:1608612414:1608563613:=96c96%0a%3c Then run as root:%0a---%0a> Then:%0a
120 aa513bf8 2023-01-22 jrmu host:1608612414=38.81.163.7
121 aa513bf8 2023-01-22 jrmu author:1608563613=jrmu
122 aa513bf8 2023-01-22 jrmu diff:1608563613:1608562789:=88d87%0a%3c $ cd znc-1.8.2%0a
123 aa513bf8 2023-01-22 jrmu host:1608563613=38.81.163.7
124 aa513bf8 2023-01-22 jrmu author:1608562789=jrmu
125 aa513bf8 2023-01-22 jrmu diff:1608562789:1608562456:=99c99%0a%3c mkdir -p /home/znc/usr/local/lib/pkgconfig%0a---%0a> mkdir -p /home/znc/usr/lib/pkgconfig%0a101d100%0a%3c mkdir -p /home/znc/usr/local/share/%0a122a122%0a> cp /usr/local/bin/znc /home/znc/usr/local/bin/znc%0a
126 aa513bf8 2023-01-22 jrmu host:1608562789=38.81.163.7
127 aa513bf8 2023-01-22 jrmu author:1608562456=jrmu
128 aa513bf8 2023-01-22 jrmu diff:1608562456:1608562003:=99c99%0a%3c mkdir -p /home/znc/usr/lib/pkgconfig%0a---%0a> mkdir -p /home/znc/usr/local/lib/pkgconfig%0a100a101%0a> mkdir -p /home/znc/usr/local/share/%0a123d123%0a%3c cp /usr/local/bin/znc /home/znc/usr/local/bin/znc%0a129,130c129%0a%3c cp /usr/local/lib/libicudata.so.18.0 /home/znc/usr/local/lib/%0a%3c cp -R /usr/local/share/znc /home/znc/usr/local/share/%0a---%0a> cp -R /usr/local/share/znc /home/znc/usr/local/share/znc%0a
129 aa513bf8 2023-01-22 jrmu host:1608562456=38.81.163.7
130 aa513bf8 2023-01-22 jrmu author:1608562003=jrmu
131 aa513bf8 2023-01-22 jrmu diff:1608562003:1608559392:=99c99%0a%3c mkdir -p /home/znc/usr/local/lib/pkgconfig%0a---%0a> mkdir -p /home/znc/usr/lib/pkgconfig%0a101d100%0a%3c mkdir -p /home/znc/usr/local/share/%0a124,128d122%0a%3c cp /usr/local/man/man1/znc.1 /home/znc/usr/local/man/man1/znc.1%0a%3c cp /usr/local/man/man1/znc-buildmod.1 /home/znc/usr/local/man/man1/znc-buildmod.1%0a%3c cp /usr/local/bin/znc-buildmod /home/znc/usr/local/bin/znc-buildmod%0a%3c cp /usr/local/lib/pkgconfig/znc.pc /home/znc/usr/local/lib/pkgconfig/znc.pc%0a%3c cp /usr/local/lib/libicuuc.so.18.0 /home/znc/usr/local/lib/%0a129a124,127%0a> cp -R /usr/local/man/man1/znc.1 /home/znc/usr/local/man/man1/znc.1%0a> cp -R /usr/local/man/man1/znc-buildmod.1 /home/znc/usr/local/man/man1/znc-buildmod.1%0a> cp -R /usr/local/bin/znc-buildmod /home/znc/usr/local/bin/znc-buildmod%0a> cp -R /usr/local/lib/pkgconfig/znc.pc /home/znc/usr/local/lib/pkgconfig/znc.pc%0a
132 aa513bf8 2023-01-22 jrmu host:1608562003=38.81.163.7
133 aa513bf8 2023-01-22 jrmu author:1608559392=jrmu
134 aa513bf8 2023-01-22 jrmu diff:1608559392:1608559231:=83,95d82%0a%3c %0a%3c [@%0a%3c $ cd ~%0a%3c $ curl -L -O https://znc.in/releases/znc-1.8.2.tar.gz%0a%3c $ tar xvzf znc-1.8.2.tar.gz%0a%3c $ mkdir build%0a%3c $ cd build%0a%3c $ cmake ..%0a%3c $ make%0a%3c $ doas make install%0a%3c @]%0a%3c %0a%3c Then:%0a
135 aa513bf8 2023-01-22 jrmu host:1608559392=38.81.163.7
136 aa513bf8 2023-01-22 jrmu author:1608559231=jrmu
137 aa513bf8 2023-01-22 jrmu diff:1608559231:1608483836:=82,83c82,83%0a%3c Run this install script (tested for OpenBSD 6.8 and znc-1.8.2) as root to put znc inside the chroot at /home/znc:%0a%3c %0a---%0a> Run this install script (tested for OpenBSD 6.7 and znc-1.7.5) as root to put znc inside the chroot at /home/znc:%0a> %0a86,88d85%0a%3c mkdir -p /home/znc/usr/lib/pkgconfig%0a%3c mkdir -p /home/znc/usr/local/bin/%0a%3c mkdir -p /home/znc/usr/local/man/man1/%0a109,116c106%0a%3c cp /usr/local/bin/znc /home/znc/usr/local/bin/znc%0a%3c cp -R /usr/local/share/znc /home/znc/usr/local/share/znc%0a%3c cp -R /usr/local/man/man1/znc.1 /home/znc/usr/local/man/man1/znc.1%0a%3c cp -R /usr/local/man/man1/znc-buildmod.1 /home/znc/usr/local/man/man1/znc-buildmod.1%0a%3c cp -R /usr/local/bin/znc-buildmod /home/znc/usr/local/bin/znc-buildmod%0a%3c cp -R /usr/local/lib/pkgconfig/znc.pc /home/znc/usr/local/lib/pkgconfig/znc.pc%0a%3c cp -R /usr/local/lib/znc /home/znc/usr/local/lib/%0a%3c cp -R /usr/local/include/znc /home/znc/usr/local/include/%0a---%0a> pkg_add -B /home/znc znc%0a513,544c503%0a%3c If you see any records there with only a single IPv4 address but no IPv6, or a single IPv6 but no IPv4, or any NXDOMAIN responses, you need to fix your DNS records. There should be exactly one shared IPv4 and one unique IPv6 for each hostname, and zero NXDOMAIN responses.%0a%3c %0a%3c !! Obsolete Setups%0a%3c %0a%3c The old install script (tested for OpenBSD 6.7 and znc-1.7.5) is now '''obsoleted''':%0a%3c %0a%3c [@%0a%3c mkdir -p /home/znc/usr/lib/%0a%3c mkdir -p /home/znc/usr/libexec/%0a%3c mkdir -p /home/znc/etc/ssl%0a%3c mkdir -p /home/znc/dev/%0a%3c mkdir -p /home/znc/var/run/%0a%3c mkdir -p /home/znc/home/znc/%0a%3c mknod -m 644 /home/znc/dev/random c 45 0%0a%3c mknod -m 644 /home/znc/dev/urandom c 45 2%0a%3c mknod -m 666 /home/znc/dev/null c 2 2%0a%3c cp /usr/lib/libc++.so.5.0 /home/znc/usr/lib/libc++.so.5.0%0a%3c cp /usr/lib/libc++abi.so.3.0 /home/znc/usr/lib/libc++abi.so.3.0%0a%3c cp /usr/lib/libc.so.96.0 /home/znc/usr/lib/libc.so.96.0%0a%3c cp /usr/lib/libcrypto.so.46.1 /home/znc/usr/lib/libcrypto.so.46.1%0a%3c cp /usr/lib/libm.so.10.1 /home/znc/usr/lib/libm.so.10.1%0a%3c cp /usr/lib/libpthread.so.26.1 /home/znc/usr/lib/libpthread.so.26.1%0a%3c cp /usr/lib/libssl.so.48.1 /home/znc/usr/lib/libssl.so.48.1%0a%3c cp /usr/lib/libz.so.5.0 /home/znc/usr/lib/libz.so.5.0%0a%3c cp /usr/libexec/ld.so /home/znc/usr/libexec/ld.so%0a%3c cp /etc/resolv.conf /home/znc/etc/resolv.conf%0a%3c cp /etc/ssl/cert.pem /home/znc/etc/ssl/cert.pem%0a%3c cp /var/run/ld.so.hints /home/znc/var/run/ld.so.hints%0a%3c pkg_add -B /home/znc znc%0a%3c chown -R root:wheel /home/znc/dev /home/znc/etc /home/znc/usr /home/znc/var%0a%3c chown -R znc:znc /home/znc/home/znc/%0a%3c @]%0a\ No newline at end of file%0a---%0a> If you see any records there with only a single IPv4 address but no IPv6, or a single IPv6 but no IPv4, or any NXDOMAIN responses, you need to fix your DNS records. There should be exactly one shared IPv4 and one unique IPv6 for each hostname, and zero NXDOMAIN responses.%0a\ No newline at end of file%0a
138 aa513bf8 2023-01-22 jrmu host:1608559231=38.81.163.7
139 aa513bf8 2023-01-22 jrmu author:1608483836=jrmu
140 aa513bf8 2023-01-22 jrmu diff:1608483836:1608203890:=483,503c483%0a%3c To prevent this, you '''must be absolutely 100%25 certain''' that each bindhost is symbolic (such as username.fruit.ircnow.org) and that each hostname has a single A record and a single AAAA record in your DNS zone. If any part is misconfigured, it could cause your ZNC to crash every few hours mysteriously!%0a%3c %0a%3c A quick way to check if there are DNS errors:%0a%3c [@%0a%3c $ doas grep Host /home/znc/home/znc/.znc/configs/znc.conf | grep -v > ~/bindhost%0a%3c $ vi ~/bindhost%0a%3c @]%0a%3c %0a%3c Then with vi:%0a%3c %0a%3c [@%0a%3c :%25s_.* = _host _g%0a%3c @]%0a%3c %0a%3c Then:%0a%3c %0a%3c [@%0a%3c $ sh ~/bindhost%0a%3c @]%0a%3c %0a%3c If you see any records there with only a single IPv4 address but no IPv6, or a single IPv6 but no IPv4, or any NXDOMAIN responses, you need to fix your DNS records. There should be exactly one shared IPv4 and one unique IPv6 for each hostname, and zero NXDOMAIN responses.%0a\ No newline at end of file%0a---%0a> To prevent this, you '''must be absolutely 100%25 certain''' that each bindhost is symbolic (such as username.fruit.ircnow.org) and that each hostname has a single A record and a single AAAA record in your DNS zone. If any part is misconfigured, it could cause your ZNC to crash every few hours mysteriously!%0a\ No newline at end of file%0a
141 aa513bf8 2023-01-22 jrmu host:1608483836=38.81.163.7
142 aa513bf8 2023-01-22 jrmu author:1608203890=jrmu
143 aa513bf8 2023-01-22 jrmu diff:1608203890:1607436535:=473,483c473%0a%3c # dns lookup error%0a%3c %0a%3c !! WARNING%0a%3c %0a%3c If a znc user has a bindhost that is IPv6 only but the network is IPv4 only, it will segfault:%0a%3c %0a%3c TDNS: initiating resolving of [irc.example.net] and bindhost [user.fruit.ircnow.org] Segmentation fault (core dumped)%0a%3c %0a%3c This causes all your users to disconnect!%0a%3c %0a%3c To prevent this, you '''must be absolutely 100%25 certain''' that each bindhost is symbolic (such as username.fruit.ircnow.org) and that each hostname has a single A record and a single AAAA record in your DNS zone. If any part is misconfigured, it could cause your ZNC to crash every few hours mysteriously!%0a\ No newline at end of file%0a---%0a> # dns lookup error%0a\ No newline at end of file%0a
144 aa513bf8 2023-01-22 jrmu host:1608203890=198.251.81.119
145 aa513bf8 2023-01-22 jrmu author:1607436535=jrmu
146 aa513bf8 2023-01-22 jrmu diff:1607436535:1607435744:=449,462d448%0a%3c !! Custom vhosts%0a%3c %0a%3c '''WARNING''': do '''not''' set individual IPv6 addresses for a user's bindhost. Do not set a user's bindhost to be something like 2605:6400:10::. If you specify an IPv6 address for the bindhost, that user can *only* connect to networks that support IPv6. IPv4-only networks completely fail.%0a%3c %0a%3c It is better to set the bindhost to be username.fruit.ircnow.org. Then, for the [[openbsd/nsd|nameserver]], create an AAAA record and an A record. That way, the bindhost will use IPv6 if the network is IPv6-only, and IPv4 if it is an IPv4-only network. This solution is more flexible and allows your user to fall back to IPv4 when IPv6 is not supported.%0a%3c %0a%3c If a user requests to change their vhost, do not edit the bindhost -- all you need to do is update the rDNS record (see the [[openbsd/buyvm|buyvm web panel]]. Don't delete the bindhost or the DNS A/AAAA records.%0a%3c %0a%3c For example, suppose the vhost was formerly user.fruit.ircnow.org. If the user wants to change it to example.com, you just need to update the rDNS to example.com, but leave the znc bindhost as username.fruit.ircnow.org and keep the A/AAAA records for username.fruit.ircnow.org.%0a%3c %0a%3c Once example.com's AAAA record is working, and the rDNS has been configured properly, you can reconnect the user (either the user types @@/znc connect@@ or you type @@/msg *controlpanel reconnect %3cusername> %3cnetwork>@@), and the vhost will update properly.%0a%3c %0a%3c Keeping the old A/AAAA record and bindhost working will make it easier if the user changes vhosts or if their 3rd party dns server for example.com fails for whatever reason. This method will allow the user to still connect. Otherwise, if the 3rd party dns server fails for example.com (which frequently happens with cheap, free dns services), users will be unable to connect and blame you. %0a%3c %0a473c459,463%0a%3c # dns lookup error%0a\ No newline at end of file%0a---%0a> # dns lookup error%0a> %0a> '''WARNING''': do '''not''' set individual IPv6 addresses for a user's bindhost. Do not set a user's bindhost to be something like 2605:6400:10::. If you specify an IPv6 address for the bindhost, that user can *only* connect to networks that support IPv6. IPv4-only networks completely fail.%0a> %0a> It is better to set the bindhost to be username.fruit.ircnow.org. Then, for the [[openbsd/nsd|nameserver]], create an AAAA record and an A record. That way, the bindhost will use IPv6 if the network is IPv6-only, and IPv4 if it is an IPv4-only network. This solution is more flexible and allows your user to fall back to IPv4 when IPv6 is not supported.%0a\ No newline at end of file%0a
147 aa513bf8 2023-01-22 jrmu host:1607436535=198.251.81.119
148 aa513bf8 2023-01-22 jrmu author:1607435744=jrmu
149 aa513bf8 2023-01-22 jrmu diff:1607435744:1603713856:=459,463c459%0a%3c # dns lookup error%0a%3c %0a%3c '''WARNING''': do '''not''' set individual IPv6 addresses for a user's bindhost. Do not set a user's bindhost to be something like 2605:6400:10::. If you specify an IPv6 address for the bindhost, that user can *only* connect to networks that support IPv6. IPv4-only networks completely fail.%0a%3c %0a%3c It is better to set the bindhost to be username.fruit.ircnow.org. Then, for the [[openbsd/nsd|nameserver]], create an AAAA record and an A record. That way, the bindhost will use IPv6 if the network is IPv6-only, and IPv4 if it is an IPv4-only network. This solution is more flexible and allows your user to fall back to IPv4 when IPv6 is not supported.%0a\ No newline at end of file%0a---%0a> # dns lookup error%0a\ No newline at end of file%0a
150 aa513bf8 2023-01-22 jrmu host:1607435744=198.251.81.119
151 aa513bf8 2023-01-22 jrmu author:1603713856=jrmu
152 aa513bf8 2023-01-22 jrmu diff:1603713856:1603524151:=26,33c26,33%0a%3c :openfiles-cur=4096:\%0a%3c :openfiles-max=8182:\%0a%3c :openfiles=4096:\%0a%3c :stacksize-cur=48M:\%0a%3c :stacksize-max=48M:\%0a%3c :maxproc-max=infinity:\%0a%3c :maxproc-cur=4096:\%0a%3c :tc=daemon:%0a---%0a> :openfiles-cur=4096:\%0a> :openfiles-max=8182:\%0a> :openfiles=4096:\%0a> :stacksize-cur=48M:\%0a> :stacksize-max=48M:\%0a> :maxproc-max=infinity:\%0a> :maxproc-cur=4096:\%0a> :tc=daemon:%0a35,36d34%0a%3c %0a%3c '''WARNING''': Use tabs and not spaces. Spaces will not parse properly.%0a
153 aa513bf8 2023-01-22 jrmu host:1603713856=125.231.28.105
154 aa513bf8 2023-01-22 jrmu author:1603524151=jrmu
155 aa513bf8 2023-01-22 jrmu diff:1603524151:1599194040:=92,93c92,93%0a%3c cp /usr/lib/libc++.so.5.0 /home/znc/usr/lib/libc++.so.5.0%0a%3c cp /usr/lib/libc++abi.so.3.0 /home/znc/usr/lib/libc++abi.so.3.0%0a---%0a> cp /usr/lib/libc++.so.4.0 /home/znc/usr/lib/libc++.so.4.0%0a> cp /usr/lib/libc++abi.so.2.1 /home/znc/usr/lib/libc++abi.so.2.1%0a
156 aa513bf8 2023-01-22 jrmu host:1603524151=125.224.28.18
157 aa513bf8 2023-01-22 jrmu author:1599194040=jrmu
158 aa513bf8 2023-01-22 jrmu diff:1599194040:1599119766:=445,457c445%0a%3c =]%0a%3c %0a%3c !! Troubleshooting%0a%3c %0a%3c If your user is getting disconnected, these are the most likely causes:%0a%3c %0a%3c # mismatch of ports or SSL (using plaintext on 6697 or SSL on 6667)%0a%3c # SSL is not supported%0a%3c # user has a server password where none belongs (most likely he confused server password with nickserv password)%0a%3c # ident is not working%0a%3c # ircd bans a certain username or ident for no good reason (the ircd mistakenly assumes your connection is a bot and glines it)%0a%3c # typo of server name or IP address%0a%3c # dns lookup error%0a\ No newline at end of file%0a---%0a> =]%0a\ No newline at end of file%0a
159 aa513bf8 2023-01-22 jrmu host:1599194040=38.81.163.143
160 aa513bf8 2023-01-22 jrmu author:1599119766=baytuch
161 aa513bf8 2023-01-22 jrmu diff:1599119766:1598014764:=155,156c155,156%0a%3c Now you must add this rule in /etc/pf.conf:%0a%3c %0a---%0a> Creating a start script:%0a> %0a158,159c158,159%0a%3c pass in log quick proto tcp to port {http https} keep state (max-src-conn 30, max-src-conn-rate 20/60)%0a%3c pass in log quick proto tcp to port { 1337 31337 } keep state (max 3000, max-src-conn 200) #bnc%0a---%0a> doas touch /etc/rc.d/znc%0a> doas chmod +x /etc/rc.d/znc%0a161a162%0a> File contents:%0a163c164,190%0a%3c $ doas pfctl -f /etc/pf.conf%0a---%0a> #!/bin/ksh%0a> #%0a> # $OpenBSD: znc,v 1.2 2018/01/11 19:27:07 rpe Exp $%0a> %0a> daemon_pidfile="/home/znc/home/znc/.znc/znc.pid"%0a> daemon="env HOME=/home/znc /usr/sbin/chroot -u znc -g znc /home/znc znc"%0a> %0a> %0a> service_stop() {%0a> if [ -f $daemon_pidfile ]; then%0a> pid=$(sed 's/[^0-9]*//g' $daemon_pidfile)%0a> kill $pid%0a> fi%0a> }%0a> %0a> case "$1" in%0a> stop)%0a> service_stop%0a> ;;%0a> esac%0a> %0a> %0a> . /etc/rc.d/rc.subr%0a> %0a> rc_reload=NO%0a> %0a> rc_cmd $1%0a166,169d192%0a%3c (Here the steps are a bit out of chronology)%0a%3c %0a%3c To start the bouncer, I run this command:%0a%3c %0a171c194,195%0a%3c # HOME=/home/znc && /usr/sbin/chroot -u znc -g znc /home/znc znc >>/var/log/znc.log 2>&1 &%0a---%0a> doas rcctl start znc%0a> doas rcctl stop znc%0a174,175c198,199%0a%3c If your bouncer is already online, make sure to save the config by logging into your irc client, connected to the bouncer:%0a%3c %0a---%0a> Now you must add this rule in /etc/pf.conf:%0a> %0a177c201,202%0a%3c /msg *status saveconfig%0a---%0a> pass in log quick proto tcp to port {http https} keep state (max-src-conn 30, max-src-conn-rate 20/60)%0a> pass in log quick proto tcp to port { 1337 31337 } keep state (max 3000, max-src-conn 200) #bnc%0a180,181d204%0a%3c Then, go add this at the top of /home/znc/home/znc/.znc/configs/znc.conf (yes I deliberately ignore the warnings):%0a%3c %0a182a206,225%0a> $ doas pfctl -f /etc/pf.conf%0a> @]%0a> %0a> (Here the steps are a bit out of chronology)%0a> %0a> To start the bouncer, I run this command:%0a> %0a> [@%0a> # HOME=/home/znc && /usr/sbin/chroot -u znc -g znc /home/znc znc >>/var/log/znc.log 2>&1 &%0a> @]%0a> %0a> If your bouncer is already online, make sure to save the config by logging into your irc client, connected to the bouncer:%0a> %0a> [@%0a> /msg *status saveconfig%0a> @]%0a> %0a> Then, go add this at the top of /home/znc/home/znc/.znc/configs/znc.conf (yes I deliberately ignore the warnings):%0a> %0a> [@%0a322,328c365,366%0a%3c '''Integration with the operating system'''%0a%3c %0a%3c [@%0a%3c doas touch /etc/rc.d/znc%0a%3c doas chmod +x /etc/rc.d/znc%0a%3c @]%0a%3c %0a---%0a> Integration with the operating system:%0a> %0a350,384d387%0a%3c '''Automatic start'''%0a%3c %0a%3c Automatic start of the service in case of a crash. %0a%3c %0a%3c This prevents the loss of users due to software errors. Make sure your users feel good.%0a%3c [=%0a%3c doas mkdir /usr/local/project_name/%0a%3c doas touch /usr/local/project_name/checker_znc.sh%0a%3c doas chmod +x /usr/local/project_name/checker_znc.sh%0a%3c =]%0a%3c %0a%3c [=%0a%3c #!/bin/sh%0a%3c %0a%3c SERVICE_NAME="znc"%0a%3c SERVICE_USER="znc"%0a%3c SERVICE_PID="/home/znc/home/znc/.znc/znc.pid"%0a%3c %0a%3c if ! pgrep -u $SERVICE_USER -x "$SERVICE_NAME" > /dev/null%0a%3c then%0a%3c if [ -f $SERVICE_PID ]; then%0a%3c rm -f $SERVICE_PID%0a%3c rcctl -d restart $SERVICE_NAME%0a%3c fi%0a%3c fi%0a%3c %0a%3c =]%0a%3c %0a%3c [=%0a%3c doas crontab -e%0a%3c =]%0a%3c %0a%3c [=%0a%3c */2 * * * * /usr/local/project_name/checker_znc.sh 2>&1 &%0a%3c =]%0a
162 aa513bf8 2023-01-22 jrmu host:1599119766=91.228.147.58
163 aa513bf8 2023-01-22 jrmu author:1598014764=baytuch
164 aa513bf8 2023-01-22 jrmu diff:1598014764:1597920980:=386,447d385%0a%3c =]%0a%3c %0a%3c %0a%3c '''ZNC console'''%0a%3c %0a%3c Connect%0a%3c [=%0a%3c /quote PASS admin:mysuperadminpassqwerty%0a%3c =]%0a%3c %0a%3c Generate new pass for user%0a%3c [=%0a%3c Go to site: https://passwordsgenerator.net/%0a%3c and disable "Include Symbols"%0a%3c click "generate password"%0a%3c or you can create a password yourself (the password must be between 12 and 16 characters long and include numbers and letters)%0a%3c =]%0a%3c %0a%3c User login%0a%3c [=%0a%3c username must be the same or derived from the network login (contain a suffix)%0a%3c =]%0a%3c %0a%3c Create new user%0a%3c [=%0a%3c /msg *controlpanel AddUser bob 12345678%0a%3c /msg *controlpanel LoadModule bob perform%0a%3c =]%0a%3c %0a%3c Add network for new ner%0a%3c [=%0a%3c /msg *controlpanel AddNetwork bob IRCNow%0a%3c /msg *controlpanel AddServer vasya IRCNow irc.ircnow.org +6697%0a%3c /msg *controlpanel SetNetwork BindHost bob IRCNow 2703:6401:30:faa1:6184:399c:dae2:32a2%0a%3c /msg *controlpanel help%0a%3c =]%0a%3c %0a%3c Set channels%0a%3c [=%0a%3c /msg *controlpanel AddChan bob IRCNow #ircnow%0a%3c =]%0a%3c %0a%3c Set pass (this must be done with a user account or offer to run this command yourself) %0a%3c [=%0a%3c /msg *perform add PRIVMSG NickServ IDENTIFY bob 12345678%0a%3c /msg *perform help%0a%3c =]%0a%3c %0a%3c Reconnect user`s network%0a%3c [=%0a%3c /msg *controlpanel Reconnect bob IRCNow%0a%3c =]%0a%3c %0a%3c Saving settings to disk (please save your changes to disk immediately)%0a%3c [=%0a%3c /msg *status SaveConfig%0a%3c =]%0a%3c %0a%3c Deleting user and user entities%0a%3c [=%0a%3c /msg *controlpanel DelUser bob%0a%3c /msg *controlpanel DelNetwork bob IRCNow%0a
165 aa513bf8 2023-01-22 jrmu host:1598014764=91.228.147.58
166 aa513bf8 2023-01-22 jrmu author:1597920980=baytuch
167 aa513bf8 2023-01-22 jrmu diff:1597920980:1597742156:=363,386c363%0a%3c Note: If you are using IPv6 and IPv4 for the same listener, perl IO::Socket::INET is unable to connect. Use two separate listeners.%0a%3c %0a%3c Integration with the operating system:%0a%3c %0a%3c [= %0a%3c #!/bin/ksh%0a%3c #%0a%3c # $OpenBSD: znc,v 1.2 2018/01/11 19:27:07 rpe Exp $%0a%3c %0a%3c daemon="znc"%0a%3c chroot_exec="env HOME=/home/znc /usr/sbin/chroot -u _znc -g _znc /home/znc"%0a%3c %0a%3c . /etc/rc.d/rc.subr%0a%3c %0a%3c rc_start() {%0a%3c ${rcexec} "$chroot_exec ${daemon} ${daemon_flags}"%0a%3c }%0a%3c %0a%3c rc_reload=NO%0a%3c %0a%3c rc_cmd $1%0a%3c %0a%3c echo $rcexec%0a%3c =]%0a\ No newline at end of file%0a---%0a> Note: If you are using IPv6 and IPv4 for the same listener, perl IO::Socket::INET is unable to connect. Use two separate listeners.%0a\ No newline at end of file%0a
168 aa513bf8 2023-01-22 jrmu host:1597920980=91.228.147.58
169 aa513bf8 2023-01-22 jrmu author:1597742156=jrmu
170 aa513bf8 2023-01-22 jrmu diff:1597742156:1597727095:=313,315c313,315%0a%3c We will load the identfile module by default. This is necessary to provide proper ident using [[openbsd/oidentd|oidentd]]. Please follow the instructions in the link to configure ident.%0a%3c %0a%3c I have znc bind to port 1338 without SSL for the web server. I will later use [[openbsd/relayd|relayd]] to provide TLS acceleration on port 443.%0a---%0a> We will load the identfile module by default. This is necessary to provide proper ident using [[openbsd:irc:oidentd|oidentd]]. Please follow the instructions in the link to configure ident.%0a> %0a> I have znc bind to port 1338 without SSL for the web server. I will later use [[openbsd:net:relayd|relayd]] to provide TLS acceleration on port 443.%0a
171 aa513bf8 2023-01-22 jrmu host:1597742156=38.81.163.143
172 aa513bf8 2023-01-22 jrmu author:1597727095=jrmu
173 aa513bf8 2023-01-22 jrmu diff:1597727095:1597726300:=156,157c156%0a%3c %0a%3c [@%0a---%0a> %3ccode>%0a160,161c159,160%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a163c162%0a%3c [@%0a---%0a> %3ccode>%0a191,193c190,192%0a%3c @]%0a%3c %0a%3c [@%0a---%0a> %3c/code>%0a> %0a> %3ccode>%0a196,197c195,196%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a200c199%0a%3c [@%0a---%0a> %3ccode>%0a203,205c202,204%0a%3c @]%0a%3c %0a%3c [@%0a---%0a> %3c/code>%0a> %0a> %3ccode>%0a207,208c206,207%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a213c212%0a%3c [@%0a---%0a> %3ccode>%0a215,216c214,215%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a219c218%0a%3c [@%0a---%0a> %3ccode>%0a221,222c220,221%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a225c224%0a%3c [@%0a---%0a> %3ccode>%0a311,312c310,311%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a319c318%0a%3c [@%0a---%0a> %3ccode>%0a321,323c320,322%0a%3c @]%0a%3c %0a%3c [@%0a---%0a> %3c/code>%0a> %0a> %3ccode>%0a325,326c324,325%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a329c328%0a%3c [@%0a---%0a> %3ccode>%0a332,333c331,332%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a336c335%0a%3c [@%0a---%0a> %3ccode>%0a338,339c337,338%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a344c343%0a%3c [@%0a---%0a> %3ccode>%0a355,356c354,355%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a359c358%0a%3c [@%0a---%0a> %3ccode>%0a361c360%0a%3c @]%0a---%0a> %3c/code>%0a
174 aa513bf8 2023-01-22 jrmu host:1597727095=38.81.163.143
175 aa513bf8 2023-01-22 jrmu author:1597726300=jrmu
176 aa513bf8 2023-01-22 jrmu diff:1597726300:1597726225:=82c82%0a%3c [@%0a---%0a> %3ccode>%0a107,108c107,108%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a111c111%0a%3c [@%0a---%0a> %3ccode>%0a114,116c114,116%0a%3c @]%0a%3c %0a%3c [@%0a---%0a> %3c/code>%0a> %0a> %3ccode>%0a132,134c132,134%0a%3c @]%0a%3c %0a%3c [@%0a---%0a> %3c/code>%0a> %0a> %3ccode>%0a138,139c138,139%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a142c142%0a%3c [@%0a---%0a> %3ccode>%0a146,147c146,147%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a150c150%0a%3c [@%0a---%0a> %3ccode>%0a153c153%0a%3c @]%0a---%0a> %3c/code>%0a
177 aa513bf8 2023-01-22 jrmu host:1597726300=38.81.163.143
178 aa513bf8 2023-01-22 jrmu author:1597726225=jrmu
179 aa513bf8 2023-01-22 jrmu diff:1597726225:1597726188:=50c50%0a%3c [@%0a---%0a> %3ccode>%0a52,53c52,53%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a56c56%0a%3c [@%0a---%0a> %3ccode>%0a68,69c68,70%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a> %0a72c73%0a%3c [@%0a---%0a> %3ccode>%0a78c79%0a%3c @]%0a---%0a> %3c/code>%0a
180 aa513bf8 2023-01-22 jrmu host:1597726225=38.81.163.143
181 aa513bf8 2023-01-22 jrmu author:1597726188=jrmu
182 aa513bf8 2023-01-22 jrmu diff:1597726188:1597726139:=5c5%0a%3c [@%0a---%0a> %3ccode>%0a7,9c7,9%0a%3c @]%0a%3c %0a%3c [@%0a---%0a> %3c/code>%0a> %0a> %3ccode>%0a20,21c20,21%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a24c24%0a%3c [@%0a---%0a> %3ccode>%0a34,35c34,35%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a38c38%0a%3c [@%0a---%0a> %3ccode>%0a40,41c40,41%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a44c44%0a%3c [@%0a---%0a> %3ccode>%0a46c46%0a%3c @]%0a---%0a> %3c/code>%0a
183 aa513bf8 2023-01-22 jrmu host:1597726188=38.81.163.143
184 aa513bf8 2023-01-22 jrmu author:1597726139=jrmu
185 aa513bf8 2023-01-22 jrmu diff:1597726139:1597726139:=1,363d0%0a%3c You will want to get a ddos-filtered IPv4 and an IPv6 subnet from your internet provider.%0a%3c %0a%3c Create the user znc:%0a%3c %0a%3c %3ccode>%0a%3c $ doas adduser%0a%3c %3c/code>%0a%3c %0a%3c %3ccode>%0a%3c Name: znc%0a%3c Password: ****%0a%3c Fullname: znc%0a%3c Uid: 10%0a%3c Gid: 1017 (znc)%0a%3c Groups: znc %0a%3c Login Class: default%0a%3c HOME: /home/znc%0a%3c Shell: /sbin/nologin%0a%3c OK? (y/n) [y]: y%0a%3c %3c/code>%0a%3c %0a%3c I am not sure if this is necessary, but in /etc/login.conf, I add the following:%0a%3c %0a%3c %3ccode>%0a%3c znc:\%0a%3c :openfiles-cur=4096:\%0a%3c :openfiles-max=8182:\%0a%3c :openfiles=4096:\%0a%3c :stacksize-cur=48M:\%0a%3c :stacksize-max=48M:\%0a%3c :maxproc-max=infinity:\%0a%3c :maxproc-cur=4096:\%0a%3c :tc=daemon:%0a%3c %3c/code>%0a%3c %0a%3c I check to make sure znc is set to the right login class.%0a%3c %0a%3c %3ccode>%0a%3c $ doas vipw%0a%3c %3c/code>%0a%3c %0a%3c There should be a line with znc that looks like this (I check to make sure znc has the right login class; the '1001' is the uid, which you may find to be different from this example, but it should not be changed):%0a%3c %0a%3c %3ccode>%0a%3c znc:*:1001:1001:znc:0:0:znc:/home/znc:/sbin/nologin%0a%3c %3c/code>%0a%3c %0a%3c You will want to run cap_mkdb:%0a%3c %0a%3c %3ccode>%0a%3c $ doas cap_mkdb /etc/login.conf%0a%3c %3c/code>%0a%3c %0a%3c Now change znc shell to /bin/ksh , then continue with the steps below.%0a%3c %0a%3c %3ccode>%0a%3c $ doas su -c znc znc%0a%3c $ ulimit -a%0a%3c time(cpu-seconds) unlimited%0a%3c file(blocks) unlimited%0a%3c coredump(blocks) unlimited%0a%3c data(kbytes) 33554432%0a%3c stack(kbytes) 32768%0a%3c lockedmem(kbytes) 329478%0a%3c memory(kbytes) 985092%0a%3c nofiles(descriptors) 4096%0a%3c processes 1310%0a%3c %3c/code>%0a%3c %0a%3c %0a%3c I then set the default shell to /sbin/nologin (note: the '1001' is the uid, which you may find to be different from this example, but it should not be changed.):%0a%3c %0a%3c %3ccode>%0a%3c $ doas vipw%0a%3c %0a%3c ...%0a%3c %0a%3c znc:*:1001:1001:znc:0:0:znc:/home/znc:/sbin/nologin%0a%3c %3c/code>%0a%3c %0a%3c Run this install script (tested for OpenBSD 6.7 and znc-1.7.5) as root to put znc inside the chroot at /home/znc:%0a%3c %0a%3c %3ccode>%0a%3c mkdir -p /home/znc/usr/lib/%0a%3c mkdir -p /home/znc/usr/libexec/%0a%3c mkdir -p /home/znc/etc/ssl%0a%3c mkdir -p /home/znc/dev/%0a%3c mkdir -p /home/znc/var/run/%0a%3c mkdir -p /home/znc/home/znc/%0a%3c mknod -m 644 /home/znc/dev/random c 45 0%0a%3c mknod -m 644 /home/znc/dev/urandom c 45 2%0a%3c mknod -m 666 /home/znc/dev/null c 2 2%0a%3c cp /usr/lib/libc++.so.4.0 /home/znc/usr/lib/libc++.so.4.0%0a%3c cp /usr/lib/libc++abi.so.2.1 /home/znc/usr/lib/libc++abi.so.2.1%0a%3c cp /usr/lib/libc.so.96.0 /home/znc/usr/lib/libc.so.96.0%0a%3c cp /usr/lib/libcrypto.so.46.1 /home/znc/usr/lib/libcrypto.so.46.1%0a%3c cp /usr/lib/libm.so.10.1 /home/znc/usr/lib/libm.so.10.1%0a%3c cp /usr/lib/libpthread.so.26.1 /home/znc/usr/lib/libpthread.so.26.1%0a%3c cp /usr/lib/libssl.so.48.1 /home/znc/usr/lib/libssl.so.48.1%0a%3c cp /usr/lib/libz.so.5.0 /home/znc/usr/lib/libz.so.5.0%0a%3c cp /usr/libexec/ld.so /home/znc/usr/libexec/ld.so%0a%3c cp /etc/resolv.conf /home/znc/etc/resolv.conf%0a%3c cp /etc/ssl/cert.pem /home/znc/etc/ssl/cert.pem%0a%3c cp /var/run/ld.so.hints /home/znc/var/run/ld.so.hints%0a%3c pkg_add -B /home/znc znc%0a%3c chown -R root:wheel /home/znc/dev /home/znc/etc /home/znc/usr /home/znc/var%0a%3c chown -R znc:znc /home/znc/home/znc/%0a%3c %3c/code>%0a%3c %0a%3c At first, you will need to create a conf file:%0a%3c %0a%3c %3ccode>%0a%3c # export HOME=/home/znc/%0a%3c # chroot -u znc -g znc /home/znc znc --makeconf%0a%3c %3c/code>%0a%3c %0a%3c %3ccode>%0a%3c [ .. ] Checking for list of available modules...%0a%3c [ ** ] %0a%3c [ ** ] -- Global settings --%0a%3c [ ** ] %0a%3c [ ?? ] Listen on port (1025 to 65534): 31337%0a%3c [ ?? ] Listen using SSL (yes/no) [no]: yes%0a%3c [ ?? ] Listen using both IPv4 and IPv6 (yes/no) [yes]: no%0a%3c [ .. ] Verifying the listener...%0a%3c [ ** ] Unable to locate pem file: [/home/znc/.znc/znc.pem], creating it%0a%3c [ .. ] Writing Pem file [/home/znc/.znc/znc.pem]...%0a%3c [ ** ] Enabled global modules [webadmin]%0a%3c [ ** ] %0a%3c [ ** ] -- Admin user settings --%0a%3c [ ** ] %0a%3c [ ?? ] Username (alphanumeric): %0a%3c %3c/code>%0a%3c %0a%3c %3ccode>%0a%3c # cp /etc/ssl/my.example.com.fullchain.pem /home/znc/home/znc/.znc/%0a%3c # cp /etc/ssl/private/my.example.com.key /home/znc/home/znc/.znc/%0a%3c # chown znc:znc /home/znc/home/znc/.znc/my.example.com.*%0a%3c %3c/code>%0a%3c %0a%3c Inside ~:%0a%3c %0a%3c %3ccode>%0a%3c $ openssl dhparam -out dhparam.pem 2048%0a%3c $ doas chown znc:znc dhparam.pem%0a%3c $ doas mv dhparam.pem /home/znc/home/znc/.znc/%0a%3c %3c/code>%0a%3c %0a%3c Afterwards, to run znc:%0a%3c %0a%3c %3ccode>%0a%3c # export HOME=/home/znc%0a%3c # /usr/sbin/chroot -u znc -g znc /home/znc znc >>/var/log/znc.log 2>&1 &%0a%3c %3c/code>%0a%3c %0a%3c Creating a start script:%0a%3c %3ccode>%0a%3c doas touch /etc/rc.d/znc%0a%3c doas chmod +x /etc/rc.d/znc%0a%3c %3c/code>%0a%3c %0a%3c File contents:%0a%3c %3ccode>%0a%3c #!/bin/ksh%0a%3c #%0a%3c # $OpenBSD: znc,v 1.2 2018/01/11 19:27:07 rpe Exp $%0a%3c %0a%3c daemon_pidfile="/home/znc/home/znc/.znc/znc.pid"%0a%3c daemon="env HOME=/home/znc /usr/sbin/chroot -u znc -g znc /home/znc znc"%0a%3c %0a%3c %0a%3c service_stop() {%0a%3c if [ -f $daemon_pidfile ]; then%0a%3c pid=$(sed 's/[^0-9]*//g' $daemon_pidfile)%0a%3c kill $pid%0a%3c fi%0a%3c }%0a%3c %0a%3c case "$1" in%0a%3c stop)%0a%3c service_stop%0a%3c ;;%0a%3c esac%0a%3c %0a%3c %0a%3c . /etc/rc.d/rc.subr%0a%3c %0a%3c rc_reload=NO%0a%3c %0a%3c rc_cmd $1%0a%3c %3c/code>%0a%3c %0a%3c %3ccode>%0a%3c doas rcctl start znc%0a%3c doas rcctl stop znc%0a%3c %3c/code>%0a%3c %0a%3c Now you must add this rule in /etc/pf.conf:%0a%3c %0a%3c %3ccode>%0a%3c pass in log quick proto tcp to port {http https} keep state (max-src-conn 30, max-src-conn-rate 20/60)%0a%3c pass in log quick proto tcp to port { 1337 31337 } keep state (max 3000, max-src-conn 200) #bnc%0a%3c %3c/code>%0a%3c %0a%3c %3ccode>%0a%3c $ doas pfctl -f /etc/pf.conf%0a%3c %3c/code>%0a%3c %0a%3c (Here the steps are a bit out of chronology)%0a%3c %0a%3c To start the bouncer, I run this command:%0a%3c %0a%3c %3ccode>%0a%3c # HOME=/home/znc && /usr/sbin/chroot -u znc -g znc /home/znc znc >>/var/log/znc.log 2>&1 &%0a%3c %3c/code>%0a%3c %0a%3c If your bouncer is already online, make sure to save the config by logging into your irc client, connected to the bouncer:%0a%3c %0a%3c %3ccode>%0a%3c /msg *status saveconfig%0a%3c %3c/code>%0a%3c %0a%3c Then, go add this at the top of /home/znc/home/znc/.znc/configs/znc.conf (yes I deliberately ignore the warnings):%0a%3c %0a%3c %3ccode>%0a%3c AnonIPLimit = 10000%0a%3c AuthOnlyViaModule = false%0a%3c ConfigWriteDelay = 0%0a%3c ConnectDelay = 5%0a%3c HideVersion = false%0a%3c LoadModule = chansaver%0a%3c LoadModule = lastseen%0a%3c LoadModule = adminlog%0a%3c LoadModule = identfile%0a%3c LoadModule = webadmin%0a%3c LoadModule = certauth%0a%3c MaxBufferSize = 10000%0a%3c ProtectWebSessions = true%0a%3c SSLCertFile = /home/znc/.znc/my.example.com.fullchain.pem%0a%3c SSLDHParamFile = /home/znc/.znc/dhparam.pem%0a%3c SSLKeyFile = /home/znc/.znc/my.example.com.key%0a%3c PidFile = /home/znc/.znc/znc.pid%0a%3c ServerThrottle = 30%0a%3c Version = 1.7.5%0a%3c %0a%3c %3cListener listener0>%0a%3c AllowIRC = true%0a%3c AllowWeb = false%0a%3c Host = 192.168.1.1%0a%3c IPv4 = true%0a%3c IPv6 = false%0a%3c Port = 1337%0a%3c SSL = false%0a%3c URIPrefix = /%0a%3c %3c/Listener>%0a%3c %0a%3c %3cListener listener1>%0a%3c AllowIRC = true%0a%3c AllowWeb = false%0a%3c Host = 192.168.1.1%0a%3c IPv4 = true%0a%3c IPv6 = false%0a%3c Port = 31337%0a%3c SSL = true%0a%3c URIPrefix = /%0a%3c %3c/Listener>%0a%3c %0a%3c %3cListener listener2>%0a%3c AllowIRC = true%0a%3c AllowWeb = false%0a%3c Host = 2001:db8::%0a%3c IPv4 = false%0a%3c IPv6 = true%0a%3c Port = 1337%0a%3c SSL = false%0a%3c URIPrefix = /%0a%3c %3c/Listener>%0a%3c %0a%3c %3cListener listener3>%0a%3c AllowIRC = true%0a%3c AllowWeb = false%0a%3c Host = 2001:db8::%0a%3c IPv4 = false%0a%3c IPv6 = true%0a%3c Port = 31337%0a%3c SSL = true%0a%3c URIPrefix = /%0a%3c %3c/Listener>%0a%3c %0a%3c %3cListener listener4>%0a%3c AllowIRC = true%0a%3c AllowWeb = false%0a%3c Host = 127.0.0.1%0a%3c IPv4 = true%0a%3c IPv6 = false%0a%3c Port = 1337%0a%3c SSL = false%0a%3c URIPrefix = /%0a%3c %3c/Listener>%0a%3c %0a%3c %3cListener listener5>%0a%3c AllowIRC = false%0a%3c AllowWeb = true%0a%3c Host = 127.0.0.1%0a%3c IPv4 = true%0a%3c IPv6 = false%0a%3c Port = 1338%0a%3c SSL = false%0a%3c URIPrefix = /%0a%3c %3c/Listener>%0a%3c %3c/code>%0a%3c %0a%3c We will load the identfile module by default. This is necessary to provide proper ident using [[openbsd:irc:oidentd|oidentd]]. Please follow the instructions in the link to configure ident.%0a%3c %0a%3c I have znc bind to port 1338 without SSL for the web server. I will later use [[openbsd:net:relayd|relayd]] to provide TLS acceleration on port 443.%0a%3c %0a%3c Replace with your own IP addresses. Then, on your irc client logged into the bouncer:%0a%3c %0a%3c %3ccode>%0a%3c /msg *status rehash%0a%3c %3c/code>%0a%3c %0a%3c %3ccode>%0a%3c $ doas crontab -e%0a%3c %3c/code>%0a%3c %0a%3c Add a few lines to have ZNC reconnect every 5 minutes. ZNC will only connect if no other ZNC instance is running:%0a%3c %0a%3c %3ccode>%0a%3c HOME=/home/znc%0a%3c */5 * * * * /usr/sbin/chroot -u znc -g znc /home/znc znc >>/var/log/znc.log 2>&1 &%0a%3c %3c/code>%0a%3c %0a%3c To test the connection (and SSL certificate), run:%0a%3c %0a%3c %3ccode>%0a%3c $ openssl s_client -connect my.example.com:31337%0a%3c %3c/code>%0a%3c %0a%3c Make sure you have the proper SSL cert configured.%0a%3c %0a%3c While you are at it, you will want to redirect any plaintext requests to the webpanel on port 80 to use SSL on port 443. Add this to /etc/httpd.conf:%0a%3c %0a%3c %3ccode>%0a%3c server "bnc.example.com" {%0a%3c listen on * port 80%0a%3c location "/.well-known/acme-challenge/*" {%0a%3c root "/acme"%0a%3c request strip 2%0a%3c }%0a%3c location * {%0a%3c block return 302 "https://$HTTP_HOST$REQUEST_URI"%0a%3c }%0a%3c }%0a%3c %3c/code>%0a%3c %0a%3c Go ahead and reboot the web server:%0a%3c %0a%3c %3ccode>%0a%3c $ doas rcctl restart httpd%0a%3c %3c/code>%0a%3c %0a%3c Note: If you are using IPv6 and IPv4 for the same listener, perl IO::Socket::INET is unable to connect. Use two separate listeners.%0a\ No newline at end of file%0a
186 aa513bf8 2023-01-22 jrmu host:1597726139=38.81.163.143
