1 version=pmwiki-2.2.130 ordered=1 urlencoded=1
2 agent=w3m/0.5.3+git20210102
10 targets=Znc.Patch,Ftp.Usage,Tar.Usage,Tcpip.Ports,Tls.Overview,IPv4.Overview,IPv6.Overview,Acme-client.Configure,Dns.Vhost,Dns.Overview,DNS.RDNS,Dns.Records,Host.Usage,Kill.Usage,Ps.Usage,Tcpip.Sockets,Bouncer.Bouncer,Crontab.Edit
11 text=(:title Install ZNC from Source:)%0a%0a!! Overview%0a%0a[[https://wiki.znc.in|ZNC]] is an IRC bouncer. It runs on a server and stays connected after you turn off your computer or phone. It saves chat messages and replays them when you reconnect, and also helps to hide your IP address. If you are running it on IRCNow, your server may also offer DDoS protection to keep you online.%0a%0a!! Compiling from Source%0a%0a!!! Patched Source%0a%0aDue to a bug in OpenBSD 6.9, we have applied a [[znc/patch|custom patch to ZNC]]:%0a%0a[@%0a$ cd ~%0a$ ftp https://ircnow.org/software/znc-1.8.2b.tar.gz%0a@]%0a%0aOn OpenBSD, [[ftp/usage|ftp]] can also be used to download files from the web.%0a%0aFor [[tar/usage|tar]], the options xvzf stand for e(x)tract, (v)erbose, un(z)ip, and (f)ile.%0a%0a[@%0a$ tar xvzf znc-1.8.2b.tar.gz%0a@]%0a%0a!!! Building ZNC%0a%0aNext, we build ZNC:%0a%0a[@%0a$ cd znc-1.8.2%0a$ mkdir build%0a$ cd build%0a@]%0a%0aWe then use cmake to configure the files to install to ~/.local, then make and make install:%0a%0a[@%0a$ cmake .. -DCMAKE_INSTALL_PREFIX="$HOME/.local"%0a$ make%0a$ make install%0a@]%0a%0aYou should see this message:%0a%0a[@%0a ZNC was successfully installed.%0a You can use '/home/username/.local/bin/znc --makeconf'%0a to generate a config file.%0a%0a If you need help with using ZNC, please visit our wiki at:%0a http://znc.in%0a@]%0a%0a!! Creating znc.conf%0a%0aFollow the instructions to generate the config file:%0a%0a[@%0a$ ~/.local/bin/znc --makeconf%0a[ .. ] Checking for list of available modules...%0a[ ** ] %0a[ ** ] -- Global settings --%0a[ ** ] %0a[ ?? ] Listen on port (1025 to 65534): %0a@]%0a%0aIf you are on a shell account, you must use the [[tcpip/ports|ports]] that were reserved for your username.%0a%0a'''WARNING:''' Shell accounts users must '''not''' randomly choose ports. Shell accounts servers often have firewalls in place that will block ports not reserved to you. If you are unable to connect to ZNC, double check to see if the firewall is blocking the connection.%0a%0a[@%0a[ ?? ] Listen using SSL (yes/no) [no]: yes%0a[ ?? ] Listen using both IPv4 and IPv6 (yes/no) [yes]: no%0a@]%0a%0a[[tls/overview|SSL]] helps to encrypt messages sent between client and server. In other words, if you turn it on, messages sent from your IRC program to ZNC are kept secure. It's more trouble to set up, and some older IRC programs don't support it, so some users prefer to turn off SSL.%0a%0a'''WARNING''': Do '''not''' listen to both IPv4 and IPv6. There appears to be a bug in ZNC v1.8.2 on OpenBSD 6.9 where selecting 'yes' will cause IPv4 to stop working. Instead, as shown later in the guide, you can create separate listeners to allow listening for both IPv4 and IPv6.%0a%0a[[IPv4/overview|IPv4]] is the default networking protocol. [[IPv6/overview|IPv6]] is becoming more popular now, especially for mobile devices.%0a%0a[@%0a[ .. ] Verifying the listener...%0a[ ** ] Unable to locate pem file: [/home/username/.znc/znc.pem], creating it%0a[ .. ] Writing Pem file [/home/username/.znc/znc.pem]...%0a[ ** ] Enabled global modules [webadmin]%0a@]%0a%0aZNC will automatically create its own SSL certificate. This certificate, however, will be self-signed and hence will show up as invalid or untrusted by your IRC client. If you'd like a properly signed SSL certificate, ask your sysadmin or request one yourself using [[acme-client/configure|acme-client]].%0a%0a[@%0a[ ** ] %0a[ ** ] -- Admin user settings --%0a[ ** ] %0a[ ?? ] Username (alphanumeric): username%0a[ ?? ] Enter password: %0a[ ?? ] Confirm password: %0a[ ?? ] Nick [username]: %0a[ ?? ] Alternate nick [username_]: %0a[ ?? ] Ident [username]: %0a[ ?? ] Real name (optional): username%0a@]%0a%0a!!! Bindhosts%0a%0aNext, you'll be asked to specify an optional bindhost. The bindhost will give you a nice-looking vhost, like @@username@username.example.com@@.%0a%0a'''WARNING''': You cannot pick any arbitrary [[dns/vhost|bindhost]] that you want. If your bindhost does not work, your vhost will not show up properly, and you may not be able to connect at all!%0a%0aA vhost must have proper [[dns/overview|forward]] and [[DNS/rDNS|reverse DNS]] [[dns/records|records]] to work. If you're using an IRCNow shell account, you should have been provided with one at registration. You can also ask your sysadmin to change it for you, or leave it blank.%0a%0aTo test if your bindhost works properly, check the [[host/usage|host]] guide. You will want to run host on your bindhost:%0a%0a[@%0a$ host username.example.com%0ausername.example.com has address 192.168.1.1%0ausername.example.com has IPv6 address 2001:bd8::%0a@]%0a%0aYour bindhost should show both an IPv4 and IPv6 address. If it's missing an IPv4 address, it can '''only''' connect by IPv6 to an IRC network. If it's missing an IPv6 address, then it can '''only''' connect by IPv4 to an IRC network. If it's missing both, it '''cannot''' connect to '''any''' network.%0a%0aFor this reason, you don't want to put an IPv6 address directly into the bindhost. This prevents ZNC from being able to connect to an IPv4 only network. Instead, you want to use a hostname that has both [[dns/records|A and AAAA records]] defined in [[dns/overview|DNS]].%0a%0a[@%0a[ ?? ] Bind host (optional): username.example.com%0a@]%0a%0a!!! User Modules%0a%0aYou'll want to enable all the user modules:%0a%0a[@%0a[ ** ] Enabled user modules [chansaver, controlpanel]%0a[ ** ] %0a@]%0a%0a!!! Set Up a Network%0a%0aYou can optionally set up a network at this stage:%0a%0a[@%0a[ ?? ] Set up a network? (yes/no) [yes]: yes %0a[ ** ] %0a[ ** ] -- Network settings --%0a[ ** ] %0a[ ?? ] Name [freenode]: ircnow%0a[ ?? ] Server host (host only): irc6.ircnow.org%0a[ ?? ] Server uses SSL? (yes/no) [no]: yes%0a[ ?? ] Server port (1 to 65535) [6697]: %0a[ ?? ] Server password (probably empty): %0a[ ?? ] Initial channels: #ircnow%0a[ ** ] Enabled network modules [simple_away]%0a[ ** ] %0a[ .. ] Writing config [/home/username/.znc/configs/znc.conf]...%0a@]%0a%0aThis will cause ZNC to automatically connect to your favorite network (IRCNow).%0a%0aNext, it's better '''not''' to launch ZNC. There are still some settings you will want to add and configure:%0a%0a[@%0a[ ** ] To connect to this ZNC you need to connect to it as your IRC server%0a[ ** ] using the port that you supplied. You have to supply your login info%0a[ ** ] as the IRC server password like this: user/network:pass.%0a[ ** ] %0a[ ** ] Try something like this in your IRC client...%0a[ ** ] /server %3cznc_server_ip> +12345 username:%3cpass>%0a[ ** ] %0a[ ** ] To manage settings, users and networks, point your web browser to%0a[ ** ] https://%3cznc_server_ip>:12345/%0a[ ** ] %0a[ ?? ] Launch ZNC now? (yes/no) [yes]: no%0a@]%0a%0a!!! Stop ZNC%0a%0aIf you accidentally launch ZNC, you will see:%0a%0a[@%0a[ .. ] Opening config [/home/username/.znc/configs/znc.conf]...%0a[ .. ] Loading global module [webadmin]...%0a[ .. ] Binding to port [+12345]...%0a[ ** ] Loading user [username]%0a[ ** ] Loading network [ircnow]%0a[ .. ] Loading network module [simple_away]...%0a[ >> ] [/home/username/.local/lib/znc/simple_away.so]%0a[ .. ] Adding 1 servers...%0a[ .. ] Loading user module [chansaver]...%0a[ .. ] Loading user module [controlpanel]...%0a[ .. ] Forking into the background...%0a[ >> ] [pid: 86542]%0a[ ** ] ZNC 1.8.2 - https://znc.in%0a@]%0a%0aTo stop ZNC once it is launched, you can [[kill/usage|kill]] it:%0a%0a[@%0a$ kill -TERM %3cpid>%0a@]%0a%0aYou will want to replace %3cpid> with the [[ps/usage|process ID]] you see above (86542):%0a%0a[@%0a$ kill -TERM 86542%0a@]%0a%0aThis will send a (TERM)ination signal to ZNC so that it dies.%0a%0a'''NOTE''': You will need to replace 8542 with your process ID.%0a%0aIf you don't know the process ID, you can type:%0a%0a[@%0a$ ps -U %3cusername> | grep znc%0a@]%0a%0aReplace %3cusername> with your username.%0a%0a!! Recreate znc.conf%0a%0aIf at any time you mess up the configuration, you can delete your znc.conf%0aand rerun the makeconf command again:%0a%0a[@%0a$ rm ~/.znc/configs/znc.conf%0a$ ~/.local/bin/znc --makeconf%0a@]%0a%0a!! Configuration%0a%0aHere are some recommended changes to make to the default znc.conf so that it works nicely. Replace the top portion of znc.conf with these settings:%0a%0a[@%0aAnonIPLimit = 10000%0aAuthOnlyViaModule = false%0aConfigWriteDelay = 60%0aConnectDelay = 1%0aHideVersion = false%0aMaxBufferSize = 10000%0aProtectWebSessions = true%0aServerThrottle = 1%0aVersion = 1.8.2%0a@]%0a%0a'''WARNING''': Do not duplicate listeners or settings, or else ZNC will fail.%0a%0aFor a full explanation of these settings, please consult the [[https://wiki.znc.in/Configuration|ZNC wiki]].%0a%0aNext, we load the following modules:%0a%0a[@%0aLoadModule = chansaver%0aLoadModule = adminlog%0aLoadModule = certauth%0aPidFile = /home/znc/.znc/znc.pid%0a@]%0a%0aIf you want to store logs on the shell account, you can add this line:%0a%0a[@%0aLoadModule = log%0a@]%0a%0a'''NOTE''': sysadmins can read logs stored on the server. Also, in the event of a security breach, an attacker can also read these logs.%0a%0a!!! SSL certs (Optional)%0a%0aIf you want properly validating SSL certs, you can add these lines to set the paths for the SSL files:%0a%0a[@%0aSSLCertFile = /home/znc/.znc/username.example.com.crt%0aSSLKeyFile = /home/znc/.znc/username.example.com.key%0aSSLDHParamFile = /home/znc/.znc/dhparam.pem%0a@]%0a%0a'''NOTE''': For the SSL certs, you will need to ask the admin. You will need to replace username.example.com with the unique hostname that your admin provides.%0a%0a'''WARNING: If you did not yet generate your own SSL certs, don't add these lines!%0a%0a!!! Listeners%0a%0aNext, you'll want to create listeners. Each listener specifies a unique combination of IP address and port ([[tcpip/sockets|a TCP socket]]):%0a%0a[@%0a%3cListener listener0>%0a AllowIRC = true%0a AllowWeb = false%0a Host = 192.168.1.1%0a IPv4 = true%0a IPv6 = false%0a Port = 1337%0a SSL = false%0a URIPrefix = /%0a%3c/Listener>%0a%0a%3cListener listener1>%0a AllowIRC = true%0a AllowWeb = false%0a Host = 192.168.1.1%0a IPv4 = true%0a IPv6 = false%0a Port = 31337%0a SSL = true%0a URIPrefix = /%0a%3c/Listener>%0a%0a%3cListener listener2>%0a AllowIRC = true%0a AllowWeb = false%0a Host = 2001:db8::%0a IPv4 = false%0a IPv6 = true%0a Port = 1337%0a SSL = false%0a URIPrefix = /%0a%3c/Listener>%0a%0a%3cListener listener3>%0a AllowIRC = true%0a AllowWeb = false%0a Host = 2001:db8::%0a IPv4 = false%0a IPv6 = true%0a Port = 31337%0a SSL = true%0a URIPrefix = /%0a%3c/Listener>%0a@]%0a%0a@@Host = 192.168.1.1@@ and @@Port = 1337@@ tells ZNC to [[tcpip/sockets|listen]] on that IP address. You '''must''' replace 192.168.1.1 and 2001:db8:: with your real IP addresses and you '''must''' replace 1337 and 31337 with the ports you were given during account registration.%0a%0a'''WARNING''': If you don't use the correct IP address and port, ZNC may refuse to launch, or you may be unable to connect.%0a%0aYou can find your IP addresses by running host on your unique hostname:%0a%0a[@%0a$ host username.example.com%0ausername.example.com has address 198.51.100.1%0ausername.example.com has IPv6 address fe80:c001:d00d::%0a@]%0a%0a'''WARNING''': You must replace 192.168.1.1 and 2001:db8:: with your real IP address, or znc will fail to launch.%0a%0a!! Run ZNC%0a%0aTo start ZNC right away:%0a%0a[@%0a$ ~/.local/bin/znc >> ~/.znc/znc.log 2>&1 &%0a@]%0a%0aThis will store all znc log messages to ~/.znc/znc.log. If ZNC fails to start or crashes, you can consult this file for the full error log.%0a%0a!! Connecting to ZNC%0a%0aFrom here, you will want to consult the [[bouncer/bouncer|ZNC client guides]]%0ato see how to connect to ZNC.%0a%0a!! Creating a cronjob%0a%0aYou will want to create a [[crontab/edit|cronjob]] which will restart znc every 5 minutes in case it ever crashes.%0a%0aThen, type:%0a%0a[@%0a$ crontab -e%0a*/5 * * * * ~/.local/bin/znc >> ~/.znc/znc.log 2>&1 &%0a@]%0a%0a'''NOTE:''' znc checks its own pid to see if it is running and quits if it is. Keep in mind this in mind when using cron to restart processes like this.%0a%0a!! Troubleshooting%0a%0aIf you run into errors, check the error log in ~/.znc/znc.log, or turn on debugging:%0a%0a[@%0a~/.local/bin/znc -D%0a@]%0a%0a!! Changing Password%0a%0aIf you forget the password set during --makeconf, you can generate a new one:%0a%0a[@%0a$ znc --makepass %0a[ ** ] Type your new password.%0a[ ?? ] Enter password: %0a[ ?? ] Confirm password: %0a[ ** ] Kill ZNC process, if it's running.%0a[ ** ] Then replace password in the %3cUser> section of your config with this:%0a%3cPass password>%0a Method = sha256%0a Hash = 49396054dc8263b573d11c9c01e43f89ee772f6dc89b3c630e6dffa9acea4a3e%0a Salt = ovexwSL50cC?jE2eCM?x%0a %3c/Pass>%0a[ ** ] After that start ZNC again, and you should be able to login with the new password.%0a@]%0a%0aThis gives the password block needed to use in your [[https://wiki.znc.in/Configuration|/home/znc/home/znc/.znc/configs/znc.conf]] file. %0a%0aFollow the instructions above: kill ZNC, edit your znc.conf to use the new password block, then restart znc. The new user section of your config will look something like this:%0a%0a[@%0a%3cUser username>%0a %3cPass password>%0a Method = sha256%0a Hash = 49396054dc8263b573d11c9c01e43f89ee772f6dc89b3c630e6dffa9acea4a3e%0a Salt = ovexwSL50cC?jE2eCM?x%0a %3c/Pass>%0a Admin = true%0a Nick = username%0a AltNick = username_%0a Ident = username%0a LoadModule = chansaver%0a LoadModule = controlpanel%0a%0a %3cNetwork example>%0a LoadModule = simple_away%0a Server = irc.example.com +6697 %0a %3cChan #channel>%0a %3c/Chan>%0a %3c/Network>%0a%3c/User>%0a@]%0a%0a!! Copying SSL certs (optional)%0a%0aIf you want to have properly validating SSL certs, your sysadmin can provide them for you in your ~/ssl/ folder. We will need to create a symbolic link for them to your znc folder:%0a%0a[@%0a$ ln -s ~/ssl/username.example.com.crt ~/.znc/username.example.com.crt%0a$ ln -s ~/ssl/username.example.com.key ~/.znc/username.example.com.key%0a@]%0a%0aYou must replace username.example.com with your actual hostname.%0a%0aAfterwards, we can create a dhparam file:%0a%0a[@%0a$ openssl dhparam -out ~/.znc/dhparam.pem 2048%0a@]%0a
13 title=Install ZNC from Source
14 author:1673135883=jrmu
15 diff:1673135883:1656696439:=269c269%0a%3c If you want properly validating SSL certs, you can add these lines to set the paths for the SSL files:%0a---%0a> If you want properly validating SSL certs, you can add these lines to set the paths for the SSL files and process ID (pid) files:%0a
16 host:1673135883=38.87.162.8
17 author:1656696439=jrmu
18 diff:1656696439:1654758817:=23a24,51%0a> @]%0a> %0a> !!! Upstream Source%0a> %0a> You can choose to use the upstream source code, but you must apply patches to get it to build properly.%0a> %0a> '''WARNING''': You must patch znc-1.8.2 to avoid a threading bug that causes segfaults and to fix a bug in the schat module.%0a> %0a> First, download the latest stable release:%0a> %0a> [@%0a> $ cd ~%0a> $ ftp https://znc.in/releases/znc-1.8.2.tar.gz%0a> @]%0a> %0a> It's best to verify the [[gpg/verify|gpg signature]]:%0a> %0a> [@%0a> $ doas pkg_add gnupg%0a> $ ftp https://znc.in/releases/znc-1.8.2.tar.gz.sig%0a> $ gpg2 --recv-key D5823CACB477191CAC0075555AE420CC0209989E%0a> $ gpg2 --verify znc-1.8.2.tar.gz.sig znc-1.8.2.tar.gz%0a> @]%0a> %0a> Next, [[tar/usage|extract and unzip]] the files:%0a> %0a> [@%0a> $ tar xvzf znc-1.8.2.tar.gz %0a
19 host:1656696439=38.87.162.8
20 author:1654758817=jrmu
21 diff:1654758817:1654758678:=258,261c258,260%0a%3c !! Configuration%0a%3c %0a%3c Here are some recommended changes to make to the default znc.conf so that it works nicely. Replace the top portion of znc.conf with these settings:%0a%3c %0a---%0a> !! Changing Password%0a> If you forget the password you set during the --makeconf, you can generate a new one like this:%0a> %0a263,271c262,273%0a%3c AnonIPLimit = 10000%0a%3c AuthOnlyViaModule = false%0a%3c ConfigWriteDelay = 60%0a%3c ConnectDelay = 1%0a%3c HideVersion = false%0a%3c MaxBufferSize = 10000%0a%3c ProtectWebSessions = true%0a%3c ServerThrottle = 1%0a%3c Version = 1.8.2%0a---%0a> $ znc --makepass %0a> [ ** ] Type your new password.%0a> [ ?? ] Enter password: %0a> [ ?? ] Confirm password: %0a> [ ** ] Kill ZNC process, if it's running.%0a> [ ** ] Then replace password in the %3cUser> section of your config with this:%0a> %3cPass password>%0a> Method = sha256%0a> Hash = 49396054dc8263b573d11c9c01e43f89ee772f6dc89b3c630e6dffa9acea4a3e%0a> Salt = ovexwSL50cC?jE2eCM?x%0a> %3c/Pass>%0a> [ ** ] After that start ZNC again, and you should be able to login with the new password.%0a274,279c276,279%0a%3c '''WARNING''': Do not duplicate listeners or settings, or else ZNC will fail.%0a%3c %0a%3c For a full explanation of these settings, please consult the [[https://wiki.znc.in/Configuration|ZNC wiki]].%0a%3c %0a%3c Next, we load the following modules:%0a%3c %0a---%0a> The example output above shows the hash generated for a password of "password". This gives you the password block you need to use in your [[https://wiki.znc.in/Configuration|/home/znc/home/znc/.znc/configs/znc.conf]] file. %0a> %0a> Follow the instructions above: kill ZNC, then edit your znc.conf to use the new password block. The new user section of your config will look something like this:%0a> %0a281,284c281,300%0a%3c LoadModule = chansaver%0a%3c LoadModule = adminlog%0a%3c LoadModule = certauth%0a%3c PidFile = /home/znc/.znc/znc.pid%0a---%0a> %3cUser username>%0a> %3cPass password>%0a> Method = sha256%0a> Hash = 49396054dc8263b573d11c9c01e43f89ee772f6dc89b3c630e6dffa9acea4a3e%0a> Salt = ovexwSL50cC?jE2eCM?x%0a> %3c/Pass>%0a> Admin = true%0a> Nick = username%0a> AltNick = username_%0a> Ident = username%0a> LoadModule = chansaver%0a> LoadModule = controlpanel%0a> %0a> %3cNetwork example>%0a> LoadModule = simple_away%0a> Server = irc.example.com +6697 %0a> %3cChan #channel>%0a> %3c/Chan>%0a> %3c/Network>%0a> %3c/User>%0a287,288c303,306%0a%3c If you want to store logs on the shell account, you can add this line:%0a%3c %0a---%0a> !! Copying SSL certs (optional)%0a> %0a> If you want to have properly validating SSL certs, your sysadmin can provide them for you in your ~/ssl/ folder. We will need to create a symbolic link for them to your znc folder:%0a> %0a290c308,309%0a%3c LoadModule = log%0a---%0a> $ ln -s ~/ssl/username.example.com.crt ~/.znc/username.example.com.crt%0a> $ ln -s ~/ssl/username.example.com.key ~/.znc/username.example.com.key%0a293,298c312,315%0a%3c '''NOTE''': sysadmins can read logs stored on the server. Also, in the event of a security breach, an attacker can also read these logs.%0a%3c %0a%3c !!! SSL certs (Optional)%0a%3c %0a%3c If you want properly validating SSL certs, you can add these lines to set the paths for the SSL files and process ID (pid) files:%0a%3c %0a---%0a> You must replace username.example.com with your actual hostname.%0a> %0a> Afterwards, we can create a dhparam file:%0a> %0a300,302c317%0a%3c SSLCertFile = /home/znc/.znc/username.example.com.crt%0a%3c SSLKeyFile = /home/znc/.znc/username.example.com.key%0a%3c SSLDHParamFile = /home/znc/.znc/dhparam.pem%0a---%0a> $ openssl dhparam -out ~/.znc/dhparam.pem 2048%0a305,312c320,323%0a%3c '''NOTE''': For the SSL certs, you will need to ask the admin. You will need to replace username.example.com with the unique hostname that your admin provides.%0a%3c %0a%3c '''WARNING: If you did not yet generate your own SSL certs, don't add these lines!%0a%3c %0a%3c !!! Listeners%0a%3c %0a%3c Next, you'll want to create listeners. Each listener specifies a unique combination of IP address and port ([[tcpip/sockets|a TCP socket]]):%0a%3c %0a---%0a> !! Configuration%0a> %0a> Here are some recommended changes to make to the default znc.conf so that it works nicely. Replace the top portion of znc.conf with these settings:%0a> %0a313a325,375%0a> AnonIPLimit = 10000%0a> AuthOnlyViaModule = false%0a> ConfigWriteDelay = 60%0a> ConnectDelay = 1%0a> HideVersion = false%0a> MaxBufferSize = 10000%0a> ProtectWebSessions = true%0a> ServerThrottle = 1%0a> Version = 1.8.2%0a> @]%0a> %0a> '''WARNING''': Do not duplicate listeners or settings, or else ZNC will fail.%0a> %0a> For a full explanation of these settings, please consult the [[https://wiki.znc.in/Configuration|ZNC wiki]].%0a> %0a> Next, we load the following modules:%0a> %0a> [@%0a> LoadModule = chansaver%0a> LoadModule = adminlog%0a> LoadModule = certauth%0a> PidFile = /home/znc/.znc/znc.pid%0a> @]%0a> %0a> If you want to store logs on the shell account, you can add this line:%0a> %0a> [@%0a> LoadModule = log%0a> @]%0a> %0a> '''NOTE''': sysadmins can read logs stored on the server. Also, in the event of a security breach, an attacker can also read these logs.%0a> %0a> !!! SSL certs (Optional)%0a> %0a> If you want properly validating SSL certs, you can add these lines to set the paths for the SSL files and process ID (pid) files:%0a> %0a> [@%0a> SSLCertFile = /home/znc/.znc/username.example.com.crt%0a> SSLKeyFile = /home/znc/.znc/username.example.com.key%0a> SSLDHParamFile = /home/znc/.znc/dhparam.pem%0a> @]%0a> %0a> '''NOTE''': For the SSL certs, you will need to ask the admin. You will need to replace username.example.com with the unique hostname that your admin provides.%0a> %0a> '''WARNING: If you did not yet generate your own SSL certs, don't add these lines!%0a> %0a> !!! Listeners%0a> %0a> Next, you'll want to create listeners. Each listener specifies a unique combination of IP address and port ([[tcpip/sockets|a TCP socket]]):%0a> %0a> [@%0a407,469d468%0a%3c @]%0a%3c %0a%3c !! Changing Password%0a%3c %0a%3c If you forget the password set during --makeconf, you can generate a new one:%0a%3c %0a%3c [@%0a%3c $ znc --makepass %0a%3c [ ** ] Type your new password.%0a%3c [ ?? ] Enter password: %0a%3c [ ?? ] Confirm password: %0a%3c [ ** ] Kill ZNC process, if it's running.%0a%3c [ ** ] Then replace password in the %3cUser> section of your config with this:%0a%3c %3cPass password>%0a%3c Method = sha256%0a%3c Hash = 49396054dc8263b573d11c9c01e43f89ee772f6dc89b3c630e6dffa9acea4a3e%0a%3c Salt = ovexwSL50cC?jE2eCM?x%0a%3c %3c/Pass>%0a%3c [ ** ] After that start ZNC again, and you should be able to login with the new password.%0a%3c @]%0a%3c %0a%3c This gives the password block needed to use in your [[https://wiki.znc.in/Configuration|/home/znc/home/znc/.znc/configs/znc.conf]] file. %0a%3c %0a%3c Follow the instructions above: kill ZNC, edit your znc.conf to use the new password block, then restart znc. The new user section of your config will look something like this:%0a%3c %0a%3c [@%0a%3c %3cUser username>%0a%3c %3cPass password>%0a%3c Method = sha256%0a%3c Hash = 49396054dc8263b573d11c9c01e43f89ee772f6dc89b3c630e6dffa9acea4a3e%0a%3c Salt = ovexwSL50cC?jE2eCM?x%0a%3c %3c/Pass>%0a%3c Admin = true%0a%3c Nick = username%0a%3c AltNick = username_%0a%3c Ident = username%0a%3c LoadModule = chansaver%0a%3c LoadModule = controlpanel%0a%3c %0a%3c %3cNetwork example>%0a%3c LoadModule = simple_away%0a%3c Server = irc.example.com +6697 %0a%3c %3cChan #channel>%0a%3c %3c/Chan>%0a%3c %3c/Network>%0a%3c %3c/User>%0a%3c @]%0a%3c %0a%3c !! Copying SSL certs (optional)%0a%3c %0a%3c If you want to have properly validating SSL certs, your sysadmin can provide them for you in your ~/ssl/ folder. We will need to create a symbolic link for them to your znc folder:%0a%3c %0a%3c [@%0a%3c $ ln -s ~/ssl/username.example.com.crt ~/.znc/username.example.com.crt%0a%3c $ ln -s ~/ssl/username.example.com.key ~/.znc/username.example.com.key%0a%3c @]%0a%3c %0a%3c You must replace username.example.com with your actual hostname.%0a%3c %0a%3c Afterwards, we can create a dhparam file:%0a%3c %0a%3c [@%0a%3c $ openssl dhparam -out ~/.znc/dhparam.pem 2048%0a
22 host:1654758817=38.87.162.154
23 author:1654758678=jrmu
24 diff:1654758678:1654758652:=188c188%0a%3c Next, it's better '''not''' to launch ZNC. There are still some settings you will want to add and configure:%0a---%0a> Next, it's better *not* to launch ZNC. There are still some settings you will want to add and configure:%0a
25 host:1654758678=38.87.162.154
26 author:1654758652=jrmu
27 diff:1654758652:1654758533:=39,40c39,40%0a%3c It's best to verify the [[gpg/verify|gpg signature]]:%0a%3c %0a---%0a> We recommend you verify the [[gpg/verify|gpg signature]]:%0a> %0a188c188%0a%3c Next, it's better *not* to launch ZNC. There are still some settings you will want to add and configure:%0a---%0a> Next, I recommend *not* launching ZNC. There are still some settings you will want to add and configure:%0a
28 host:1654758652=38.87.162.154
29 author:1654758533=jrmu
30 diff:1654758533:1654475506:minor=107c107%0a%3c '''WARNING''': Do '''not''' listen to both IPv4 and IPv6. There appears to be a bug in ZNC v1.8.2 on OpenBSD 6.9 where selecting 'yes' will cause IPv4 to stop working. Instead, as shown later in the guide, you can create separate listeners to allow listening for both IPv4 and IPv6.%0a---%0a> '''WARNING''': Do '''not''' listen to both IPv4 and IPv6. There appears to be a bug in ZNC v1.8.2 on OpenBSD 6.9 where selecting 'yes' will cause IPv4 to stop working. Instead, as shown later in the guide, you can create separate listeners to allow listening to both IPv4 and IPv6.%0a
31 host:1654758533=38.87.162.154
32 author:1654475506=jrmu
33 diff:1654475506:1654475346:=369,370c369,370%0a%3c '''WARNING: If you did not yet generate your own SSL certs, don't add these lines!%0a%3c %0a---%0a> '''WARNING: You must '''not''' use username.example.com or else your SSL certificates will not load properly and your ZNC will not be able to offer SSL encryption. If you do not have your own SSL certs, then don't add these lines!%0a> %0a421,423c421%0a%3c @@Host = 192.168.1.1@@ and @@Port = 1337@@ tells ZNC to [[tcpip/sockets|listen]] on that IP address. You '''must''' replace 192.168.1.1 and 2001:db8:: with your real IP addresses and you '''must''' replace 1337 and 31337 with the ports you were given during account registration.%0a%3c %0a%3c '''WARNING''': If you don't use the correct IP address and port, ZNC may refuse to launch, or you may be unable to connect.%0a---%0a> @@Host = 192.168.1.1@@ and @@Port = 1337@@ tells ZNC to [[tcpip/sockets|listen]] on that IP address. You '''must''' replace 192.168.1.1 and 2001:db8:: with your real IP addresses and you '''must''' replace 1337 and 31337 with the ports you were given during account registration. If you don't use the correct IP address and port, ZNC may refuse to launch, or you may be unable to connect.%0a
34 host:1654475506=38.87.162.154
35 author:1654475346=jrmu
36 diff:1654475346:1654475217:=276,278c276,277%0a%3c The example output above shows the hash generated for a password of "password". This gives you the password block you need to use in your [[https://wiki.znc.in/Configuration|/home/znc/home/znc/.znc/configs/znc.conf]] file. %0a%3c %0a%3c Follow the instructions above: kill ZNC, then edit your znc.conf to use the new password block. The new user section of your config will look something like this:%0a---%0a> The example output above shows the hash generated for a password of "password". This gives you the password block you need to add to your [[https://wiki.znc.in/Configuration|/home/znc/home/znc/.znc/configs/znc.conf]] file. %0a> '''NOTE:''' You'll need to replace the original generated Pass = line. The new user section of your config will look something like this:%0a
37 host:1654475346=38.87.162.154
38 author:1654475217=jrmu
39 diff:1654475217:1654474890:=262c262%0a%3c $ znc --makepass %0a---%0a> # /usr/sbin/chroot -u znc -g znc /home/znc znc --makepass %0a
40 host:1654475217=38.87.162.154
41 author:1654474890=jrmu
42 diff:1654474890:1654474823:=137c137%0a%3c '''WARNING''': You cannot pick any arbitrary [[dns/vhost|bindhost]] that you want. If your bindhost does not work, your vhost will not show up properly, and you may not be able to connect at all!%0a---%0a> '''WARNING''': You cannot pick any arbitrary [[dns/vhost|bindhost]] that you want. If you bindhost does not work, your vhost will not show up properly, and you may not be able to connect at all!%0a
43 host:1654474890=38.87.162.154
44 author:1654474823=jrmu
45 diff:1654474823:1654474806:=11c11%0a%3c Due to a bug in OpenBSD 6.9, we have applied a [[znc/patch|custom patch to ZNC]]:%0a---%0a> Due to a bug in OpenBSD, we have applied a [[znc/patch|custom patch to ZNC]]:%0a
46 host:1654474823=38.87.162.154
47 author:1654474806=jrmu
48 diff:1654474806:1654474779:=11c11%0a%3c Due to a bug in OpenBSD, we have applied a [[znc/patch|custom patch to ZNC]]:%0a---%0a> Due to a bug in OpenBSD 6.9, we have applied a [[znc/patch|custom patch to ZNC]]:%0a
49 host:1654474806=38.87.162.154
50 author:1654474779=jrmu
51 diff:1654474779:1652935636:=11,12c11,12%0a%3c Due to a bug in OpenBSD 6.9, we have applied a [[znc/patch|custom patch to ZNC]]:%0a%3c %0a---%0a> Due to a bug in OpenBSD 6.9, we have applied a custom patch to ZNC to avoid segfaults on multicore servers:%0a> %0a14,15c14,23%0a%3c $ cd ~%0a%3c $ ftp https://ircnow.org/software/znc-1.8.2b.tar.gz%0a---%0a> diff -ru znc-1.8.2-old/src/main.cpp znc-1.8.2-new/src/main.cpp%0a> --- znc-1.8.2-old/src/main.cpp Mon Sep 7 18:57:50 2020%0a> +++ znc-1.8.2-new/src/main.cpp Thu Dec 24 17:04:37 2020%0a> @@ -292,6 +292,7 @@%0a> }%0a> %0a> int main(int argc, char** argv) {%0a> + pthread_attr_t a; pthread_attr_init(&a);%0a> CString sConfig;%0a> CString sDataDir = "";%0a18,21c26,27%0a%3c On OpenBSD, [[ftp/usage|ftp]] can also be used to download files from the web.%0a%3c %0a%3c For [[tar/usage|tar]], the options xvzf stand for e(x)tract, (v)erbose, un(z)ip, and (f)ile.%0a%3c %0a---%0a> The schat module also needs patching for [[libressl/intro|libreSSL]]:%0a> %0a23c29,42%0a%3c $ tar xvzf znc-1.8.2b.tar.gz%0a---%0a> --- modules/schat.cpp.orig%0a> +++ modules/schat.cpp%0a> @@ -25,8 +25,8 @@%0a> #include %3cznc/User.h>%0a> #include %3cznc/IRCNetwork.h>%0a> %0a> -#if !defined(OPENSSL_VERSION_NUMBER) || defined(LIBRESSL_VERSION_NUMBER) || \%0a> - OPENSSL_VERSION_NUMBER %3c 0x10100007%0a> +#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER %3c 0x10100007 || \%0a> + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER %3c 0x3040000fL)%0a> /* SSL_SESSION was made opaque in OpenSSL 1.1.0, cipher accessor was added 2%0a> weeks before the public release.%0a> See openssl/openssl@e92813234318635639dba0168c7ef5568757449b.%0a> */%0a26,33c45,98%0a%3c !!! Upstream Source%0a%3c %0a%3c You can choose to use the upstream source code, but you must apply patches to get it to build properly.%0a%3c %0a%3c '''WARNING''': You must patch znc-1.8.2 to avoid a threading bug that causes segfaults and to fix a bug in the schat module.%0a%3c %0a%3c First, download the latest stable release:%0a%3c %0a---%0a> @@crypt.cpp@@ also needs to be patched:%0a> %0a> [@%0a> DH_set0_pqg() has been available since LibreSSL version 2.7. This version%0a> won't compile with opaque DH in LibreSSL 3.5.%0a> %0a> Index: modules/crypt.cpp%0a> --- modules/crypt.cpp.orig%0a> +++ modules/crypt.cpp%0a> @@ -68,7 +68,7 @@ class CCryptMod : public CModule {%0a> CString m_sPrivKey;%0a> CString m_sPubKey;%0a> %0a> -#if OPENSSL_VERSION_NUMBER %3c 0X10100000L || defined(LIBRESSL_VERSION_NUMBER)%0a> +#if OPENSSL_VERSION_NUMBER %3c 0X10100000L%0a> static int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g) {%0a> /* If the fields p and g in dh are nullptr, the corresponding input%0a> * parameters MUST be non-nullptr. q may remain nullptr.%0a> @]%0a> %0a> [@%0a> diff -u znc-1.8.2/CMakeLists.txt.orig znc-1.8.2/CMakeLists.txt%0a> --- znc-1.8.2/CMakeLists.txt.orig Mon Sep 7 18:57:50 2020%0a> +++ znc-1.8.2/CMakeLists.txt Fri May 6 03:50:26 2022%0a> @@ -44,6 +44,7 @@%0a> include(TestCXX11)%0a> set(CMAKE_CXX_STANDARD 11)%0a> set(CMAKE_CXX_STANDARD_REQUIRED true)%0a> +set(CMAKE_CXX_FLAGS "-DHAVE_OPAQUE_SSL" CACHE STRING "compile flags" FORCE)%0a> if(NOT CYGWIN)%0a> # We don't want to use -std=gnu++11 instead of -std=c++11, but among other%0a> # things, -std=c++11 on cygwin defines __STRICT_ANSI__ which makes cygwin%0a> @]%0a> %0a> IRCNow provides a patched version of ZNC:%0a> %0a> [@%0a> $ cd ~%0a> $ ftp https://ircnow.org/software/znc-1.8.2b.tar.gz%0a> @]%0a> %0a> On OpenBSD, [[ftp/usage|ftp]] can also be used to download files from the web.%0a> %0a> For [[tar/usage|tar]], the options xvzf stand for e(x)tract, (v)erbose, un(z)ip, and (f)ile.%0a> %0a> [@%0a> $ tar xvzf znc-1.8.2b.tar.gz%0a> @]%0a> %0a> !!! Upstream Source%0a> %0a> You can choose to use the upstream source code, but you must apply patches to get it to build properly.%0a> %0a> '''WARNING''': If you are on OpenBSD 7.0, you must patch znc-1.8.2 to avoid a threading bug that causes segfaults and to fix a bug in the schat module.%0a
52 host:1654474779=38.87.162.154
53 author:1652935636=jrmu
54 diff:1652935636:1651874548:=135c135%0a%3c $ cmake .. -DCMAKE_INSTALL_PREFIX="$HOME/.local"%0a---%0a> $ cmake ..%0a
55 host:1652935636=38.87.162.8
56 author:1651874548=jrmu
57 diff:1651874548:1651823904:=135c135%0a%3c $ cmake ..%0a---%0a> $ cmake .. -DCMAKE_INSTALL_PREFIX="$HOME/.local"%0a
58 host:1651874548=38.87.162.154
59 author:1651823904=jrmu
60 diff:1651823904:1651823622:=43,76d42%0a%3c @]%0a%3c %0a%3c @@crypt.cpp@@ also needs to be patched:%0a%3c %0a%3c [@%0a%3c DH_set0_pqg() has been available since LibreSSL version 2.7. This version%0a%3c won't compile with opaque DH in LibreSSL 3.5.%0a%3c %0a%3c Index: modules/crypt.cpp%0a%3c --- modules/crypt.cpp.orig%0a%3c +++ modules/crypt.cpp%0a%3c @@ -68,7 +68,7 @@ class CCryptMod : public CModule {%0a%3c CString m_sPrivKey;%0a%3c CString m_sPubKey;%0a%3c %0a%3c -#if OPENSSL_VERSION_NUMBER %3c 0X10100000L || defined(LIBRESSL_VERSION_NUMBER)%0a%3c +#if OPENSSL_VERSION_NUMBER %3c 0X10100000L%0a%3c static int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g) {%0a%3c /* If the fields p and g in dh are nullptr, the corresponding input%0a%3c * parameters MUST be non-nullptr. q may remain nullptr.%0a%3c @]%0a%3c %0a%3c [@%0a%3c diff -u znc-1.8.2/CMakeLists.txt.orig znc-1.8.2/CMakeLists.txt%0a%3c --- znc-1.8.2/CMakeLists.txt.orig Mon Sep 7 18:57:50 2020%0a%3c +++ znc-1.8.2/CMakeLists.txt Fri May 6 03:50:26 2022%0a%3c @@ -44,6 +44,7 @@%0a%3c include(TestCXX11)%0a%3c set(CMAKE_CXX_STANDARD 11)%0a%3c set(CMAKE_CXX_STANDARD_REQUIRED true)%0a%3c +set(CMAKE_CXX_FLAGS "-DHAVE_OPAQUE_SSL" CACHE STRING "compile flags" FORCE)%0a%3c if(NOT CYGWIN)%0a%3c # We don't want to use -std=gnu++11 instead of -std=c++11, but among other%0a%3c # things, -std=c++11 on cygwin defines __STRICT_ANSI__ which makes cygwin%0a
61 host:1651823904=38.87.162.154
62 author:1651823622=jrmu
63 diff:1651823622:1647356519:=49c49%0a%3c $ ftp https://ircnow.org/software/znc-1.8.2b.tar.gz%0a---%0a> $ ftp https://ircnow.org/software/znc-1.8.2a.tar.gz%0a57c57%0a%3c $ tar xvzf znc-1.8.2b.tar.gz%0a---%0a> $ tar xvzf znc-1.8.2a.tar.gz%0a
64 host:1651823622=38.87.162.8
65 author:1647356519=jrmu
66 diff:1647356519:1645129632:=35c35,36%0a%3c -#if !defined(OPENSSL_VERSION_NUMBER) || defined(LIBRESSL_VERSION_NUMBER) || \%0a---%0a> -#if !defined(OPENSSL_VERSION_NUMBER) || defined(LIBRESSL_VERS%0a> ION_NUMBER) || \%0a37,39c38,43%0a%3c +#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER %3c 0x10100007 || \%0a%3c + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER %3c 0x3040000fL)%0a%3c /* SSL_SESSION was made opaque in OpenSSL 1.1.0, cipher accessor was added 2%0a---%0a> +#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBE%0a> R %3c 0x10100007 || \%0a> + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUM%0a> BER %3c 0x3040000fL)%0a> /* SSL_SESSION was made opaque in OpenSSL 1.1.0, cipher acces%0a> sor was added 2%0a
67 host:1647356519=38.87.162.8
68 author:1645129632=izzyb
69 csum:1645129632=added note to Creating a Cronjob; added Changing Password section
70 diff:1645129632:1642876856:=296,298c296,299%0a%3c !! Changing Password%0a%3c If you forget the password you set during the --makeconf, you can generate a new one like this:%0a%3c %0a---%0a> !! Copying SSL certs (optional)%0a> %0a> If you want to have properly validating SSL certs, your sysadmin can provide them for you in your ~/ssl/ folder. We will need to create a symbolic link for them to your znc folder:%0a> %0a300,311c301,302%0a%3c # /usr/sbin/chroot -u znc -g znc /home/znc znc --makepass %0a%3c [ ** ] Type your new password.%0a%3c [ ?? ] Enter password: %0a%3c [ ?? ] Confirm password: %0a%3c [ ** ] Kill ZNC process, if it's running.%0a%3c [ ** ] Then replace password in the %3cUser> section of your config with this:%0a%3c %3cPass password>%0a%3c Method = sha256%0a%3c Hash = 49396054dc8263b573d11c9c01e43f89ee772f6dc89b3c630e6dffa9acea4a3e%0a%3c Salt = ovexwSL50cC?jE2eCM?x%0a%3c %3c/Pass>%0a%3c [ ** ] After that start ZNC again, and you should be able to login with the new password.%0a---%0a> $ ln -s ~/ssl/username.example.com.crt ~/.znc/username.example.com.crt%0a> $ ln -s ~/ssl/username.example.com.key ~/.znc/username.example.com.key%0a314,316c305,308%0a%3c The example output above shows the hash generated for a password of "password". This gives you the password block you need to add to your [[https://wiki.znc.in/Configuration|/home/znc/home/znc/.znc/configs/znc.conf]] file. %0a%3c '''NOTE:''' You'll need to replace the original generated Pass = line. The new user section of your config will look something like this:%0a%3c %0a---%0a> You must replace username.example.com with your actual hostname.%0a> %0a> Afterwards, we can create a dhparam file:%0a> %0a318,337c310%0a%3c %3cUser username>%0a%3c %3cPass password>%0a%3c Method = sha256%0a%3c Hash = 49396054dc8263b573d11c9c01e43f89ee772f6dc89b3c630e6dffa9acea4a3e%0a%3c Salt = ovexwSL50cC?jE2eCM?x%0a%3c %3c/Pass>%0a%3c Admin = true%0a%3c Nick = username%0a%3c AltNick = username_%0a%3c Ident = username%0a%3c LoadModule = chansaver%0a%3c LoadModule = controlpanel%0a%3c %0a%3c %3cNetwork example>%0a%3c LoadModule = simple_away%0a%3c Server = irc.example.com +6697 %0a%3c %3cChan #channel>%0a%3c %3c/Chan>%0a%3c %3c/Network>%0a%3c %3c/User>%0a---%0a> $ openssl dhparam -out ~/.znc/dhparam.pem 2048%0a340,343c313,316%0a%3c !! Copying SSL certs (optional)%0a%3c %0a%3c If you want to have properly validating SSL certs, your sysadmin can provide them for you in your ~/ssl/ folder. We will need to create a symbolic link for them to your znc folder:%0a%3c %0a---%0a> !! Configuration%0a> %0a> Here are some recommended changes to make to the default znc.conf so that it works nicely. Replace the top portion of znc.conf with these settings:%0a> %0a345,346c318,326%0a%3c $ ln -s ~/ssl/username.example.com.crt ~/.znc/username.example.com.crt%0a%3c $ ln -s ~/ssl/username.example.com.key ~/.znc/username.example.com.key%0a---%0a> AnonIPLimit = 10000%0a> AuthOnlyViaModule = false%0a> ConfigWriteDelay = 60%0a> ConnectDelay = 1%0a> HideVersion = false%0a> MaxBufferSize = 10000%0a> ProtectWebSessions = true%0a> ServerThrottle = 1%0a> Version = 1.8.2%0a349,352c329,334%0a%3c You must replace username.example.com with your actual hostname.%0a%3c %0a%3c Afterwards, we can create a dhparam file:%0a%3c %0a---%0a> '''WARNING''': Do not duplicate listeners or settings, or else ZNC will fail.%0a> %0a> For a full explanation of these settings, please consult the [[https://wiki.znc.in/Configuration|ZNC wiki]].%0a> %0a> Next, we load the following modules:%0a> %0a354c336,339%0a%3c $ openssl dhparam -out ~/.znc/dhparam.pem 2048%0a---%0a> LoadModule = chansaver%0a> LoadModule = adminlog%0a> LoadModule = certauth%0a> PidFile = /home/znc/.znc/znc.pid%0a357,360c342,343%0a%3c !! Configuration%0a%3c %0a%3c Here are some recommended changes to make to the default znc.conf so that it works nicely. Replace the top portion of znc.conf with these settings:%0a%3c %0a---%0a> If you want to store logs on the shell account, you can add this line:%0a> %0a362,370c345%0a%3c AnonIPLimit = 10000%0a%3c AuthOnlyViaModule = false%0a%3c ConfigWriteDelay = 60%0a%3c ConnectDelay = 1%0a%3c HideVersion = false%0a%3c MaxBufferSize = 10000%0a%3c ProtectWebSessions = true%0a%3c ServerThrottle = 1%0a%3c Version = 1.8.2%0a---%0a> LoadModule = log%0a373,378c348,353%0a%3c '''WARNING''': Do not duplicate listeners or settings, or else ZNC will fail.%0a%3c %0a%3c For a full explanation of these settings, please consult the [[https://wiki.znc.in/Configuration|ZNC wiki]].%0a%3c %0a%3c Next, we load the following modules:%0a%3c %0a---%0a> '''NOTE''': sysadmins can read logs stored on the server. Also, in the event of a security breach, an attacker can also read these logs.%0a> %0a> !!! SSL certs (Optional)%0a> %0a> If you want properly validating SSL certs, you can add these lines to set the paths for the SSL files and process ID (pid) files:%0a> %0a380,383c355,357%0a%3c LoadModule = chansaver%0a%3c LoadModule = adminlog%0a%3c LoadModule = certauth%0a%3c PidFile = /home/znc/.znc/znc.pid%0a---%0a> SSLCertFile = /home/znc/.znc/username.example.com.crt%0a> SSLKeyFile = /home/znc/.znc/username.example.com.key%0a> SSLDHParamFile = /home/znc/.znc/dhparam.pem%0a386,387c360,367%0a%3c If you want to store logs on the shell account, you can add this line:%0a%3c %0a---%0a> '''NOTE''': For the SSL certs, you will need to ask the admin. You will need to replace username.example.com with the unique hostname that your admin provides.%0a> %0a> '''WARNING: You must '''not''' use username.example.com or else your SSL certificates will not load properly and your ZNC will not be able to offer SSL encryption. If you do not have your own SSL certs, then don't add these lines!%0a> %0a> !!! Listeners%0a> %0a> Next, you'll want to create listeners. Each listener specifies a unique combination of IP address and port ([[tcpip/sockets|a TCP socket]]):%0a> %0a389,412d368%0a%3c LoadModule = log%0a%3c @]%0a%3c %0a%3c '''NOTE''': sysadmins can read logs stored on the server. Also, in the event of a security breach, an attacker can also read these logs.%0a%3c %0a%3c !!! SSL certs (Optional)%0a%3c %0a%3c If you want properly validating SSL certs, you can add these lines to set the paths for the SSL files and process ID (pid) files:%0a%3c %0a%3c [@%0a%3c SSLCertFile = /home/znc/.znc/username.example.com.crt%0a%3c SSLKeyFile = /home/znc/.znc/username.example.com.key%0a%3c SSLDHParamFile = /home/znc/.znc/dhparam.pem%0a%3c @]%0a%3c %0a%3c '''NOTE''': For the SSL certs, you will need to ask the admin. You will need to replace username.example.com with the unique hostname that your admin provides.%0a%3c %0a%3c '''WARNING: You must '''not''' use username.example.com or else your SSL certificates will not load properly and your ZNC will not be able to offer SSL encryption. If you do not have your own SSL certs, then don't add these lines!%0a%3c %0a%3c !!! Listeners%0a%3c %0a%3c Next, you'll want to create listeners. Each listener specifies a unique combination of IP address and port ([[tcpip/sockets|a TCP socket]]):%0a%3c %0a%3c [@%0a495,496d450%0a%3c %0a%3c '''NOTE:''' znc checks its own pid to see if it is running and quits if it is. Keep in mind this in mind when using cron to restart processes like this.%0a
71 host:1645129632=68.148.177.239
72 author:1642876856=Naglfar
73 csum:1642876856=Move content to crontab page
74 diff:1642876856:1637191693:=443,446c443,452%0a%3c You will want to create a [[crontab/edit|cronjob]] which will restart znc every 5 minutes in case it ever crashes.%0a%3c %0a%3c Then, type:%0a%3c %0a---%0a> You will want to create a [[cronjob/intro|cronjob]] which will restart znc every 5 minutes in case it ever crashes.%0a> %0a> By default, crontab will use whatever editor is stored in the VISUAL or EDITOR environmental variable, or vi if both are undefined. If you want to change the editor, type:%0a> %0a> [@%0a> $ export EDITOR=%3cprogram>%0a> $ export VISUAL=%3cprogram>%0a> @]%0a> %0a> Replace %3cprogram> with your actual editor. Then, type:%0a
75 host:1642876856=92.191.225.58
76 author:1637191693=jrmu
77 diff:1637191693:1633442977:=9,12c9,12%0a%3c !!! Patched Source%0a%3c %0a%3c Due to a bug in OpenBSD 6.9, we have applied a custom patch to ZNC to avoid segfaults on multicore servers:%0a%3c %0a---%0a> !!! Getting the Source%0a> %0a> First, download the latest stable release:%0a> %0a14,23c14%0a%3c diff -ru znc-1.8.2-old/src/main.cpp znc-1.8.2-new/src/main.cpp%0a%3c --- znc-1.8.2-old/src/main.cpp Mon Sep 7 18:57:50 2020%0a%3c +++ znc-1.8.2-new/src/main.cpp Thu Dec 24 17:04:37 2020%0a%3c @@ -292,6 +292,7 @@%0a%3c }%0a%3c %0a%3c int main(int argc, char** argv) {%0a%3c + pthread_attr_t a; pthread_attr_init(&a);%0a%3c CString sConfig;%0a%3c CString sDataDir = "";%0a---%0a> $ ftp https://znc.in/releases/znc-1.8.2.tar.gz%0a26,27c17,20%0a%3c The schat module also needs patching for [[libressl/intro|libreSSL]]:%0a%3c %0a---%0a> On OpenBSD, [[ftp/usage|ftp]] can also be used to download files from the web.%0a> %0a> Next, extract and unzip the files:%0a> %0a29,46c22%0a%3c --- modules/schat.cpp.orig%0a%3c +++ modules/schat.cpp%0a%3c @@ -25,8 +25,8 @@%0a%3c #include %3cznc/User.h>%0a%3c #include %3cznc/IRCNetwork.h>%0a%3c %0a%3c -#if !defined(OPENSSL_VERSION_NUMBER) || defined(LIBRESSL_VERS%0a%3c ION_NUMBER) || \%0a%3c - OPENSSL_VERSION_NUMBER %3c 0x10100007%0a%3c +#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBE%0a%3c R %3c 0x10100007 || \%0a%3c + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUM%0a%3c BER %3c 0x3040000fL)%0a%3c /* SSL_SESSION was made opaque in OpenSSL 1.1.0, cipher acces%0a%3c sor was added 2%0a%3c weeks before the public release.%0a%3c See openssl/openssl@e92813234318635639dba0168c7ef5568757449b.%0a%3c */%0a---%0a> $ tar xvzf znc-1.8.2.tar.gz %0a48,50c24,28%0a%3c %0a%3c IRCNow provides a patched version of ZNC:%0a%3c %0a---%0a> %0a> For [[tar/usage|tar]], the options xvzf stand for e(x)tract, (v)erbose, un(z)ip, and (f)ile.%0a> %0a> '''WARNING''': OpenBSD 6.9 may contain a bug that causes ZNC to crash with a segmentation fault. To avoid this, we recommend using IRCNow's custom patched znc:%0a> %0a52d29%0a%3c $ cd ~%0a53a31%0a> $ tar xvzf znc-1.8.2a.tar.gz %0a56,59c34,37%0a%3c On OpenBSD, [[ftp/usage|ftp]] can also be used to download files from the web.%0a%3c %0a%3c For [[tar/usage|tar]], the options xvzf stand for e(x)tract, (v)erbose, un(z)ip, and (f)ile.%0a%3c %0a---%0a> The rest of the steps are identical if you use IRCNow's custom-patched znc.%0a> %0a> !!! Building ZNC%0a> %0a61,99c39,41%0a%3c $ tar xvzf znc-1.8.2a.tar.gz%0a%3c @]%0a%3c %0a%3c !!! Upstream Source%0a%3c %0a%3c You can choose to use the upstream source code, but you must apply patches to get it to build properly.%0a%3c %0a%3c '''WARNING''': If you are on OpenBSD 7.0, you must patch znc-1.8.2 to avoid a threading bug that causes segfaults and to fix a bug in the schat module.%0a%3c %0a%3c First, download the latest stable release:%0a%3c %0a%3c [@%0a%3c $ cd ~%0a%3c $ ftp https://znc.in/releases/znc-1.8.2.tar.gz%0a%3c @]%0a%3c %0a%3c We recommend you verify the [[gpg/verify|gpg signature]]:%0a%3c %0a%3c [@%0a%3c $ doas pkg_add gnupg%0a%3c $ ftp https://znc.in/releases/znc-1.8.2.tar.gz.sig%0a%3c $ gpg2 --recv-key D5823CACB477191CAC0075555AE420CC0209989E%0a%3c $ gpg2 --verify znc-1.8.2.tar.gz.sig znc-1.8.2.tar.gz%0a%3c @]%0a%3c %0a%3c Next, [[tar/usage|extract and unzip]] the files:%0a%3c %0a%3c [@%0a%3c $ tar xvzf znc-1.8.2.tar.gz %0a%3c @]%0a%3c %0a%3c !!! Building ZNC%0a%3c %0a%3c Next, we build ZNC:%0a%3c %0a%3c [@%0a%3c $ cd znc-1.8.2%0a%3c $ mkdir build%0a%3c $ cd build%0a---%0a> $ cd znc-1.8.2%0a> $ mkdir build%0a> $ cd build/%0a
78 host:1637191693=38.87.162.8
80 csum:1633442977=nasty, we already have webadmin by default and this casues znc not to run.:(
81 diff:1633442977:1633442976:=
82 host:1633442977=190.2.131.205
84 csum:1633442976=nasty, we already have webadmin by default and this casues znc not to run.:(
85 diff:1633442976:1628128636:=279a280%0a> LoadModule = webadmin%0a
86 host:1633442976=190.2.131.205
87 author:1628128636=jrmu
88 diff:1628128636:1628128470:=387,395d386%0a%3c %0a%3c By default, crontab will use whatever editor is stored in the VISUAL or EDITOR environmental variable, or vi if both are undefined. If you want to change the editor, type:%0a%3c %0a%3c [@%0a%3c $ export EDITOR=%3cprogram>%0a%3c $ export VISUAL=%3cprogram>%0a%3c @]%0a%3c %0a%3c Replace %3cprogram> with your actual editor. Then, type:%0a
89 host:1628128636=38.87.162.8
90 author:1628128470=jrmu
91 diff:1628128470:1628128356:=385,386d384%0a%3c %0a%3c You will want to create a [[cronjob/intro|cronjob]] which will restart znc every 5 minutes in case it ever crashes.%0a
92 host:1628128470=38.87.162.8
93 author:1628128356=jrmu
94 diff:1628128356:1627452520:=383,389d382%0a%3c %0a%3c !! Creating a cronjob%0a%3c %0a%3c [@%0a%3c $ crontab -e%0a%3c */5 * * * * ~/.local/bin/znc >> ~/.znc/znc.log 2>&1 &%0a%3c @]%0a
95 host:1628128356=38.87.162.8
96 author:1627452520=jrmu
97 diff:1627452520:1627451881:=68c68%0a%3c $ ~/.local/bin/znc --makeconf%0a---%0a> $ /home/username/.local/bin/znc --makeconf%0a115,116c115,116%0a%3c Next, you'll be asked to specify an optional bindhost. The bindhost will give you a nice-looking vhost, like @@username@username.example.com@@.%0a%3c %0a---%0a> Next, you'll be asked to specify an optional bindhost. The bindhost will give you a nice-looking vhost, like username@username.example.com.%0a> %0a369,378d368%0a%3c !! Run ZNC%0a%3c %0a%3c To start ZNC right away:%0a%3c %0a%3c [@%0a%3c $ ~/.local/bin/znc >> ~/.znc/znc.log 2>&1 &%0a%3c @]%0a%3c %0a%3c This will store all znc log messages to ~/.znc/znc.log. If ZNC fails to start or crashes, you can consult this file for the full error log.%0a%3c %0a386,390c376,381%0a%3c If you run into errors, check the error log in ~/.znc/znc.log, or turn on debugging:%0a%3c %0a%3c [@%0a%3c ~/.local/bin/znc -D%0a%3c @]%0a---%0a> If you're getting bindhost not set messages, you have two options:%0a> %0a> # Clear the bindhost%0a> # Fix your DNS records%0a> %0a> You will know%0a
98 host:1627452520=38.87.162.8
99 author:1627451881=jrmu
100 diff:1627451881:1627451826:=
101 host:1627451881=38.87.162.8
102 author:1627451826=jrmu
103 diff:1627451826:1627451646:=269,272c269%0a%3c @]%0a%3c %0a%3c '''WARNING''': Do not duplicate listeners or settings, or else ZNC will fail.%0a%3c %0a---%0a> %0a380,381d376%0a%3c %0a%3c You will know%0a
104 host:1627451826=38.87.162.8
105 author:1627451646=jrmu
106 diff:1627451646:1627451262:=
107 host:1627451646=38.87.162.8
108 author:1627451262=jrmu
109 diff:1627451262:1627450804:=238,241c238,241%0a%3c !! Copying SSL certs (optional)%0a%3c %0a%3c If you want to have properly validating SSL certs, your sysadmin can provide them for you in your ~/ssl/ folder. We will need to create a symbolic link for them to your znc folder:%0a%3c %0a---%0a> !! Configuration%0a> %0a> Here are some recommended changes to make to the default znc.conf so that it works nicely. Replace the top portion of znc.conf with these settings:%0a> %0a243,259d242%0a%3c $ ln -s ~/ssl/username.example.com.crt ~/.znc/username.example.com.crt%0a%3c $ ln -s ~/ssl/username.example.com.key ~/.znc/username.example.com.key%0a%3c @]%0a%3c %0a%3c You must replace username.example.com with your actual hostname.%0a%3c %0a%3c Afterwards, we can create a dhparam file:%0a%3c %0a%3c [@%0a%3c $ openssl dhparam -out ~/.znc/dhparam.pem 2048%0a%3c @]%0a%3c %0a%3c !! Configuration%0a%3c %0a%3c Here are some recommended changes to make to the default znc.conf so that it works nicely. Replace the top portion of znc.conf with these settings:%0a%3c %0a%3c [@%0a295,296c278%0a%3c SSLCertFile = /home/znc/.znc/username.example.com.crt%0a%3c SSLKeyFile = /home/znc/.znc/username.example.com.key%0a---%0a> SSLCertFile = /home/znc/.znc/username.example.com.fullchain.pem%0a297a280%0a> SSLKeyFile = /home/znc/.znc/username.example.com.key%0a
110 host:1627451262=38.87.162.8
111 author:1627450804=jrmu
112 diff:1627450804:1627450128:=262d261%0a%3c PidFile = /home/znc/.znc/znc.pid%0a273,276c272,273%0a%3c !!! SSL certs (Optional)%0a%3c %0a%3c If you want properly validating SSL certs, you can add these lines to set the paths for the SSL files and process ID (pid) files:%0a%3c %0a---%0a> Next, we set the paths for the SSL files and process ID (pid) files:%0a> %0a280a278%0a> PidFile = /home/znc/.znc/znc.pid%0a283,286c281,284%0a%3c '''NOTE''': For the SSL certs, you will need to ask the admin. You will need to replace username.example.com with the unique hostname that your admin provides.%0a%3c %0a%3c '''WARNING: You must '''not''' use username.example.com or else your SSL certificates will not load properly and your ZNC will not be able to offer SSL encryption. If you do not have your own SSL certs, then don't add these lines!%0a%3c %0a---%0a> Replace username.example.com with your unique hostname.%0a> %0a> '''WARNING: You must '''not''' use username.example.com or else your SSL certificates will not load properly and your ZNC will not be able to offer SSL encryption.%0a> %0a289,290c287,288%0a%3c Next, you'll want to create listeners. Each listener specifies a unique combination of IP address and port ([[tcpip/sockets|a TCP socket]]):%0a%3c %0a---%0a> Next, you'll want to create 5 listeners. Each listener specifies a unique combination of IP address and port (a TCP socket):%0a> %0a334a333,354%0a> %0a> %3cListener listener4>%0a> AllowIRC = true%0a> AllowWeb = false%0a> Host = 127.0.0.1%0a> IPv4 = true%0a> IPv6 = false%0a> Port = 1337%0a> SSL = false%0a> URIPrefix = /%0a> %3c/Listener>%0a> %0a> %3cListener listener5>%0a> AllowIRC = false%0a> AllowWeb = true%0a> Host = 127.0.0.1%0a> IPv4 = true%0a> IPv6 = false%0a> Port = 1338%0a> SSL = false%0a> URIPrefix = /%0a> %3c/Listener>%0a336,347d355%0a%3c %0a%3c @@Host = 192.168.1.1@@ and @@Port = 1337@@ tells ZNC to [[tcpip/sockets|listen]] on that IP address. You '''must''' replace 192.168.1.1 and 2001:db8:: with your real IP addresses and you '''must''' replace 1337 and 31337 with the ports you were given during account registration. If you don't use the correct IP address and port, ZNC may refuse to launch, or you may be unable to connect.%0a%3c %0a%3c You can find your IP addresses by running host on your unique hostname:%0a%3c %0a%3c [@%0a%3c $ host username.example.com%0a%3c username.example.com has address 198.51.100.1%0a%3c username.example.com has IPv6 address fe80:c001:d00d::%0a%3c @]%0a%3c %0a%3c '''WARNING''': You must replace 192.168.1.1 and 2001:db8:: with your real IP address, or znc will fail to launch.%0a
113 host:1627450804=38.87.162.8
114 author:1627450128=jrmu
115 diff:1627450128:1627449536:=5,6c5,6%0a%3c [[https://wiki.znc.in|ZNC]] is an IRC bouncer. It runs on a server and stays connected after you turn off your computer or phone. It saves chat messages and replays them when you reconnect, and also helps to hide your IP address. If you are running it on IRCNow, your server may also offer DDoS protection to keep you online.%0a%3c %0a---%0a> ZNC is an IRC bouncer. It runs on a server and stays connected after you turn off your computer or phone. It saves chat messages and replays them when you reconnect, and also helps to hide your IP address. If you are running it on IRCNow, your server may also offer DDoS protection to keep you online.%0a> %0a137,138d136%0a%3c !!! User Modules%0a%3c %0a146,147d143%0a%3c !!! Set Up a Network%0a%3c %0a184,185d179%0a%3c !!! Stop ZNC%0a%3c %0a228,229d221%0a%3c !! Recreate znc.conf%0a%3c %0a247a240,245%0a> LoadModule = chansaver%0a> LoadModule = lastseen%0a> LoadModule = adminlog%0a> LoadModule = identfile%0a> LoadModule = webadmin%0a> LoadModule = certauth%0a252,256c250,253%0a%3c %0a%3c For a full explanation of these settings, please consult the [[https://wiki.znc.in/Configuration|ZNC wiki]].%0a%3c %0a%3c Next, we load the following modules:%0a%3c %0a---%0a> @]%0a> %0a> Next, we set the paths for the SSL files and process ID (pid) files:%0a> %0a258,261c255,258%0a%3c LoadModule = chansaver%0a%3c LoadModule = adminlog%0a%3c LoadModule = webadmin%0a%3c LoadModule = certauth%0a---%0a> SSLCertFile = /home/znc/.znc/my.example.com.fullchain.pem%0a> SSLDHParamFile = /home/znc/.znc/dhparam.pem%0a> SSLKeyFile = /home/znc/.znc/my.example.com.key%0a> PidFile = /home/znc/.znc/znc.pid%0a264,288c261,263%0a%3c If you want to store logs on the shell account, you can add this line:%0a%3c %0a%3c [@%0a%3c LoadModule = log%0a%3c @]%0a%3c %0a%3c '''NOTE''': sysadmins can read logs stored on the server. Also, in the event of a security breach, an attacker can also read these logs.%0a%3c %0a%3c Next, we set the paths for the SSL files and process ID (pid) files:%0a%3c %0a%3c [@%0a%3c SSLCertFile = /home/znc/.znc/username.example.com.fullchain.pem%0a%3c SSLDHParamFile = /home/znc/.znc/dhparam.pem%0a%3c SSLKeyFile = /home/znc/.znc/username.example.com.key%0a%3c PidFile = /home/znc/.znc/znc.pid%0a%3c @]%0a%3c %0a%3c Replace username.example.com with your unique hostname.%0a%3c %0a%3c '''WARNING: You must '''not''' use username.example.com or else your SSL certificates will not load properly and your ZNC will not be able to offer SSL encryption.%0a%3c %0a%3c !!! Listeners%0a%3c %0a%3c Next, you'll want to create 5 listeners. Each listener specifies a unique combination of IP address and port (a TCP socket):%0a%3c %0a---%0a> Replace my.example.com with your unique %0a> %0a> '''WARNING: You%0a
116 host:1627450128=38.87.162.8
117 author:1627449536=mkf
118 diff:1627449536:1627449470:minor=264c264%0a%3c [@%0a---%0a> %0a
119 host:1627449536=198.251.81.133
120 author:1627449470=jrmu
121 diff:1627449470:1627449436:=338,342d337%0a%3c %0a%3c If you're getting bindhost not set messages, you have two options:%0a%3c %0a%3c # Clear the bindhost%0a%3c # Fix your DNS records%0a
122 host:1627449470=38.87.162.8
123 author:1627449436=jrmu
124 diff:1627449436:1627449406:=336,337d335%0a%3c %0a%3c !! Troubleshooting%0a
125 host:1627449436=38.87.162.8
126 author:1627449406=jrmu
127 diff:1627449406:1627448863:=113,114d112%0a%3c !!! Bindhosts%0a%3c %0a117,131c115,116%0a%3c '''WARNING''': You cannot pick any arbitrary [[dns/vhost|bindhost]] that you want. If you bindhost does not work, your vhost will not show up properly, and you may not be able to connect at all!%0a%3c %0a%3c A vhost must have proper [[dns/overview|forward]] and [[DNS/rDNS|reverse DNS]] [[dns/records|records]] to work. If you're using an IRCNow shell account, you should have been provided with one at registration. You can also ask your sysadmin to change it for you, or leave it blank.%0a%3c %0a%3c To test if your bindhost works properly, check the [[host/usage|host]] guide. You will want to run host on your bindhost:%0a%3c %0a%3c [@%0a%3c $ host username.example.com%0a%3c username.example.com has address 192.168.1.1%0a%3c username.example.com has IPv6 address 2001:bd8::%0a%3c @]%0a%3c %0a%3c Your bindhost should show both an IPv4 and IPv6 address. If it's missing an IPv4 address, it can '''only''' connect by IPv6 to an IRC network. If it's missing an IPv6 address, then it can '''only''' connect by IPv4 to an IRC network. If it's missing both, it '''cannot''' connect to '''any''' network.%0a%3c %0a%3c For this reason, you don't want to put an IPv6 address directly into the bindhost. This prevents ZNC from being able to connect to an IPv4 only network. Instead, you want to use a hostname that has both [[dns/records|A and AAAA records]] defined in [[dns/overview|DNS]].%0a---%0a> '''WARNING''': You cannot pick any arbitrary [[dns/vhost|vhost]] that you want. A vhost must have proper [[dns/overview|forward]] and [[DNS/rDNS|reverse DNS]] [[dns/records|records]]. If you're using an IRCNow shell account, you should have been provided with one at registration. You can also ask your sysadmin to change it for you, or leave it blank.%0a> %0a
128 host:1627449406=38.87.162.8
129 author:1627448863=jrmu
130 diff:1627448863:1627448795:=9,10d8%0a%3c !!! Getting the Source%0a%3c %0a30,31c28,29%0a%3c $ ftp https://ircnow.org/software/znc-1.8.2a.tar.gz%0a%3c $ tar xvzf znc-1.8.2a.tar.gz %0a---%0a> $ ftp https://ircnow.org/software/znc-1.8.2.tar.gz%0a> $ tar xvzf znc-1.8.2.tar.gz %0a35,36d32%0a%3c %0a%3c !!! Building ZNC%0a
131 host:1627448863=38.87.162.8
132 author:1627448795=jrmu
133 diff:1627448795:1627448514:=24,32d23%0a%3c %0a%3c '''WARNING''': OpenBSD 6.9 may contain a bug that causes ZNC to crash with a segmentation fault. To avoid this, we recommend using IRCNow's custom patched znc:%0a%3c %0a%3c [@%0a%3c $ ftp https://ircnow.org/software/znc-1.8.2.tar.gz%0a%3c $ tar xvzf znc-1.8.2.tar.gz %0a%3c @]%0a%3c %0a%3c The rest of the steps are identical if you use IRCNow's custom-patched znc.%0a
134 host:1627448795=38.87.162.8
135 author:1627448514=jrmu
136 diff:1627448514:1627445963:=172c172%0a%3c $ kill -TERM %3cpid>%0a---%0a> $ pkill znc%0a174,191d173%0a%3c %0a%3c You will want to replace %3cpid> with the [[ps/usage|process ID]] you see above (86542):%0a%3c %0a%3c [@%0a%3c $ kill -TERM 86542%0a%3c @]%0a%3c %0a%3c This will send a (TERM)ination signal to ZNC so that it dies.%0a%3c %0a%3c '''NOTE''': You will need to replace 8542 with your process ID.%0a%3c %0a%3c If you don't know the process ID, you can type:%0a%3c %0a%3c [@%0a%3c $ ps -U %3cusername> | grep znc%0a%3c @]%0a%3c %0a%3c Replace %3cusername> with your username.%0a
137 host:1627448514=38.87.162.8
138 author:1627445963=mkf
139 csum:1627445963=simpler
140 diff:1627445963:1627445527:=169,170c169,170%0a%3c To stop ZNC once it is launched, you can [[kill/usage|kill]] it:%0a%3c %0a---%0a> To stop ZNC once it is launched, you can [[kill/usage|kill]] it by its [[ps/usage|process ID]]:%0a> %0a172c172%0a%3c $ pkill znc%0a---%0a> $ kill -TERM %3cpid>%0a175,177c175,176%0a%3c If at any time you mess up the configuration, you can delete your znc.conf%0a%3c and rerun the makeconf command again:%0a%3c %0a---%0a> You will want to replace %3cpid> with the process ID you see above (86542):%0a> %0a179,180c178,196%0a%3c $ rm ~/.znc/configs/znc.conf%0a%3c $ ~/.local/bin/znc --makeconf%0a---%0a> $ kill -TERM 86542%0a> @]%0a> %0a> This will send a (TERM)ination signal to ZNC so that it dies.%0a> %0a> If you don't know the process ID, you can type:%0a> %0a> [@%0a> $ ps -U %3cusername> | grep znc%0a> @]%0a> %0a> Replace %3cusername> with your username.%0a> %0a> If at any time you mess up the configuration, you can delete your znc.conf%0a> and rerun the makeconf command again:%0a> %0a> [@%0a> $ rm /home/username/.znc/configs/znc.conf%0a> $ /home/username/.local/bin/znc --makeconf%0a
141 host:1627445963=198.251.81.133
142 author:1627445527=jrmu
143 diff:1627445527:1627445277:=5c5%0a%3c ZNC is an IRC bouncer. It runs on a server and stays connected after you turn off your computer or phone. It saves chat messages and replays them when you reconnect, and also helps to hide your IP address. If you are running it on IRCNow, your server may also offer DDoS protection to keep you online.%0a---%0a> ZNC is an IRC bouncer. It runs on a server and stays connected after you turn off your computer or phone. It saves chat messages and replay sthem when you reconnect, and also helps to hide your IP address. If you are running it on IRCNow, your server may also offer DDoS protection to keep you online.%0a
144 host:1627445527=38.87.162.8
145 author:1627445277=jrmu
146 diff:1627445277:1627444432:=201,299c201%0a%3c Here are some recommended changes to make to the default znc.conf so that it works nicely. Replace the top portion of znc.conf with these settings:%0a%3c %0a%3c [@%0a%3c AnonIPLimit = 10000%0a%3c AuthOnlyViaModule = false%0a%3c ConfigWriteDelay = 60%0a%3c ConnectDelay = 1%0a%3c HideVersion = false%0a%3c LoadModule = chansaver%0a%3c LoadModule = lastseen%0a%3c LoadModule = adminlog%0a%3c LoadModule = identfile%0a%3c LoadModule = webadmin%0a%3c LoadModule = certauth%0a%3c MaxBufferSize = 10000%0a%3c ProtectWebSessions = true%0a%3c ServerThrottle = 1%0a%3c Version = 1.8.2%0a%3c @]%0a%3c %0a%3c Next, we set the paths for the SSL files and process ID (pid) files:%0a%3c %0a%3c [@%0a%3c SSLCertFile = /home/znc/.znc/my.example.com.fullchain.pem%0a%3c SSLDHParamFile = /home/znc/.znc/dhparam.pem%0a%3c SSLKeyFile = /home/znc/.znc/my.example.com.key%0a%3c PidFile = /home/znc/.znc/znc.pid%0a%3c @]%0a%3c %0a%3c Replace my.example.com with your unique %0a%3c %0a%3c '''WARNING: You%0a%3c %0a%3c %3cListener listener0>%0a%3c AllowIRC = true%0a%3c AllowWeb = false%0a%3c Host = 192.168.1.1%0a%3c IPv4 = true%0a%3c IPv6 = false%0a%3c Port = 1337%0a%3c SSL = false%0a%3c URIPrefix = /%0a%3c %3c/Listener>%0a%3c %0a%3c %3cListener listener1>%0a%3c AllowIRC = true%0a%3c AllowWeb = false%0a%3c Host = 192.168.1.1%0a%3c IPv4 = true%0a%3c IPv6 = false%0a%3c Port = 31337%0a%3c SSL = true%0a%3c URIPrefix = /%0a%3c %3c/Listener>%0a%3c %0a%3c %3cListener listener2>%0a%3c AllowIRC = true%0a%3c AllowWeb = false%0a%3c Host = 2001:db8::%0a%3c IPv4 = false%0a%3c IPv6 = true%0a%3c Port = 1337%0a%3c SSL = false%0a%3c URIPrefix = /%0a%3c %3c/Listener>%0a%3c %0a%3c %3cListener listener3>%0a%3c AllowIRC = true%0a%3c AllowWeb = false%0a%3c Host = 2001:db8::%0a%3c IPv4 = false%0a%3c IPv6 = true%0a%3c Port = 31337%0a%3c SSL = true%0a%3c URIPrefix = /%0a%3c %3c/Listener>%0a%3c %0a%3c %3cListener listener4>%0a%3c AllowIRC = true%0a%3c AllowWeb = false%0a%3c Host = 127.0.0.1%0a%3c IPv4 = true%0a%3c IPv6 = false%0a%3c Port = 1337%0a%3c SSL = false%0a%3c URIPrefix = /%0a%3c %3c/Listener>%0a%3c %0a%3c %3cListener listener5>%0a%3c AllowIRC = false%0a%3c AllowWeb = true%0a%3c Host = 127.0.0.1%0a%3c IPv4 = true%0a%3c IPv6 = false%0a%3c Port = 1338%0a%3c SSL = false%0a%3c URIPrefix = /%0a%3c %3c/Listener>%0a%3c @]%0a---%0a> %0a
147 host:1627445277=38.87.162.8
148 author:1627444432=jrmu
149 diff:1627444432:1627444103:=201,204d200%0a%3c %0a%3c %0a%3c !! Connecting to ZNC%0a%3c %0a206a203,204%0a> %0a> %0a
150 host:1627444432=38.87.162.8
151 author:1627444103=jrmu
152 diff:1627444103:1627443701:=50,51d49%0a%3c !! Creating znc.conf%0a%3c %0a172c170%0a%3c $ kill -TERM %3cpid>%0a---%0a> %0a174,199d171%0a%3c %0a%3c You will want to replace %3cpid> with the process ID you see above (86542):%0a%3c %0a%3c [@%0a%3c $ kill -TERM 86542%0a%3c @]%0a%3c %0a%3c This will send a (TERM)ination signal to ZNC so that it dies.%0a%3c %0a%3c If you don't know the process ID, you can type:%0a%3c %0a%3c [@%0a%3c $ ps -U %3cusername> | grep znc%0a%3c @]%0a%3c %0a%3c Replace %3cusername> with your username.%0a%3c %0a%3c If at any time you mess up the configuration, you can delete your znc.conf%0a%3c and rerun the makeconf command again:%0a%3c %0a%3c [@%0a%3c $ rm /home/username/.znc/configs/znc.conf%0a%3c $ /home/username/.local/bin/znc --makeconf%0a%3c @]%0a%3c %0a%3c !! Configuration%0a
153 host:1627444103=38.87.162.8
154 author:1627443701=jrmu
155 diff:1627443701:1627442952:=67c67%0a%3c [ ?? ] Listen using both IPv4 and IPv6 (yes/no) [yes]: no%0a---%0a> [ ?? ] Listen using both IPv4 and IPv6 (yes/no) [yes]: %0a72,73d71%0a%3c '''WARNING''': Do '''not''' listen to both IPv4 and IPv6. There appears to be a bug in ZNC v1.8.2 on OpenBSD 6.9 where selecting 'yes' will cause IPv4 to stop working. Instead, as shown later in the guide, you can create separate listeners to allow listening to both IPv4 and IPv6.%0a%3c %0a133,134c131,132%0a%3c Next, I recommend *not* launching ZNC. There are still some settings you will want to add and configure:%0a%3c %0a---%0a> Next, launch ZNC:%0a> %0a146c144%0a%3c [ ?? ] Launch ZNC now? (yes/no) [yes]: no%0a---%0a> [ ?? ] Launch ZNC now? (yes/no) [yes]: yes%0a149,150c147,148%0a%3c If you accidentally launch ZNC, you will see:%0a%3c %0a---%0a> If all goes well, you will see:%0a> %0a167,172d164%0a%3c To stop ZNC once it is launched, you can [[kill/usage|kill]] it by its [[ps/usage|process ID]]:%0a%3c %0a%3c [@%0a%3c %0a%3c @]%0a%3c %0a175,176d166%0a%3c %0a%3c %0a
156 host:1627443701=38.87.162.8
157 author:1627442952=jrmu
158 diff:1627442952:1627441707:=98,99c98,99%0a%3c '''WARNING''': You cannot pick any arbitrary [[dns/vhost|vhost]] that you want. A vhost must have proper [[dns/overview|forward]] and [[DNS/rDNS|reverse DNS]] [[dns/records|records]]. If you're using an IRCNow shell account, you should have been provided with one at registration. You can also ask your sysadmin to change it for you, or leave it blank.%0a%3c %0a---%0a> '''WARNING''': You cannot pick any arbitrary [[dns/vhost|vhost]] that you want. A vhost must have proper [[dns/overview|forward]] and [[DNS/rDNS|reverse DNS]] [[dns/records|records]].%0a> %0a101a102,104%0a> [ ** ] Enabled user modules [chansaver, controlpanel]%0a> [ ** ] %0a> [ ?? ] Set up a network? (yes/no) [yes]: %0a103,166d105%0a%3c %0a%3c You'll want to enable all the user modules:%0a%3c %0a%3c [@%0a%3c [ ** ] Enabled user modules [chansaver, controlpanel]%0a%3c [ ** ] %0a%3c @]%0a%3c %0a%3c You can optionally set up a network at this stage:%0a%3c %0a%3c [@%0a%3c [ ?? ] Set up a network? (yes/no) [yes]: yes %0a%3c [ ** ] %0a%3c [ ** ] -- Network settings --%0a%3c [ ** ] %0a%3c [ ?? ] Name [freenode]: ircnow%0a%3c [ ?? ] Server host (host only): irc6.ircnow.org%0a%3c [ ?? ] Server uses SSL? (yes/no) [no]: yes%0a%3c [ ?? ] Server port (1 to 65535) [6697]: %0a%3c [ ?? ] Server password (probably empty): %0a%3c [ ?? ] Initial channels: #ircnow%0a%3c [ ** ] Enabled network modules [simple_away]%0a%3c [ ** ] %0a%3c [ .. ] Writing config [/home/username/.znc/configs/znc.conf]...%0a%3c @]%0a%3c %0a%3c This will cause ZNC to automatically connect to your favorite network (IRCNow).%0a%3c %0a%3c Next, launch ZNC:%0a%3c %0a%3c [@%0a%3c [ ** ] To connect to this ZNC you need to connect to it as your IRC server%0a%3c [ ** ] using the port that you supplied. You have to supply your login info%0a%3c [ ** ] as the IRC server password like this: user/network:pass.%0a%3c [ ** ] %0a%3c [ ** ] Try something like this in your IRC client...%0a%3c [ ** ] /server %3cznc_server_ip> +12345 username:%3cpass>%0a%3c [ ** ] %0a%3c [ ** ] To manage settings, users and networks, point your web browser to%0a%3c [ ** ] https://%3cznc_server_ip>:12345/%0a%3c [ ** ] %0a%3c [ ?? ] Launch ZNC now? (yes/no) [yes]: yes%0a%3c @]%0a%3c %0a%3c If all goes well, you will see:%0a%3c %0a%3c [@%0a%3c [ .. ] Opening config [/home/username/.znc/configs/znc.conf]...%0a%3c [ .. ] Loading global module [webadmin]...%0a%3c [ .. ] Binding to port [+12345]...%0a%3c [ ** ] Loading user [username]%0a%3c [ ** ] Loading network [ircnow]%0a%3c [ .. ] Loading network module [simple_away]...%0a%3c [ >> ] [/home/username/.local/lib/znc/simple_away.so]%0a%3c [ .. ] Adding 1 servers...%0a%3c [ .. ] Loading user module [chansaver]...%0a%3c [ .. ] Loading user module [controlpanel]...%0a%3c [ .. ] Forking into the background...%0a%3c [ >> ] [pid: 86542]%0a%3c [ ** ] ZNC 1.8.2 - https://znc.in%0a%3c @]%0a%3c %0a%3c From here, you will want to consult the [[bouncer/bouncer|ZNC client guides]]%0a%3c to see how to connect to ZNC.%0a
159 host:1627442952=38.87.162.8
160 author:1627441707=jrmu
161 diff:1627441707:1627441483:=98c98%0a%3c '''WARNING''': You cannot pick any arbitrary [[dns/vhost|vhost]] that you want. A vhost must have proper [[dns/overview|forward]] and [[DNS/rDNS|reverse DNS]] [[dns/records|records]].%0a---%0a> '''WARNING''': You cannot pick any arbitrary [[dns/vhost|vhost]] that you want. A vhost must have proper [[dns/overview|forward]] and [[dns/rdns|reverse DNS]] [[dns/records|records]].%0a
162 host:1627441707=38.87.162.8
163 author:1627441483=jrmu
164 diff:1627441483:1627440688:=61,62c61,62%0a%3c If you are on a shell account, you must use the [[tcpip/ports|ports]] that were reserved for your username.%0a%3c %0a---%0a> If you are on a shell account, you must use the ports that were reserved for your username.%0a> %0a68,74d67%0a%3c @]%0a%3c %0a%3c [[tls/overview|SSL]] helps to encrypt messages sent between client and server. In other words, if you turn it on, messages sent from your IRC program to ZNC are kept secure. It's more trouble to set up, and some older IRC programs don't support it, so some users prefer to turn off SSL.%0a%3c %0a%3c [[IPv4/overview|IPv4]] is the default networking protocol. [[IPv6/overview|IPv6]] is becoming more popular now, especially for mobile devices.%0a%3c %0a%3c [@%0a79,83d71%0a%3c @]%0a%3c %0a%3c ZNC will automatically create its own SSL certificate. This certificate, however, will be self-signed and hence will show up as invalid or untrusted by your IRC client. If you'd like a properly signed SSL certificate, ask your sysadmin or request one yourself using [[acme-client/configure|acme-client]].%0a%3c %0a%3c [@%0a94,101c82%0a%3c @]%0a%3c %0a%3c Next, you'll be asked to specify an optional bindhost. The bindhost will give you a nice-looking vhost, like username@username.example.com.%0a%3c %0a%3c '''WARNING''': You cannot pick any arbitrary [[dns/vhost|vhost]] that you want. A vhost must have proper [[dns/overview|forward]] and [[dns/rdns|reverse DNS]] [[dns/records|records]].%0a%3c %0a%3c [@%0a%3c [ ?? ] Bind host (optional): username.example.com%0a---%0a> [ ?? ] Bind host (optional): username.shelltalk.net%0a
165 host:1627441483=38.87.162.8
166 author:1627440688=jrmu
167 diff:1627440688:1627439470:=1,10d0%0a%3c (:title Install ZNC from Source:)%0a%3c %0a%3c !! Overview%0a%3c %0a%3c ZNC is an IRC bouncer. It runs on a server and stays connected after you turn off your computer or phone. It saves chat messages and replay sthem when you reconnect, and also helps to hide your IP address. If you are running it on IRCNow, your server may also offer DDoS protection to keep you online.%0a%3c %0a%3c !! Compiling from Source%0a%3c %0a%3c First, download the latest stable release:%0a%3c %0a13,19d2%0a%3c @]%0a%3c %0a%3c On OpenBSD, [[ftp/usage|ftp]] can also be used to download files from the web.%0a%3c %0a%3c Next, extract and unzip the files:%0a%3c %0a%3c [@%0a21,25d3%0a%3c @]%0a%3c %0a%3c For [[tar/usage|tar]], the options xvzf stand for e(x)tract, (v)erbose, un(z)ip, and (f)ile.%0a%3c %0a%3c [@%0a28a7,9%0a> $ cmake .. -DCMAKE_INSTALL_PREFIX="$HOME/.local"%0a> $ make%0a> $ make install%0a31,32c12,13%0a%3c We then use cmake to configure the files to install to ~/.local, then make and make install:%0a%3c %0a---%0a> You should see this message:%0a> %0a34,41d14%0a%3c $ cmake .. -DCMAKE_INSTALL_PREFIX="$HOME/.local"%0a%3c $ make%0a%3c $ make install%0a%3c @]%0a%3c %0a%3c You should see this message:%0a%3c %0a%3c [@%0a48,85d20%0a%3c @]%0a%3c %0a%3c Follow the instructions to generate the config file:%0a%3c %0a%3c [@%0a%3c $ /home/username/.local/bin/znc --makeconf%0a%3c [ .. ] Checking for list of available modules...%0a%3c [ ** ] %0a%3c [ ** ] -- Global settings --%0a%3c [ ** ] %0a%3c [ ?? ] Listen on port (1025 to 65534): %0a%3c @]%0a%3c %0a%3c If you are on a shell account, you must use the ports that were reserved for your username.%0a%3c %0a%3c '''WARNING:''' Shell accounts users must '''not''' randomly choose ports. Shell accounts servers often have firewalls in place that will block ports not reserved to you. If you are unable to connect to ZNC, double check to see if the firewall is blocking the connection.%0a%3c %0a%3c [@%0a%3c [ ?? ] Listen using SSL (yes/no) [no]: yes%0a%3c [ ?? ] Listen using both IPv4 and IPv6 (yes/no) [yes]: %0a%3c [ .. ] Verifying the listener...%0a%3c [ ** ] Unable to locate pem file: [/home/username/.znc/znc.pem], creating it%0a%3c [ .. ] Writing Pem file [/home/username/.znc/znc.pem]...%0a%3c [ ** ] Enabled global modules [webadmin]%0a%3c [ ** ] %0a%3c [ ** ] -- Admin user settings --%0a%3c [ ** ] %0a%3c [ ?? ] Username (alphanumeric): username%0a%3c [ ?? ] Enter password: %0a%3c [ ?? ] Confirm password: %0a%3c [ ?? ] Nick [username]: %0a%3c [ ?? ] Alternate nick [username_]: %0a%3c [ ?? ] Ident [username]: %0a%3c [ ?? ] Real name (optional): username%0a%3c [ ?? ] Bind host (optional): username.shelltalk.net%0a%3c [ ** ] Enabled user modules [chansaver, controlpanel]%0a%3c [ ** ] %0a%3c [ ?? ] Set up a network? (yes/no) [yes]: %0a
168 host:1627440688=38.87.162.8
169 author:1627439470=jrmu
170 diff:1627439470:1627439470:=1,21d0%0a%3c [@%0a%3c $ ftp https://znc.in/releases/znc-1.8.2.tar.gz%0a%3c $ tar xvzf znc-1.8.2.tar.gz %0a%3c $ cd znc-1.8.2%0a%3c $ mkdir build%0a%3c $ cd build/%0a%3c $ cmake .. -DCMAKE_INSTALL_PREFIX="$HOME/.local"%0a%3c $ make%0a%3c $ make install%0a%3c @]%0a%3c %0a%3c You should see this message:%0a%3c %0a%3c [@%0a%3c ZNC was successfully installed.%0a%3c You can use '/home/username/.local/bin/znc --makeconf'%0a%3c to generate a config file.%0a%3c %0a%3c If you need help with using ZNC, please visit our wiki at:%0a%3c http://znc.in%0a%3c @]%0a
171 host:1627439470=38.87.162.8
