Install an IRC server
|Install an IRC server|
Organic Design procedure
An IRC server can be set up on the local LAN so that chat is available independently of the Internet connection. Traditionally the problem with setting up an IRC client has been configurational complexity, but the "Next Generation IRC client" (ngIRCd) can literally be set up in minutes. On Ubuntu or Debian systems it can be installed with apt-get install ngircd.
Installation & configuration
Installation is very straight forward using apt. Only a few adjustments need to be made to the configuration in /etc/ngircd/ngircd.conf to get a functional server up and running; set the Name value of the server to an IP or domain name it can be reachable by within the LAN or Internet. You can set a global password which simplifies the set up of users (any username will work with the global password) by setting the Password value. We also add the PredefChannelsOnly = yes. You may wish to refine the configuration further by setting up specific users and channels.
- You may need to disable DNS lookups with DNS = no if connections are being refused due to IP addresses not matching their reverse lookup.
- Another useful directive is MaxNickLength (all servers in the group must have the same value if this is used)
The SSL settings can just refer to the existing LetsEncrypt files, e.g.
CertFile = /var/www/ssl/le-latest/fullchain.pem KeyFile = /var/www/ssl/le-latest/privkey.pem DHFile = /var/www/ssl/dhparams4096.pem
Each predefined channel goes in it's own [Channel] section, e.g.
[Channel] Name = #OurPrivateChannel Topic = All about our interests Modes = tnk Key = ourpassword [Channel] Name = #OurOpenChannel Topic = Public stuff
To have IRC servers connect together to form larger channels, fill in [Server] sections in the configuration. For each server to connect to, specify the Name, Port (leave empty to allow only incoming connections from the remote server), and ensure that MyPassword and PeerPassword settings compliment each other in both directions.
- Note: when one ngircd connects to another using SSL, then only local SSL clients will be connected to the remote server. To allow non-SSL clients to join a second [Server] section will need to be created which does not use SSL.
Debugging and testing
To get debugging output in the case of problems, stop the server from init.d and then run from shell with the -n switch to have output logged to STDOUT as follows:
/etc/init.d/ngircd stop ngircd -n
Check that the SSL certificate is all good, most clients will have somewhere to check this, here's the output from the CLI-based WeeChat client:
│12:30:52 od -- | irc: connecting to server irc.organicdesign.nz/6667 (SSL)... │12:30:54 od -- | gnutls: connected using 2048-bit Diffie-Hellman shared secret exchange │12:30:54 od -- | gnutls: receiving 2 certificates │12:30:54 od -- | - certificate info: │12:30:54 od -- | - subject `CN=organicdesign.co.nz', issuer `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', │ | serial 0x04d0e79bfa0c7708f8b282f32efdc4fd5f86, RSA key 2048 bits, signed using RSA-SHA256, activated │ | `2020-05-07 21:47:43 UTC', expires `2020-08-05 21:47:43 UTC', pin-sha256="M7vVWN4LIlZo1vKtCs3jRB6H5onawfthC2T50ZcNZLI=" │12:30:54 od -- | - certificate info: │12:30:54 od -- | - subject `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', | | serial 0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC', | | expires `2021-03-17 16:40:46 UTC', pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=" │12:30:54 od -- | gnutls: peer's certificate is trusted │12:30:54 od -- | irc: connected to irc.organicdesign.nz/6667 (126.96.36.199)
I use the Pidgin instant messaging client that comes with most Linux distro. First set up an account on your server from the "Buddies" menu. This is where you enter your name and the global password along with the address/Name of the server. In the advanced tab, there are options for connecting with SSL and for disabling the annoying Away message!
When the chat opens in the channel, select "Save" from the "Conversation" menu to save the channel in the "Buddies" list and allow it to connect on start up etc. You may want to right-click on it in the Buddy list and set it to "auto join" and "persistent" if you want to always be present in that channel while Pidgin is running.
WeeChat is a CLI-based client which us useful for connecting to IRC channels from within SSH sessions or if you are a GUI hater. After installing and running WeeChat, add a new server and connect as follows (the second line is only needed if using a port other than 6667):
/server add od irc.organicdesign.nz /set irc.server.od.addresses "chat.freenode.net/9999" /set irc.server.od.ssl on /connect od -password=******