Difference between revisions of "Install an IRC server"

From Organic Design wiki
(Change source-code blocks to standard format)
m (Installation & configuration)
 
(15 intermediate revisions by the same user not shown)
Line 4: Line 4:
 
}}
 
}}
  
== Server ==
 
 
An IRC server can be set up on the local LAN so that chat is available independently of the Internet connection. Traditionally the problem with setting up an IRC client has been configurational complexity, but the "Next Generation IRC client" ([http://ngircd.barton.de/ ngIRCd]) can literally be set up in minutes. On Ubuntu or Debian systems it can be installed with '''apt-get install ngircd'''.
 
An IRC server can be set up on the local LAN so that chat is available independently of the Internet connection. Traditionally the problem with setting up an IRC client has been configurational complexity, but the "Next Generation IRC client" ([http://ngircd.barton.de/ ngIRCd]) can literally be set up in minutes. On Ubuntu or Debian systems it can be installed with '''apt-get install ngircd'''.
  
=== Installation ===
+
== Installation & configuration ==
The Debian package is installed with ''gnu-tls'' for SSL support but we use ''openssl'' and due to this clients cannot make SSL connections with the package when ''ngircd'' is installed via ''apt-get'' as an error such as the following will be encountered (and logged into ''syslog'').
+
Installation is very straight forward using ''apt''. Only a few adjustments need to be made to the configuration in ''/etc/ngircd/ngircd.conf'' to get a functional server up and running; set the Name value of the server to an IP or domain name it can be reachable by within the LAN or Internet. You can set a global password which simplifies the set up of users (any username will work with the global password) by setting the '''Password''' value. We also add the '''PredefChannelsOnly = yes'''. You may wish to refine the configuration further by setting up specific users and channels.
<source>
+
*You may need to disable DNS lookups with '''DNS = no''' if connections are being refused due to IP addresses not matching their reverse lookup.
ngircd[2639]: gnutls_handshake: Could not negotiate a supported cipher suite.
+
*Another useful directive is '''MaxNickLength''' (all servers in the group must have the same value if this is used)
</source>
 
 
 
 
 
So we need to compile from source and configure it ''-with-openssl'' instead. First ensure you have the latest ''libssl-dev'' package installed and then download, unpack and configure. I prefer to keep its files in ''/etc/ngircd''.
 
<source>
 
apt-get install libssl-dev
 
mkdir /etc/ngircd
 
cd /etc/ngircd
 
wget ftp://ftp.berlios.de/pub/ngircd/ngircd-20.2.tar.gz
 
tar -zxf ngircd-20.2.tar.gz
 
cd ngircd-20.2
 
./configure --prefix=/usr --with-openssl
 
</source>
 
 
 
 
 
If it has successfully compiled you'll get something like the following message:
 
<source>
 
ngIRCd 20.2 has been configured with the following options:
 
 
 
              Host: x86_64-unknown-linux-gnu
 
          Compiler: gcc -std=gnu99
 
    Compiler flags: -g -O2 -pipe -W -Wall -Wpointer-arith -Wstrict-prototypes -fstack-protector -DSYSCONFDIR='"$(sysconfdir)"'
 
          Libraries: -lssl -lcrypto -lz
 
 
 
    'ngircd' binary: /usr/sbin
 
Configuration file: /usr/etc
 
      Manual pages: /usr/share/man
 
      Documentation: /usr/share/doc/ngircd
 
 
 
    Syslog support: yes    Enable debug code: no
 
  zlib compression: yes          IRC sniffer: no
 
  Use TCP Wrappers: no        Strict RFC mode: no
 
      IDENT support: no          IRC+ protocol: yes
 
      IPv6 protocol: no            I/O backend: "epoll(), select()"
 
        PAM support: no            SSL support: openssl
 
  libiconv support: no
 
</source>
 
 
 
 
 
You can then make and install in the usual fashion:
 
<source>
 
make
 
make install
 
</source>
 
  
  
Now a self-signed certificate needs to be generated, make sure to remember the password ("secret" in the following example) it asks for a the start of the procedure, and use your server's IRC domain address for the ''common name'' entry.
+
The [[SSL]] settings can just refer to the existing ''LetsEncrypt'' files, e.g.
 
<source>
 
<source>
cd /etc/ngircd
+
CertFile = /var/www/ssl/le-latest/fullchain.pem
openssl req -newkey rsa:2048 -x509 -keyout server-key.pem -out server-cert.pem -days 1461
+
KeyFile  = /var/www/ssl/le-latest/privkey.pem
 +
DHFile  = /var/www/ssl/dhparams4096.pem
 
</source>
 
</source>
  
  
The configuration file in ''/etc/ngircd/ngircd.conf'' need to be updated to refer to the certificate files.
+
Each predefined channel goes in it's own '''[Channel]''' section, e.g.
 
<source>
 
<source>
[SSL]
+
[Channel]
     Ports = 6667
+
     Name  = #OurPrivateChannel
     KeyFile = /etc/ngircd/server-key.pem
+
     Topic = All about our interests
     CertFile = /etc/ngircd/server-cert.pem
+
     Modes = tnk
     KeyFilePassword = secret
+
     Key  = ourpassword
</source>
 
 
 
  
If you're server connects to other server and you wish those connections to also be encrypted, you must add the following directive to their respective [Server] sections:
+
[Channel]
<source>
+
    Name  = #OurOpenChannel
SSLConnect = yes
+
    Topic = Public stuff
 
</source>
 
</source>
  
=== Configuration ===
+
== Connecting servers ==
Only a few adjustments need to be made to the configuration in ''/etc/ngircd/ngircd.conf'' to get a functional server up and running; set the Name value of the server to an IP or domain name it can be reachable by within the LAN or Internet. You can set a global password which simplifies the set up of users (any username will work with the global password) by setting the Password value. We also add the '''PredefChannelsOnly = yes'''. You may wish to refine the configuration further by setting up specific users and channels.
 
*You may beed to disable DNS lookups with '''DNS = no''' if connections are being refused due to IP addresses not matching their reverse lookup.
 
*Another useful directive is '''MaxNickLength''' (all servers in the group must have the same value if this is used)
 
 
 
=== Connecting servers ===
 
 
To have IRC servers connect together to form larger channels, fill in ''[Server]'' sections in the configuration. For each server to connect to, specify the ''Name'', ''Port'' (leave empty to allow only incoming connections from the remote server), and ensure that ''MyPassword'' and ''PeerPassword'' settings compliment each other in both directions.
 
To have IRC servers connect together to form larger channels, fill in ''[Server]'' sections in the configuration. For each server to connect to, specify the ''Name'', ''Port'' (leave empty to allow only incoming connections from the remote server), and ensure that ''MyPassword'' and ''PeerPassword'' settings compliment each other in both directions.
 
*'''Note:''' when one ngircd connects to another using SSL, then only local SSL clients will be connected to the remote server. To allow non-SSL clients to join a second [Server] section will need to be created which does not use SSL.
 
*'''Note:''' when one ngircd connects to another using SSL, then only local SSL clients will be connected to the remote server. To allow non-SSL clients to join a second [Server] section will need to be created which does not use SSL.
  
=== Debugging and testing ===
+
== Debugging and testing ==
 
To get debugging output in the case of problems, stop the server from ''init.d'' and then run from shell with the ''-n'' switch to have output logged to STDOUT as follows:
 
To get debugging output in the case of problems, stop the server from ''init.d'' and then run from shell with the ''-n'' switch to have output logged to STDOUT as follows:
 
<source>
 
<source>
Line 95: Line 44:
 
</source>
 
</source>
  
== Clients ==
 
We use the default instant messaging client that comes with Ubuntu which is Pidgin. First set up an account on your server from the "Buddies" menu. This is where you enter your name and the global password along with the address/Name of the server. In the '''advanced''' tab, there are options for connecting with ''SSL'' and for disabling the annoying '''Away''' message!
 
  
When the chat opens in the channel, select "Save" from the "Conversation" menu to save the channel in the "Buddies" list and allow it to connect on start up etc. You may want to right-click on it in the Buddie list and set it to "auto join" and "persistent" if you want to always be present in that channel while Pidgin is running.
+
Check that the SSL certificate is all good, most clients will have somewhere to check this, here's the output from the CLI-based WeeChat client:
 +
<source>
 +
│12:30:52 od  -- | irc: connecting to server irc.organicdesign.nz/6667 (SSL)...
 +
│12:30:54 od  -- | gnutls: {!connected using 2048-bit Diffie-Hellman shared secret exchange!}
 +
│12:30:54 od  -- | gnutls: {!receiving 2 certificates!}
 +
│12:30:54 od  -- |  - certificate[1] info:
 +
│12:30:54 od  -- |    - subject `{!CN=organicdesign.co.nz!}', issuer `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US',
 +
│                |      serial 0x04d0e79bfa0c7708f8b282f32efdc4fd5f86, RSA key 2048 bits, signed using RSA-SHA256, activated
 +
│                |      `2020-05-07 21:47:43 UTC', expires `2020-08-05 21:47:43 UTC', pin-sha256="M7vVWN4LIlZo1vKtCs3jRB6H5onawfthC2T50ZcNZLI="
 +
│12:30:54 od  -- |  - certificate[2] info:
 +
│12:30:54 od  -- |    - subject `{!CN=Let's Encrypt Authority X3!},O=Let's Encrypt,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.',
 +
|                |      serial 0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC',
 +
|                |      expires `2021-03-17 16:40:46 UTC', pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="
 +
│12:30:54 od  -- | gnutls: {!peer's certificate is trusted!}
 +
│12:30:54 od  -- | irc: connected to irc.organicdesign.nz/6667 (213.5.71.227)
 +
</source>
  
If running ''Pidgin'' you can [[File:Od-pidgin-theme.zip|download our OD emoticon theme]] which is currently just all the Skype ones (we've all been using mainly skype until now and would like to keep the same emoticons). It's a zipped up folder called "OD" which should be unpacked into ''~/.purple/smileys''. Next open the main Pidgin "Buddy list" window, then go into ''Preferences'' from the ''Tools'' menu, go to the ''Themes'' tab and select "OD" for the "Smiley theme". See [http://developer.pidgin.im/wiki/Using%20Pidgin#Whereismy.purpledirectory this link] for details about finding the Smileys folder on Windows.
+
== Clients ==
  
'''Note:''' The theme icons currently work only for IRC and XMPP, to make them also work for other protocols paste an additional section into the "theme" text file.
+
=== Pidgin ===
 +
I use the [https://pidgin.im Pidgin] instant messaging client that comes with most Linux distro. First set up an account on your server from the "Buddies" menu. This is where you enter your name and the global password along with the address/Name of the server. In the '''advanced''' tab, there are options for connecting with ''SSL'' and for disabling the annoying '''Away''' message!
  
== Channels ==
+
When the chat opens in the channel, select "Save" from the "Conversation" menu to save the channel in the "Buddies" list and allow it to connect on start up etc. You may want to right-click on it in the Buddy list and set it to "auto join" and "persistent" if you want to always be present in that channel while Pidgin is running.
  
'''#mediawiki'''<br>
+
=== WeeChat ===
The MediaWiki IRC channel is on freenode, see [http://freenode.net/faq.shtml freenode FAQ] for details about registering a nickname etc
+
[https://weechat.org WeeChat] is a CLI-based client which us useful for connecting to IRC channels from within SSH sessions or if you are a GUI hater. After installing and running ''WeeChat'', add a new server and connect as follows (the second line is only needed if using a port other than 6667):
 
+
<source>
'''#organicdesign'''<br>
+
/server add od irc.organicdesign.nz
We have our ''#organicdesign'' channel running from ''irc.organicdesign.co.nz'', it uses a password to connect (ask your systems administrator for that) and connects over SSL on port 16667.
+
/set irc.server.od.addresses "chat.freenode.net/9999"
 +
/set irc.server.od.ssl on
 +
/connect od -password=******
 +
</source>
  
 
== See also ==
 
== See also ==
 
*[http://ngircd.barton.de/ ngIRCd] ''- Next Generation IRC client''
 
*[http://ngircd.barton.de/ ngIRCd] ''- Next Generation IRC client''
 +
*[https://ngircd.barton.de/documentation.php.en Documentation]
 
*[http://ngircd.barton.de/doc/sample-ngircd.conf sample-ngircd.conf]
 
*[http://ngircd.barton.de/doc/sample-ngircd.conf sample-ngircd.conf]
 
*[http://www.irchelp.org/irchelp/irctutorial.html IRC.org tutorial]
 
*[http://www.irchelp.org/irchelp/irctutorial.html IRC.org tutorial]

Latest revision as of 03:28, 8 May 2020

Procedure.svg Install an IRC server
Organic Design procedure

An IRC server can be set up on the local LAN so that chat is available independently of the Internet connection. Traditionally the problem with setting up an IRC client has been configurational complexity, but the "Next Generation IRC client" (ngIRCd) can literally be set up in minutes. On Ubuntu or Debian systems it can be installed with apt-get install ngircd.

Installation & configuration

Installation is very straight forward using apt. Only a few adjustments need to be made to the configuration in /etc/ngircd/ngircd.conf to get a functional server up and running; set the Name value of the server to an IP or domain name it can be reachable by within the LAN or Internet. You can set a global password which simplifies the set up of users (any username will work with the global password) by setting the Password value. We also add the PredefChannelsOnly = yes. You may wish to refine the configuration further by setting up specific users and channels.

  • You may need to disable DNS lookups with DNS = no if connections are being refused due to IP addresses not matching their reverse lookup.
  • Another useful directive is MaxNickLength (all servers in the group must have the same value if this is used)


The SSL settings can just refer to the existing LetsEncrypt files, e.g. 

CertFile = /var/www/ssl/le-latest/fullchain.pem
KeyFile  = /var/www/ssl/le-latest/privkey.pem
DHFile   = /var/www/ssl/dhparams4096.pem


Each predefined channel goes in it's own [Channel] section, e.g. 

[Channel]
    Name  = #OurPrivateChannel
    Topic = All about our interests
    Modes = tnk
    Key   = ourpassword

[Channel]
    Name  = #OurOpenChannel
    Topic = Public stuff

Connecting servers

To have IRC servers connect together to form larger channels, fill in [Server] sections in the configuration. For each server to connect to, specify the Name, Port (leave empty to allow only incoming connections from the remote server), and ensure that MyPassword and PeerPassword settings compliment each other in both directions.

  • Note: when one ngircd connects to another using SSL, then only local SSL clients will be connected to the remote server. To allow non-SSL clients to join a second [Server] section will need to be created which does not use SSL.

Debugging and testing

To get debugging output in the case of problems, stop the server from init.d and then run from shell with the -n switch to have output logged to STDOUT as follows: 

/etc/init.d/ngircd stop
ngircd -n


Check that the SSL certificate is all good, most clients will have somewhere to check this, here's the output from the CLI-based WeeChat client: 

│12:30:52 od  -- | irc: connecting to server irc.organicdesign.nz/6667 (SSL)...
│12:30:54 od  -- | gnutls: connected using 2048-bit Diffie-Hellman shared secret exchange
│12:30:54 od  -- | gnutls: receiving 2 certificates
│12:30:54 od  -- |  - certificate[1] info:
│12:30:54 od  -- |    - subject `CN=organicdesign.co.nz', issuer `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US',
│                |      serial 0x04d0e79bfa0c7708f8b282f32efdc4fd5f86, RSA key 2048 bits, signed using RSA-SHA256, activated
│                |      `2020-05-07 21:47:43 UTC', expires `2020-08-05 21:47:43 UTC', pin-sha256="M7vVWN4LIlZo1vKtCs3jRB6H5onawfthC2T50ZcNZLI="
│12:30:54 od  -- |  - certificate[2] info:
│12:30:54 od  -- |    - subject `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.',
|                |      serial 0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC',
|                |      expires `2021-03-17 16:40:46 UTC', pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="
│12:30:54 od  -- | gnutls: peer's certificate is trusted
│12:30:54 od  -- | irc: connected to irc.organicdesign.nz/6667 (213.5.71.227)

Clients

Pidgin

I use the Pidgin instant messaging client that comes with most Linux distro. First set up an account on your server from the "Buddies" menu. This is where you enter your name and the global password along with the address/Name of the server. In the advanced tab, there are options for connecting with SSL and for disabling the annoying Away message!

When the chat opens in the channel, select "Save" from the "Conversation" menu to save the channel in the "Buddies" list and allow it to connect on start up etc. You may want to right-click on it in the Buddy list and set it to "auto join" and "persistent" if you want to always be present in that channel while Pidgin is running.

WeeChat

WeeChat is a CLI-based client which us useful for connecting to IRC channels from within SSH sessions or if you are a GUI hater. After installing and running WeeChat, add a new server and connect as follows (the second line is only needed if using a port other than 6667): 

/server add od irc.organicdesign.nz
/set irc.server.od.addresses "chat.freenode.net/9999"
/set irc.server.od.ssl on
/connect od -password=******

See also

Retrieved from "https://organicdesign.nz/wiki/index.php?title=Install_an_IRC_server&oldid=128024"