ngircd/INSTALL

                     ngIRCd - Next Generation IRC Server
                           http://ngircd.barton.de/

               (c)2001-2017 Alexander Barton and Contributors.
               ngIRCd is free software and published under the
                   terms of the GNU General Public License.

                                -- INSTALL --


I. Upgrade Information
~~~~~~~~~~~~~~~~~~~~~~

Differences to version 22.x

- The "NoticeAuth" ngircd.conf configuration variable has been renamed to
  "NoticeBeforeRegistration". The old "NoticeAuth" variable still works but
  is deprecated now.

- The default value of the SSL "CipherList" variable has been changed to
  "HIGH:!aNULL:@STRENGTH:!SSLv3" (OpenSSL) and "SECURE128:-VERS-SSL3.0"
  (GnuTLS) to disable the old SSLv3 protocol by default.
  To enable connections of clients still requiring the weak SSLv3 protocol,
  the "CipherList" must be set to its old value (not recommended!), which
  was "HIGH:!aNULL:@STRENGTH" (OpenSSL) and "SECURE128" (GnuTLS), see below.

Differences to version 20.x

- Starting with ngIRCd 21, the ciphers used by SSL are configurable and
  default to "HIGH:!aNULL:@STRENGTH" (OpenSSL) or "SECURE128" (GnuTLS).
  Previous version were using the OpenSSL or GnuTLS defaults, "DEFAULT"
  and "NORMAL" respectively.

- When adding GLINE's or KLINE's to ngIRCd 21 (or newer), all clients matching
  the new mask will be KILL'ed. This was not the case with earlier versions
  that only added the mask but didn't kill already connected users.

- The "PredefChannelsOnly" configuration variable has been superseded by the
  new "AllowedChannelTypes" variable. It is still supported and translated to
  the appropriate "AllowedChannelTypes" setting but is deprecated now.

Differences to version 19.x

- Starting with ngIRCd 20, users can "cloak" their hostname only when the
  configuration variable "CloakHostModeX" (introduced in 19.2) is set.
  Otherwise, only IRC operators, other servers, and services are allowed to
  set mode +x. This prevents regular users from changing their hostmask to
  the name of the IRC server itself, which confused quite a few people ;-)

Differences to version 17.x

- Support for ZeroConf/Bonjour/Rendezvous service registration has been
  removed. The configuration option "NoZeroconf" is no longer available.

- The structure of ngircd.conf has been cleaned up and three new configuration
  sections have been introduced: [Limits], [Options], and [SSL].
  Lots of configuration variables stored in the [Global] section are now
  deprecated there and should be stored in one of these new sections (but
  still work in [Global]):
    "AllowRemoteOper"    -> [Options]
    "ChrootDir"          -> [Options]
    "ConnectIPv4"        -> [Options]
    "ConnectIPv6"        -> [Options]
    "ConnectRetry"       -> [Limits]
    "MaxConnections"     -> [Limits]
    "MaxConnectionsIP"   -> [Limits]
    "MaxJoins"           -> [Limits]
    "MaxNickLength"      -> [Limits]
    "NoDNS"              -> [Options], and renamed to "DNS"
    "NoIdent"            -> [Options], and renamed to "Ident"
    "NoPAM"              -> [Options], and renamed to "PAM"
    "OperCanUseMode"     -> [Options]
    "OperServerMode"     -> [Options]
    "PingTimeout"        -> [Limits]
    "PongTimeout"        -> [Limits]
    "PredefChannelsOnly" -> [Options]
    "SSLCertFile"        -> [SSL], and renamed to "CertFile"
    "SSLDHFile"          -> [SSL], and renamed to "DHFile"
    "SSLKeyFile"         -> [SSL], and renamed to "KeyFile"
    "SSLKeyFilePassword" -> [SSL], and renamed to "KeyFilePassword"
    "SSLPorts"           -> [SSL], and renamed to "Ports"
    "SyslogFacility"     -> [Options]
    "WebircPassword"     -> [Options]
  You should adjust your ngircd.conf and run "ngircd --configtest" to make
  sure that your settings are correct and up to date!

Differences to version 16.x

- Changes to the "MotdFile" specified in ngircd.conf now require a ngircd
  configuration reload to take effect (HUP signal, REHASH command).

Differences to version 0.9.x

- The option of the configure script to enable support for Zeroconf/Bonjour/
  Rendezvous/WhateverItIsNamedToday has been renamed:
    --with-rendezvous  ->  --with-zeroconf

Differences to version 0.8.x

- The maximum length of passwords has been raised to 20 characters (instead
  of 8 characters). If your passwords are longer than 8 characters then they
  are cut at an other position now.

Differences to version 0.6.x

- Some options of the configure script have been renamed:
    --disable-syslog  ->  --without-syslog
    --disable-zlib    ->  --without-zlib
  Please call "./configure --help" to review the full list of options!

Differences to version 0.5.x

- Starting with version 0.6.0, other servers are identified using asynchronous
  passwords: therefore the variable "Password" in [Server]-sections has been
  replaced by "MyPassword" and "PeerPassword".

- New configuration variables, section [Global]: MaxConnections, MaxJoins
  (see example configuration file "doc/sample-ngircd.conf"!).


II. Standard Installation
~~~~~~~~~~~~~~~~~~~~~~~~~

ngIRCd is developed for UNIX-based systems, which means that the installation
on modern UNIX-like systems that are supported by GNU autoconf and GNU
automake ("configure") should be no problem.

The normal installation procedure after getting (and expanding) the source
files (using a distribution archive or GIT) is as following:

  0) Satisfy prerequisites
  1) ./autogen.sh  [only necessary when using GIT]
  2) ./configure
  3) make
  4) make install

(Please see details below!)

Now the newly compiled executable "ngircd" is installed in its standard
location, /usr/local/sbin/.

The next step is to configure and afterwards starting the daemon. Please
have a look at the ngircd(8) and ngircd.conf(5) manual pages for details
and all possible options -- and don't forget to run "ngircd --configtest"
to validate your configuration file!

If no previous version of the configuration file exists (the standard name
is /usr/local/etc/ngircd.conf), a sample configuration file containing all
possible options will be installed there. You'll find its template in the
doc/ directory: sample-ngircd.conf.


0): Satisfy prerequisites

When building from source, you'll need some other software to build ngIRCd:
for example a working C compiler, make tool, GNU automake and autoconf (only
when not using a distribution archive), and a few libraries depending on the
features you want to compile in (like IDENT support, SSL, and PAM).

If you are using one of the "big" operating systems or Linux distributions,
you can use the following commands to install all the required packages to
build the sources including all optional features and to run the test suite:

* Red Hat / Fedora based distributions:

  yum install \
    autoconf automake expect gcc glibc-devel gnutls-devel \
    libident-devel make pam-devel tcp_wrappers-devel telnet zlib-devel

* Debian / Ubuntu based distributions:

  apt-get install \
    autoconf automake build-essential expect libgnutls-dev \
    libident-dev libpam-dev libwrap0-dev libz-dev telnet


1): "autogen.sh"

The first step, autogen.sh, is only necessary if the configure-script isn't
already generated. This never happens in official ("stable") releases in
tar.gz-archives, but when using GIT.

This step is therefore only interesting for developers.

autogen.sh produces the Makefile.in's, which are necessary for the configure
script itself, and some more files for make. To run autogen.sh you'll need
GNU autoconf and GNU automake: at least autoconf 2.61 and automake 1.10 are
required, newer is better. But don't use automake 1.12 or newer for creating
distribution archives: it will work but lack "de-ANSI-fication" support in the
generated Makefile's! Stick with automake 1.11.x for this purpose ...
So automake 1.11.x and autoconf 2.67+ is recommended.

Again: "end users" do not need this step and neither need GNU autoconf nor GNU
automake at all!


2): "./configure"

The configure-script is used to detect local system dependencies.

In the perfect case, configure should recognize all needed libraries, header
files and so on. If this shouldn't work, "./configure --help" shows all
possible options.

In addition, you can pass some command line options to "configure" to enable
and/or disable some features of ngIRCd. All these options are shown using
"./configure --help", too.

Compiling a static binary will avoid you the hassle of feeding a chroot dir
(if you want use the chroot feature). Just do something like:
  CFLAGS=-static ./configure [--your-options ...]
Then you can use a void directory as ChrootDir (like OpenSSH's /var/empty).


3): "make"

The make command uses the Makefiles produced by configure and compiles the
ngIRCd daemon.


4): "make install"

Use "make install" to install the server and a sample configuration file on
the local system. Normally, root privileges are necessary to complete this
step. If there is already an older configuration file present, it won't be
overwritten.

These files and folders will be installed by default:

- /usr/local/sbin/ngircd: executable server
- /usr/local/etc/ngircd.conf: sample configuration (if not already present)
- /usr/local/share/doc/ngircd/: documentation
- /usr/local/share/man/: manual pages


III. Additional features
~~~~~~~~~~~~~~~~~~~~~~~~

The following optional features can be compiled into the daemon by passing
options to the "configure" script. Most options can handle a <path> argument
which will be used to search for the required libraries and header files in
the given paths ("<path>/lib/...", "<path>/include/...") in addition to the
standard locations.

* Syslog Logging (autodetected by default):
  --with-syslog[=<path>] / --without-syslog

  Enable (disable) support for logging to "syslog", which should be
  available on most modern UNIX-like operating systems by default.

* ZLib Compression (autodetected by default):
  --with-zlib[=<path>] / --without-zlib

  Enable (disable) support for compressed server-server links.
  The Z compression library ("libz") is required for this option.

* IO Backend (autodetected by default):
  --with-select[=<path>] / --without-select
  --with-poll[=<path>] / --without-poll
  --with-devpoll[=<path>] / --without-devpoll
  --with-epoll[=<path>] / --without-epoll
  --with-kqueue[=<path>] / --without-kqueue

  ngIRCd can use different IO "backends": the "old school" select() and poll()
  API which should be supported by most UNIX-like operating systems, or the
  more efficient and flexible epoll() (Linux >=2.6), kqueue() (BSD) and
  /dev/poll APIs.
  By default the IO backend is autodetected, but you can use "--without-xxx"
  to disable a more enhanced API.
  When using the epoll() API, support for select() is compiled in as well by
  default to enable the binary to run on older Linux kernels (<2.6), too.

* IDENT-Support:
  --with-ident[=<path>]

  Include support for IDENT ("AUTH") lookups. The "ident" library is
  required for this option.

* TCP-Wrappers:
  --with-tcp-wrappers[=<path>]

  Include support for Wietse Venemas "TCP Wrappers" to limit client access
  to the daemon, for example by using "/etc/hosts.{allow|deny}".
  The "libwrap" is required for this option.

* PAM:
  --with-pam[=<path>]

  Enable support for PAM, the Pluggable Authentication Modules library.
  See doc/PAM.txt for details.

* SSL:
  --with-openssl[=<path>]
  --with-gnutls[=<path>]

  Enable support for SSL/TLS using OpenSSL or gnutls libraries.
  See doc/SSL.txt for details.

* IPv6:
  --enable-ipv6

  Adds support for version 6 of the Internet Protocol.


IV. Useful make-targets
~~~~~~~~~~~~~~~~~~~~~~~

The Makefile produced by the configure-script contains always these useful
targets:

 - clean: delete every product from the compiler/linker
   next step: -> make

 - distclean: the above plus erase all generated Makefiles
   next step: -> ./configure

 - maintainer-clean: erase all automatic generated files
   next step: -> ./autogen.sh


V. Sample configuration file ngircd.conf
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In the sample configuration file, there are comments beginning with "#" OR
";" -- this is only for the better understanding of the file.

The file is separated in five blocks: [Global], [Features], [Operator],
[Server], and [Channel].

In the [Global] section, there is the main configuration like the server
name and the ports, on which the server should be listening. Options in
the [Features] section enable or disable functionality in the daemon.
IRC operators of this server are defined in [Operator] blocks, remote
servers are configured in [Server] sections, and [Channel] blocks are
used to configure pre-defined ("persistent") IRC channels.

The meaning of the variables in the configuration file is explained in the
"doc/sample-ngircd.conf", which is used as sample configuration file in
/usr/local/etc after running "make install" (if you don't already have one)
and in the ngircd.conf(5) manual page.


VI. Command line options
~~~~~~~~~~~~~~~~~~~~~~~~

These parameters could be passed to the ngIRCd:

-f, --config <file>
	The daemon uses the file <file> as configuration file rather than
	the standard configuration /usr/local/etc/ngircd.conf.

-n, --nodaemon
	ngIRCd should be running as a foreground process.

-p, --passive
	Server-links won't be automatically established.

-t, --configtest
	Reads, validates and dumps the configuration file as interpreted
	by the server. Then exits.

Use "--help" to see a short help text describing all available parameters
the server understands, with "--version" the ngIRCd shows its version
number. In both cases the server exits after the output.

Please see the ngircd(8) manual page for complete details!