mirror of
https://github.com/osmarks/ngircd.git
synced 2025-01-07 14:20:29 +00:00
cf7e19193b
Cosmo Kastemaa reported that its impossible to create an ssl-only setup, as ngircd binds to port 6667 by default, even if setting "Ports =". Only add the default port if _both_ "Ports" and "SSLPorts" are unspecified. Fixes bugzilla #98.
388 lines
12 KiB
Cheetah
388 lines
12 KiB
Cheetah
.\"
|
|
.\" ngircd.conf(5) manual page template
|
|
.\"
|
|
.TH ngircd.conf 5 "Dec 2008" ngircd "ngIRCd Manual"
|
|
.SH NAME
|
|
ngircd.conf \- configuration file of ngIRCd
|
|
.SH SYNOPSIS
|
|
.B :ETCDIR:/ngircd.conf
|
|
.SH DESCRIPTION
|
|
.BR ngircd.conf
|
|
is the configuration file of the
|
|
.BR ngircd (8)
|
|
Internet Relay Chat (IRC) daemon which you should adept to your local
|
|
preferences and needs.
|
|
.PP
|
|
Most variables can be modified while the ngIRCd daemon is already running:
|
|
It will reload its configuration when a HUP signal is received.
|
|
.SH "FILE FORMAT"
|
|
The file consists of sections and parameters. A section begins with the name
|
|
of the section in square brackets and continues until the next section
|
|
begins.
|
|
.PP
|
|
Sections contain parameters of the form
|
|
.PP
|
|
.RS
|
|
.I name
|
|
=
|
|
.I value
|
|
.RE
|
|
.PP
|
|
Empty lines and any line beginning with a semicolon (';') or a hash ('#')
|
|
character are treated as a comment and will be ignored. Leading and trailing
|
|
whitespaces are trimmed before any processing takes place.
|
|
.PP
|
|
The file format is line-based - that means, each non-empty newline-terminated
|
|
line represents either a comment, a section name, or a parameter.
|
|
.PP
|
|
Section and parameter names are not case sensitive.
|
|
.SH "SECTION OVERVIEW"
|
|
The file can contain blocks of four types: [Global], [Operator], [Server],
|
|
and [Channel].
|
|
.PP
|
|
The main configuration of the server is stored in the
|
|
.I [Global]
|
|
section, like the server name, administrative information and the
|
|
ports on which the server should be listening. IRC operators of this
|
|
server are defined in
|
|
.I [Operator]
|
|
blocks.
|
|
.I [Server]
|
|
is the section where server links are configured. And
|
|
.I [Channel]
|
|
blocks are used to configure pre-defined ("persistent") IRC channels.
|
|
.PP
|
|
There can be more than one [Operator], [Server] and [Channel] sections
|
|
per configuration file, but only one [Global] section.
|
|
.SH [GLOBAL]
|
|
The
|
|
.I [Global]
|
|
section is used to define the server main configuration, like the server
|
|
name and the ports on which the server should be listening.
|
|
.TP
|
|
\fBName\fR
|
|
Server name in the IRC network. This is an individual name of the IRC
|
|
server, it is not related to the DNS host name. It must be unique in the
|
|
IRC network and must contain at least one dot (".") character.
|
|
.TP
|
|
\fBInfo\fR
|
|
Info text of the server. This will be shown by WHOIS and LINKS requests for
|
|
example.
|
|
.TP
|
|
\fBAdminInfo1\fR, \fBAdminInfo2\fR, \fBAdminEMail\fR
|
|
Information about the server and the administrator, used by the ADMIN
|
|
command.
|
|
.TP
|
|
\fBPorts\fR
|
|
Ports on which the server should listen. There may be more than one port,
|
|
separated with commas (","). Default: 6667, unless \fBSSL_Ports\fR are also
|
|
specified.
|
|
.TP
|
|
\fBSSLPorts\fR
|
|
Same as \fBPorts\fR , except that ngIRCd will expect incoming connections
|
|
to be SSL/TLS encrypted. Common port numbers for SSL-encrypted IRC are 6669
|
|
and 6697. Default: none.
|
|
.TP
|
|
\fBSSLKeyFile\fR
|
|
Filename of SSL Server Key to be used for SSL connections. This is required for
|
|
SSL/TLS support.
|
|
.TP
|
|
\fBSSLKeyFilePassword\fR
|
|
(OpenSSL only:) Password to decrypt private key.
|
|
.TP
|
|
\fBSSLCertFile\fR
|
|
Certificate file of the private key.
|
|
.TP
|
|
\fBSSLDHFile\fR
|
|
Name of the Diffie-Hellman Parameter file. Can be created with gnutls
|
|
"certtool \-\-generate-dh-params" or "openssl dhparam".
|
|
If this file is not present, it will be generated on startup when ngIRCd
|
|
was compiled with gnutls support (this may take some time). If ngIRCd
|
|
was compiled with OpenSSL, then (Ephemeral)-Diffie-Hellman Key Exchanges and several
|
|
Cipher Suites will not be available.
|
|
.TP
|
|
\fBListen\fR
|
|
A comma separated list of IP address on which the server should listen.
|
|
If unset, the defaults value is "0.0.0.0" or, if ngIRCd was compiled
|
|
with IPv6 support, "::,0.0.0.0". So the server listens on all configured
|
|
IP addresses and interfaces by default.
|
|
.TP
|
|
\fBMotdFile\fR
|
|
Text file with the "message of the day" (MOTD). This message will be shown
|
|
to all users connecting to the server.
|
|
.TP
|
|
\fBMotdPhrase\fR
|
|
A simple Phrase (<256 chars) if you don't want to use a MOTD file.
|
|
If this variable is set, no \fBMotdFile\fR will be read at all which can be
|
|
handy if the daemon should run inside a chroot directory.
|
|
.TP
|
|
\fBServerUID\fR
|
|
User ID under which the server should run; you can use the name of the user
|
|
or the numerical ID.
|
|
.PP
|
|
.RS
|
|
.B Attention:
|
|
.br
|
|
For this to work the server must have been
|
|
started with root privileges! In addition, the configuration and MOTD files
|
|
must be readable by this user, otherwise RESTART and REHASH won't work!
|
|
.RE
|
|
.TP
|
|
\fBServerGID\fR
|
|
Group ID under which the ngIRCd should run; you can use the name of the
|
|
group or the numerical ID.
|
|
.PP
|
|
.RS
|
|
.B Attention:
|
|
.br
|
|
For this to work the server must have
|
|
been started with root privileges!
|
|
.RE
|
|
.TP
|
|
\fBChrootDir\fR
|
|
A directory to chroot in when everything is initialized. It doesn't need
|
|
to be populated if ngIRCd is compiled as a static binary. By default ngIRCd
|
|
won't use the chroot() feature.
|
|
.PP
|
|
.RS
|
|
.B Attention:
|
|
.br
|
|
For this to work the server must have
|
|
been started with root privileges!
|
|
.RE
|
|
.TP
|
|
\fBPidFile\fR
|
|
This tells ngIRCd to write its current process ID to a file. Note that the
|
|
pidfile is written AFTER chroot and switching the user ID, i. e. the
|
|
directory the pidfile resides in must be writeable by the ngIRCd user and
|
|
exist in the chroot directory (if configured, see above).
|
|
.RE
|
|
.TP
|
|
\fBPingTimeout\fR
|
|
After <PingTimeout> seconds of inactivity the server will send a PING to
|
|
the peer to test whether it is alive or not. Default: 120.
|
|
.TP
|
|
\fBPongTimeout\fR
|
|
If a client fails to answer a PING with a PONG within <PongTimeout>
|
|
seconds, it will be disconnected by the server. Default: 20.
|
|
.TP
|
|
\fBConnectRetry\fR
|
|
The server tries every <ConnectRetry> seconds to establish a link to not yet
|
|
(or no longer) connected servers. Default: 60.
|
|
.TP
|
|
\fBOperCanUseMode\fR
|
|
Should IRC Operators be allowed to use the MODE command even if they are
|
|
not(!) channel-operators? Default: no.
|
|
.TP
|
|
\fBOperServerMode\fR
|
|
If \fBOperCanUseMode\fR is enabled, this may lead the compatibility problems with
|
|
Servers that run the ircd-irc2 Software. This Option "masks" mode requests
|
|
by non-chanops as if they were coming from the server. Default: no.
|
|
.TP
|
|
\fBPredefChannelsOnly\fR
|
|
If enabled, no new channels can be created. Useful if
|
|
you do not want to have channels other than those defined in
|
|
[Channel] sections in the configuration file.
|
|
Default: no.
|
|
.TP
|
|
\fBNoDNS\fR
|
|
If set to true, ngIRCd will not make DNS lookups when clients connect.
|
|
If you configure the daemon to connect to other servers, ngIRCd may still
|
|
perform a DNS lookup if required.
|
|
Default: no.
|
|
.TP
|
|
\fBNoIdent\fR
|
|
If ngIRCd is compiled with IDENT support this can be used to disable IDENT
|
|
lookups at run time.
|
|
Default: no.
|
|
.TP
|
|
\fBConnectIPv4\fR
|
|
Set this to no if you do not want ngIRCd to connect to other IRC servers using
|
|
IPv4. This allows usage of ngIRCd in IPv6-only setups.
|
|
Default: yes.
|
|
.TP
|
|
\fBConnectIPv6\fR
|
|
Set this to no if you do not want ngIRCd to connect to other irc servers using IPv6.
|
|
Default: yes.
|
|
.TP
|
|
\fBMaxConnections\fR
|
|
Maximum number of simultaneous in- and outbound connections the server is
|
|
allowed to accept (0: unlimited). Default: 0.
|
|
.TP
|
|
\fBMaxConnectionsIP\fR
|
|
Maximum number of simultaneous connections from a single IP address that
|
|
the server will accept (0: unlimited). This configuration options lowers
|
|
the risk of denial of service attacks (DoS). Default: 5.
|
|
.TP
|
|
\fBMaxJoins\fR
|
|
Maximum number of channels a user can be member of (0: no limit).
|
|
Default: 10.
|
|
.TP
|
|
\fBMaxNickLength\fR
|
|
Maximum length of an user nick name (Default: 9, as in RFC 2812). Please
|
|
note that all servers in an IRC network MUST use the same maximum nick name
|
|
length!
|
|
.SH [OPERATOR]
|
|
.I [Operator]
|
|
sections are used to define IRC Operators. There may be more than one
|
|
.I [Operator]
|
|
block, one for each local operator.
|
|
.TP
|
|
\fBName\fR
|
|
ID of the operator (may be different of the nick name).
|
|
.TP
|
|
\fBPassword\fR
|
|
Password of the IRC operator.
|
|
.TP
|
|
\fBMask\fR
|
|
Mask that is to be checked before an /OPER for this account is accepted.
|
|
Example: nick!ident@*.example.com
|
|
.SH [SERVER]
|
|
Other servers are configured in
|
|
.I [Server]
|
|
sections. If you configure a port for the connection, then this ngIRCd
|
|
tries to connect to to the other server on the given port (active);
|
|
if not, it waits for the other server to connect (passive).
|
|
.PP
|
|
ngIRCd supports "server groups": You can assign an "ID" to every server
|
|
with which you want this ngIRCd to link, and the daemon ensures that at
|
|
any given time only one direct link exists to servers with the same ID.
|
|
So if a server of a group won't answer, ngIRCd tries to connect to the next
|
|
server in the given group (="with the same ID"), but never tries to connect
|
|
to more than one server of this group simultaneously.
|
|
.PP
|
|
There may be more than one
|
|
.I [Server]
|
|
block.
|
|
.TP
|
|
\fBName\fR
|
|
IRC name of the remote server.
|
|
.TP
|
|
\fBHost\fR
|
|
Internet host name (or IP address) of the peer.
|
|
.TP
|
|
\fBBind\fR
|
|
IP address to use as source IP for the outgoing connection. Default is
|
|
to let the operating system decide.
|
|
.TP
|
|
\fBPort\fR
|
|
Port of the remote server to which ngIRCd should connect (active).
|
|
If no port is assigned to a configured server, the daemon only waits for
|
|
incoming connections (passive, default).
|
|
.TP
|
|
\fBMyPassword\fR
|
|
Own password for this connection. This password has to be configured as
|
|
\fBPeerPassword\fR on the other server. Must not have ':' as first character.
|
|
.TP
|
|
\fBPeerPassword\fR
|
|
Foreign password for this connection. This password has to be configured as
|
|
\fBMyPassword\fR on the other server.
|
|
.TP
|
|
\fBGroup\fR
|
|
Group of this server (optional).
|
|
.TP
|
|
\fBPassive\fR
|
|
Disable automatic connection even if port value is specified. Default: false.
|
|
You can use the IRC Operator command CONNECT later on to create the link.
|
|
.TP
|
|
\fBSSLConnect\fR
|
|
Connect to the remote server using TLS/SSL. Default: false.
|
|
.TP
|
|
\fBServiceMask\fR
|
|
Define a (case insensitive) mask matching nick names that should be treated as
|
|
IRC services when introduced via this remote server. REGULAR SERVERS DON'T NEED
|
|
this parameter, so leave it empty (which is the default).
|
|
.PP
|
|
.RS
|
|
When you are connecting IRC services which mask as a IRC server and which use
|
|
"virtual users" to communicate with, for example "NickServ" and "ChanServ",
|
|
you should set this parameter to something like "*Serv".
|
|
.SH [CHANNEL]
|
|
Pre-defined channels can be configured in
|
|
.I [Channel]
|
|
sections. Such channels are created by the server when starting up and even
|
|
persist when there are no more members left.
|
|
.PP
|
|
Persistent channels are marked with the mode 'P', which can be set and unset
|
|
by IRC operators like other modes on the fly.
|
|
.PP
|
|
There may be more than one
|
|
.I [Channel]
|
|
block.
|
|
.TP
|
|
\fBName\fR
|
|
Name of the channel, including channel prefix ("#" or "&").
|
|
.TP
|
|
\fBTopic\fR
|
|
Topic for this channel.
|
|
.TP
|
|
\fBModes\fR
|
|
Initial channel modes.
|
|
.TP
|
|
\fBKey\fR
|
|
Sets initial channel key (only relevant if channel mode "k" is set).
|
|
.TP
|
|
\fBKeyFile\fR
|
|
Path and file name of a "key file" containing individual channel keys for
|
|
different users. The file consists of plain text lines with the following
|
|
syntax (without spaces!):
|
|
.PP
|
|
.RS
|
|
.RS
|
|
.I user
|
|
:
|
|
.I nick
|
|
:
|
|
.I key
|
|
.RE
|
|
.PP
|
|
.I user
|
|
and
|
|
.I nick
|
|
can contain the wildcard character "*".
|
|
.br
|
|
.I key
|
|
is an arbitrary password.
|
|
.PP
|
|
Valid examples are:
|
|
.PP
|
|
.RS
|
|
*:*:KeY
|
|
.br
|
|
*:nick:123
|
|
.br
|
|
~user:*:xyz
|
|
.RE
|
|
.PP
|
|
The key file is read on each JOIN command when this channel has a key
|
|
(channel mode +k). Access is granted, if a) the channel key set using the
|
|
MODE +k command or b) one of the lines in the key file match.
|
|
.PP
|
|
.B Please note:
|
|
.br
|
|
The file is not reopened on each access, so you can modify and overwrite it
|
|
without problems, but moving or deleting the file will have not effect until
|
|
the daemon re-reads its configuration!
|
|
.RE
|
|
.TP
|
|
\fBMaxUsers\fR
|
|
Set maximum user limit for this channel (only relevant if channel mode "l"
|
|
is set).
|
|
.SH HINTS
|
|
It's wise to use "ngircd \-\-configtest" to validate the configuration file
|
|
after changing it. See
|
|
.BR ngircd (8)
|
|
for details.
|
|
.SH AUTHOR
|
|
Alexander Barton,
|
|
.UR mailto:alex@barton.de
|
|
.UE
|
|
.br
|
|
Homepage:
|
|
.UR http://ngircd.barton.de/
|
|
.UE
|
|
.SH "SEE ALSO"
|
|
.BR ngircd (8)
|
|
.\"
|
|
.\" -eof-
|