mirror of
https://github.com/osmarks/ngircd.git
synced 2024-12-12 09:50:29 +00:00
ccb0cf3170
Until now, IPv6 support was disabled by default, which seems a bit outdated in 2024. Note: You still can pass "--enable-ipv6" or "--disable-ipv6" to the ./configure script to forcefully activate or deactivate IPv6 support.
429 lines
16 KiB
Markdown
429 lines
16 KiB
Markdown
# [ngIRCd](https://ngircd.barton.de) - Internet Relay Chat Server
|
|
|
|
This document explains how to install and configure ngIRCd, the lightweight
|
|
Internet Relay Chat (IRC) server.
|
|
|
|
The first section lists noteworthy changes to earlier releases; you definitely
|
|
should read this when upgrading your setup! But you can skip over this section
|
|
when you do a fresh installation.
|
|
|
|
All the subsequent sections describe the steps required to install and
|
|
configure ngIRCd.
|
|
|
|
Please see the file `doc/QuickStart.md` in the `doc/` directory and
|
|
[online](https://ngircd.barton.de/doc/QuickStart.md) on the homepage for some
|
|
configuration examples.
|
|
|
|
## Upgrade Information
|
|
|
|
Differences to version 25
|
|
|
|
- **Attention**:
|
|
All already deprecated legacy options (besides the newly deprecated *Key* and
|
|
*MaxUsers* settings, see below) were removed in ngIRCd 26, so make sure to
|
|
update your configuration before upgrading, if you haven't done so already
|
|
(you got a warning on daemon startup when using deprecated options): you can
|
|
check your configuration using `ngircd --configtest` -- which is a good idea
|
|
anyway ;-)
|
|
|
|
- Setting modes for predefined channels in *[Channel]* sections has been
|
|
enhanced: now you can set *all* modes, like in IRC "MODE" commands, and have
|
|
this setting multiple times per *[Channel]* block. Modifying lists (ban list,
|
|
invite list, exception list) is supported, too.
|
|
|
|
Both the *Key* and *MaxUsers* settings are now deprecated and should be
|
|
replaced by `Modes = +l <limit>` and `Modes = +k <key>` respectively.
|
|
|
|
Differences to version 22.x
|
|
|
|
- The *NoticeAuth* `ngircd.conf` configuration variable has been renamed to
|
|
*NoticeBeforeRegistration*. The old *NoticeAuth* variable still works but
|
|
is deprecated now.
|
|
|
|
- The default value of the SSL *CipherList* variable has been changed to
|
|
"HIGH:!aNULL:@STRENGTH:!SSLv3" (OpenSSL) and "SECURE128:-VERS-SSL3.0"
|
|
(GnuTLS) to disable the old SSLv3 protocol by default.
|
|
|
|
To enable connections of clients still requiring the weak SSLv3 protocol,
|
|
the *CipherList* must be set to its old value (not recommended!), which
|
|
was "HIGH:!aNULL:@STRENGTH" (OpenSSL) and "SECURE128" (GnuTLS), see below.
|
|
|
|
Differences to version 20.x
|
|
|
|
- Starting with ngIRCd 21, the ciphers used by SSL are configurable and
|
|
default to "HIGH:!aNULL:@STRENGTH" (OpenSSL) or "SECURE128" (GnuTLS).
|
|
Previous version were using the OpenSSL or GnuTLS defaults, "DEFAULT"
|
|
and "NORMAL" respectively.
|
|
|
|
- When adding GLINE's or KLINE's to ngIRCd 21 (or newer), all clients matching
|
|
the new mask will be KILL'ed. This was not the case with earlier versions
|
|
that only added the mask but didn't kill already connected users.
|
|
|
|
- The *PredefChannelsOnly* configuration variable has been superseded by the
|
|
new *AllowedChannelTypes* variable. It is still supported and translated to
|
|
the appropriate *AllowedChannelTypes* setting but is deprecated now.
|
|
|
|
Differences to version 19.x
|
|
|
|
- Starting with ngIRCd 20, users can "cloak" their hostname only when the
|
|
configuration variable *CloakHostModeX* (introduced in 19.2) is set.
|
|
Otherwise, only IRC operators, other servers, and services are allowed to
|
|
set mode +x. This prevents regular users from changing their hostmask to
|
|
the name of the IRC server itself, which confused quite a few people ;-)
|
|
|
|
Differences to version 17.x
|
|
|
|
- Support for ZeroConf/Bonjour/Rendezvous service registration has been
|
|
removed. The configuration option *NoZeroconf* is no longer available.
|
|
|
|
- The structure of `ngircd.conf` has been cleaned up and three new configuration
|
|
sections have been introduced: *[Limits]*, *[Options]*, and *[SSL]*.
|
|
|
|
Lots of configuration variables stored in the *[Global]* section are now
|
|
deprecated there and should be stored in one of these new sections (but
|
|
still work in *[Global]*):
|
|
|
|
- *AllowRemoteOper* -> [Options]
|
|
- *ChrootDir* -> [Options]
|
|
- *ConnectIPv4* -> [Options]
|
|
- *ConnectIPv6* -> [Options]
|
|
- *ConnectRetry* -> [Limits]
|
|
- *MaxConnections* -> [Limits]
|
|
- *MaxConnectionsIP* -> [Limits]
|
|
- *MaxJoins* -> [Limits]
|
|
- *MaxNickLength* -> [Limits]
|
|
- *NoDNS* -> [Options], and renamed to *DNS*
|
|
- *NoIdent* -> [Options], and renamed to *Ident*
|
|
- *NoPAM* -> [Options], and renamed to *PAM*
|
|
- *OperCanUseMode* -> [Options]
|
|
- *OperServerMode* -> [Options]
|
|
- *PingTimeout* -> [Limits]
|
|
- *PongTimeout* -> [Limits]
|
|
- *PredefChannelsOnly* -> [Options]
|
|
- *SSLCertFile* -> [SSL], and renamed to *CertFile*
|
|
- *SSLDHFile* -> [SSL], and renamed to *DHFile*
|
|
- *SSLKeyFile* -> [SSL], and renamed to *KeyFile*
|
|
- *SSLKeyFilePassword* -> [SSL], and renamed to *KeyFilePassword*
|
|
- *SSLPorts* -> [SSL], and renamed to *Ports*
|
|
- *SyslogFacility* -> [Options]
|
|
- *WebircPassword* -> [Options]
|
|
|
|
You should adjust your `ngircd.conf` and run `ngircd --configtest` to make
|
|
sure that your settings are correct and up to date!
|
|
|
|
Differences to version 16.x
|
|
|
|
- Changes to the *MotdFile* specified in `ngircd.conf` now require a ngIRCd
|
|
configuration reload to take effect (HUP signal, *REHASH* command).
|
|
|
|
Differences to version 0.9.x
|
|
|
|
- The option of the configure script to enable support for Zeroconf/Bonjour/
|
|
Rendezvous/WhateverItIsNamedToday has been renamed:
|
|
|
|
- `--with-rendezvous` -> `--with-zeroconf`
|
|
|
|
Differences to version 0.8.x
|
|
|
|
- The maximum length of passwords has been raised to 20 characters (instead
|
|
of 8 characters). If your passwords are longer than 8 characters then they
|
|
are cut at an other position now.
|
|
|
|
Differences to version 0.6.x
|
|
|
|
- Some options of the configure script have been renamed:
|
|
|
|
- `--disable-syslog` -> `--without-syslog`
|
|
- `--disable-zlib` -> `--without-zlib`
|
|
|
|
Please call `./configure --help` to review the full list of options!
|
|
|
|
Differences to version 0.5.x
|
|
|
|
- Starting with version 0.6.0, other servers are identified using asynchronous
|
|
passwords: therefore the variable *Password* in *[Server]*-sections has been
|
|
replaced by *MyPassword* and *PeerPassword*.
|
|
|
|
- New configuration variables, section *[Global]*: *MaxConnections*, *MaxJoins*
|
|
(see example configuration file `doc/sample-ngircd.conf`!).
|
|
|
|
## Standard Installation
|
|
|
|
*Note*: This sections describes installing ngIRCd *from sources*. If you use
|
|
packages available for your operating system distribution you should skip over
|
|
and continue with the *Configuration* section, see below.
|
|
|
|
ngIRCd is developed for UNIX-based systems, which means that the installation
|
|
on modern UNIX-like systems that are supported by GNU autoconf and GNU
|
|
automake ("`configure` script") should be no problem.
|
|
|
|
The normal installation procedure after getting (and expanding) the source
|
|
files (using a distribution archive or Git) is as following:
|
|
|
|
1) Satisfy prerequisites
|
|
2) `./autogen.sh` [only necessary when using "raw" sources with Git]
|
|
3) `./configure`
|
|
4) `make`
|
|
5) `make install`
|
|
|
|
(Please see details below!)
|
|
|
|
Now the newly compiled executable "ngircd" is installed in its standard
|
|
location, `/usr/local/sbin/`.
|
|
|
|
If no previous version of the configuration file exists (the standard name
|
|
is `/usr/local/etc/ngircd.conf)`, a sample configuration file containing all
|
|
possible options will be installed there. You'll find its template in the
|
|
`doc/` directory: `sample-ngircd.conf`.
|
|
|
|
The next step is to configure and afterwards start the daemon. See the section
|
|
*Configuration* below.
|
|
|
|
### Satisfy prerequisites
|
|
|
|
When building from source, you'll need some other software to build ngIRCd:
|
|
for example a working C compiler, make tool, and a few libraries depending on
|
|
the feature set you want to enable at compile time (like IDENT, SSL, and PAM).
|
|
|
|
And if you aren't using a distribution archive ("tar.gz" file), but cloned the
|
|
plain source archive, you need a few additional tools to generate the build
|
|
system itself: GNU automake and autoconf, as well as pkg-config.
|
|
|
|
If you are using one of the "big" operating systems or Linux distributions,
|
|
you can use the following commands to install all the required packages to
|
|
build the sources including all optional features and to run the test suite:
|
|
|
|
#### Red Hat / Fedora based distributions
|
|
|
|
``` shell
|
|
yum install \
|
|
autoconf automake expect gcc glibc-devel gnutls-devel \
|
|
libident-devel make pam-devel pkg-config tcp_wrappers-devel \
|
|
telnet zlib-devel
|
|
```
|
|
|
|
#### Debian / Ubuntu based distributions
|
|
|
|
``` shell
|
|
apt-get install \
|
|
autoconf automake build-essential expect libgnutls28-dev \
|
|
libident-dev libpam-dev pkg-config libwrap0-dev libz-dev telnet
|
|
```
|
|
|
|
#### ArchLinux based distributions
|
|
|
|
``` shell
|
|
pacman -S --needed \
|
|
autoconf automake expect gcc gnutls inetutils libident libwrap \
|
|
make pam pkg-config zlib
|
|
```
|
|
|
|
### `./autogen.sh`
|
|
|
|
The first step, to run `./autogen.sh`, is *only* necessary if the `configure`
|
|
script itself isn't already generated and available. This never happens in
|
|
official ("stable") releases in "tar.gz" archives, but when cloning the source
|
|
code repository using Git.
|
|
|
|
**This step is therefore only interesting for developers!**
|
|
|
|
The `autogen.sh` script produces the `Makefile.in`'s, which are necessary for
|
|
the configure script itself, and some more files for `make(1)`.
|
|
|
|
To run `autogen.sh` you'll need GNU autoconf, GNU automake and pkg-config: at
|
|
least autoconf 2.61 and automake 1.10 are required, newer is better. But don't
|
|
use automake 1.12 or newer for creating distribution archives: it will work
|
|
but lack "de-ANSI-fication" support in the generated Makefile's! Stick with
|
|
automake 1.11.x for this purpose ...
|
|
|
|
So *automake 1.11.x* and *autoconf 2.67+* is recommended.
|
|
|
|
Again: "end users" do not need this step and neither need GNU autoconf nor GNU
|
|
automake at all!
|
|
|
|
### `./configure`
|
|
|
|
The `configure` script is used to detect local system dependencies.
|
|
|
|
In the perfect case, `configure` should recognize all needed libraries, header
|
|
files and so on. If this shouldn't work, `./configure --help` shows all
|
|
possible options.
|
|
|
|
In addition, you can pass some command line options to `configure` to enable
|
|
and/or disable some features of ngIRCd. All these options are shown using
|
|
`./configure --help`, too.
|
|
|
|
Compiling a static binary will avoid you the hassle of feeding a chroot dir
|
|
(if you want use the chroot feature). Just do something like:
|
|
|
|
``` shell
|
|
CFLAGS=-static ./configure [--your-options ...]
|
|
```
|
|
|
|
Then you can use a void directory as ChrootDir (like OpenSSH's `/var/empty`).
|
|
|
|
### `make`
|
|
|
|
The `make(1)` command uses the `Makefile`'s produced by `configure` and
|
|
compiles the ngIRCd daemon.
|
|
|
|
### `make install`
|
|
|
|
Use `make install` to install the server and a sample configuration file on
|
|
the local system. Normally, root privileges are necessary to complete this
|
|
step. If there is already an older configuration file present, it won't be
|
|
overwritten.
|
|
|
|
These files and folders will be installed by default:
|
|
|
|
- `/usr/local/sbin/ngircd`: executable server
|
|
- `/usr/local/etc/ngircd.conf`: sample configuration (if not already present)
|
|
- `/usr/local/share/doc/ngircd/`: documentation
|
|
- `/usr/local/share/man/`: manual pages
|
|
|
|
### Additional features
|
|
|
|
The following optional features can be compiled into the daemon by passing
|
|
options to the `configure` script. Most options can handle a `<path>` argument
|
|
which will be used to search for the required libraries and header files in
|
|
the given paths (`<path>/lib/...`, `<path>/include/...`) in addition to the
|
|
standard locations.
|
|
|
|
- Syslog Logging (autodetected by default):
|
|
|
|
`--with-syslog[=<path>]` / `--without-syslog`
|
|
|
|
Enable (disable) support for logging to "syslog", which should be
|
|
available on most modern UNIX-like operating systems by default.
|
|
|
|
- ZLib Compression (autodetected by default):
|
|
|
|
`--with-zlib[=<path>]` / `--without-zlib`
|
|
|
|
Enable (disable) support for compressed server-server links.
|
|
The Z compression library ("libz") is required for this option.
|
|
|
|
- IO Backend (autodetected by default):
|
|
|
|
- `--with-select[=<path>]` / `--without-select`
|
|
- `--with-poll[=<path>]` / `--without-poll`
|
|
- `--with-devpoll[=<path>]` / `--without-devpoll`
|
|
- `--with-epoll[=<path>]` / `--without-epoll`
|
|
- `--with-kqueue[=<path>]` / `--without-kqueue`
|
|
|
|
ngIRCd can use different IO "backends": the "old school" `select(2)` and
|
|
`poll(2)` API which should be supported by most UNIX-like operating systems,
|
|
or the more efficient and flexible `epoll(7)` (Linux >=2.6), `kqueue(2)`
|
|
(BSD) and `/dev/poll` APIs.
|
|
|
|
By default the IO backend is autodetected, but you can use `--without-xxx`
|
|
to disable a more enhanced API.
|
|
|
|
When using the `epoll(7)` API, support for `select(2)` is compiled in as
|
|
well by default, to enable the binary to run on older Linux kernels (<2.6),
|
|
too.
|
|
|
|
- IDENT-Support:
|
|
|
|
`--with-ident[=<path>]`
|
|
|
|
Include support for IDENT ("AUTH") lookups. The "ident" library is
|
|
required for this option.
|
|
|
|
- TCP-Wrappers:
|
|
|
|
`--with-tcp-wrappers[=<path>]`
|
|
|
|
Include support for Wietse Venemas "TCP Wrappers" to limit client access
|
|
to the daemon, for example by using `/etc/hosts.{allow|deny}`.
|
|
The "libwrap" is required for this option.
|
|
|
|
- PAM:
|
|
|
|
`--with-pam[=<path>]`
|
|
|
|
Enable support for PAM, the Pluggable Authentication Modules library.
|
|
See `doc/PAM.txt` for details.
|
|
|
|
- SSL:
|
|
|
|
- `--with-openssl[=<path>]`
|
|
- `--with-gnutls[=<path>]`
|
|
|
|
Enable support for SSL/TLS using OpenSSL or GnuTLS libraries.
|
|
See `doc/SSL.txt` for details.
|
|
|
|
- IPv6 (autodetected by default):
|
|
|
|
`--enable-ipv6` / `--disable-ipv6`
|
|
|
|
Enable (disable) support for version 6 of the Internet Protocol, which should
|
|
be available on most modern UNIX-like operating systems by default.
|
|
|
|
## Configuration
|
|
|
|
Please have a look at the `ngircd(8)` and `ngircd.conf(5)` manual pages for
|
|
details and all possible command line and configuration options -- **and don't
|
|
forget to run `ngircd --configtest` to validate your configuration file!**
|
|
|
|
The file `doc/QuickStart.md` in the `doc/` directory and
|
|
[online](https://ngircd.barton.de/doc/QuickStart.md) on the homepage has some
|
|
configuration examples, you should take a look :-)
|
|
|
|
After installing ngIRCd, a sample configuration file will be set up (if it
|
|
does not exist already). By default, when installing from sources, the file is
|
|
named `/usr/local/etc/ngircd.conf` (other common names, especially for
|
|
distribution packages, are `/etc/ngircd.conf` or `/etc/ngircd/ngircd.conf`).
|
|
|
|
You can find the template of the sample configuration file in the `doc/`
|
|
directory as `sample-ngircd.conf` and
|
|
[online](https://ngircd.barton.de/doc/sample-ngircd.conf) on the homepage. It
|
|
contains all available options.
|
|
|
|
In the sample configuration file, there are comments beginning with `#` *or*
|
|
`;` -- this is only for the better understanding of the file, both comment
|
|
styles are equal.
|
|
|
|
The file is separated in five blocks: *[Global]*, *[Features]*, *[Operator]*,
|
|
*[Server]*, and *[Channel]*.
|
|
|
|
In the *[Global]* section, there is the main configuration like the server
|
|
name and the ports, on which the server should be listening. Options in
|
|
the *[Features]* section enable or disable functionality in the daemon.
|
|
IRC operators of this server are defined in *[Operator]* blocks, remote
|
|
servers are configured in *[Server]* sections, and *[Channel]* blocks are
|
|
used to configure pre-defined ("persistent") IRC channels.
|
|
|
|
### Manual Pages Online
|
|
|
|
- Daemon: [ngircd.8](https://manpages.debian.org/ngircd.8)
|
|
- Configutation file: [ngircd.conf.5](https://manpages.debian.org/ngircd.conf.5)
|
|
|
|
## Command line options
|
|
|
|
ngIRCd supports the following command line options:
|
|
|
|
- `-f`, `--config <file>`
|
|
|
|
The daemon uses the file `<file>` as configuration file rather than
|
|
the standard configuration `/usr/local/etc/ngircd.conf`.
|
|
|
|
- `-n`, `--nodaemon`
|
|
|
|
ngIRCd should be running as a foreground process.
|
|
|
|
- `-p`, `--passive`
|
|
|
|
Server-links won't be automatically established.
|
|
|
|
- `-t`, `--configtest`
|
|
|
|
Reads, validates and dumps the configuration file as interpreted
|
|
by the server. Then exits.
|
|
|
|
Use `--help` to see a short help text describing all available parameters
|
|
the server understands, with `--version` the ngIRCd shows its version
|
|
number. In both cases the server exits after the output.
|
|
|
|
Please see the `ngircd(8)` manual page for more details!
|