ZNC: Difference between revisions
m (→IRC Client setup: Fix section headings) |
m (Fix dangling li) |
||
Line 26: | Line 26: | ||
Under the "channels" section for freenode, click "Add", then enter "#csc" in the "Channel Name" field, and check the boxes "Save to config", "Detached", and "Enabled". Click "Add Channel and return". |
Under the "channels" section for freenode, click "Add", then enter "#csc" in the "Channel Name" field, and check the boxes "Save to config", "Detached", and "Enabled". Click "Add Channel and return". |
||
</li> |
</li> |
||
<li> |
|||
</ol> |
</ol> |
||
Now you will connect to ZNC with an IRC client. |
Now you will connect to ZNC with an IRC client. |
Revision as of 20:06, 28 February 2021
This page describes client and server setup for ZNC with LDAP authentication. For more info on ZNC, see [1].
ZNC setup
These instructions show how to connect to the #csc channel on Freenode via ZNC.
- Visit the ZNC web portal and login using your CSC credentials.
-
Go to "Your Settings". Under "Networks", if you do not see a network called "freenode", then click "Add", type "freenode" for the Network Name, edit your nickname if desired, and enter the following into the IRC servers table:
Hostname Port SSL chat.freenode.net 6697 [Checked]
- (Optional, but recommended): Under the settings for freenode, check the box which says "Connect to IRC & automatically re-connect". This will connect you to Freenode as soon as you connect to ZNC.
- Set your nick, alt. nick, and ident for freenode. Make sure these all have the same value. By default these are set to %user% which will expand to your csc username. If you are already logged in to freenode with your csc username on a different IRC client, make sure to change your nick here as two different connections cannot share the same nick.
- Under the "channels" section for freenode, click "Add", then enter "#csc" in the "Channel Name" field, and check the boxes "Save to config", "Detached", and "Enabled". Click "Add Channel and return".
Now you will connect to ZNC with an IRC client.
IRC Client setup
The Lounge (chat.csclub.uwaterloo.ca)
- Under network settings, name can be anything you want.
-
Server should be set to
znc.csclub.uwaterloo.ca
, and port6697
. The password is<zncusername>:<zncpassword>
. Also set your nick, username and real name. -
Under Authentication, choose
Username + password (SASL PLAIN)
, and enter your FREENODE nick and password.
Weechat
-
If you did not check the autoconnect box, you will need to manually connect using:
/msg *status connect
To verify that you are connected to Freenode, run
/msg *status ListNetworks
The "IRC" column should have the value "Yes".
-
A modified version of the backlog module [2] is enabled globally. To use this, first enable the log module for your user via the web UI. You will then be able to request older logs for a channel from your IRC client, e.g.
/msg *backlog #csc 42
Note that you do not need to specify the log path.
/server add myznc znc.csclub.uwaterloo.ca/6697 -username=<CSC_USERNAME>/freenode -password=<CSC_PASSWORD> -ssl -autoconnect /connect myznc /join #csc
Don't forget to concatenate "/freenode" to the end of your username.
Server setup
Note that the following instructions are about setting up a ZNC instance with support for LDAP authentication, similar to the CSC ZNC, and it is not about configuring an IRC client to connect to ZNC. For that, see the Client setup section above.
saslauthd setup
For LDAP authentication, we use the Cyrusauth module [3], which needs to communicate with the SASL authentication daemon (saslauthd).
-
On the server, install the following packages:
apt install sasl2-bin ca-certificates
-
Open /etc/default/saslauthd, and change the following lines:
START=yes MECHANISM="ldap"
-
Paste the following into /etc/saslauthd.conf:
ldap_servers: ldaps://auth1.csclub.uwaterloo.ca ldaps://auth2.csclub.uwaterloo.ca ldap_search_base: ou=People,dc=csclub,dc=uwaterloo,dc=ca ldap_filter: (uid=%u)
-
Start saslauthd:
# service saslauthd start
-
Test saslauthd to make sure it's working:
$ testsaslauthd -u "your_csc_username" -p "your_csc_password"
You should see a response like
0: OK "Success."
ZNC setup
-
Install ZNC:
# apt install znc
-
Add a user for ZNC and create an initial configuration:
# useradd -s /bin/bash -m znc # usermod -a -G sasl znc # su - znc $ znc --makeconf
Note that the znc user must be part of the sasl group to communicate with saslauthd.
- Visit the web interface at <SERVER_IP>:<PORT>. Note that you may need to modify your browser settings so that you can visit a website at port 6667 or 6697.
- Log in using your admin credentials, then go to "Global Settings". Check the "cyrusauth" box, type "saslauthd" in the arguments input field, then scroll to the bottom and click "Save".
-
You will now need to connect to ZNC with an IRC client. The commands below assume Weechat is being used, but other clients should be similar.
/server add myznc <SERVER_IP>/<PORT> -username=<ADMIN_USERNAME> -password=<ADMIN_PASSWORD> /connect myznc /msg *Cyrusauth CreateUsers yes
This will tell ZNC to create a new user on their first login.
-
You may optionally wish to create users from a template (i.e. dummy) user to share some common per-user settings, such as MaxNetworks. To do this, login to the ZNC web interface as admin and click on "Manage Users". Add a new user called "dummy" with the desired settings, then click "save".
Now open Weechat, login to ZNC as admin, and run the following:
/msg *Cyrusauth CreateUsers clone dummy
This will tell ZNC to clone new users using "dummy" as the template.
-
You may wish to optionally enable the adminlog module [4] so that you can see who has logged in from where at what time. By default, these logs will be written to a file. To prevent this file from growing too long, install logrotate and paste the following into /etc/logrotate.d/znc:
/home/znc/.znc/moddata/adminlog/znc.log { rotate 4 weekly compress }
This will keep rotate logs every week, discarding logs after they have been rotated 4 times.
NGINX tuning
If you are running ZNC behind NGINX as a reverse proxy, keep in mind that by default, NGINX will run one worker process per CPU core. To reduce this, change the following in /etc/nginx/nginx.conf:
worker_processes 4