This is a follow up to my latest post about Inspircd, which is another IRC server daemon. I prefer Ngircd because it's lighter and easier to configure than inspircd.
So let's start.
Step 1: Building ngircd
Here we're also going to build the thing from source, because why not? So let's install the dependencies we're going to need both for the build and SSL.
sudo apt install letsencrypt gnutls-build autoconf automake build-essential git
Now let's download the source code:
git clone https://github.com/ngircd/ngircd cd ngircd/
And now let's build it:
./autogen.sh ./configure --with-gnutls sudo make install
Step 2: Generating and copying the SSL files
Let's first generate the trusteed Letsencrypt certificate using
certbot (included in the
letsencrypt package installed earlier. Of course, don't forget to change YOUR.DOMAIN.TLD into your real domain. Also make sure the DNS of the domain is linked to your server and that the the ports 80, 443, 6667 and 6697 are open.
sudo systemctl stop nginx sudo certbot certonly --standalone -d YOUR.DOMAIN.TLD sudo systemctl start nginx
Now let's move those files to the current directory (ngircd), as well as generating the dhparams.pem file.
sudo cp /etc/letsencrypt/live/YOUR.DOMAIN.TLD/fullchain.pem cert.pem sudo cp /etc/letsencrypt/live/YOUR.DOMAIN.TLD/privkey.pem key.pem certtool --generate-dh-params --bits 4096 --outfile dhparams.pem
Because the Let's Encrypt certificates have been generated by root, you have to make them readable by the current user:
sudo chown $USER:$USER *.pem
Step 3: Configuring
Now let's copy and edit the configuration file
cp doc/sample-ngircd.conf.tmpl ngircd.conf nano ngircd.conf
In that file uncomment the line about the ports 6667 (to enable plaintext and tor connections) as well as the SSL part, which you can replace by the following snippet:
[SSL] CertFile = cert.pem CipherList = SECURE128:-VERS-SSL3.0 DHFile = dhparams.pem KeyFile = key.pem Ports = 6697, 9999
Step 4: Running ngircd
Now that the basic configuration is setup, you can launch ngircd. Let's just make a test run first to see if it launches:
ngircd -f ngircd.conf -n
If everything is working and you can connect to your server, press CTRL+C and launch the following command to launch the daemon for good:
ngircd -f ngircd.conf
Step 5: Routing the traffic through TOR (optional)
If you want an extra layer of anonymity you can also use TOR to root the traffic. This is also something you can do with any IRCd, but it's really easy to do:
Just install tor, add a new hidden service in the config file, reload and get the onion link:
sudo apt install tor sudo echo "HiddenServiceDir /var/lib/tor/hidden_service/" >> /etc/tor/torrc sudo echo "HiddenServicePort 6667 127.0.0.1:6667" >> /etc/tor/torrc sudo systemctl restart tor sudo cat /var/lib/tor/hidden_service/hostname
Connecting to the server using weechat for plaintext, SSL and TOR
Not all clients can use TOR out of the box in their config file. So I am only going to leave the commands for Weechat:
sudo apt install tor weechat weechat /proxy add tor socks5 127.0.0.1 9050 /server add SERVER-NAME ONION-LINK 6667 /set irc.server.SERVER-NAME.proxy "tor" /connect SERVER-NAME
To connect via SSL (for most users) through weechat:
/server add SERVER-NAME HOSTNAME 6697 -ssl /connect SERVER-NAME
To connect via unencrypted plaintext (NOT RECOMMENDED) through weechat:
/server add SERVER-NAME HOSTNAME 6667 /connect SERVER-NAME
I'll soon make a post about how to setup kiwiirc because I know Weechat is not all user's cup of tea and kiwiirc is really really easy to use (just click on the button).
Please tell me if you have any problem following this guide by asking me the questions on #SnowCodeBlog on Libera.