ZNC / BNC
doas nano /home/znc/home/znc/.znc/configs/znc.conf
run znc:
HOME=/home/znc && /usr/sbin/chroot -u znc -g znc /home/znc znc >>/var/log/znc.log 2>&1 &
kill znc:
<Error> ps -aux | grep znc
<Error> kill -9 the znc pid
export HOME=/home/znc
doas pkill -KILL znc
<jrmu> Almajd: run $ doas su
<jrmu> # export HOME=/home/znc
<jrmu> # chroot -u znc -g znc /home/znc znc -D
Copy ssl to znc
doas cp /etc/ssl/domain-name.fullchain.pem /home/znc/home/znc/.znc/
doas cp /etc/ssl/private/domain-name.key /home/znc/home/znc/.znc/
1- doas adduser
Name: znc
Password: ****
Fullname: znc
Uid: 1001
Gid: 1001 (znc)
Groups: znc
Login Class: default
HOME: /home/znc
Shell: /sbin/nologin
OK? (y/n) [y]: y
2- doas rm /etc/login.conf.db
3- doas chsh -s /bin/ksh znc
4- doas su -c znc znc
5- ulimit -a
6- Install needed dependencies:
$ doas pkg_add icu4c-68.2v0
$ doas pkg_add boost-1.72.0
$ doas pkg_add cmake-3.19.4p0v0
7- uname -a
OpenBSD Almajd.host.ircnow.org 6.9 GENERIC#464 amd64
8- doas syspatch
9- $ cd ~
$ curl -L -O https://ircnow.org/software/znc-1.8.2a.tar.gz
$ tar xvzf znc-1.8.2a.tar.gz
$ cd znc-1.8.2
$ mkdir build
$ cd build
$ cmake ..
$ make
$ doas make install
10- /usr/local/bin/znc --makeconf < to generate a config file.
[ .. ] Checking for list of available modules...
[ ** ]
[ ** ] -- Global settings --
[ ** ]
[ ?? ] Listen on port (1025 to 65534): 31337
[ ?? ] Listen using SSL (yes/no) [no]: yes
[ ?? ] Listen using both IPv4 and IPv6 (yes/no) [yes]: no
[ .. ] Verifying the listener...
[ ** ] Unable to locate pem file: [/home/znc/.znc/znc.pem], creating it
[ .. ] Writing Pem file [/home/znc/.znc/znc.pem]...
[ ** ] Enabled global modules [webadmin]
[ ** ]
[ ** ] -- Admin user settings --
[ ** ]
[ ?? ] Username (alphanumeric):
11- lunch znc now: no
12- cp /etc/ssl/domain-name.fullchain.pem /home/znc/home/znc/.znc/
cp /etc/ssl/private/domain-name.key /home/znc/home/znc/.znc/
chown znc:znc /home/znc/home/znc/.znc/domain-name.com.*
13- openssl dhparam -out dhparam.pem 2048
doas chown znc:znc dhparam.pem
doas mv dhparam.pem /home/znc/.znc/
14- Afterwards, to run znc:
# export HOME=/home/znc
# /usr/sbin/chroot -u znc -g znc /home/znc znc >>/var/log/znc.log 2>&1 &
15- /msg *status saveconfig
<*status> Wrote config to /home/znc/.znc/configs/znc.conf
16- add this at the top of /home/znc/.znc/configs/znc.conf
// WARNING
//
// Do NOT edit this file while ZNC is running!
// Use webadmin or *controlpanel instead.
//
// Altering this file by hand will forfeit all support.
//
// But if you feel risky, you might want to read help on /znc saveconfig and /znc rehash.
// Also check https://wiki.znc.in/Configuration
AnonIPLimit = 10000
AuthOnlyViaModule = false
ConfigWriteDelay = 60
ConnectDelay = 1
HideVersion = false
LoadModule = chansaver
LoadModule = lastseen
LoadModule = adminlog
LoadModule = identfile
LoadModule = webadmin
LoadModule = certauth
MaxBufferSize = 10000
PidFile = /home/znc/.znc/znc.pid
ProtectWebSessions = true
SSLCertFile = /home/znc/.znc/domain-name.fullchain.pem
SSLDHParamFile = /home/znc/.znc/dhparam.pem
SSLKeyFile = /home/znc/.znc/domain-name.org.key
ServerThrottle = 1
Skin = forest
StatusPrefix = *
Version = 1.8.2
<Listener listener0>
AllowIRC = true
AllowWeb = false
Host = 38.87.162.30
IPv4 = true
IPv6 = false
Port = 1337
SSL = false
URIPrefix = /
</Listener>
<Listener listener1>
AllowIRC = true
AllowWeb = false
Host = 38.87.162.30
IPv4 = true
IPv6 = false
Port = 31337
SSL = true
URIPrefix = /
</Listener>
<Listener listener2>
AllowIRC = true
AllowWeb = false
Host = 2602:fccf:1:1030::
IPv4 = false
IPv6 = true
Port = 1337
SSL = false
URIPrefix = /
</Listener>
<Listener listener3>
AllowIRC = true
AllowWeb = false
Host = 2602:fccf:1:1030::
IPv4 = false
IPv6 = true
Port = 31337
SSL = true
URIPrefix = /
</Listener>
<Listener listener4>
AllowIRC = true
AllowWeb = false
Host = 127.0.0.1
IPv4 = true
IPv6 = false
Port = 1337
SSL = false
URIPrefix = /
</Listener>
<Listener listener5>
AllowIRC = false
AllowWeb = true
Host = 127.0.0.1
IPv4 = true
IPv6 = false
Port = 1338
SSL = false
URIPrefix = /
</Listener>
17- doas crontab -e // env EDITOR=nano crontab -e
Add a few lines to have ZNC reconnect every 5 minutes. ZNC will only connect if no other ZNC instance is running:
HOME=/home/znc
*/5 * * * * /usr/sbin/chroot -u znc -g znc /home/znc znc >>/var/log/znc.log 2>&1 &
18- While you are at it, you will want to redirect any plaintext requests to the webpanel on port 80 to use SSL on port 443. Add this to /etc/httpd.conf:
server "bnc.almajd.host.ircnow.org" {
listen on * port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location * {
block return 302 "https://$HTTP_HOST$REQUEST_URI"
}
}
19- doas rcctl restart httpd
20- Integration with the operating system
doas touch /etc/rc.d/znc
doas chmod +x /etc/rc.d/znc
21- $OpenBSD: znc,v 1.2 2020/01/21 19:27:07 rpe Exp $
daemon_pidfile="/home/znc/home/znc/.znc/znc.pid"
daemon="env HOME=/home/znc /usr/sbin/chroot -u znc -g znc /home/znc znc"
22- doas mkdir /usr/local/project_name/
doas touch /usr/local/project_name/checker_znc.sh
doas chmod +x /usr/local/project_name/checker_znc.sh
23- Now you must add this rule in /etc/pf.conf:
pass in log quick proto tcp to port {http https} keep state (max-src-conn 30, max-src-conn-rate 20/60) #relayd web
pass in log quick proto tcp to port {1337 31337} keep state (max 3000, max-src-conn 200) #bnc