# Ngircd Install Guide In this guide, we'll setup ngircd, a free, portable, lightweight IRC server. Advantages: # The source code runs well on OpenBSD # The server has a very simple, easy-to-understand configuration # Fewer features means the manual pages are short # The server is a clean implementation which was written from scratch # The source code is written in modern, portable C. It will be easy to fork to new features such as: # Customized censorship to block NSFW content # Spam filters # The lead developer po||ux actively hangs out on the IRC server barton.ngircd.de on #ngircd Before you begin, please read the official [ngIRCd documentation](/https://ngircd.barton.de/documentation.php.en) and man pages. ## Installation ### From packages $ doas pkg_add ngircd $ doas cp /usr/local/share/examples/ngircd/sample-ngircd.conf /etc/ngircd/ngircd.conf ngIRCd v26 provided by OpenBSD 6.8 ports does not have ident support. You must eventually compile from source to get ident support, which is necessary on a production server. You will want to do this after installing from packages, so that rc.d tags are created properly. ### From source $ ftp https://ircnow.org/software/ngircd.tgz $ tar xvzf ngircd.tgz $ cd ngircd-26.1/ $ sh build.sh ## Configuration Edit /etc/ngircd/ngircd.conf: **Note**: Lines that begin with # or ; are comments and will be ignored. Remove # or ; to uncomment the line. ### Global Block [Global] Name = username.fruit.ircnow.org AdminInfo1 = Fruit Server on IRCNow AdminInfo2 = Planet Earth AdminEMail = admin@username.fruit.ircnow.org Info = username.fruit.ircnow.org For Name, use your hostname (like username.fruit.ircnow.org). If you are on a team, use irc.example.com, replacing example.com with your team's custom domain. For AdminInfo1, provide a description; for AdminInfo2, provide the location. Listen = 127.0.0.1,192.168.1.1,2001:db8:: Uncomment this line and provide every single IP address we want ngircd to listen on. This includes localhost (127.0.0.1), and our public IPv4 and IPv6 addresses. Replace these with your real public IP addresses. If you are hosting a public service and not on training, avoid listing IPs that are not DDoS-filtered. IRC servers are heavily DDoSed and using an unfiltered IP will get you nullrouted. **Note**: if you do not uncomment on this line, you will listen to all IPs by default, which is probably a mistake. MotdFile = /etc/ngircd/ngircd.motd Network = IRCNow Paste your Message of the Day in /etc/ngircd/ngircd.motd. Here's a suggested template: IRCNow - The Users' Network IRCNow is the network of the user, by the user, for the user. * No porn / illegal drugs / promotion of violence * No slander / libel / gambling * No spam, illegal cracking, or DDoS * No copyright infrigement You must agree to our terms of service and our privacy policy to use this network: https://wiki.ircnow.org/index.php?n=Terms.Terms Only 5 connections per IP address. If you need help, please speak with staff on #help. Ports = 6660, 6661, 6662, 6663, 6664, 6665, 6666, 6667, 6668, 6669, 7000, 16667 MaxConnectionsIP = 0 MaxJoins = 300 MaxNickLength = 16 MaxListSize = 1000 PingTimeout = 300 PongTimeout = 300 The above are default plaintext ports we listen on; we provide ports besides the standard 6667 to allow users to evade their network firewalls. Note that the MaxNickLength must be identical to all servers on the network. On IRCNow, MaxNickLength is 16. ### Options Block [Options] AllowRemoteOper = no ChrootDir = /var/ngircd CloakHost = %25x CloakHostSalt = abcdefghijklmnopqrstuvwxyz DefaultUserModes = iC NoticeBeforeRegistration = yes OperChanPAutoOp = no RequireAuthPing = yes SyslogFacility = daemon For security reasons, we do not want to allow remote opers. Each team appoints their own opers, so you may not necessarily trust an oper on another server. We want to chroot to /var/ngircd to prevent a security compromise. We will cloak the host using a unique salt; contact another sysadmin for the exact salt. UserMode +i keeps the user invisible, and +C means that only users that share channels can send a message. Both settings help reduce spam, stalking, and harassment. Receiving a notice before registration can help with debugging with [netcat](/netcat/irc). We're going to log using syslog (see section below). ### Configuring syslog You want all the messages from ngircd to go to /var/log/ngircd.log and not anywhere else, so we insert these three lines starting at line 3 (at the top) in /etc/syslog.conf: !!ngircd *.* /var/log/ngircd.log !* This directs all logs from ngircd to go straight to /var/log/ngircd.log and nowhere else. Next, create the file /var/log/ngircd.log and restart syslogd: $ doas touch /var/log/ngircd.log $ doas rcctl restart syslogd ### Operator Block [Operator] Name = username Password = password Please use a [long, random string](/password/management) for your password. If you uncomment Mask, your hostmask must match the operator hostmask in order for the /OPER command to be accepted. If it differs at all, then your /OPER command will be rejected. If you don't want to check the hostmask, leave Mask commented out. For more security, you can uncomment Mask and have it match your vhost. However, please be aware that this will make it impossible to authenticate if you ever have to connect from a different IP address. ## Chroot We need to set up the [chroot](/openbsd/chroot) for ngircd. Let's copy the files into the chroot: $ doas mkdir /var/ngircd/etc/ $ doas cp -R /etc/ngircd /var/ngircd/etc/ $ doas chown -R _ngircd:_ngircd /var/ngircd/ $ doas rm -r /etc/ngircd $ doas ln -s /var/ngircd/etc/ngircd /etc/ngircd This will create a symlink so that only one set of configuration files needs to be maintained inside and outside of the chroot. Otherwise, ngircd will require two sets of configuration files, one inside and the other outside of the chroot. ## Starting ngircd To start ngircd: doas rcctl enable ngircd doas rcctl start ngircd [rcctl](/rcctl/rcctl) controls how system daemons are run. Next, use your IRC client to connect to the server, which may have the hostname user.fruit.ircnow.org. Join a few channels and chat inside. ## Troubleshooting If you run into any errors, you can test to see if your configuration file has errors: $ doas ngircd -t To run ngircd in debug mode: $ doas ngircd -n Check /var/log/ngircd.log to see if ngircd is listening on the correct IP addresses and ports. Connect to those ports using your IRC client to verify that the server is working as intended. Remember, if you are connecting using port 6667 without SSL, any eavesdropper can read all your text, including your passwords. Don't send any sensitive information until you have upgraded to [SSL](/ngircd/ssl). ## Reloading and Restarting ngIRCd After you edit /etc/ngircd/ngircd.conf for a running ngircd server, you will need to reload the configuration file: $ doas rcctl reload ngircd Alternatively, you can run: $ doas pkill -HUP ngircd **Reloading** a configuration file will **not** disconnect any active connections. So, try to reload the configuration where possible. To restart the ircd: $ doas rcctl restart ngircd **WARNING**: **Restarting** the ircd **will** disconnect all existing connections. So, try to restart ngircd only when absolutely necessary. **Warning**: ngircd appears to have a bug where the ircd will crash if you reload the configuration file while a message is being sent. Be careful to avoid reloading configuration files when many users are chatting. ## See Also # Configure [SSL](/ngircd/ssl) for ngircd to ensure secure connections # [Link your ngircd](/ngircd/link) with another server to create a network # Install [anope](/anope/install) to provide services # Install [achurch](/achurch/install) to test achurch services # Configure [hopm](/hopm/install), an open proxy monitor to stop spammers. # Configure [acopm](/acopm/install), a minimalist open proxy monitor to stop spammers.