Introduction: IRC Bouncers and Why You Want One
Internet Relay Chat (IRC) is a venerable online chat protocol, dating back to the late 1980s, but it is still widely used today, especially in the world of computing. There are IRC clients for every major operating system and dozens of IRC networks with thousands of chat channels. There’s a heavy emphasis on tech but nearly every topic is represented. When using IRC, you only receive messages when you are connected–a message is discarded after it is sent and history is not stored on the server.
Enter the IRC bouncer. As the IRC client is responsible for storing and replaying history, it is divided between two pieces of software: the display application (GUI, TUI) and the bouncer. With a bouncer, you still use your favorite IRC client, but you connect to the bouncer (for example bouncer.example.com) instead of directly to the IRC network (such as chat.freenode.net). Your bouncer can remain connected when you’re logged out. When you log back in, your IRC bouncer presents you with the logged chat and messages that you otherwise would miss. Like an IRC server, an IRC bouncer runs on an always connected computer in order to maintain a persistent connection to an IRC network.
In this article, I’ll show you how to set up ZNC, which is a widely used IRC bouncer application. We’ll go through the process of installing ZNC, setting up a user account, configuring it and logging in to IRC through the bouncer. We’ll also address some basic security issues.
We’ll be following the process for Ubuntu, but the basics are similar for most Linux distributions.
Ubuntu has a ZNC package in it’s repository, and you can install it with apt-get.
$ sudo apt-get install znc
Next you’ll add a dedicated user account for ZNC. This is a good practice when using any application that remains open to the Internet, since it provides a measure of protection for other accounts on your server (in particular your root account).
I’m doing several things with the following command: I’m creating a new user named “znc-admin”. I’m setting the account up without a password (since this account will never log in) and I’m defining a home directory for the account. We recommend using /var/znc as your ZNC home directory, but you can use any directory you like (except your root directory!). Likewise you can choose a different account name if you want to.
$ sudo adduser --disabled-password --home /var/znc znc-admin
With your new account set up, you’re ready to configure ZNC. Switch to the new account, go to the ZNC home directory, and run ZNC’s configuration routine.
$ sudo su znc-admin $ cd ~ $ znc --makeconf
ZNC will present you with various options. Here are our recommendations for how to set them up. Note that ZNC presents the default options [in brackets]. If you like the default then just hit return
-- Global settings -- Listen on port (1025 to 65534): 6697 Listen using SSL (yes/no) [no]: yes Listen using both IPv4 and IPv6 (yes/no) [yes]: yes
We highly recommend using SSL and IPv6 for your traffic.
ZNC will then create a PEM file at /var/znc/.znc/znc.pem. Next it will ask you to define the username and password that you will use to log in to your IRC bouncer. You will also define the nick and username that you want to use to connect to your IRC bouncer. Note this does not have to be the nickname you use on IRC, but it can be and is easier if it is.
-- Admin user settings -- Username (alphanumeric): <username here> Enter password: Confirm password: Nick [<username>]: Alternate nick [<nick>_]: Ident [<username>]: Real name (optional): Bind host (optional):
We recommend not binding to a host unless you have a good reason. The next set of variables configures your connection to the IRC network. Here Freenode.
Set up a network? (yes/no) [yes]: -- Network settings -- Name [freenode]: Server host [chat.freenode.net]: Server uses SSL? (yes/no) [yes]: yes Server port (1 to 65535) : 6697 Server password (probably empty): Initial channels:
If you already have some preferred IRC channels in mind then enter them above. Remember to precede the channel name with a hash mark (#) and separate them with a space.
ZNC will write the config file (/var/znc/.znc/configs/znc.conf) and you’re all set up.
Allow IRC on your Firewall
Now that your bouncer is running, it’s time to allow that port on your firewall. You’ll use a utility called firewalld to make sure the correct port is open through your firewall. If you don’t have it already, just install it with apt-get. Note that firewalled will permit SSH by default, so you shouldn’t lose the connection to your server. Even if something goes wrong, if you are using a Prgmr.com system, you can use the management console to get back in and fix things.
$ sudo apt-get install firewalld
Now use it to configure the port. We recommend using port 6697, which is the standard port for encrypted IRC traffic.
$ sudo firewall-cmd --add-port=6697/tcp $ sudo firewall-cmd --runtime-to-permanent
Sign In to Your Bouncer
You’ll need an IRC client if you don’t already have one. Popular choices include mIRC, Hexchat, and Weechat. Normally you would set up your client to connect directly to IRC, but here you’ll connect to the bouncer, and the bouncer will connect to IRC using the host and user credentials that you set up when you configured ZNC.
To connect to your bouncer, launch your client. For most clients, in the message field enter the following command:
$ /server add -tls <znc_server> +6697 <password> <username>
Or for weechat, if you want your server available via the name znc, your command will look like:
$ /server add znc <znc_server>/6697 -ssl -username=<username> -password=<password> -nicks=<username>
If you receive SSL errors, and are using a certificate generated by znc, you can basically whitelist that certificate via its fingerprint. Take the output from the below command:
$ sudo cat /var/znc/.znc/znc.pem | openssl x509 -sha256 -fingerprint -noout | cut -d '=' -f 2- | sed 's/://ig'
And add it to your irc client:
$ /server modify <znc_server> -tls_pinned_cert <above_output_line>
Or for weechat:
$ /set irc.server.znc.ssl_fingerprint <above_output_line>
If you ever want to change these settings then you can do so by interacting with the *status user. Type help for a list of options.
More documentation on ZNC can be found at the ZNC wiki.