Introduction: IRC Bouncers and Why You Want One

Internet Relay Chat (IRC) is a venerable online chat protocol, dating back to the late 1980s, but it is still widely used today, especially in the world of computing. There are IRC clients for every major operating system and dozens of IRC networks with thousands of chat channels. There’s a heavy emphasis on tech but nearly every topic is represented. When using IRC, you only receive messages when you are connected–a message is discarded after it is sent and history is not stored on the server.

Enter the IRC bouncer. As the IRC client is responsible for storing and replaying history, it is divided between two pieces of software: the display application (GUI, TUI) and the bouncer. With a bouncer, you still use your favorite IRC client, but you connect to the bouncer (for example instead of directly to the IRC network (such as Your bouncer can remain connected when you’re logged out. When you log back in, your IRC bouncer presents you with the logged chat and messages that you otherwise would miss. Like an IRC server, an IRC bouncer runs on an always connected computer in order to maintain a persistent connection to an IRC network.

In this article, I’ll show you how to set up ZNC, which is a widely used IRC bouncer application. We’ll go through the process of installing ZNC, setting up a user account, configuring it and logging in to IRC through the bouncer. We’ll also address some basic security issues.

We’ll be following the process for Ubuntu, but the basics are similar for most Linux distributions.

Install ZNC

Ubuntu has a ZNC package in it’s repository, and you can install it with apt-get.

$ sudo apt-get install znc

Next you’ll add a dedicated user account for ZNC. This is a good practice when using any application that remains open to the Internet, since it provides a measure of protection for other accounts on your server (in particular your root account).

I’m doing several things with the following command: I’m creating a new user named “znc-admin”. I’m setting the account up without a password (since this account will never log in) and I’m defining a home directory for the account. We recommend using /var/znc as your ZNC home directory, but you can use any directory you like (except your root directory!). Likewise you can choose a different account name if you want to.

$ sudo adduser --disabled-password --home /var/znc znc-admin

Configure ZNC

With your new account set up, you’re ready to configure ZNC. Switch to the new account, go to the ZNC home directory, and run ZNC’s configuration routine.

$ sudo su znc-admin
$ cd ~
$ znc --makeconf

ZNC will present you with various options. Here are our recommendations for how to set them up. Note that ZNC presents the default options [in brackets]. If you like the default then just hit return

 -- Global settings --  
Listen on port (1025 to 65534): 6697  
Listen using SSL (yes/no) [no]: yes  
Listen using both IPv4 and IPv6 (yes/no) [yes]: yes  

We highly recommend using SSL and IPv6 for your traffic.

ZNC will then create a PEM file at /var/znc/.znc/znc.pem. Next it will ask you to define the username and password that you will use to log in to your IRC bouncer. You will also define the nick and username that you want to use to connect to your IRC bouncer. Note this does not have to be the nickname you use on IRC, but it can be and is easier if it is.

-- Admin user settings --  

Username (alphanumeric): <username here>  
Enter password:  
Confirm password:  
Nick [<username>]:  
Alternate nick [<nick>_]:  
Ident [<username>]:   
Real name (optional): 
Bind host (optional): 

We recommend not binding to a host unless you have a good reason. The next set of variables configures your connection to the IRC network. Here Freenode.

Set up a network? (yes/no) [yes]:  
-- Network settings --  

Name [freenode]:  
Server host []: 
Server uses SSL? (yes/no) [yes]: yes  
Server port (1 to 65535) [6697]: 6697  
Server password (probably empty):  
Initial channels:   

If you already have some preferred IRC channels in mind then enter them above. Remember to precede the channel name with a hash mark (#) and separate them with a space.

ZNC will write the config file (/var/znc/.znc/configs/znc.conf) and you’re all set up.

Allow IRC on your Firewall

Now that your bouncer is running, it’s time to allow that port on your firewall. You’ll use a utility called firewalld to make sure the correct port is open through your firewall. If you don’t have it already, just install it with apt-get. Note that firewalled will permit SSH by default, so you shouldn’t lose the connection to your server. Even if something goes wrong, if you are using a system, you can use the management console to get back in and fix things.

$ sudo apt-get install firewalld

Now use it to configure the port. We recommend using port 6697, which is the standard port for encrypted IRC traffic.

$ sudo firewall-cmd --add-port=6697/tcp
$ sudo firewall-cmd --runtime-to-permanent

Sign In to Your Bouncer

You’ll need an IRC client if you don’t already have one. Popular choices include mIRC, Hexchat, and Weechat. Normally you would set up your client to connect directly to IRC, but here you’ll connect to the bouncer, and the bouncer will connect to IRC using the host and user credentials that you set up when you configured ZNC.

To connect to your bouncer, launch your client. For most clients, in the message field enter the following command:

$ /server add -tls <znc_server> +6697 <password> <username>

Or for weechat, if you want your server available via the name znc, your command will look like:

$ /server add znc <znc_server>/6697 -ssl -username=<username> -password=<password> -nicks=<username>

For use your server address. So if your server is named "foo" then use as the ZNC server address.

If you receive SSL errors, and are using a certificate generated by znc, you can basically whitelist that certificate via its fingerprint. Take the output from the below command:

$ sudo cat /var/znc/.znc/znc.pem | openssl x509 -sha256 -fingerprint -noout | cut -d '=' -f 2- | sed 's/://ig'

And add it to your irc client:

$ /server modify <znc_server> -tls_pinned_cert <above_output_line>

Or for weechat:

$ /set irc.server.znc.ssl_fingerprint <above_output_line>

If you ever want to change these settings then you can do so by interacting with the *status user. Type help for a list of options.

Further Reading

More documentation on ZNC can be found at the ZNC wiki.