Translation(s): English - Italiano


InspIRCd is a modular IRCd (an IRC daemon) written entirely from scratch in C++.

Installation

Install the package inspircd along with its dependencies

# apt-get install inspircd

Configuration

Edit the default configuration files in /etc/inspircd/ This directory and the files in it are owned by the user irc. So you may edit them as the irc user or you can change the ownership to the irc user after you are done editing.

For a minimal configuration you need <server> and <bind>, maybe <oper> too.

Backup the default configuration files and modify example configuration to use.

Sample configuration files can be obtained from /usr/share/doc/inspircd/examples/ and the available modules are located in /usr/lib/inspircd/modules/

In your inspircd.conf you need to set the full path of the file for any external file. Example:

...
<pid file="/var/run/inspircd.pid">
...
<include file="/etc/inspircd/opers.conf">  # you must edit the opers.conf example for security reasons
...
<include file="/etc/inspircd/modules.conf">
...
<files motd="/etc/inspircd/inspircd.motd">

If you have used hash="argon2" for storing password you need to load in /etc/inspircd/modules.conf

<module name="argon2">

GnuTLS

Generate certificate:

# inspircd-genssl gnutls
# chown irc:irc *.pem

GnuTLS sample configuration for /etc/inspircd/inspircd.conf

<bind address=""
      port="6697"
      type="clients"
      ssl="Clients">

<module name="ssl_gnutls">
<sslprofile name="Clients"
            provider="gnutls"
            cafile=""
            certfile="cert.pem"
            crlfile=""
            dhfile="dhparams.pem"
            hash="sha256"
            keyfile="key.pem"
            mindhbits="1024"
            outrecsize="2048"
            priority="SECURE192"
            requestclientcert="yes"
            strictpriority="no">

If you fail to connect using SSL then try to add priority="SECURE192:-VERS-SSL3.0" in /etc/inspircd/inspircd.conf:

<bind address=""
      port="6697"
      type="clients"
      ssl="Clients">

<module name="ssl_gnutls">
<sslprofile name="Clients"
            provider="gnutls"
            cafile=""
            certfile="cert.pem"
            crlfile=""
            dhfile="dhparams.pem"
            hash="sha256"
            keyfile="key.pem"
            mindhbits="1024"
            outrecsize="2048"
            priority="SECURE192:-VERS-SSL3.0"
            requestclientcert="yes"
            strictpriority="no">

Creating a certificate

Generate the certificate and set ownership to user irc.

Using inspircd-genssl (v3)

# inspircd-genssl <auto|gnutls|openssl>

Using openssl

# openssl req -x509 -nodes -newkey rsa:1024 -keyout key.pem -out cert.pem

or using certtool

# certtool --generate-privkey --outfile key.pem
# certtool --generate-self-signed --load-privkey key.pem --outfile cert.pem

Loading modules

Configuration for /etc/inspircd/modules.conf:

<module name="ssl_gnutls">
<module name="spanningtree">

Note: we need to load the ssl_gnutls module before the spanningtree module.

Testing

To test the configuration file, switch to user irc from root.

# su irc

Run the following commands to test it:

$ bash
$ cd /etc/inspircd
$ mkdir conf   // testing search for a conf directory
$ mkdir logs
$ cp inspircd.conf conf/
$ /usr/sbin/inspircd start  //it will start or report any error

If it runs successfully, stop inspircd, copy changes from conf/inspircd.conf to /etc/inspircd.conf and remove conf, logs directories from /etc/inspircd/

After finishing configuration edit /etc/default/inspircd to enable it:

INSPIRCD_ENABLED=1

Start inspircd:

# /etc/init.d/inspircd start

Check the log file in /var/log/inspircd.log.

Check whether inspircd is running:

# netstat -nplt | grep inspircd

Test it with an IRC client.

LDAP

Example inspircd.conf for LDAP.

<module name="ldap">
<database module="ldap"
          id="ldap-users"
          bindauth="password"
          binddn="cn=Manager,dc=inspircd,dc=org"
          searchscope="subtree"
          server="ldaps://localhost"
          timeout="5s">

<module name="ldapauth">
<ldapauth allowpattern="Guest*"
          attribute="uid"
          baserdn="ou=People,dc=example,dc=com"
          dbid="ldap-users"
          host="$cn.example.com"
          killreason="Access denied"
          userfield="no"
          verbose="yes">

Common Errors

You may need to set an option similar to Accept invalid SSL certificate in your IRC client, if you get the following error:

'* Connection failed. Error: self signed certificate.? (18)'

See also