When using IRC networks, it is often useful to be able to keep a permanent connection to the network.
ZNC is an advanced IRC bouncer that can establish such a permanent connection to several IRC networks and channels so your IRC client (or multiple clients) can disconnect/reconnect without losing the chat session, while appearing as a single user to other users.
Once installed ZNC can be configured via its web interface or via IRC commands.
The default install includes SSL setup for secure web access, using a self-signed certificate.
Installing ZNC in Debian
ZNC is packaged for Debian so installation can be achieved by installing the znc package:
sudo apt install znc
Automatic start with systemd
Starting with znc 1.7.4-2 a _znc user will be created and a default systemd service file is installed, but not enabled by default. If you want to control znc with systemd, you have to setup a configuration first:
sudo -u _znc /usr/bin/znc --datadir=/var/lib/znc --makeconf
After that you can enable the systemd service:
systemctl enable znc
Now znc will run as a system daemon.
Alternative: user-wide install
Once installed, you may want to add a new znc-admin user, add administrative right to it, and use it to generate an initial configuration:
# adduser znc-admin # su znc-admin # znc --makeconf
The resulting configuration will be saved in /home/znc-admin/.znc/.
This will ask several questions, here are a few suggested answers:
Port: 6697 - this is usually the SSL-secure IRC port, it will also be used to access the web admin interface at https://$HOSTNAME:6697
Once you've finished initial configuration, access the web interface and explore the available modules. There are global and per-network modules that can be enabled.
Global and per-network configuration
Here are a few useful modules when using IRC
In WebAdmin > Global Settings, enable the following modules:
ChanSaver - To keep channels joined/left updated when a user joins/parts. You shouldn't use autojoin feature on your client when ChanSaver is loaded.
- lastseen - Collects data about when a user last logged in.
A few more post-install recommended steps:
- Enable nickserv registration and primary nick selection:
Under Manage Users click on Edit for your user
Scroll down to Networks and click on Edit for the network you want to configure
If you are connecting to IRC only using IPv4 (or experiencing connectivity problems), make sure the Network Info > BindHost value is 0.0.0.0
If you have a registered nickname, enable the nickserv module, specify your password in the adjacent field - it will be shown as hidden upon saving/reloading.
If you want ZNC to try and identify as your primary nick, enable the keepnick module
Under Your Settings > ZNC Behavior:
- Setup your timezone
Setup Client encoding to Try to parse as UTF-8 and as _ , send as UTF-8
SSL configuration with Let's Encrypt
This is a detailed example of the official Let's Encrypt client setup from ZNC documentation.
In Debian you can use the certbot package to request Let's Encrypt SSL certificates.
Install CertBot:
# apt-get install certbot
Make a script /usr/local/bin/make-znc-cert to format certificates as expected by ZNC:
#!/bin/bash mv /home/znc-admin/.znc/znc.pem /home/znc-admin/.znc/znc-backup.pem cd "$RENEWED_LINEAGE" cat {privkey,cert,chain}.pem > /home/znc-admin/.znc/znc.pem
and set that script to be executable with sudo chmod a+x /usr/local/bin/make-znc-cert
Request a Let's Encrypt SSL certificate:
# certbot certonly --renew-hook /usr/local/bin/make-znc-cert Saving debug log to /var/log/letsencrypt/letsencrypt.log How would you like to authenticate with the ACME CA? ------------------------------------------------------------------------------- 1: Place files in webroot directory (webroot) 2: Spin up a temporary webserver (standalone) ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): domainname.com Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for domainname.com Waiting for verification... Cleaning up challenges Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/domainname.com/fullchain.pem. Your cert will expire on 2017-XX-XX. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Reboot and visit https://domainname.com:6697 with your web browser to verify the certificate is valid.
Keep in mind Let's Encrypt certificates expire after 90 days so the above procedure will need to be repeated at every renewal request.
Useful links
Debian manual installation from source - ZNC project wiki
ZNC FAQ - ZNC project wiki