When using the OFTC IRC network to interact with other Debian project members, developers, contributors and users, it is often useful to be able to keep a permanent connection to the network.

ZNC is an advanced IRC bouncer that can establish such a permanent connection to several IRC networks and channels so your IRC client (or multiple clients) can disconnect/reconnect without losing the chat session, while appearing as a single user to other users.

Once installed ZNC can be configured via its web interface or via IRC commands.

The default install includes SSL setup for secure web access, using a self-signed certificate.

Installing ZNC in Debian

ZNC is packaged for Debian so installation can be achieved by installing the znc package:

 sudo apt install znc

Once installed, you will need to add a new znc-admin user, add administrative right to it, and use it to generate an initial configuration:

 # adduser znc-admin
 # su znc-admin
 # znc --makeconf

The resulting configuration will be saved in /home/znc-admin/.znc/.

This will ask several questions, here are a few suggested answers:

Once you've finished initial configuration, access the web interface and explore the available modules. There are global and per-network modules that can be enabled.

Global and per-network configuration

Here are a few useful modules when using the OFTC network

A few more post-install recommended steps:

SSL configuration with Let's Encrypt

This is a detailed example of the official Let's Encrypt client setup from ZNC documentation.

In Debian you can use the certbot package to request Let's Encrypt SSL certificates.

Install CertBot:

# apt-get install certbot

Make a script /usr/local/bin/make-znc-cert to format certificates as expected by ZNC:

 mv /home/znc-admin/.znc/znc.pem  /home/znc-admin/.znc/znc-backup.pem
 cat {privkey,cert,chain}.pem > /home/znc-admin/.znc/znc.pem

and set that script to be executable with sudo chmod a+x /usr/local/bin/make-znc-cert

Request a Let's Encrypt SSL certificate:

# certbot certonly --renew-hook /usr/local/bin/make-znc-cert

Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
1: Place files in webroot directory (webroot)
2: Spin up a temporary webserver (standalone)
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): domainname.com
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for domainname.com
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem

 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/domainname.com/fullchain.pem. Your cert
   will expire on 2017-XX-XX. To obtain a new or tweaked version of
   this certificate in the future, simply run certbot again. To
   non-interactively renew *all* of your certificates, run "certbot
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Reboot and visit https://domainname.com:6697 with your web browser to verify the certificate is valid.

Keep in mind Let's Encrypt certificates expire after 90 days so the above procedure will need to be repeated at every renewal request.

CategorySoftware CategoryNetwork