Saturday, June 8, 2013

IRC Server

Decided to setup a little IRC server using Inspircd.  The plan was as follows. Use LDAP authentication for users, SSL encryption using my domain certs, a web-based UI proxied through NGINX https and lastly, federated with a friend's IRC server. Ubuntu 12.04 comes with an old version of Inspircd (1.1.2?), doesn't work well with federation and doesn't come with the LDAP module.  I downloaded the latest version of Inspircd that comes with 12.10 Ubuntu from here.

The above link also shows any dependencies you may need to install separately.  I was missing a few, solved with...
sudo apt-get install libtre5 libpq5 libmysqlclient18
then installed Inspircd
sudo dpkg -i inspircd_2.0.5-1_amd64.deb
First you need to edit /etc/default/inspircd and change the '0' to '1'

The main config file to edit is /etc/inspircd/inspircd.conf You'll want to configure this to setup some basic info, like change the <bind> tag to listen on an ip other than "127.0.0.1". "" will default to all network interfaces, and then set the port to listen to.

 At this point, you can run the Inspircd daemon
sudo service inspircd start
Next will secure the chat client port to use the SSL cert for the server. I store the SSL certs with my nginx server in /etc/nginx/certs. 

 First you need to tell Inspircd to load the gnutls module and point to your certs, by editing /etc/inspircd/inspircd.conf and adding:
<module name="m_ssl_gnutls.so">
<gnutls certfile="/etc/nginx/certs/server.crt" keyfile="/etc/nginx/certs/server.key">
If you want, you can create a self-signed cert, and use that, but clients will need to be told to ignore invalid certs.

Next, change your client's bind tag to something like:
<bind address="" port="5309" type="clients" ssl="gnutls">
To add LDAP authentication, you need to load the ldapauth module and point to your ldap server, by editing /etc/inspircd/inspircd.conf and adding:
<module name="m_ldapauth.so">
<ldapauth baserdn="ou=People,dc=domain,dc=com"
          attribute="uid"
          server="ldap://localhost"
          allowpattern="Guest*"
          killreason="Access denied"
          searchscope="subtree"
          binddn=""
          bindauth=""
          verbose="yes"
          userfield="yes">
To connect this server to another server, you need to <bind> a port as type server,
<bind address="" port="9799" type="servers">
setup a <link> section to define the server connection.  The same thing needs to be setup on the other server to be connected.
<link name="irc.otherdomain.com"
      ipaddr="irc.otherdomain.com"
      port="9799"
      sendpass="secret"
      recvpass="secret">
Lastly, one of the two servers can be set to <autoconnect> to avoid manually maintaining the connection.
<autoconnect period="60" server="irc.otherdomain.com">
Part 2 of this blog entry will setup the web interface
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)