Hello everyone,
I successfully installed an IRC server on my yunohost and I wanted to share the informations in case some of you wanted to do the same. Here I describe the procedure to do so in a virtual machine dedicated to this purpose.
Note that installing some programs that are not supported by Yunohost can break your server (I know what I’m talking about). I highly recommend to create a backup and to try it in a virtual machine first (as described in this post).
Also, I’m not an expert in computer science and beware that what I say might not be accurate. Feel free to tell me if missed anything.
BEFORE WE START
First, install the virtual machine and configure its network as a bridged adapter (https://yunohost.org/#/install_on_virtualbox).
On the host: call sudo arp-scan -local to have the list of devices that are connected to your network.
Boot the virtual machine.
On the host: call sudo arp-scan -local again to see the IP of the virtual machine.
On the host, edit file /etc/hosts and add a line with the IP and our test domain so that this domain can be accessed by the host. Note, I chose “test.nohost.me”. No registration is performed so any domain will do.
Then, access the virtual machine through ssh:
ssh root@test.nohost.me
And proceed to the postinstallation without registering the domain:
yunohost tools postinstall --ignore-dyndns
# note: the --ignore-dyndns option avoids the domain registration
# domain: test.nohost.me
# enter a password and confirm it
FIRST STEP: INSTALLATION AND CONFIGURATION OF IRCD
apt-get update
apt-get install ircd-irc2
# configuration ends on a timeout since it tries to configure the server on
# domain irc.localhost
edit file /etc/ircd/ircd.conf and replace the following line:
M:irc.localhost::Debian ircd default configuration::000A
with:
M:test.nohost.me::Debian ircd default configuration::000A
while replacing “test.nohost.me” with your domain.
Then restart the IRC server:
systemctl restart ircd-irc2.service
And open the port on the firewall:
yunohost firewall allow TCP 6667
Right now, you can connect your IRC server with your favourite IRC client, but there is no encryption.
SECOND STEP: ENABLING ENCRYPTED CONNECTIONS WITH STUNNEL
# installation of stunnel:
apt-get install stunnel4
To configure stunnel to use your yunohost certificate for your IRC server, create a file /etc/stunnel/stunnel.conf with the following content in it:
# Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = TLSv1
# Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
# PID is created inside the chroot jail
pid = /stunnel4.pid
# Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = zlib # de-activated in debian
# Authentication stuff
verify = 1
# Some debugging stuff useful for troubleshooting
;debug = 7
;output = /var/log/stunnel4/stunnel.log
# Use it for client mode
;client = yes
# Service-level configuration
[irc]
cert = /etc/yunohost/certs/test.nohost.me/crt.pem
key = /etc/yunohost/certs/test.nohost.me/key.pem
CAfile = /etc/yunohost/certs/yunohost.org/ca.pem
accept = 6697
connect = 6667
Open the port on the firewall for encrypted connections to the IRC server:
yunohost firewall allow TCP 6697
Then, you can manually run stunnel on the server:
stunnel
Right now, you can connect your IRC server with your favourite IRC client and there is an encryption using your yunohost certificate. But when your server will reboot, stunnel will not be running anymore.
THIRD STEP: MAKE STUNNEL RUN AT STARTUP
In order to have stunnel running at startup, use systemd. Write file /etc/systemd/system/stunnel.service with the following content:
[Unit]
Description=SSL tunnel
After=network.target
After=syslog.target
[Install]
WantedBy=multi-user.target
[Service]
ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
ExecStop=/usr/bin/killall -9 stunnel
RemainAfterExit=yes
Then, activate the systemd service:
systemctl enable stunnel.service
Now, your IRC server will be available even after a reboot.
(OPTIONAL) FOURTH STEP: HAVING AN IRC CLIENT RUNNING 24h/24h
Since you cannot read messages from peers when you are not connected to a channel, it is nice to have a session that is always running. Then, your friends only have to connect to the same channel to leave you a message that you can read later. This can be done with a command-line IRC client and GNU screen.
Install GNU screen and a chat client (I chose weechat):
apt-get install screen weechat
Create the user that must be logged all the time:
adduser yolo
# password: yolo
For screen to be able to open the terminal, you must exit and ssh as yourself:
exit
ssh yolo@test.nohost.me
Run weechat with screen so that it can be always on:
screen weechat
Here are some weechat commands to connect to the server from the same host (see weechat documentation for more informations):
/server add localhost localhost
/set irc.server.localhost.autoconnect on
/set irc.server.localhost.autojoin #mychannel
/connect localhost
# wait for the connection to be established
/join #mychannel
> "Ctrl-a" then "d" to detach screen from the terminal
You can resume a detached screen session with (see GNU screen documentation for more informations):
screen -r
Now that you are always logged in, you can see any connexion or message (in this channel) from someone else. For instance, if your domain was registered, anyone would be able to connect your IRC server and join the same channel using SSL with the KiwiIRC web IRC client through the following link:
https://kiwiirc.com/client/test.nohost.me:+6697?chan=#mychannel
Hope this helps,
alb