How To Setup Your Own IRC Network: Difference between revisions
No edit summary |
No edit summary |
||
Line 514: | Line 514: | ||
'''Note:''' | '''Note:''' | ||
When you login into webchat, you will see "webchat@127.0.0.1". If you're wondering how change 127.0.0.1 with a spoofed address, you need another auth{} block in charybdis. Look at reference.conf for details. | When you login into webchat, you will see "webchat@127.0.0.1". | ||
If you're wondering how change 127.0.0.1 with a spoofed address, you need another auth{} block in charybdis. Look at /etc/charybdis/reference.conf for details. | |||
If you want the real ip address of the client, you need to setup cgi:irc with atheme-iris, and Charybdis will use the module called _mwebirc to "glue" himself with atheme-iris. | If you want the real ip address of the client, you need to setup cgi:irc with atheme-iris, and Charybdis will use the module called _mwebirc to "glue" himself with atheme-iris. | ||
== Useful links == | == Useful links == |
Revision as of 15:01, 6 March 2013
This doc aims to assist you on setup your own irc network with Alpine Linux.
We will configure two irc daemons and a simple ajax webirc client.
The irc daemons will work together sharing the channel, users and other informations.
From charybdis point of view, this configuration is called "cluster", but this word should not be understood with the common meaning of "cluster".
We assume that, as example, we want create Alpine Linux IRC Network.
We have irc1 and irc2 servers, called respectively irc1.alpinelab.lan and irc2.alpinelab.lan.
Prerequisites
Prerequisites are two PC with Alpine Linux installed (v2.5).
Packages that we are going to install are:
- Charybdis
- atheme-iris
Both of those packages are in edge testing.
You can easily use this pinning edge repo:
vi /etc/apk/repositories
Add the line:
@edge http://dl-2.alpinelinux.org/alpine/edge/testing
Then:
apk update
apk add charybdis
apk add atheme-iris
Configure Charybdis
cp /etc/charybdis/example.conf /etc/charybdis/ircd.conf
vi /etc/charybdis/ircd.conf
Modify the file starting from /etc/charybdis/reference.conf (that is well documented).
loadmodule "extensions/chm_operonly.so"; loadmodule "extensions/extb_account.so"; loadmodule "extensions/extb_canjoin.so"; loadmodule "extensions/extb_channel.so"; loadmodule "extensions/extb_extgecos.so"; loadmodule "extensions/extb_oper.so"; loadmodule "extensions/extb_realname.so"; loadmodule "extensions/m_identify.so"; loadmodule "extensions/m_mkpasswd.so"; loadmodule "extensions/m_webirc.so"; loadmodule "extensions/sno_farconnect.so"; loadmodule "extensions/sno_globalkline.so"; loadmodule "extensions/sno_globaloper.so"; serverinfo { name = "irc1.alpinelab.lan"; sid = "01A"; description = "Alpine Linux IRC Server"; network_name = "Alpine Linux Network"; network_desc = "Alpine Linux IRC network."; hub = yes; default_max_clients = 10000; nicklen = 30; }; admin { name = "admin"; description = "Alpine Linux IRC network administrator"; email = "ircadmin@alpinelab.lan"; }; log { fname_userlog = "logs/userlog"; #fname_fuserlog = "logs/fuserlog"; fname_operlog = "logs/operlog"; #fname_foperlog = "logs/foperlog"; fname_serverlog = "logs/serverlog"; #fname_klinelog = "logs/klinelog"; fname_killlog = "logs/killlog"; fname_operspylog = "logs/operspylog"; #fname_ioerrorlog = "logs/ioerror"; }; class "users" { ping_time = 2 minutes; number_per_ident = 10; number_per_ip = 10; number_per_ip_global = 50; cidr_ipv4_bitlen = 24; cidr_ipv6_bitlen = 64; number_per_cidr = 200; max_number = 100; sendq = 400 kbytes; }; class "opers" { ping_time = 5 minutes; number_per_ip = 10; max_number = 1000; sendq = 1 megabyte; }; class "server" { ping_time = 5 minutes; connectfreq = 5 minutes; max_number = 10; sendq = 4 megabytes; }; listen { defer_accept = yes; port = 5000, 6665 .. 6669; sslport = 6697; }; auth { user = "*@*"; class = "users"; }; privset "local_op" { privs = oper:local_kill, oper:operwall; }; privset "server_bot" { extends = "local_op"; privs = oper:kline, oper:remoteban, snomask:nick_changes; }; privset "global_op" { extends = "local_op"; privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline, oper:resv, oper:mass_notice, oper:remoteban; }; privset "admin" { extends = "global_op"; privs = oper:admin, oper:die, oper:rehash, oper:spy; }; operator "ircadmin" { user = "*@*"; password = "MyStrongPassword"; snomask = "+Zbfkrsuy"; flags = ~encrypted; privset = "admin"; }; connect "irc2.alpinelab.lan" { host="10.0.2.10"; send_password = "Password_To_Server"; accept_password = "Password_From_Server"; port = 6666; hub_mask = "*"; class = "server"; flags = compressed, topicburst, autoconn; }; service { name = "services.int"; }; cluster { name = "*.alpinelab.lan"; flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv; }; shared { oper = "*@*", "*"; flags = all, rehash; }; /* exempt {}: IPs that are exempt from Dlines and rejectcache. (OLD d:) */ exempt { ip = "127.0.0.1"; }; channel { use_invex = yes; use_except = yes; use_forward = yes; use_knock = yes; knock_delay = 5 minutes; knock_delay_channel = 1 minute; max_chans_per_user = 15; max_bans = 100; max_bans_large = 500; default_split_user_count = 0; default_split_server_count = 0; no_create_on_split = no; no_join_on_split = no; burst_topicwho = yes; kick_on_split_riding = no; only_ascii_channels = no; resv_forcepart = yes; channel_target_change = yes; disable_local_channels = no; }; serverhide { flatten_links = yes; links_delay = 5 minutes; hidden = no; disable_hidden = no; }; blacklist { host = "rbl.efnetrbl.org"; type = ipv4; reject_reason = "${nick}, your IP (${ip}) is listed in EFnet's RBL. For assistance, see http://efnetrbl.org/?i=${ip}"; /* Example of a blacklist that supports both IPv4 and IPv6 */ }; alias "NickServ" { target = "NickServ"; }; alias "ChanServ" { target = "ChanServ"; }; alias "OperServ" { target = "OperServ"; }; alias "MemoServ" { target = "MemoServ"; }; alias "NS" { target = "NickServ"; }; alias "CS" { target = "ChanServ"; }; alias "OS" { target = "OperServ"; }; alias "MS" { target = "MemoServ"; }; general { hide_error_messages = opers; hide_spoof_ips = yes; default_umodes = "+i"; default_operstring = "is an IRC Operator"; default_adminstring = "is a Server Administrator"; servicestring = "is a Network Service"; disable_fake_channels = no; tkline_expire_notices = no; default_floodcount = 10; failed_oper_notice = yes; dots_in_ident=2; min_nonwildcard = 4; min_nonwildcard_simple = 3; max_accept = 100; max_monitor = 100; anti_nick_flood = yes; max_nick_time = 20 seconds; max_nick_changes = 5; anti_spam_exit_message_time = 5 minutes; ts_warn_delta = 30 seconds; ts_max_delta = 5 minutes; client_exit = yes; collision_fnc = yes; resv_fnc = yes; global_snotices = yes; dline_with_reason = yes; kline_delay = 0 seconds; kline_with_reason = yes; kline_reason = "K-Lined"; identify_service = "NickServ@services.int"; identify_command = "IDENTIFY"; non_redundant_klines = yes; warn_no_nline = yes; use_propagated_bans = yes; stats_e_disabled = no; stats_c_oper_only=no; stats_h_oper_only=no; stats_y_oper_only=no; stats_o_oper_only=yes; stats_P_oper_only=no; stats_i_oper_only=masked; stats_k_oper_only=masked; map_oper_only = no; operspy_admin_only = no; operspy_dont_care_user_info = no; caller_id_wait = 1 minute; pace_wait_simple = 1 second; pace_wait = 10 seconds; short_motd = no; ping_cookie = no; connect_timeout = 30 seconds; default_ident_timeout = 5; disable_auth = no; no_oper_flood = yes; max_targets = 4; client_flood_max_lines = 20; use_whois_actually = no; oper_only_umodes = operwall, locops, servnotice; oper_umodes = locops, servnotice, operwall, wallop; oper_snomask = "+s"; burst_away = yes; nick_delay = 0 seconds; # 15 minutes if you want to enable this reject_ban_time = 1 minute; reject_after_count = 3; reject_duration = 5 minutes; throttle_duration = 60; throttle_count = 4; max_ratelimit_tokens = 30; away_interval = 30; }; modules { path = "/usr/lib/charybdis/modules"; path = "/usr/lib/charybdis/modules/autoload"; };
Relevant part of the config file are:
serverinfo { . . sid = "01A"; <----------- This must be unique. You can choose two cipher and one letter. hub = yes; <----------- This works as an hub. Allows other irc server to connects. . . } listen { port = 5000, 6665 .. 6669; <---- Port where charybdis is listening. You can also bind to a specific ip adding "host" directive. If not specifyied charybdis listen on all interfaces. sslport = 6697; <---- Port for SSL connection. You need a certificate in order to use this feature. }; operator "ircadmin" { user = "*@*"; <----------- This is a masq used to match who can become operator. This support CIDR. If you want to allows only 10.0.0.0/24, you can choose "*@10.0.0.*". password = "MyStrongPassword"; <---- Password used to become IRC Operator. flags = ~encrypted; <---- Tilde "~" means not. So the password used in this block is not encrypted. Without "~", you need to write the password in this block encrypted. privset = "admin"; }; connect "irc2.alpinelab.lan" { <----------- Descriptive name of the server you want to connect to. host="10.0.2.10"; <----------- IP or HOST. They MUST be valid. If hostname, it MUST be an A record. send_password = "Password_To_Server"; <------- Password you sent TO irc2. In irc2 this is "accept_password". accept_password = "Password_From_Server"; <------- Password you expect to receive FROM irc2. In irc2 this is "send_password" flags = compressed, topicburst, autoconn; <------- Autoconn means that irc1 will try automatically to connect to irc2. }; cluster { name = "*.alpinelab.lan"; <----------- Masq to indicate what servers can share the information. Those information are written in the following "flags" entry. flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv; <--- Check IRC documentation to understand the meaning of those flags. }; shared { oper = "*@*", "*"; <----------- The user@host and the server must be on in order to set klines. flags = all,rehash; <----------- flags: list of what to allow them to place. All oper will receive this. };
In the other server, irc2, configuration is pretty similar.
Those are the only difference of /etc/charybdis/ircd.conf:
serverinfo { sid = "02A"; hub = yes; } operator "ircadmin" { user = "*@*"; password = "MyStrongPassword"; flags = ~encrypted; privset = "admin"; }; connect "irc1.alpinelab.lan" { host="10.0.1.10"; send_password = "Password_From_Server"; accept_password = "Password_To_Server"; flags = compressed, topicburst; };
In flags directive, connect{} block, we do not set "autoconn". This means that irc1 will automatically connect to irc2, but not the contrary.
Charybdis has a lot of other cool features, like ssl connection, spam blacklisting and so on. Look at documentation here: [1]
After having modifyied the ircd.conf in both server, fix the permissions:
chown ircd /etc/charybdis/ircd.conf
chmod 400 /etc/charybdis/ircd.conf
Configure Atheme-iris
Atheme-iris is a nice webchat written in AJAX and Python. It's a fork of the famous qwebirc.
Configuration in pretty simple.
By default, atheme-iris will listen on all interfaces. If you want modify this behaviour, change /etc/conf.d/atheme-iris and set the IP address where atheme will bind.
[execution] args: -n -p 3989 syslog_addr: syslog_port: 514 [irc] server: localhost port: 6667 ssl: false bind_ip: 127.0.0.1 realname: http://irc1.alpinelab.lan ident: nick ident_string: webchat webirc_mode: webirc webirc_password: fish [athemeengine] xmlrpc_path: chan_list_enabled: true chan_list_max_age: 120 chan_list_count: 3 [feedbackengine] from: moo@moo.com to: moo@moo.com smtp_host: 127.0.0.1 smtp_port: 25 [frontend] base_url: http://irc1.alpinelab.lan:9090 network_name: AlpineLinux app_title: %(network_name)s Web IRC extra_html: initial_nick: prompt: true chan_prompt: true chan_autoconnect: true static_base_url: / dynamic_base_url: / [atheme] nickserv_login: true chan_list_on_start: true chan_list_cloud_view: false [ui] dedicated_msg_window: false dedicated_notice_window: false hide_joinparts: false simple_color: false fg_color: DDDDDD fg_sec_color: 999999 bg_color: 111111 lastpos_line: true nick_click_query: false nick_colors: false nick_status: false flash_on_mention: false beep_on_mention: false [adminengine] hosts: 127.0.0.1 [proxy] forwarded_for_header: forwarded_for_ips: 127.0.0.1 [tuneback] update_freq: 0.5 maxbuflen: 100000 maxsubscriptions: 1 maxlinelen: 600 dns_timeout: 5 http_ajax_request_timeout: 30 http_request_timeout: 5
In the [execution] block, parameters are overridden by /etc/conf.d/atheme-iris settings.
Replicate the same configuration in irc2.alpinelab.lan.
But in irc2 server, change the entry irc1.alpinelab.lan with irc2.alpinelab.lan.
Atheme-iris will connect to charybdis on 127.0.0.1 ip, according with this directive:
server: localhost
That's all.
Now, you can go with one browser to http://irc1.alpinelab.lan:9090 and another in http://irc2.alpinelab.lan:9090.
Login with two different users in the same channel.
You should view both users on both webclients.
Happy chatting.
Note:
When you login into webchat, you will see "webchat@127.0.0.1".
If you're wondering how change 127.0.0.1 with a spoofed address, you need another auth{} block in charybdis. Look at /etc/charybdis/reference.conf for details.
If you want the real ip address of the client, you need to setup cgi:irc with atheme-iris, and Charybdis will use the module called _mwebirc to "glue" himself with atheme-iris.
Useful links
IRC Commands
http://en.wikipedia.org/wiki/List_of_Internet_Relay_Chat_commands
*-Line flags