Last active
March 11, 2022 11:01
-
-
Save henrywang/cf8529be72d1f6f0dd933b03290c6c02 to your computer and use it in GitHub Desktop.
How to setup ZNC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Install Certbot to obtain a certification | |
| sudo dnf install -y certbot | |
| sudo certbot certonly --standalone --preferred-challenges http -d irc.henrywang.org | |
| # All generated keys and issued certificates can be found in /etc/letsencrypt/live/irc.henrywang.org | |
| sudo cat /etc/letsencrypt/live/irc.henrywang.org/{privkey,cert,chain}.pem > /tmp/znc.pem | |
| sudo docker cp /tmp/znc.pem znc:/znc-data | |
| sudo docker rm -f znc | |
| sudo docker run -d --name znc -p 6697:6697 -v znc-cfg:/znc-data znc | |
| sudo rm -f /tmp/znc.pem | |
| # Setup systemd.timer to run certbot renew every 12 hours to auto renew certificate | |
| # Let's Encrypt certificates last for 90 days | |
| # Create a service to run cerbot renew script | |
| cat /etc/systemd/system/letsrenew.service | |
| [Unit] | |
| Description=Renew Lets Encrypt certificate for irc.henrywang.org | |
| [Service] | |
| Type=oneshot | |
| ExecStart=/usr/bin/certbot renew --pre-hook "firewall-cmd --zone=FedoraServer --add-service=http" --post-hook "firewall-cmd --zone=FedoraServer --remove-service=http && cat /etc/letsencrypt/live/irc.henrywang.org/{privkey,cert,chain}.pem > /tmp/znc.pem && docker cp /tmp/znc.pem znc:/znc-data && docker rm -f znc && docker run -d --name znc -p 6697:6697 -v znc-cfg:/znc-data znc && rm -f /tmp/znc.pem" | |
| # Create a time file to run it by systemd | |
| cat /etc/systemd/system/letsrenew.timer | |
| [Unit] | |
| Description=Runs letsrenew everyday | |
| [Timer] | |
| # Time to wait after booting before we run first time | |
| OnBootSec=10min | |
| OnCalendar=daily | |
| # Appy a random delay up to one day. | |
| RandomizedDelaySec=1day | |
| # Catch up when an invocation was missed. | |
| Persistent=true | |
| [Install] | |
| WantedBy=timers.target | |
| # Run letsrenew timer | |
| sudo systemctl daemon-reload | |
| sudo systemctl start letsrenew.timer | |
| sudo systemctl enable letsrenew.timer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # In this guide, the server is hosted by Linode and with Fedora 27 server as OS. | |
| # Register a freenode nick name by following https://freenode.net/kb/answer/registration | |
| # ZNC setup needs this information | |
| sudo dnf -y update | |
| # Follow docker installation doc https://docs.docker.com/install/linux/docker-ce/fedora/#os-requirements | |
| sudo dnf remove docker \ | |
| docker-client \ | |
| docker-client-latest \ | |
| docker-common \ | |
| docker-latest \ | |
| docker-latest-logrotate \ | |
| docker-logrotate \ | |
| docker-selinux \ | |
| docker-engine-selinux \ | |
| docker-engine | |
| sudo dnf -y install dnf-plugins-core | |
| sudo dnf config-manager \ | |
| --add-repo \ | |
| https://download.docker.com/linux/fedora/docker-ce.repo | |
| sudo dnf -y install docker-ce | |
| # Download znc docker image from https://hub.docker.com/r/library/znc/ | |
| sudo docker pull znc | |
| # Run znc --makeconf to setup znc and save configuration files to volume znc-cfg | |
| sudo docker run -it -v znc-cfg:/znc-data znc --makeconf | |
| # Please follow https://wiki.znc.in/Introduction to configure znc | |
| # To enable SSL, a certificate has to be generated | |
| # By defulat, the znc will generate a self-signed cert, but it's not trusted by public CA | |
| # Apply and obtain a "real" certificate from Let's Encrypt | |
| # Install Certbot to obtain a certification | |
| sudo dnf install -y certbot | |
| sudo certbot certonly --standalone --preferred-challenges http -d irc.henrywang.org | |
| # All generated keys and issued certificates can be found in /etc/letsencrypt/live/irc.henrywang.org | |
| sudo cat /etc/letsencrypt/live/irc.henrywang.org/{privkey,cert,chain}.pem > /tmp/znc.pem | |
| sudo docker cp /tmp/znc.pem znc:/znc-data | |
| sudo docker rm -f znc | |
| sudo docker run -d --name znc -p 6697:6697 -v znc-cfg:/znc-data znc | |
| sudo rm -f /tmp/znc.pem | |
| # ISSUES AND SOLUTIONS | |
| # For MacOS, the CA cert needs to be configured to verify znc certificate signed by Let's Encrypt | |
| # Weechat: /set weechat.network.gnutls_ca_file "/usr/local/etc/openssl/cert.pem" | |
| # ZNC doc resource: | |
| # https://github.com/znc/znc#setting-up-zncconf | |
| # https://wiki.znc.in/Using_commands | |
| # Weechat: /msg *status help #Generate a *status channel, the following znc command can be run in this channel | |
| # Weechat: /go *status | |
| # How to use SASL to login freenode | |
| # Weechat: /go *status | |
| # Weechat: LoadMod sasl | |
| # Weechat: Saveconfig | |
| # Weechat: /query *status | |
| # Weechat: /go *sasl | |
| # Configure sasl by following http://wiki.znc.in/Sasl#example |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment