How to install and configure a ZNC
If you want to compile ZNC with OpenSSL support, you need the OpenSSL development package. On Debian/Ubuntu this is called libssl-dev, on CentOS/Fedora/Red Hat it’s openssl-devel, and on openSUSE it’s libopenssl-devel. A good way to install this and other dependencies is the build dependency feature of package managers (apt-get build-dep / yum-builddep / zypper source-install –build-deps-only).
Download the latest source tarball
wget https://sisrv.net/files/znc-1.8.2.tar.gz
tar -xzvf znc-1.8.2.tar.gz
rm -rf znc-1.8.2.tar.gz
cd znc-1.8.2
./configure
(use –prefix=”$HOME/.local” (cmake -DCMAKE_INSTALL_PREFIX=”$HOME/.local”) if you don’t want a system wide installation or simply don’t have root access; use –with-openssl=/path/to/openssl (cmake -DOPENSSL_ROOT_DIR=/path/to/openssl) if you have a non-standard SSL path)
(use –help to see other configure options)
make
(if you are on a dedicated server and your CPU has more than one core, you can use make -jX where X is the number of CPU cores to speed up compilation)
make install
Please note that compiling can take 5-10 minutes or more.
Once you have installed znc, you can use znc –makeconf to make a configuration file for ZNC. This config is stored in ~/.znc under the user you run it as. You should create a dedicated non root user to run znc under.
ZNC is run by just executing znc under the dedicated znc user, at which stage it goes to background. It does not automatically make an init.d service for itself (which can be done by following the instructions to running ZNC as a system daemon) nor does it need to be run in screen or something similar.
Other Build Dependencies
After verifying you have the required build dependency sources, you will need to install the following packages:
build-essential
libssl-dev
libperl-dev
pkg-config
swig3.0
libicu-dev
If you are on Ubuntu 12.04, you will also need to install the following package:
g++-4.7
After you have done this, you can follow the instructions on this page for compiling from the source tarball.
Creating a config file
To generate a basic configuration file, run znc --makeconf after installation.
It is NOT a good idea to create a new config file manually, please use znc --makeconf!
File locations
- Configuration – ZNC gets its configuration by reading the file
~/.znc/configs/znc.conf. - Misc – Other files are also stored in the
~/.zncdirectory, such as the SSL certificate (znc.pem) and the PidFile (znc.pid). - Local Modules – Stored in
~/.znc/modules. ZNC will look in the local module directory first when trying to load a module. - Global Modules – Stored in
/usr/local/lib/zncby default (where/usr/localis the prefix you chose). This is/usr/lib/zncif you used the Debian package. - Binaries –
znc,znc-config, andznc-buildmodare all stored in/usr/local/bin(or in/usr/bin) by default. You can change this when you configure by using./configure --prefix=/whatever/path/you/want.
Editing config
In most cases you should NOT edit znc.conf directly.
Use webadmin instead.
If you really need to edit znc.conf by hand, do the following:
- pkill -SIGUSR1 znc
- to save current runtime configuration to znc.conf
- pkill znc
- to shutdown running ZNC instance
- Edit znc.conf
- znc
- to start it again with new configuration
Config file structure
The following pseudo content illustrates the config structure with single listener, user, network and channel. Naturally, there can be multiple instances of each.
Key = Value
<Listener name>
Key = Value
</Listener>
<User name>
Key = Value
<Network name>
Key = Value
<Chan name>
Key = Value
</Chan>
</Network>
<Pass password>
Key = Value
</Pass>
</User>
Config file settings
ZNC 1.7 configuration file consists of the following settings. All values are examples.
Global
| AnonIPLimit | The limit of anonymous unidentified connections per IP. |
| AnonIPLimit = 10 | |
| AuthOnlyViaModule (since 1.7) |
Allow user authentication by external modules only. |
| AuthOnlyViaModule = false | |
| BindHost | The list of allowed bindhosts. Users can select one of these values. |
| BindHost = ... BindHost = ... |
|
| ConnectDelay | The number of seconds every IRC connection is delayed. IRC servers may refuse a connection when reconnecting too fast. NOTE: Affects connections between ZNC and IRC servers; not connections between IRC clients and ZNC. |
| ConnectDelay = 5 | |
| HideVersion (since 1.6) |
Whether the version number is hidden from the web interface and CTCP VERSION replies. |
| HideVersion = true | |
| LoadModule | The list of global modules loaded on ZNC startup. |
| LoadModule = webadmin LoadModule = modperl LoadModule = modpython |
|
| MaxBufferSize | The maximum playback buffer size. Only admin users can exceed the limit. |
| MaxBufferSize = 500 | |
| Motd | The list of “message of the day” lines that are sent to clients on connect via notice from *status. |
| Motd = ... Motd = ... |
|
| PidFile | |
| PidFile = /home/znc/.znc/znc.pid | |
| ProtectWebSessions | Whether IP changing during each web session is disallowed. |
| ProtectWebSessions = true | |
| ServerThrottle | The number of seconds between connect attempts to the same hostname. |
| ServerThrottle = 30 | |
| Skin | The default web interface skin. Users can override the value. |
| Skin = _default_ | |
| SSLCertFile | The file with SSL/TLS certificate, used for ZNC’s listening port. Defaults to ~/.znc/znc.pem |
| SSLCertFile = /home/znc/.znc/znc.pem | |
| SSLCiphers (since 1.6) |
The allowed SSL ciphers. Default value is from Mozilla’s recomendations |
| SSLCiphers = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH | |
| SSLDHParamFile (since 1.7) |
The file with Diffie-Hellman parameters of SSL/TLS, used for ZNC’s listening port. Defaults to ~/.znc/znc.pem. If the file doesn’t contain DH parameters, ciphers which use DH can’t be used. |
| SSLDHParamFile = /home/znc/.znc/znc.pem | |
| SSLKeyFile (since 1.7) |
The file with private key of SSL/TLS certificate, used for ZNC’s listening port. Defaults to ~/.znc/znc.pem |
| SSLKeyFile = /home/znc/.znc/znc.pem | |
| SSLProtocols (since 1.6) |
The accepted SSL protocols. Available protocols are All, SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2. A non-prefixed value overrides any existing values, whereas a ‘-‘ or ‘+’ prefixed value disables or enables an additional protocol. It is recommended to keep the ZNC defaults that may change in future versions, and only disable (or enable) additional protocols if necessary. NOTE: ZNC 1.6 disables SSLv2 and SSLv3 by default. |
| SSLProtocols = -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2 | |
| StatusPrefix | The default prefix for status and module queries. Users can override the value. |
| StatusPrefix = * | |
| TrustedProxy (since 1.6) |
The list of trusted proxies. |
| TrustedProxy = ... TrustedProxy = ... |
|
| Version | The version of ZNC that was used to write the config file. |
| Version = 1.6.0 |
Listener
Definition of a port that ZNC listens on. There can be multiple ports, and they can allow different protocols.
| AllowIRC | Whether the port allows IRC connections. |
| AllowIRC = true | |
| AllowWeb | Whether the port allows web connections. |
| AllowWeb = true | |
| Host | An optional host or IP on which ZNC listens. |
| Host = ... | |
| IPv4 | Whether the port listens using IPv4. |
| IPv4 = true | |
| IPv6 | Whether the port listens using IPv6. |
| IPv6 = true | |
| Port | The port number. WARNING: Some web browsers reject port 6667. |
| Port = 12345 | |
| SSL | Whether the port is listening using SSL. |
| SSL = true | |
| URIPrefix (since 1.6) |
An optional URI prefix for the ZNC web interface. Can be used to make ZNC available behind a reverse proxy. |
| URIPrefix = /znc/ |
User
Definition of a user. There can be multiple users and each can have multiple networks.
| Admin | Whether the user has admin rights. |
| Admin = true | |
| Allow | The list of allowed IPs for the user. Wildcards (*) are supported. |
| Allow = * | |
| AltNick | The default alternate nick used if the primary nick is reserved. Networks can override the value. |
| AltNick = somebody_ | |
| AppendTimestamp | Whether timestamps are appended to buffer playback messages. NOTE: Only used for clients that do not support server-time. |
| AppendTimestamp = false | |
| AuthOnlyViaModule (since 1.7) |
Allow user authentication by external modules only. |
| AuthOnlyViaModule = false | |
| AutoClearChanBuffer | Whether channel buffers are automatically cleared after playback. When disabled, messages are buffered even while clients are attached, and already seen messages may be repeated each time clients connect. |
| AutoClearChanBuffer = true | |
| AutoClearQueryBuffer (since 1.6) |
Whether query buffers are automatically cleared after playback. When disabled, messages are buffered even while clients are attached, and already seen messages may be repeated each time clients connect. |
| AutoClearQueryBuffer = true | |
| BindHost | An optional bindhost for the user. Must be one of the values specified in the global list of allowed bindhosts. |
| BindHost = ... | |
| Buffer | The maximum amount of lines stored for each channel or query playback buffer. The buffers are stored in memory, and oldest lines are discarded when the limit is reached. Only admin users can exceed the maximum buffer size specified in the global section. |
| Buffer = 300 | |
| ChanBufferSize (since 1.7) |
The maximum amount of lines stored for each channel playback buffer. The buffers are stored in memory, and oldest lines are discarded when the limit is reached. Only admin users can exceed the maximum buffer size specified in the global section. |
| ChanBufferSize = 300 | |
| ChanModes | The default modes ZNC sets when joining an empty channel. |
| ChanModes = +stn | |
| ClientEncoding (since 1.6) |
The client encoding. |
| ClientEncoding = UTF-8 | |
| CTCPReply | An optional list of CTCP request-reply-pairs. Syntax: <request> <reply>. |
| CTCPReply = VERSION unknown v1.0 | |
| DCCBindHost | An optional bindhost for DCC connections. |
| DCCBindHost = ... | |
| DenyLoadMod | Whether the user is denied access to load modules. |
| DenyLoadMod = false | |
| DenySetBindHost | Whether the user is denied access to set a bindhost. |
| DenySetBindHost = false | |
| Ident | The default ident. Networks can override the value. |
| Ident = znc | |
| JoinTries | The amount of times channels are attempted to join in case of a failure eg. due to channel modes +i/+k/+b. |
| JoinTries = 3 | |
| Language (since 1.7) |
Language of UI translation shown for this user. If not specified, English is used. |
| Language = ru-RU | |
| LoadModule | The list of user modules loaded on ZNC startup. |
| LoadModule = controlpanel LoadModule = chansaver |
|
| MaxJoins (since 1.2) |
The maximum number of channels ZNC joins at once. Lower the value in case getting disconnected for ‘Excess flood’. |
| MaxJoins = 3 | |
| MaxNetworks | The maximum number of networks the user is allowed to have. |
| MaxNetworks = 5 | |
| MaxQueryBuffers (since 1.6) |
The maximum number of query buffers that are stored. 0 is unlimited. |
| MaxQueryBuffers = 50 | |
| MultiClients | Whether multiple clients are allowed to connect simultaneously. |
| MultiClients = true | |
| Nick | The default primary nick. Networks can override the value. |
| Nick = somebody | |
| NoTrafficTimeout (since 1.7) |
How much time ZNC waits (in seconds) until it receives something from network or declares the connection timeout. This happens after attempts to ping the peer. |
| NoTrafficTimeout = 180 | |
| PrependTimestamp | Whether timestamps are prepended to buffer playback messages. NOTE: Only used for clients that do not support server-time. |
| PrependTimestamp = true | |
| QueryBufferSize (since 1.7) |
The maximum amount of lines stored for each query playback buffer. The buffers are stored in memory, and oldest lines are discarded when the limit is reached. Only admin users can exceed the maximum buffer size specified in the global section. |
| QueryBufferSize = 300 | |
| QuitMsg | The default quit message ZNC uses when disconnecting or shutting down. Networks can override the value. |
| QuitMsg = ZNC - http://znc.in | |
| RealName | The default real name. Networks can override the value. |
| Real Name = Got ZNC? | |
| Skin | The web interface skin. |
| Skin = _default_ | |
| StatusPrefix | The prefix for status and module queries. |
| StatusPrefix = * | |
| TimestampFormat | The format of the timestamps used in buffer playback messages. NOTE: Only used for clients that do not support server-time. |
| TimestampFormat = [%H:%M:%S] | |
| Timezone | The timezone used for timestamps in buffer playback messages. NOTE: Only used for clients that do not support server-time. |
| Timezone = Europe/Berlin |
Network
Definition of a network. A user can have multiple networks, up to the limit specified by MaxNetworks.
| AltNick | An optional network specific alternate nick used if the primary nick is reserved. |
| AltNick = somebody_ | |
| BindHost | An optional bindhost for the network. Must be one of the values specified in the global list of allowed bindhosts. |
| BindHost = ... | |
| Encoding (since 1.6) |
An optional network specific encoding. |
| Encoding = UTF-8 | |
| FloodBurst | The maximum amount of lines ZNC sends at once. |
| FloodBurst = 4 | |
| FloodRate | The seconds between lines ZNC sends after reaching the FloodBurst limit. |
| FloodRate = 1.00 | |
| Ident | An optional network specific ident. |
| Ident = znc | |
| IRCConnectEnabled | Whether the network is enabled ie. connects to IRC. |
| IRCConnectEnabled = false | |
| JoinDelay (since 1.6) |
The delay in seconds, until channels are joined after getting connected. |
| JoinDelay = 0 | |
| LoadModule | The list of network modules loaded on ZNC startup. |
| LoadModule = simple_away LoadModule = route_replies |
|
| Nick | An optional network specific primary nick. |
| Nick = somebody | |
| QuitMsg (since 1.6) |
An optional network specific quit message ZNC uses when disconnecting or shutting down. |
| QuitMsg = ZNC - http://znc.in | |
| RealName | An optional network specific real name. |
| RealName = Got ZNC? | |
| Server | The list of IRC servers. Prefix the port number with a ‘+’ to enable SSL. Syntax: <host> [[+]port] [password]. |
| Server = irc.sisrv.net +6697 | |
| TrustAllCerts (since 1.7) |
Disable certificate validation (takes precedence over TrustPKI). INSECURE! |
| TrustAllCerts = false | |
| TrustPKI (since 1.7) |
Setting this to false will trust only certificates you added fingerprints for. |
| TrustPKI = true | |
| TrustedServerFingerprint (since 1.6) |
The list of trusted server fingerprints. |
| TrustedServerFingerprint = fi:ng:er |
Chan
Definition of a channel that ZNC joins when it connects to IRC. A network can have multiple channels.
| AutoClearChanBuffer | Whether the channel specific buffer is automatically cleared after playback. |
| AutoClearChanBuffer = false | |
| Buffer | The maximum amount of lines stored for the channel specific playback buffer. |
| Buffer = 100 | |
| Detached | Whether the channel is detached. Detached channels are not visible to clients. |
| Detached = true | |
| Disabled (since 1.6) |
Whether the channel is disabled. ZNC does not join disabled channels. |
| Disabled = true | |
| Key | An optional channel key. |
| Key = secret | |
| Modes | An optional set of default channel modes ZNC sets when joining an empty channel. |
| Modes = +stn |
Pass
Definition of a password, used by clients to connect to ZNC. Generated using znc --makepass.
| Hash | The hash of a salted password. |
| Hash = 44ccdd8655fb2c9bf8e6026fc51dfeabfd3e361f696c9373c00a496a4dcaed6f | |
| Method | The password hashing method. |
| Method = sha256 | |
| Salt | A random set of 20 characters for salting the password. |
| Salt = ,e9a+t9WwSCjR_5:XAQu |
