How to install and configure a ZNC

June 27, 2018

If you want to compile ZNC with OpenSSL support, you need the OpenSSL development package. On Debian/Ubuntu this is called libssl-dev, on CentOS/Fedora/Red Hat it’s openssl-devel, and on openSUSE it’s libopenssl-devel. A good way to install this and other dependencies is the build dependency feature of package managers (apt-get build-dep / yum-builddep / zypper source-install –build-deps-only).

Download the latest source tarball
wget https://sisrv.net/files/znc-1.7.3.tar.gz
tar -xzvf znc-1.7.3.tar.gz
rm -rf  znc-1.7.3.tar.gz
cd znc-1.7.3
./configure

(use –prefix=”$HOME/.local” (cmake -DCMAKE_INSTALL_PREFIX=”$HOME/.local”) if you don’t want a system wide installation or simply don’t have root access; use –with-openssl=/path/to/openssl (cmake -DOPENSSL_ROOT_DIR=/path/to/openssl) if you have a non-standard SSL path)
(use –help to see other configure options)
make
(if you are on a dedicated server and your CPU has more than one core, you can use make -jX where X is the number of CPU cores to speed up compilation)
make install

Please note that compiling can take 5-10 minutes or more.

Once you have installed znc, you can use znc –makeconf to make a configuration file for ZNC. This config is stored in ~/.znc under the user you run it as. You should create a dedicated non root user to run znc under.

ZNC is run by just executing znc under the dedicated znc user, at which stage it goes to background. It does not automatically make an init.d service for itself (which can be done by following the instructions to running ZNC as a system daemon) nor does it need to be run in screen or something similar.

Other Build Dependencies

After verifying you have the required build dependency sources, you will need to install the following packages:

build-essential
libssl-dev
libperl-dev
pkg-config
swig3.0
libicu-dev

If you are on Ubuntu 12.04, you will also need to install the following package:

g++-4.7

After you have done this, you can follow the instructions on this page for compiling from the source tarball.

Creating a config file

To generate a basic configuration file, run znc --makeconf after installation.
It is NOT a good idea to create a new config file manually, please use znc --makeconf!

File locations

  • Configuration – ZNC gets its configuration by reading the file ~/.znc/configs/znc.conf.
  • Misc – Other files are also stored in the ~/.znc directory, such as the SSL certificate (znc.pem) and the PidFile (znc.pid).
  • Local Modules – Stored in ~/.znc/modules. ZNC will look in the local module directory first when trying to load a module.
  • Global Modules – Stored in /usr/local/lib/znc by default (where /usr/local is the prefix you chose). This is /usr/lib/znc if you used the Debian package.
  • Binariesznc, znc-config, and znc-buildmod are all stored in /usr/local/bin (or in /usr/bin) by default. You can change this when you configure by using ./configure --prefix=/whatever/path/you/want.

Editing config

In most cases you should NOT edit znc.conf directly.
Use webadmin instead.

If you really need to edit znc.conf by hand, do the following:

  1. pkill -SIGUSR1 znc
    to save current runtime configuration to znc.conf
  2. pkill znc
    to shutdown running ZNC instance
  3. Edit znc.conf
  4. znc
    to start it again with new configuration

Config file structure

The following pseudo content illustrates the config structure with single listener, user, network and channel. Naturally, there can be multiple instances of each.

Key = Value

<Listener name>
    Key = Value
</Listener>

<User name>
    Key = Value

    <Network name>
        Key = Value

        <Chan name>
            Key = Value
        </Chan>
    </Network>
    
    <Pass password>
        Key = Value
    </Pass>
</User>

Config file settings

ZNC 1.6 configuration file consists of the following settings. All values are examples.

Global

AnonIPLimitThe limit of anonymous unidentified connections per IP.
AnonIPLimit = 10
AuthOnlyViaModule
(since 1.7)
Allow user authentication by external modules only.
AuthOnlyViaModule = false
BindHostThe list of allowed bindhosts. Users can select one of these values.
BindHost = ...
BindHost = ...
ConnectDelayThe number of seconds every IRC connection is delayed. IRC servers may refuse a connection when reconnecting too fast. NOTE: Affects connections between ZNC and IRC servers; not connections between IRC clients and ZNC.
ConnectDelay = 5
HideVersion
(since 1.6)
Whether the version number is hidden from the web interface and CTCP VERSION replies.
HideVersion = true
LoadModuleThe list of global modules loaded on ZNC startup.
LoadModule = webadmin
LoadModule = modperl
LoadModule = modpython
MaxBufferSizeThe maximum playback buffer size. Only admin users can exceed the limit.
MaxBufferSize = 500
MotdThe list of “message of the day” lines that are sent to clients on connect via notice from *status.
Motd = ...
Motd = ...
PidFile
PidFile = /home/znc/.znc/znc.pid
ProtectWebSessionsWhether IP changing during each web session is disallowed.
ProtectWebSessions = true
ServerThrottleThe number of seconds between connect attempts to the same hostname.
ServerThrottle = 30
SkinThe default web interface skin. Users can override the value.
Skin = _default_
SSLCertFileThe file with SSL/TLS certificate, used for ZNC’s listening port. Defaults to ~/.znc/znc.pem
SSLCertFile = /home/znc/.znc/znc.pem
SSLCiphers
(since 1.6)
The allowed SSL ciphers. Default value is from Mozilla’s recomendations
SSLCiphers = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLDHParamFile
(since 1.7)
The file with Diffie-Hellman parameters of SSL/TLS, used for ZNC’s listening port. Defaults to ~/.znc/znc.pem. If the file doesn’t contain DH parameters, ciphers which use DH can’t be used.
SSLDHParamFile = /home/znc/.znc/znc.pem
SSLKeyFile
(since 1.7)
The file with private key of SSL/TLS certificate, used for ZNC’s listening port. Defaults to ~/.znc/znc.pem
SSLKeyFile = /home/znc/.znc/znc.pem
SSLProtocols
(since 1.6)
The accepted SSL protocols. Available protocols are All, SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2. A non-prefixed value overrides any existing values, whereas a ‘-‘ or ‘+’ prefixed value disables or enables an additional protocol. It is recommended to keep the ZNC defaults that may change in future versions, and only disable (or enable) additional protocols if necessary. NOTE: ZNC 1.6 disables SSLv2 and SSLv3 by default.
SSLProtocols = -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2
StatusPrefixThe default prefix for status and module queries. Users can override the value.
StatusPrefix = *
TrustedProxy
(since 1.6)
The list of trusted proxies.
TrustedProxy = ...
TrustedProxy = ...
VersionThe version of ZNC that was used to write the config file.
Version = 1.6.0

Listener

Definition of a port that ZNC listens on. There can be multiple ports, and they can allow different protocols.

AllowIRCWhether the port allows IRC connections.
AllowIRC = true
AllowWebWhether the port allows web connections.
AllowWeb = true
HostAn optional host or IP on which ZNC listens.
Host = ...
IPv4Whether the port listens using IPv4.
IPv4 = true
IPv6Whether the port listens using IPv6.
IPv6 = true
PortThe port number. WARNING: Some web browsers reject port 6667.
Port = 12345
SSLWhether the port is listening using SSL.
SSL = true
URIPrefix
(since 1.6)
An optional URI prefix for the ZNC web interface. Can be used to make ZNC available behind a reverse proxy.
URIPrefix = /znc/

User

Definition of a user. There can be multiple users and each can have multiple networks.

AdminWhether the user has admin rights.
Admin = true
AllowThe list of allowed IPs for the user. Wildcards (*) are supported.
Allow = *
AltNickThe default alternate nick used if the primary nick is reserved. Networks can override the value.
AltNick = somebody_
AppendTimestampWhether timestamps are appended to buffer playback messages. NOTE: Only used for clients that do not support server-time.
AppendTimestamp = false
AuthOnlyViaModule
(since 1.7)
Allow user authentication by external modules only.
AuthOnlyViaModule = false
AutoClearChanBufferWhether channel buffers are automatically cleared after playback. When disabled, messages are buffered even while clients are attached, and already seen messages may be repeated each time clients connect.
AutoClearChanBuffer = true
AutoClearQueryBuffer
(since 1.6)
Whether query buffers are automatically cleared after playback. When disabled, messages are buffered even while clients are attached, and already seen messages may be repeated each time clients connect.
AutoClearQueryBuffer = true
BindHostAn optional bindhost for the user. Must be one of the values specified in the global list of allowed bindhosts.
BindHost = ...
BufferThe maximum amount of lines stored for each channel or query playback buffer. The buffers are stored in memory, and oldest lines are discarded when the limit is reached. Only admin users can exceed the maximum buffer size specified in the global section.
Buffer = 300
ChanBufferSize
(since 1.7)
The maximum amount of lines stored for each channel playback buffer. The buffers are stored in memory, and oldest lines are discarded when the limit is reached. Only admin users can exceed the maximum buffer size specified in the global section.
ChanBufferSize = 300
ChanModesThe default modes ZNC sets when joining an empty channel.
ChanModes = +stn
ClientEncoding
(since 1.6)
The client encoding.
ClientEncoding = UTF-8
CTCPReplyAn optional list of CTCP request-reply-pairs. Syntax: <request> <reply>.
CTCPReply = VERSION unknown v1.0
DCCBindHostAn optional bindhost for DCC connections.
DCCBindHost = ...
DenyLoadModWhether the user is denied access to load modules.
DenyLoadMod = false
DenySetBindHostWhether the user is denied access to set a bindhost.
DenySetBindHost = false
IdentThe default ident. Networks can override the value.
Ident = znc
JoinTriesThe amount of times channels are attempted to join in case of a failure eg. due to channel modes +i/+k/+b.
JoinTries = 3
Language
(since 1.7)
Language of UI translation shown for this user. If not specified, English is used.
Language = ru-RU
LoadModuleThe list of user modules loaded on ZNC startup.
LoadModule = controlpanel
LoadModule = chansaver
MaxJoins
(since 1.2)
The maximum number of channels ZNC joins at once. Lower the value in case getting disconnected for ‘Excess flood’.
MaxJoins = 3
MaxNetworksThe maximum number of networks the user is allowed to have.
MaxNetworks = 5
MaxQueryBuffers
(since 1.6)
The maximum number of query buffers that are stored. 0 is unlimited.
MaxQueryBuffers = 50
MultiClientsWhether multiple clients are allowed to connect simultaneously.
MultiClients = true
NickThe default primary nick. Networks can override the value.
Nick = somebody
NoTrafficTimeout
(since 1.7)
How much time ZNC waits (in seconds) until it receives something from network or declares the connection timeout. This happens after attempts to ping the peer.
NoTrafficTimeout = 180
PrependTimestampWhether timestamps are prepended to buffer playback messages. NOTE: Only used for clients that do not support server-time.
PrependTimestamp = true
QueryBufferSize
(since 1.7)
The maximum amount of lines stored for each query playback buffer. The buffers are stored in memory, and oldest lines are discarded when the limit is reached. Only admin users can exceed the maximum buffer size specified in the global section.
QueryBufferSize = 300
QuitMsgThe default quit message ZNC uses when disconnecting or shutting down. Networks can override the value.
QuitMsg = ZNC - http://znc.in
RealNameThe default real name. Networks can override the value.
Real Name = Got ZNC?
SkinThe web interface skin.
Skin = _default_
StatusPrefixThe prefix for status and module queries.
StatusPrefix = *
TimestampFormatThe format of the timestamps used in buffer playback messages. NOTE: Only used for clients that do not support server-time.
TimestampFormat = [%H:%M:%S]
TimezoneThe timezone used for timestamps in buffer playback messages. NOTE: Only used for clients that do not support server-time.
Timezone = Europe/Berlin

Network

Definition of a network. A user can have multiple networks, up to the limit specified by MaxNetworks.

AltNickAn optional network specific alternate nick used if the primary nick is reserved.
AltNick = somebody_
BindHostAn optional bindhost for the network. Must be one of the values specified in the global list of allowed bindhosts.
BindHost = ...
Encoding
(since 1.6)
An optional network specific encoding.
Encoding = UTF-8
FloodBurstThe maximum amount of lines ZNC sends at once.
FloodBurst = 4
FloodRateThe seconds between lines ZNC sends after reaching the FloodBurst limit.
FloodRate = 1.00
IdentAn optional network specific ident.
Ident = znc
IRCConnectEnabledWhether the network is enabled ie. connects to IRC.
IRCConnectEnabled = false
JoinDelay
(since 1.6)
The delay in seconds, until channels are joined after getting connected.
JoinDelay = 0
LoadModuleThe list of network modules loaded on ZNC startup.
LoadModule = simple_away
LoadModule = route_replies
NickAn optional network specific primary nick.
Nick = somebody
QuitMsg
(since 1.6)
An optional network specific quit message ZNC uses when disconnecting or shutting down.
QuitMsg = ZNC - http://znc.in
RealNameAn optional network specific real name.
RealName = Got ZNC?
ServerThe list of IRC servers. Prefix the port number with a ‘+’ to enable SSL. Syntax: <host> [[+]port] [password].
Server = irc.freenode.net +6697
TrustAllCerts
(since 1.7)
Disable certificate validation (takes precedence over TrustPKI). INSECURE!
TrustAllCerts = false
TrustPKI
(since 1.7)
Setting this to false will trust only certificates you added fingerprints for.
TrustPKI = true
TrustedServerFingerprint
(since 1.6)
The list of trusted server fingerprints.
TrustedServerFingerprint = fi:ng:er

Chan

Definition of a channel that ZNC joins when it connects to IRC. A network can have multiple channels.

AutoClearChanBufferWhether the channel specific buffer is automatically cleared after playback.
AutoClearChanBuffer = false
BufferThe maximum amount of lines stored for the channel specific playback buffer.
Buffer = 100
DetachedWhether the channel is detached. Detached channels are not visible to clients.
Detached = true
Disabled
(since 1.6)
Whether the channel is disabled. ZNC does not join disabled channels.
Disabled = true
KeyAn optional channel key.
Key = secret
ModesAn optional set of default channel modes ZNC sets when joining an empty channel.
Modes = +stn

Pass

Definition of a password, used by clients to connect to ZNC. Generated using znc --makepass.

HashThe hash of a salted password.
Hash = 44ccdd8655fb2c9bf8e6026fc51dfeabfd3e361f696c9373c00a496a4dcaed6f
MethodThe password hashing method.
Method = sha256
SaltA random set of 20 characters for salting the password.
Salt = ,e9a+t9WwSCjR_5:XAQu