So you want to link to pissnet: Difference between revisions

From pisswiki
(Add SSL Cert section)
Tag: Reverted
No edit summary
 
(7 intermediate revisions by 4 users not shown)
Line 47: Line 47:
***This block sets the username and password you will use with the <code>/oper</code> command to admin your server. The default user and password are "bobsmith" and "test". '''CHANGE IT'''.
***This block sets the username and password you will use with the <code>/oper</code> command to admin your server. The default user and password are "bobsmith" and "test". '''CHANGE IT'''.
* At the bottom of the file, paste the three <code>link {}</code> blocks you got when you ran the [[Optimal linking script of doom]]
* At the bottom of the file, paste the three <code>link {}</code> blocks you got when you ran the [[Optimal linking script of doom]]
* Now you can start your IRCd with `./unrealircd start`.
* Now you can start your IRCd with <code>./unrealircd start</code>.
** One potential hitch at this point is whether or not you have properly configured your VMS's firewall to allow incoming and/or outgoing connections, especially on the common IRCd ports (6667, 6697, 6900)
** One potential hitch at this point is whether or not you have properly configured your VMS's firewall to allow incoming and/or outgoing connections, especially on the common IRCd ports (6667, 6697, 6900)
* Connect to it with your IRC client to check that everything is OK. Check if your oper credentials work with <code>/oper username password</code> as defined in your conf file, you should get auto-joined to a channel named <code>#opers</code> when it succeeds.
* Connect to it with your IRC client to check that everything is OK. Check if your oper credentials work with <code>/oper username password</code> as defined in your conf file, you should get auto-joined to a channel named <code>#opers</code> when it succeeds.
Line 53: Line 53:
That's it! Now your server is ready to run! But before, you have to send your own link block to one of the hub administrators. Grab your link block with <code>./unrealircd genlinkblock</code>, upload it to a [https://bpaste.net pastebin] and send it to the admins of the hubs you added to your config file (Hint: their nicks are in a comment block above the <code>link ...{}</code> block). After at least one hub adds you, you will automatically connect to the network!
That's it! Now your server is ready to run! But before, you have to send your own link block to one of the hub administrators. Grab your link block with <code>./unrealircd genlinkblock</code>, upload it to a [https://bpaste.net pastebin] and send it to the admins of the hubs you added to your config file (Hint: their nicks are in a comment block above the <code>link ...{}</code> block). After at least one hub adds you, you will automatically connect to the network!


== SSL certificate (before you link do this) ==
* '''Note. If you attempt to connect to the network without contacting any administrators beforehand, you likely will be deemed too stupid to link to Pissnet and your server connection attempt spam will just result in a GZline. We are not a free-for-all network; you must have a reciprocating linkblock first.'''


Soon, to be part of the round-robin you will need a valid SSL certificate for both <code>irc.letspiss.net</code> and your own server domain. To do this you can use <code>[https://github.com/acmesh-official/acme.sh acme.sh]</code> (run the installer!). Here is an example of how to generate a certificate for both in one go (assuming you use cloudflare for your domain, for other providers [https://github.com/acmesh-official/acme.sh/wiki/dnsapi check here]):
* '''Second Note: If you did not install Pissircd from Git (eg, using straight UnrealIRCD), you likely will need additional information in order to be able to link to Pissnet, such as the Cloak Key. That information can be found over on the [[Additional Configs for Servers]] page.'''
 
<pre>
# These are the credentials required to get the irc.letspiss.net certificate
export ACMEDNS_UPDATE_URL="https://auth.autie.net/update"
export ACMEDNS_USERNAME="7a72b116-70de-4a49-83a5-dcfeb2dfabb2"
export ACMEDNS_PASSWORD="R6uA0z8-bwfU8xZxqbTIkoNUBE91Yrn7LN-34qRx"
export ACMEDNS_SUBDOMAIN="cdd942bb-0b02-4e50-9bf0-639d61c60741"
 
# You will have to change this!
export CF_Token="aaaaabbbbbcccc"
export CF_Account_ID="ddddeeeeeffff"
export CF_Zone_ID="ggggghhhhiiii"
 
~/.acme.sh/acme.sh --issue  -d irc.letspiss.net --dns dns_acmedns  -d my.fancy.server.blah.com --dns dns_cf
</pre>
 
If you use custom DNS or want to do this manually, run the above environment variable commands for <code>ACMEDNS_*</code> and use the <code>--yes-I-know-dns-manual-mode-enough-go-ahead-please</code> option (note this does not support automatic cert renewal, and it will have to be done manually) as shown below:
 
<pre>
~/.acme.sh/acme.sh  --server letsencrypt --auto-upgrade --issue  -d irc.letspiss.net --dns dns_acmedns  -d my.fancy.server.blah.com --yes-I-know-dns-manual-mode-enough-go-ahead-please
</pre>
 
You will then need to manually add the new <code>TXT</code> record to your DNS zone while <code>acme.sh</code> is running.
 
After this you will have to edit your configs to look like this:
 
<pre>
listen {
        ip *;
        port 6697;
        options { tls; }
        tls-options {
                certificate "/home/ircd/.acme.sh/irc.letspiss.net/fullchain.cer";
                key "/home/ircd/.acme.sh/irc.letspiss.net/irc.letspiss.net.key";
        };
}
</pre>
 
'''Note''': Do not change the certificate key for the <code>serversonly</code> listen block or your spkifp will change and you won't be able to link to the network.
 
=== Alternatively, using two certificates ===
If you just want to use <code>acme.sh</code> for the round-robin certificate and use your existing infrastructure for your other certificate(s), call <code>acme.sh</code> as <code>~/.acme.sh/acme.sh --issue  -d irc.letspiss.net --dns dns_acmedns</code> and add a [https://www.unrealircd.org/docs/Sni_block SNI block] instead of changing the config above:
 
<pre>
sni irc.letspiss.net {
    tls-options {
        certificate "/home/ircd/.acme.sh/irc.letspiss.net/fullchain.cer";
        key "/home/ircd/.acme.sh/irc.letspiss.net/irc.letspiss.net.key";
    };
};
</pre>
 
=== Alternatively to the alternative, use ZeroSSL ===
 
If we run out of the LetsEncrypt quota, we can use zerossl, by adding the <code>--server zerossl</code> parameter to <code>acme.sh</code>.


=== Step 4: After you link... ===
=== Step 4: After you link... ===

Latest revision as of 03:16, 18 April 2024

This manual will guide you step-by step on how to compile, configure and link your server to Pissnet.

Step 0: Contemplate your life choices

  • You sure you want to do this?
    • Really? I'm sorry.
  • Just make sure this is something you really want to do. We'd like for people to be able to not only set up a server, but also keep it maintained and updated.
  • With great power comes great responsibilipee.
  • At minimum, you'll need to know your way around a shell and be able to self diagnose your own issues on your own server. We'll try to help out but a lot of the time it's your own config that needs tweaking and only you can do that for yourself.
  • That said... UnrealIRCd is pretty simple and easy to set up and we've git things well documented here.


Important note:

  • It is highly advised that you don't use your own home computer or home internet connection if you're able to. There are many options for free-tier (or free trial with generous credits) cloud VMS providers... Including Oracle, AWS and Google. Other providers are quite inexpensive, running about $3 to $5 a month for the lowest spec vServer, which is more than plenty for an IRCd. Linode, Vultr, Hetzner, OVH, DigitalOcean, BuyVM are options if you want to get away from the 'big three.' A lot of it comes down to personal preference. Just about anything that can give you a Linux "box" is able to run UnrealIRCd. If this is your first time running a cloud service and you're not quite sure where to start, Oracle is probably the most documented and it's fairly straightforward. They have an always free tier with generous quotas, but they do require a credit card for sign-up (which is not stored on the account).

Step 1: Preparing your system

  • We will be building the IRCd from source, so of course you will need a few tools, like: git, gcc, etc.
    • On Ubuntu, Debian and the like, you can install these with apt install git build-essential python3 libssl-dev
  • It is usually a good idea to run UnrealIRCd on it's own user. You can create a ircd user with adduser --disabled-password --shell /bin/bash --gecos "User" ircd
  • Switch to the new ircd user with sudo -iu ircd

Step 2: Downloading and building the IRCd

We will download PissIRCd, which is a fork of UnrealIRCd with a few modules and patches that are useful for pissnet.

  • Get the PissIRCd source code with git clone https://github.com/pissnet/pissircd
  • Configure it for compilation with cd pissircd && ./Config
  • The script will ask you a few questions. It is recommended to pick the defaults for everything, so you can just hit enter on every question.
  • After you finish configuring, you can now compile and install PissIRCd with make && make install

Step 3: Configuring your brand new IRCd

  • Grab the Optimal linking script of doom and execute it in your server. The script will ping every pissnet hub and give you the link block for the three hubs with the lowest ping. Save those link blocks for later.
    • If you decide to not link directly to one of the hubs, it is still a good idea to add a hub (or two) to your config (but not with autoconnect) so that you have backup links if your main link should ever drop.
  • Go to the ircd directory (with cd ~/unrealircd) and copy the example file to its final location (cp conf/examples/example.conf conf/unrealircd.conf)
  • Edit the conf/unrealircd.conf with your favorite text editor. The parts you want to change are:
    • The me {} block:
      • name is the name of your server. It doesn't need to resolve to your server, but it's a plus if it does. You can find available domains at Domains.
      • info a description for your server, you can be creative here.
      • sid is an identifier for your server and it should be unique. You can check out the Great big-ass server list of doom to find an unused one for your server.
    • The admin {} block:
      • In this block you can have up to three lines of free text. Ideally it should have some kind of info so we can contact you in case something goes wrong. You can put just your nick, nick and email or whatever.
    • The oper ... {} block:
      • This block sets the username and password you will use with the /oper command to admin your server. The default user and password are "bobsmith" and "test". CHANGE IT.
  • At the bottom of the file, paste the three link {} blocks you got when you ran the Optimal linking script of doom
  • Now you can start your IRCd with ./unrealircd start.
    • One potential hitch at this point is whether or not you have properly configured your VMS's firewall to allow incoming and/or outgoing connections, especially on the common IRCd ports (6667, 6697, 6900)
  • Connect to it with your IRC client to check that everything is OK. Check if your oper credentials work with /oper username password as defined in your conf file, you should get auto-joined to a channel named #opers when it succeeds.

That's it! Now your server is ready to run! But before, you have to send your own link block to one of the hub administrators. Grab your link block with ./unrealircd genlinkblock, upload it to a pastebin and send it to the admins of the hubs you added to your config file (Hint: their nicks are in a comment block above the link ...{} block). After at least one hub adds you, you will automatically connect to the network!

  • Note. If you attempt to connect to the network without contacting any administrators beforehand, you likely will be deemed too stupid to link to Pissnet and your server connection attempt spam will just result in a GZline. We are not a free-for-all network; you must have a reciprocating linkblock first.
  • Second Note: If you did not install Pissircd from Git (eg, using straight UnrealIRCD), you likely will need additional information in order to be able to link to Pissnet, such as the Cloak Key. That information can be found over on the Additional Configs for Servers page.

Step 4: After you link...