m (→SSL certificate: run the installer! run it!) |
(Collapse "Current Rotation" section as well) |
||
| Line 77: | Line 77: | ||
== Current Rotation. NO LONGER IN USE == | == Current Rotation. NO LONGER IN USE == | ||
<pre> | <div class="mw-collapsible mw-collapsed"> | ||
''This section is collapsed by default. Click '''Expand''' on the right hand side to view. | |||
<pre class="mw-collapsible-content"> | |||
irc.shitposting.space A 144.202.61.61 | irc.shitposting.space A 144.202.61.61 | ||
urine.trouble.pissnet.net A 54.191.10.244 ; Warning: Self-signed certificate | urine.trouble.pissnet.net A 54.191.10.244 ; Warning: Self-signed certificate | ||
| Line 162: | Line 164: | ||
kazakhs.watch.mepee.live A 213.156.137.141 | kazakhs.watch.mepee.live A 213.156.137.141 | ||
</pre>(No longer in use, no need to add yourself here anymore) | </pre>(No longer in use, no need to add yourself here anymore) | ||
</div> | |||
== Previous list from the Pad Preserved Here, THIS IS NOT A ROTATION LIST. == | == Previous list from the Pad Preserved Here, THIS IS NOT A ROTATION LIST. == | ||
Revision as of 01:47, 5 July 2021
If you wish to have your server added to the round-robin, please contact a wiki sysop so they can add you into the new round-robin system. You will have to provide the following information:
- Server name
- IPv4 and/or IPv6
- Region (must be one of: AMER, EURO or ASIA)
Your node must:
- Have a valid SSL certificate for the round-robin
- Be reachable over the Internet on ports 6667 and 6697
- Be linked to the network
- and have a relatively up to date version of UnrealIRCd
After your node gets added to the rotation it will be periodically scanned. You can check the status of your node in the rotation through this page
SSL certificate
Soon, to be part of the round-robin you will need a valid SSL certificate for both irc.letspiss.net and your own server domain. To do this you can use acme.sh (run the installer!). Here is an example of how to generate a certificate for both in one go (assuming you use cloudflare for your domain, for other providers check here):
# These are the credentials required to get the irc.letspiss.net certificate export ACMEDNS_UPDATE_URL="https://auth.autie.net/update" export ACMEDNS_USERNAME="7a72b116-70de-4a49-83a5-dcfeb2dfabb2" export ACMEDNS_PASSWORD="R6uA0z8-bwfU8xZxqbTIkoNUBE91Yrn7LN-34qRx" export ACMEDNS_SUBDOMAIN="cdd942bb-0b02-4e50-9bf0-639d61c60741" # You will have to change this! export CF_Token="aaaaabbbbbcccc" export CF_Account_ID="ddddeeeeeffff" export CF_Zone_ID="ggggghhhhiiii" ~/.acme.sh/acme.sh --issue -d irc.letspiss.net --dns dns_acmedns -d my.fancy.server.blah.com --dns dns_cf
If you use custom DNS or want to do this manually, run the above environment variable commands for ACMEDNS_* and use the --yes-I-know-dns-manual-mode-enough-go-ahead-please option (note this does not support automatic cert renewal, and it will have to be done manually) as shown below:
~/.acme.sh/acme.sh --issue -d irc.letspiss.net --dns dns_acmedns -d my.fancy.server.blah.com --yes-I-know-dns-manual-mode-enough-go-ahead-please
You will then need to manually add the new TXT record to your DNS zone while acme.sh is running.
After this you will have to edit your configs to look like this:
listen {
ip *;
port 6697;
options { tls; }
tls-options {
certificate "/home/ircd/.acme.sh/irc.letspiss.net/fullchain.cer";
key "/home/ircd/.acme.sh/irc.letspiss.net/irc.letspiss.net.key";
};
}
Note: Do not change the certificate key for the serversonly listen block or your spkifp will change and you won't be able to link to the network.
Alternatively, using two certificates
The instructions below are broken, because we ran out of Let's Encrypt quota for 'duplicate certificates' for irc.letspiss.net. No more certificates for just irc.letspiss.net can be issued until June 15th.
If you just want to use acme.sh for the round-robin certificate and use your existing infrastructure for your other certificate(s), call acme.sh as ~/.acme.sh/acme.sh --issue -d irc.letspiss.net --dns dns_acmedns and add a SNI block instead of changing the config above:
sni irc.letspiss.net {
tls-options {
certificate "/home/ircd/.acme.sh/irc.letspiss.net/fullchain.cer";
key "/home/ircd/.acme.sh/irc.letspiss.net/irc.letspiss.net.key";
};
};
Alternatively to the alternative, use ZeroSSL
If we run out of the LetsEncrypt quota, we can use zerossl, by adding the --server zerossl parameter to acme.sh.
Current Rotation. NO LONGER IN USE
This section is collapsed by default. Click Expand on the right hand side to view.
(No longer in use, no need to add yourself here anymore)Previous list from the Pad Preserved Here, THIS IS NOT A ROTATION LIST.
This section is collapsed by default. Click Expand on the right hand side to view.