Installing And Configuring ZNC On A Raspberry Pi
Preparation
- Using a PC or mac, download raspberry pi os lite from raspberrypi.org
- Unpack the .zip file and flash the .img file to the micro sd card using a card reader&writer with a program called Etcher.
- Disconnect and reconnect the micro sd card and in the
/boot
volume create an empty file: save this file asssh
. Doing this will enable and start the ssh daemon on the raspberry pi. - Insert the micro sd card into the raspberry pi. Connect the ethernet cable to the pi and your router, power it up.
- (Optional) Connect a HDMI cable to your pi and a monitor, so you may see the assigned IP address.
- Find out the IP address and ssh into your raspberrypi with username
pi
and passwordraspberry
. On a mac, simply open terminal andssh pi@raspberrypi.local
orssh pi@<ipaddress>
. Windows, download and use Putty. - Assign a DHCP reservation to this IP address.
First Things First
- After logging in with ssh, use the command:
sudo raspi-config
to expand the filesystem, set amount of display memory from64MB
to16MB
, set your timezone and set a new password for the pi user. You may want to set a new hostname too, if you have more than one raspberry pi. Exit the program and you will be asked to reboot: Yes. (or manually:sudo reboot
) - Pull latest updates and install:
sudo apt-get update && sudo apt-get upgrade
Installing ZNC
- Install znc (and make sure nano is installed):
sudo apt-get install znc znc-dev nano
- Setup the znc user account:
sudo useradd --create-home -d /var/lib/znc --system --shell /sbin/nologin --comment "Account to run ZNC daemon" --user-group znc
- Create the znc .conf file:
sudo -u znc /usr/bin/znc --datadir=/var/lib/znc --makeconf
- You will have to answer some questions: For
Listen on port:
I choose 1337.Listen on SSL:
Yes. Important are your admin account username + password as well as your IRC nickname and IRC alt nickname (alt nickname = nickname postfixed with an underscore). Ident, real name and Bind host, just leave blank (just hit<Enter>
). When asked to setup a network, choose No. Finally, when asked to launch now, choose No.
The ZNC service file
- Open the file for writing:
sudo nano /etc/systemd/system/znc.service
- Paste the following, then hit
Ctrl-X
to exit (hitY
to save):[Unit] Description=ZNC, an advanced IRC bouncer After=network-online.target [Service] ExecStart=/usr/bin/znc -f --datadir=/var/lib/znc User=znc [Install] WantedBy=multi-user.target
Fire Up ZNC
- Enable the service (this will start the service on boot):
sudo systemctl enable znc
- Start the service:
sudo systemctl start znc
Optional DDNS and Letsencrypt Certificate
Dynamic DNS Setup with DUCKDNS.ORG
- Go to DUCKDNS, login with your <Persona|Twitter|Github|Reddit|Google> account.
- Create a domain, for example:
znc-acvxqs
It will be added to your account. - Up in the top menu, select Install and under Operating systems choose pi, then select the domain you created. Follow the steps as outlined.
Letsencrypt Certificate
-
Make dir ~/certbot:
mkdir ~/certbot
-
Open ~/certbot/auth.sh for writing:
nano ~/certbot/auth.sh
-
Paste the following, replace "foo" with "your_token", then hit
Ctrl-X
and selectY
:#!/bin/bash DUCKDNS_TOKEN="foo" [[ "$(curl -s "https://www.duckdns.org/update?domains=${CERTBOT_DOMAIN%.duckdns.org}&token=${DUCKDNS_TOKEN}&txt=${CERTBOT_VALIDATION}")" = "OK" ]]
-
Open ~/certbot/cleanup.sh for writing:
nano ~/certbot/cleanup.sh
-
Paste the following, replace "foo" with "your_token", then hit
Ctrl-X
and selectY
:#!/bin/bash DUCKDNS_TOKEN="foo" [[ "$(curl -s "https://www.duckdns.org/update?domains=${CERTBOT_DOMAIN%.duckdns.org}&token=${DUCKDNS_TOKEN}&txt=${CERTBOT_VALIDATION}&clear=true")" = "OK" ]]
-
Make executable:
chmod +x ~/certbot/auth.sh ~/certbot/cleanup.sh
-
Install certbot:
sudo apt-get install certbot
-
Obtain certificate:
sudo certbot certonly --manual --preferred-challenges dns --manual-auth-hook ~/certbot/auth.sh --manual-cleanup-hook ~/certbot/cleanup.sh
-
Answer questions:
- Enter your email address ->
- Agree to the Terms of Service -> A
- Share your email address with EFF -> N
- Enter your domain name(s) ->
znc-acvxqs.duckdns.org
(obviously yours is ~ <your_name>.duckdns.org) - OK with IP being logged -> Y
-
Open file for writing:
sudo nano /etc/letsencrypt/renewal-hooks/deploy/update-znc-pem.sh
-
Paste the following, replace
znc-acvxqs
withyour_name
, then hitCtrl-X
and selectY
:#!/bin/bash YOURDOMAIN="znc-acvxqs.duckdns.org" [[ $RENEWED_LINEAGE != "/etc/letsencrypt/live/$YOURDOMAIN" ]] && exit 0 echo "Updating certs" cat /etc/letsencrypt/live/$YOURDOMAIN/{privkey,fullchain}.pem > /var/lib/znc/znc.pem
-
Make executable:
sudo chmod +x /etc/letsencrypt/renewal-hooks/deploy/update-znc-pem.sh
-
Elevate to root:
sudo su
-
Run the following command, where
znc-acvxqs
is replaced byyourname
:cat /etc/letsencrypt/live/znc-acvxqs.duckdns.org/{privkey,fullchain}.pem > /var/lib/znc/znc.pem
-
Exit to normal pi user:
exit
Port Forward
You will have to configure port forwarding on your router to expose port 1337
on the raspberrypi.local device. For example if you configure public port 1337
to direct to its ip address and port 1337
on your LAN, you will now be able to access it from wherever you are: https://znc-acvxqs.duckdns.org:1337
Fail2Ban
Because your znc webinterface is now open to the internet (https://znc-acvxqs.duckdns.org:1337), it is a good idea to enable fail2ban in Global Settings with parameters 30 2
(Bantime and number of failed logins before action is taken).
Multiple devices
If you wish to connect with multiple devices to your znc configured networks, you'll want to install/enable route_replies
and CyberShadow's clientbuffer
. More information here.