Installing And Configuring ZNC On A Raspberry Pi
Preparation
- Using a PC or mac, download raspberry pi os lite from raspberrypi.org
- Unpack the .zip file and flash the .img file to the micro sd card using a card reader&writer with a program called Etcher.
- Disconnect and reconnect the micro sd card and in the
/bootvolume create an empty file: save this file asssh. Doing this will enable and start the ssh daemon on the raspberry pi. - Insert the micro sd card into the raspberry pi. Connect the ethernet cable to the pi and your router, power it up.
- (Optional) Connect a HDMI cable to your pi and a monitor, so you may see the assigned IP address.
- Find out the IP address and ssh into your raspberrypi with username
piand passwordraspberry. On a mac, simply open terminal andssh pi@raspberrypi.localorssh pi@<ipaddress>. Windows, download and use Putty. - Assign a DHCP reservation to this IP address.
First Things First
- After logging in with ssh, use the command:
sudo raspi-configto expand the filesystem, set amount of display memory from64MBto16MB, set your timezone and set a new password for the pi user. You may want to set a new hostname too, if you have more than one raspberry pi. Exit the program and you will be asked to reboot: Yes. (or manually:sudo reboot) - Pull latest updates and install:
sudo apt-get update && sudo apt-get upgrade
Installing ZNC
- Install znc (and make sure nano is installed):
sudo apt-get install znc znc-dev nano - Setup the znc user account:
sudo useradd --create-home -d /var/lib/znc --system --shell /sbin/nologin --comment "Account to run ZNC daemon" --user-group znc - Create the znc .conf file:
sudo -u znc /usr/bin/znc --datadir=/var/lib/znc --makeconf - You will have to answer some questions: For
Listen on port:I choose 1337.Listen on SSL:Yes. Important are your admin account username + password as well as your IRC nickname and IRC alt nickname (alt nickname = nickname postfixed with an underscore). Ident, real name and Bind host, just leave blank (just hit<Enter>). When asked to setup a network, choose No. Finally, when asked to launch now, choose No.
The ZNC service file
- Open the file for writing:
sudo nano /etc/systemd/system/znc.service - Paste the following, then hit
Ctrl-Xto exit (hitYto save):[Unit] Description=ZNC, an advanced IRC bouncer After=network-online.target [Service] ExecStart=/usr/bin/znc -f --datadir=/var/lib/znc User=znc [Install] WantedBy=multi-user.target
Fire Up ZNC
- Enable the service (this will start the service on boot):
sudo systemctl enable znc - Start the service:
sudo systemctl start znc
Optional DDNS and Letsencrypt Certificate
Dynamic DNS Setup with DUCKDNS.ORG
- Go to DUCKDNS, login with your <Persona|Twitter|Github|Reddit|Google> account.
- Create a domain, for example:
znc-acvxqsIt will be added to your account. - Up in the top menu, select Install and under Operating systems choose pi, then select the domain you created. Follow the steps as outlined.
Letsencrypt Certificate
-
Make dir ~/certbot:
mkdir ~/certbot -
Open ~/certbot/auth.sh for writing:
nano ~/certbot/auth.sh -
Paste the following, replace "foo" with "your_token", then hit
Ctrl-Xand selectY:#!/bin/bash DUCKDNS_TOKEN="foo" [[ "$(curl -s "https://www.duckdns.org/update?domains=${CERTBOT_DOMAIN%.duckdns.org}&token=${DUCKDNS_TOKEN}&txt=${CERTBOT_VALIDATION}")" = "OK" ]] -
Open ~/certbot/cleanup.sh for writing:
nano ~/certbot/cleanup.sh -
Paste the following, replace "foo" with "your_token", then hit
Ctrl-Xand selectY:#!/bin/bash DUCKDNS_TOKEN="foo" [[ "$(curl -s "https://www.duckdns.org/update?domains=${CERTBOT_DOMAIN%.duckdns.org}&token=${DUCKDNS_TOKEN}&txt=${CERTBOT_VALIDATION}&clear=true")" = "OK" ]] -
Make executable:
chmod +x ~/certbot/auth.sh ~/certbot/cleanup.sh -
Install certbot:
sudo apt-get install certbot -
Obtain certificate:
sudo certbot certonly --manual --preferred-challenges dns --manual-auth-hook ~/certbot/auth.sh --manual-cleanup-hook ~/certbot/cleanup.sh -
Answer questions:
- Enter your email address ->
- Agree to the Terms of Service -> A
- Share your email address with EFF -> N
- Enter your domain name(s) ->
znc-acvxqs.duckdns.org(obviously yours is ~ <your_name>.duckdns.org) - OK with IP being logged -> Y
-
Open file for writing:
sudo nano /etc/letsencrypt/renewal-hooks/deploy/update-znc-pem.sh -
Paste the following, replace
znc-acvxqswithyour_name, then hitCtrl-Xand selectY:#!/bin/bash YOURDOMAIN="znc-acvxqs.duckdns.org" [[ $RENEWED_LINEAGE != "/etc/letsencrypt/live/$YOURDOMAIN" ]] && exit 0 echo "Updating certs" cat /etc/letsencrypt/live/$YOURDOMAIN/{privkey,fullchain}.pem > /var/lib/znc/znc.pem -
Make executable:
sudo chmod +x /etc/letsencrypt/renewal-hooks/deploy/update-znc-pem.sh -
Elevate to root:
sudo su -
Run the following command, where
znc-acvxqsis replaced byyourname:cat /etc/letsencrypt/live/znc-acvxqs.duckdns.org/{privkey,fullchain}.pem > /var/lib/znc/znc.pem -
Exit to normal pi user:
exit
Port Forward
You will have to configure port forwarding on your router to expose port 1337 on the raspberrypi.local device. For example if you configure public port 1337 to direct to its ip address and port 1337 on your LAN, you will now be able to access it from wherever you are: https://znc-acvxqs.duckdns.org:1337
Fail2Ban
Because your znc webinterface is now open to the internet (https://znc-acvxqs.duckdns.org:1337), it is a good idea to enable fail2ban in Global Settings with parameters 30 2 (Bantime and number of failed logins before action is taken).
Multiple devices
If you wish to connect with multiple devices to your znc configured networks, you'll want to install/enable route_replies and CyberShadow's clientbuffer. More information here.