Skip to content

Instantly share code, notes, and snippets.

@championshuttler

championshuttler/setupZNC.md

Forked from GeekyShacklebolt/setupZNC.md
Created August 25, 2018 17:28
Show Gist options
  • Save championshuttler/21ca54f5f6696e73d85791acb51766e3 to your computer and use it in GitHub Desktop.
Save championshuttler/21ca54f5f6696e73d85791acb51766e3 to your computer and use it in GitHub Desktop.
Download ZIP
How to setup ZNC on AWS ec2 instance with SASL external for Hexchat? [very brief]
Raw
setupZNC.md

Requirements

  • Ec2 instance = Amazon ec2, t2.micro, Linux (Ubuntu 14.x+)
  • Znc (version: 1.7.0+)
  • OpenSSL
  • IRC Client = Hexchat (version: 2.10.1+)

Steps

  1. Setup an ec2 instance: t2.micro

  2. In corresponding security group, add an inboun rule:

    • Custom TCP | TCP | port: 6697 | source: "anywhere" | description: "For Znc"

  3. Login (SSH) to instance.

    • In ubuntu above 14.x make sure you have installed.
      • build-essential
      • libssl-dev
      • libperl-dev
      • pkg-config
      • libicu-dev

    $ sudo apt-get install build-essential libssl-dev libperl-dev pkg-config libicu-dev

  4. Install latest znc (1.7.0+). See How to install

  5. Run command $ znc --makeconf

  6. Launch znc

  7. Open webadmin: https://<server_ip>:

  8. Login to znc

  9. Go to: Your network --> Edit freenode --> tick mark sasl & tick mark cert

    Here, freenode can be replaced with network you have set while running makeconf

  10. Now 2 more options would be available: sasl and certificate in webadmin.

  11. Goto sasl --> now don't give username and password [otherwise it would be sasl plane] --> tick mark require authentication and check the order of sasl. It should be: First external then Second plain.

  12. Generate a new SSL certificate in server with command:

    $ openssl req -x509 -new -newkey rsa:4096 -sha256 -days 1000 -nodes -out user.pem -keyout user.pem

  13. Move this user.pem at ~/.znc/users/<user>/networks/<network>/moddata/cert/

  14. Copy the fingerprint of user.pem. Fingerprint can be observed with command:

    $ openssl x509 -in <path_to_.pem_file> -outform der | sha1sum -b | cut -d' ' -f1

  15. Open your Hexchat and login.

  16. Give command: /msg nickserv cert add <fingerprint>

  17. Ctrl + s: Hexchat netwok list will be opened.

  18. Add a new network --> edit --> add the server in format <znc_ip>/+<port>

    Here, <port> can be replaced with 6697 for SSL connection

  19. Tick mark

    • Connect to selected server only
    • Connect to this network automatically (and unmark this option from any other network in your hexchat list)
    • Use SSL for all the server on this network
    • Accept invalid SSL certificates (since the openssl certificate we just generated is not verified by any CA)

  20. Change Login method to: server password

  21. Give your username=<your_username, and give password=<znc_password>

  22. Keep the znc running.

  23. Connect to new network you created on hexchat (restart hexchat).

Done!

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment