INSTALL 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359
  1. ngIRCd - Next Generation IRC Server
  2. http://ngircd.barton.de/
  3. (c)2001-2015 Alexander Barton and Contributors.
  4. ngIRCd is free software and published under the
  5. terms of the GNU General Public License.
  6. -- INSTALL --
  7. I. Upgrade Information
  8. ~~~~~~~~~~~~~~~~~~~~~~
  9. Differences to version 22.x
  10. - The default value of the SSL "CipherList" variable has been changed to
  11. "HIGH:!aNULL:@STRENGTH:!SSLv3" (OpenSSL) and "SECURE128:-VERS-SSL3.0"
  12. (GnuTLS) to disable the old SSLv3 protocol by default.
  13. To enable connections of clients still requiring the weak SSLv3 protocol,
  14. the "CipherList" must be set to its old value (not recommended!), which
  15. was "HIGH:!aNULL:@STRENGTH" (OpenSSL) and "SECURE128" (GnuTLS), see below.
  16. Differences to version 20.x
  17. - Starting with ngIRCd 21, the ciphers used by SSL are configurable and
  18. default to "HIGH:!aNULL:@STRENGTH" (OpenSSL) or "SECURE128" (GnuTLS).
  19. Previous version were using the OpenSSL or GnuTLS defaults, "DEFAULT"
  20. and "NORMAL" respectively.
  21. - When adding GLINE's or KLINE's to ngIRCd 21 (or newer), all clients matching
  22. the new mask will be KILL'ed. This was not the case with earlier versions
  23. that only added the mask but didn't kill already connected users.
  24. Differences to version 19.x
  25. - Starting with ngIRCd 20, users can "cloak" their hostname only when the
  26. configuration variable "CloakHostModeX" (introduced in 19.2) is set.
  27. Otherwise, only IRC operators, other servers, and services are allowed to
  28. set mode +x. This prevents regular users from changing their hostmask to
  29. the name of the IRC server itself, which confused quite a few people ;-)
  30. Differences to version 17
  31. - Support for ZeroConf/Bonjour/Rendezvous service registration has been
  32. removed. The configuration option "NoZeroconf" is no longer available.
  33. - The structure of ngircd.conf has been cleaned up and three new configuration
  34. sections have been introduced: [Limits], [Options], and [SSL].
  35. Lots of configuration variables stored in the [Global] section are now
  36. deprecated there and should be stored in one of these new sections (but
  37. still work in [Global]):
  38. "AllowRemoteOper" -> [Options]
  39. "ChrootDir" -> [Options]
  40. "ConnectIPv4" -> [Options]
  41. "ConnectIPv6" -> [Options]
  42. "ConnectRetry" -> [Limits]
  43. "MaxConnections" -> [Limits]
  44. "MaxConnectionsIP" -> [Limits]
  45. "MaxJoins" -> [Limits]
  46. "MaxNickLength" -> [Limits]
  47. "NoDNS" -> [Options], and renamed to "DNS"
  48. "NoIdent" -> [Options], and renamed to "Ident"
  49. "NoPAM" -> [Options], and renamed to "PAM"
  50. "OperCanUseMode" -> [Options]
  51. "OperServerMode" -> [Options]
  52. "PingTimeout" -> [Limits]
  53. "PongTimeout" -> [Limits]
  54. "PredefChannelsOnly" -> [Options]
  55. "SSLCertFile" -> [SSL], and renamed to "CertFile"
  56. "SSLDHFile" -> [SSL], and renamed to "DHFile"
  57. "SSLKeyFile" -> [SSL], and renamed to "KeyFile"
  58. "SSLKeyFilePassword" -> [SSL], and renamed to "KeyFilePassword"
  59. "SSLPorts" -> [SSL], and renamed to "Ports"
  60. "SyslogFacility" -> [Options]
  61. "WebircPassword" -> [Options]
  62. You should adjust your ngircd.conf and run "ngircd --configtest" to make
  63. sure that your settings are correct and up to date!
  64. Differences to version 16
  65. - Changes to the "MotdFile" specified in ngircd.conf now require a ngircd
  66. configuration reload to take effect (HUP signal, REHASH command).
  67. Differences to version 0.9.x
  68. - The option of the configure script to enable support for Zeroconf/Bonjour/
  69. Rendezvous/WhateverItIsNamedToday has been renamed:
  70. --with-rendezvous -> --with-zeroconf
  71. Differences to version 0.8.x
  72. - The maximum length of passwords has been raised to 20 characters (instead
  73. of 8 characters). If your passwords are longer than 8 characters then they
  74. are cut at an other position now.
  75. Differences to version 0.6.x
  76. - Some options of the configure script have been renamed:
  77. --disable-syslog -> --without-syslog
  78. --disable-zlib -> --without-zlib
  79. Please call "./configure --help" to review the full list of options!
  80. Differences to version 0.5.x
  81. - Starting with version 0.6.0, other servers are identified using asynchronous
  82. passwords: therefore the variable "Password" in [Server]-sections has been
  83. replaced by "MyPassword" and "PeerPassword".
  84. - New configuration variables, section [Global]: MaxConnections, MaxJoins
  85. (see example configuration file "doc/sample-ngircd.conf"!).
  86. II. Standard Installation
  87. ~~~~~~~~~~~~~~~~~~~~~~~~~
  88. ngIRCd is developed for UNIX-based systems, which means that the installation
  89. on modern UNIX-like systems that are supported by GNU autoconf and GNU
  90. automake ("configure") should be no problem.
  91. The normal installation procedure after getting (and expanding) the source
  92. files (using a distribution archive or GIT) is as following:
  93. 0) Satisfy prerequisites
  94. 1) ./autogen.sh [only necessary when using GIT]
  95. 2) ./configure
  96. 3) make
  97. 4) make install
  98. (Please see details below!)
  99. Now the newly compiled executable "ngircd" is installed in its standard
  100. location, /usr/local/sbin/.
  101. The next step is to configure and afterwards starting the daemon. Please
  102. have a look at the ngircd(8) and ngircd.conf(5) manual pages for details
  103. and all possible options -- and don't forget to run "ngircd --configtest"
  104. to validate your configuration file!
  105. If no previous version of the configuration file exists (the standard name
  106. is /usr/local/etc/ngircd.conf), a sample configuration file containing all
  107. possible options will be installed there. You'll find its template in the
  108. doc/ directory: sample-ngircd.conf.
  109. 0): Satisfy prerequisites
  110. When building from source, you'll need some other software to build ngIRCd:
  111. for example a working C compiler, make tool, GNU automake and autoconf (only
  112. when not using a distribution archive), and a few libraries depending on the
  113. features you want to compile in (like IDENT support, SSL, and PAM).
  114. If you are using one of the "big" operating systems or Linux distributions,
  115. you can use the following commands to install all the required packages to
  116. build the sources including all optional features and to run the test suite:
  117. * RedHat / Fedora based distributions:
  118. yum install \
  119. autoconf automake expect gcc glibc-devel gnutls-devel \
  120. libident-devel make pam-devel tcp_wrappers-devel telnet zlib-devel
  121. * Debian / Ubuntu based distributions:
  122. apt-get install \
  123. autoconf automake build-essential expect libgnutls-dev \
  124. libident-dev libpam-dev libwrap0-dev libz-dev telnet
  125. 1): "autogen.sh"
  126. The first step, autogen.sh, is only necessary if the configure-script isn't
  127. already generated. This never happens in official ("stable") releases in
  128. tar.gz-archives, but when using GIT.
  129. This step is therefore only interesting for developers.
  130. autogen.sh produces the Makefile.in's, which are necessary for the configure
  131. script itself, and some more files for make. To run autogen.sh you'll need
  132. GNU autoconf and GNU automake: at least autoconf 2.61 and automake 1.10 are
  133. requird, newer is better. But don't use automake 1.12 or newer for creating
  134. distribution archives: it will work but lack "de-ANSI-fication" support in the
  135. generated Makefile's! Stick with automake 1.11.x for this purpose ...
  136. So automake 1.11.x and autoconf 2.67+ is recommended.
  137. Again: "end users" do not need this step and neither need GNU autoconf nor GNU
  138. automake at all!
  139. 2): "./configure"
  140. The configure-script is used to detect local system dependencies.
  141. In the perfect case, configure should recognize all needed libraries, header
  142. files and so on. If this shouldn't work, "./configure --help" shows all
  143. possible options.
  144. In addition, you can pass some command line options to "configure" to enable
  145. and/or disable some features of ngIRCd. All these options are shown using
  146. "./configure --help", too.
  147. Compiling a static binary will avoid you the hassle of feeding a chroot dir
  148. (if you want use the chroot feature). Just do something like:
  149. CFLAGS=-static ./configure [--your-options ...]
  150. Then you can use a void directory as ChrootDir (like OpenSSH's /var/empty).
  151. 3): "make"
  152. The make command uses the Makefiles produced by configure and compiles the
  153. ngIRCd daemon.
  154. 4): "make install"
  155. Use "make install" to install the server and a sample configuration file on
  156. the local system. Normally, root privileges are necessary to complete this
  157. step. If there is already an older configuration file present, it won't be
  158. overwritten.
  159. These files and folders will be installed by default:
  160. - /usr/local/sbin/ngircd: executable server
  161. - /usr/local/etc/ngircd.conf: sample configuration (if not already present)
  162. - /usr/local/share/doc/ngircd/: documentation
  163. - /usr/local/share/man/: manual pages
  164. III. Additional features
  165. ~~~~~~~~~~~~~~~~~~~~~~~~
  166. The following optional features can be compiled into the daemon by passing
  167. options to the "configure" script. Most options can handle a <path> argument
  168. which will be used to search for the required libraries and header files in
  169. the given paths ("<path>/lib/...", "<path>/include/...") in addition to the
  170. standard locations.
  171. * Syslog Logging (autodetected by default):
  172. --with-syslog[=<path>] / --without-syslog
  173. Enable (disable) support for logging to "syslog", which should be
  174. available on most modern UNIX-like operating systems by default.
  175. * ZLib Compression (autodetected by default):
  176. --with-zlib[=<path>] / --without-zlib
  177. Enable (disable) support for compressed server-server links.
  178. The Z compression library ("libz") is required for this option.
  179. * IO Backend (autodetected by default):
  180. --with-select[=<path>] / --without-select
  181. --with-poll[=<path>] / --without-poll
  182. --with-devpoll[=<path>] / --without-devpoll
  183. --with-epoll[=<path>] / --without-epoll
  184. --with-kqueue[=<path>] / --without-kqueue
  185. ngIRCd can use different IO "backends": the "old school" select() and poll()
  186. API which should be supported by most UNIX-like operating systems, or the
  187. more efficient and flexible epoll() (Linux >=2.6), kqueue() (BSD) and
  188. /dev/poll APIs.
  189. By default the IO backend is autodetected, but you can use "--without-xxx"
  190. to disable a more enhanced API.
  191. When using the epoll() API, support for select() is compiled in as well by
  192. default to enable the binary to run on older Linux kernels (<2.6), too.
  193. * IDENT-Support:
  194. --with-ident[=<path>]
  195. Include support for IDENT ("AUTH") lookups. The "ident" library is
  196. required for this option.
  197. * TCP-Wrappers:
  198. --with-tcp-wrappers[=<path>]
  199. Include support for Wietse Venemas "TCP Wrappers" to limit client access
  200. to the daemon, for example by using "/etc/hosts.{allow|deny}".
  201. The "libwrap" is required for this option.
  202. * PAM:
  203. --with-pam[=<path>]
  204. Enable support for PAM, the Pluggable Authentication Modules library.
  205. See doc/PAM.txt for details.
  206. * SSL:
  207. --with-openssl[=<path>]
  208. --with-gnutls[=<path>]
  209. Enable support for SSL/TLS using OpenSSL or gnutls libraries.
  210. See doc/SSL.txt for details.
  211. * IPv6:
  212. --enable-ipv6
  213. Adds support for version 6 of the Internet Protocol.
  214. IV. Useful make-targets
  215. ~~~~~~~~~~~~~~~~~~~~~~~
  216. The Makefile produced by the configure-script contains always these useful
  217. targets:
  218. - clean: delete every product from the compiler/linker
  219. next step: -> make
  220. - distclean: the above plus erase all generated Makefiles
  221. next step: -> ./configure
  222. - maintainer-clean: erase all automatic generated files
  223. next step: -> ./autogen.sh
  224. V. Sample configuration file ngircd.conf
  225. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  226. In the sample configuration file, there are comments beginning with "#" OR
  227. ";" -- this is only for the better understanding of the file.
  228. The file is separated in five blocks: [Global], [Features], [Operator],
  229. [Server], and [Channel].
  230. In the [Global] section, there is the main configuration like the server
  231. name and the ports, on which the server should be listening. Options in
  232. the [Features] section enable or disable functionality in the daemon.
  233. IRC operators of this server are defined in [Operator] blocks, remote
  234. servers are configured in [Server] sections, and [Channel] blocks are
  235. used to configure pre-defined ("persistent") IRC channels.
  236. The meaning of the variables in the configuration file is explained in the
  237. "doc/sample-ngircd.conf", which is used as sample configuration file in
  238. /usr/local/etc after running "make install" (if you don't already have one)
  239. and in the ngircd.conf(5) manual page.
  240. VI. Command line options
  241. ~~~~~~~~~~~~~~~~~~~~~~~~
  242. These parameters could be passed to the ngIRCd:
  243. -f, --config <file>
  244. The daemon uses the file <file> as configuration file rather than
  245. the standard configuration /usr/local/etc/ngircd.conf.
  246. -n, --nodaemon
  247. ngIRCd should be running as a foreground process.
  248. -p, --passive
  249. Server-links won't be automatically established.
  250. -t, --configtest
  251. Reads, validates and dumps the configuration file as interpreted
  252. by the server. Then exits.
  253. Use "--help" to see a short help text describing all available parameters
  254. the server understands, with "--version" the ngIRCd shows its version
  255. number. In both cases the server exits after the output.
  256. Please see the ngircd(8) manual page for complete details!