123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359 |
- ngIRCd - Next Generation IRC Server
- http://ngircd.barton.de/
- (c)2001-2015 Alexander Barton and Contributors.
- ngIRCd is free software and published under the
- terms of the GNU General Public License.
- -- INSTALL --
- I. Upgrade Information
- ~~~~~~~~~~~~~~~~~~~~~~
- Differences to version 22.x
- - The default value of the SSL "CipherList" variable has been changed to
- "HIGH:!aNULL:@STRENGTH:!SSLv3" (OpenSSL) and "SECURE128:-VERS-SSL3.0"
- (GnuTLS) to disable the old SSLv3 protocol by default.
- To enable connections of clients still requiring the weak SSLv3 protocol,
- the "CipherList" must be set to its old value (not recommended!), which
- was "HIGH:!aNULL:@STRENGTH" (OpenSSL) and "SECURE128" (GnuTLS), see below.
- Differences to version 20.x
- - Starting with ngIRCd 21, the ciphers used by SSL are configurable and
- default to "HIGH:!aNULL:@STRENGTH" (OpenSSL) or "SECURE128" (GnuTLS).
- Previous version were using the OpenSSL or GnuTLS defaults, "DEFAULT"
- and "NORMAL" respectively.
- - When adding GLINE's or KLINE's to ngIRCd 21 (or newer), all clients matching
- the new mask will be KILL'ed. This was not the case with earlier versions
- that only added the mask but didn't kill already connected users.
- Differences to version 19.x
- - Starting with ngIRCd 20, users can "cloak" their hostname only when the
- configuration variable "CloakHostModeX" (introduced in 19.2) is set.
- Otherwise, only IRC operators, other servers, and services are allowed to
- set mode +x. This prevents regular users from changing their hostmask to
- the name of the IRC server itself, which confused quite a few people ;-)
- Differences to version 17
- - Support for ZeroConf/Bonjour/Rendezvous service registration has been
- removed. The configuration option "NoZeroconf" is no longer available.
- - The structure of ngircd.conf has been cleaned up and three new configuration
- sections have been introduced: [Limits], [Options], and [SSL].
- Lots of configuration variables stored in the [Global] section are now
- deprecated there and should be stored in one of these new sections (but
- still work in [Global]):
- "AllowRemoteOper" -> [Options]
- "ChrootDir" -> [Options]
- "ConnectIPv4" -> [Options]
- "ConnectIPv6" -> [Options]
- "ConnectRetry" -> [Limits]
- "MaxConnections" -> [Limits]
- "MaxConnectionsIP" -> [Limits]
- "MaxJoins" -> [Limits]
- "MaxNickLength" -> [Limits]
- "NoDNS" -> [Options], and renamed to "DNS"
- "NoIdent" -> [Options], and renamed to "Ident"
- "NoPAM" -> [Options], and renamed to "PAM"
- "OperCanUseMode" -> [Options]
- "OperServerMode" -> [Options]
- "PingTimeout" -> [Limits]
- "PongTimeout" -> [Limits]
- "PredefChannelsOnly" -> [Options]
- "SSLCertFile" -> [SSL], and renamed to "CertFile"
- "SSLDHFile" -> [SSL], and renamed to "DHFile"
- "SSLKeyFile" -> [SSL], and renamed to "KeyFile"
- "SSLKeyFilePassword" -> [SSL], and renamed to "KeyFilePassword"
- "SSLPorts" -> [SSL], and renamed to "Ports"
- "SyslogFacility" -> [Options]
- "WebircPassword" -> [Options]
- You should adjust your ngircd.conf and run "ngircd --configtest" to make
- sure that your settings are correct and up to date!
- Differences to version 16
- - Changes to the "MotdFile" specified in ngircd.conf now require a ngircd
- configuration reload to take effect (HUP signal, REHASH command).
- Differences to version 0.9.x
- - The option of the configure script to enable support for Zeroconf/Bonjour/
- Rendezvous/WhateverItIsNamedToday has been renamed:
- --with-rendezvous -> --with-zeroconf
- Differences to version 0.8.x
- - The maximum length of passwords has been raised to 20 characters (instead
- of 8 characters). If your passwords are longer than 8 characters then they
- are cut at an other position now.
- Differences to version 0.6.x
- - Some options of the configure script have been renamed:
- --disable-syslog -> --without-syslog
- --disable-zlib -> --without-zlib
- Please call "./configure --help" to review the full list of options!
- Differences to version 0.5.x
- - Starting with version 0.6.0, other servers are identified using asynchronous
- passwords: therefore the variable "Password" in [Server]-sections has been
- replaced by "MyPassword" and "PeerPassword".
- - New configuration variables, section [Global]: MaxConnections, MaxJoins
- (see example configuration file "doc/sample-ngircd.conf"!).
- II. Standard Installation
- ~~~~~~~~~~~~~~~~~~~~~~~~~
- ngIRCd is developed for UNIX-based systems, which means that the installation
- on modern UNIX-like systems that are supported by GNU autoconf and GNU
- automake ("configure") should be no problem.
- The normal installation procedure after getting (and expanding) the source
- files (using a distribution archive or GIT) is as following:
- 0) Satisfy prerequisites
- 1) ./autogen.sh [only necessary when using GIT]
- 2) ./configure
- 3) make
- 4) make install
- (Please see details below!)
- Now the newly compiled executable "ngircd" is installed in its standard
- location, /usr/local/sbin/.
- The next step is to configure and afterwards starting the daemon. Please
- have a look at the ngircd(8) and ngircd.conf(5) manual pages for details
- and all possible options -- and don't forget to run "ngircd --configtest"
- to validate your configuration file!
- If no previous version of the configuration file exists (the standard name
- is /usr/local/etc/ngircd.conf), a sample configuration file containing all
- possible options will be installed there. You'll find its template in the
- doc/ directory: sample-ngircd.conf.
- 0): Satisfy prerequisites
- When building from source, you'll need some other software to build ngIRCd:
- for example a working C compiler, make tool, GNU automake and autoconf (only
- when not using a distribution archive), and a few libraries depending on the
- features you want to compile in (like IDENT support, SSL, and PAM).
- If you are using one of the "big" operating systems or Linux distributions,
- you can use the following commands to install all the required packages to
- build the sources including all optional features and to run the test suite:
- * RedHat / Fedora based distributions:
- yum install \
- autoconf automake expect gcc glibc-devel gnutls-devel \
- libident-devel make pam-devel tcp_wrappers-devel telnet zlib-devel
- * Debian / Ubuntu based distributions:
- apt-get install \
- autoconf automake build-essential expect libgnutls-dev \
- libident-dev libpam-dev libwrap0-dev libz-dev telnet
- 1): "autogen.sh"
- The first step, autogen.sh, is only necessary if the configure-script isn't
- already generated. This never happens in official ("stable") releases in
- tar.gz-archives, but when using GIT.
- This step is therefore only interesting for developers.
- autogen.sh produces the Makefile.in's, which are necessary for the configure
- script itself, and some more files for make. To run autogen.sh you'll need
- GNU autoconf and GNU automake: at least autoconf 2.61 and automake 1.10 are
- requird, newer is better. But don't use automake 1.12 or newer for creating
- distribution archives: it will work but lack "de-ANSI-fication" support in the
- generated Makefile's! Stick with automake 1.11.x for this purpose ...
- So automake 1.11.x and autoconf 2.67+ is recommended.
- Again: "end users" do not need this step and neither need GNU autoconf nor GNU
- automake at all!
- 2): "./configure"
- The configure-script is used to detect local system dependencies.
- In the perfect case, configure should recognize all needed libraries, header
- files and so on. If this shouldn't work, "./configure --help" shows all
- possible options.
- In addition, you can pass some command line options to "configure" to enable
- and/or disable some features of ngIRCd. All these options are shown using
- "./configure --help", too.
- Compiling a static binary will avoid you the hassle of feeding a chroot dir
- (if you want use the chroot feature). Just do something like:
- CFLAGS=-static ./configure [--your-options ...]
- Then you can use a void directory as ChrootDir (like OpenSSH's /var/empty).
- 3): "make"
- The make command uses the Makefiles produced by configure and compiles the
- ngIRCd daemon.
- 4): "make install"
- Use "make install" to install the server and a sample configuration file on
- the local system. Normally, root privileges are necessary to complete this
- step. If there is already an older configuration file present, it won't be
- overwritten.
- These files and folders will be installed by default:
- - /usr/local/sbin/ngircd: executable server
- - /usr/local/etc/ngircd.conf: sample configuration (if not already present)
- - /usr/local/share/doc/ngircd/: documentation
- - /usr/local/share/man/: manual pages
- III. Additional features
- ~~~~~~~~~~~~~~~~~~~~~~~~
- The following optional features can be compiled into the daemon by passing
- options to the "configure" script. Most options can handle a <path> argument
- which will be used to search for the required libraries and header files in
- the given paths ("<path>/lib/...", "<path>/include/...") in addition to the
- standard locations.
- * Syslog Logging (autodetected by default):
- --with-syslog[=<path>] / --without-syslog
- Enable (disable) support for logging to "syslog", which should be
- available on most modern UNIX-like operating systems by default.
- * ZLib Compression (autodetected by default):
- --with-zlib[=<path>] / --without-zlib
- Enable (disable) support for compressed server-server links.
- The Z compression library ("libz") is required for this option.
- * IO Backend (autodetected by default):
- --with-select[=<path>] / --without-select
- --with-poll[=<path>] / --without-poll
- --with-devpoll[=<path>] / --without-devpoll
- --with-epoll[=<path>] / --without-epoll
- --with-kqueue[=<path>] / --without-kqueue
- ngIRCd can use different IO "backends": the "old school" select() and poll()
- API which should be supported by most UNIX-like operating systems, or the
- more efficient and flexible epoll() (Linux >=2.6), kqueue() (BSD) and
- /dev/poll APIs.
- By default the IO backend is autodetected, but you can use "--without-xxx"
- to disable a more enhanced API.
- When using the epoll() API, support for select() is compiled in as well by
- default to enable the binary to run on older Linux kernels (<2.6), too.
- * IDENT-Support:
- --with-ident[=<path>]
- Include support for IDENT ("AUTH") lookups. The "ident" library is
- required for this option.
- * TCP-Wrappers:
- --with-tcp-wrappers[=<path>]
- Include support for Wietse Venemas "TCP Wrappers" to limit client access
- to the daemon, for example by using "/etc/hosts.{allow|deny}".
- The "libwrap" is required for this option.
- * PAM:
- --with-pam[=<path>]
- Enable support for PAM, the Pluggable Authentication Modules library.
- See doc/PAM.txt for details.
- * SSL:
- --with-openssl[=<path>]
- --with-gnutls[=<path>]
- Enable support for SSL/TLS using OpenSSL or gnutls libraries.
- See doc/SSL.txt for details.
- * IPv6:
- --enable-ipv6
- Adds support for version 6 of the Internet Protocol.
- IV. Useful make-targets
- ~~~~~~~~~~~~~~~~~~~~~~~
- The Makefile produced by the configure-script contains always these useful
- targets:
- - clean: delete every product from the compiler/linker
- next step: -> make
- - distclean: the above plus erase all generated Makefiles
- next step: -> ./configure
- - maintainer-clean: erase all automatic generated files
- next step: -> ./autogen.sh
- V. Sample configuration file ngircd.conf
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- In the sample configuration file, there are comments beginning with "#" OR
- ";" -- this is only for the better understanding of the file.
- The file is separated in five blocks: [Global], [Features], [Operator],
- [Server], and [Channel].
- In the [Global] section, there is the main configuration like the server
- name and the ports, on which the server should be listening. Options in
- the [Features] section enable or disable functionality in the daemon.
- IRC operators of this server are defined in [Operator] blocks, remote
- servers are configured in [Server] sections, and [Channel] blocks are
- used to configure pre-defined ("persistent") IRC channels.
- The meaning of the variables in the configuration file is explained in the
- "doc/sample-ngircd.conf", which is used as sample configuration file in
- /usr/local/etc after running "make install" (if you don't already have one)
- and in the ngircd.conf(5) manual page.
- VI. Command line options
- ~~~~~~~~~~~~~~~~~~~~~~~~
- These parameters could be passed to the ngIRCd:
- -f, --config <file>
- The daemon uses the file <file> as configuration file rather than
- the standard configuration /usr/local/etc/ngircd.conf.
- -n, --nodaemon
- ngIRCd should be running as a foreground process.
- -p, --passive
- Server-links won't be automatically established.
- -t, --configtest
- Reads, validates and dumps the configuration file as interpreted
- by the server. Then exits.
- Use "--help" to see a short help text describing all available parameters
- the server understands, with "--version" the ngIRCd shows its version
- number. In both cases the server exits after the output.
- Please see the ngircd(8) manual page for complete details!
|