clone url: git://git.m455.casa/m455.casa
html/posts/setting-up-an-irc-server-with-oragono.html
1 | <!DOCTYPE html> |
2 | <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> |
3 | <head> |
4 | <meta charset="utf-8" /> |
5 | <meta name="generator" content="pandoc" /> |
6 | <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" /> |
7 | <title>Setting up an IRC server with Oragono</title> |
8 | <style> |
9 | code{white-space: pre-wrap;} |
10 | span.smallcaps{font-variant: small-caps;} |
11 | span.underline{text-decoration: underline;} |
12 | div.column{display: inline-block; vertical-align: top; width: 50%;} |
13 | div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;} |
14 | ul.task-list{list-style: none;} |
15 | </style> |
16 | <link rel="stylesheet" href="/assets/archive.css"> |
17 | </head> |
18 | <body> |
19 | <main> |
20 | <h2 id="setting-up-an-irc-server-with-oragono">Setting up an IRC server with Oragono</h2> |
21 | <p>2020-12-25 00:00</p> |
22 | <p>This page will guide you through setting up an IRC server using <a href="https://oragono.io/">Oragono</a>.</p> |
23 | <h3 id="page-overview">Page overview</h3> |
24 | <!-- vim-markdown-toc GFM --> |
25 | <ul> |
26 | <li><a href="#page-conventions">Page conventions</a></li> |
27 | <li><a href="#assumptions">Assumptions</a></li> |
28 | <li><a href="#requirements">Requirements</a></li> |
29 | <li><a href="#preparing-your-system">Preparing your system</a> |
30 | <ul> |
31 | <li><a href="#creating-an-oragono-user">Creating an oragono user</a> |
32 | <ul> |
33 | <li><a href="#to-create-an-oragono-user">To create an oragono user</a></li> |
34 | </ul></li> |
35 | <li><a href="#allowing-connections-on-port-6697">Allowing connections on port 6697</a> |
36 | <ul> |
37 | <li><a href="#to-allow-connections-on-port-6697">To allow connections on port 6697</a></li> |
38 | </ul></li> |
39 | </ul></li> |
40 | <li><a href="#setting-up-oragono">Setting up Oragono</a> |
41 | <ul> |
42 | <li><a href="#downloading-oragono">Downloading Oragono</a> |
43 | <ul> |
44 | <li><a href="#to-download-oragono">To download Oragono</a></li> |
45 | </ul></li> |
46 | <li><a href="#extracting-the-downloaded-files">Extracting the downloaded files</a> |
47 | <ul> |
48 | <li><a href="#to-extract-the-downloaded-files">To extract the downloaded files</a></li> |
49 | </ul></li> |
50 | <li><a href="#configuring-oragono">Configuring Oragono</a> |
51 | <ul> |
52 | <li><a href="#to-configure-oragono">To configure Oragono</a></li> |
53 | </ul></li> |
54 | <li><a href="#creating-a-irc-server-administrator-password">Creating a IRC server administrator password</a> |
55 | <ul> |
56 | <li><a href="#to-create-a-irc-server-administrator-password">To create a IRC server administrator password</a></li> |
57 | </ul></li> |
58 | </ul></li> |
59 | <li><a href="#productionizing-oragono">Productionizing Oragono</a> |
60 | <ul> |
61 | <li><a href="#autostarting-oragono">Autostarting Oragono</a> |
62 | <ul> |
63 | <li><a href="#to-autostart-oragono">To autostart Oragono</a></li> |
64 | </ul></li> |
65 | <li><a href="#auto-renewing-oragonos-ssl-and-tls-certificates">Auto-renewing Oragono’s SSL and TLS certificates</a> |
66 | <ul> |
67 | <li><a href="#to-auto-renew-oragonos-ssl-and-tls-certificates">To Auto-renew Oragono’s SSL and TLS certificates</a></li> |
68 | </ul></li> |
69 | </ul></li> |
70 | </ul> |
71 | <!-- vim-markdown-toc --> |
72 | <h3 id="page-conventions">Page conventions</h3> |
73 | <ul> |
74 | <li><strong>Note</strong>: Signifies additional information</li> |
75 | <li><strong>Tip</strong>: Signifies an alternative procedure for completing a step</li> |
76 | <li><strong>Warning</strong>: Signifies that damage, such as data loss, may occur</li> |
77 | <li><strong>Example</strong>: Shows how a procedure would be performed in a real scenario</li> |
78 | <li><code>Inline code and code blocks</code>: Signify package names, filenames, file contents, or commands</li> |
79 | </ul> |
80 | <h3 id="assumptions">Assumptions</h3> |
81 | <p>This guide assumes:</p> |
82 | <ul> |
83 | <li>You are using a Ubuntu server on a DigialOcean droplet</li> |
84 | <li>You are using nginx to serve your web content</li> |
85 | <li>You manage your SSL/TLS certificates with certbot</li> |
86 | <li>You have your domain name setup with DigitalOcean’s name servers</li> |
87 | <li>You have your SSH keys setup with your server</li> |
88 | <li>You have root access to your server</li> |
89 | </ul> |
90 | <h3 id="requirements">Requirements</h3> |
91 | <ul> |
92 | <li>ufw</li> |
93 | </ul> |
94 | <h3 id="preparing-your-system">Preparing your system</h3> |
95 | <p>This section will guide you through preparing your system for running an IRC server using Oragono.</p> |
96 | <p>This section consists of the following topics:</p> |
97 | <ul> |
98 | <li><a href="#creating-an-oragono-user">Creating an oragono user</a></li> |
99 | <li><a href="#allowing-connections-on-port-6697">Allowing connections on port 6697</a></li> |
100 | </ul> |
101 | <h4 id="creating-an-oragono-user">Creating an oragono user</h4> |
102 | <p>An <code>oragono</code> user allows your server to run Oragono as a less-privileged user than root. This provides you with a more secure IRC server setup.</p> |
103 | <h5 id="to-create-an-oragono-user">To create an oragono user</h5> |
104 | <ol type="1"> |
105 | <li><p>Run the following command:</p> |
106 | <pre><code> sudo adduser \ |
107 | --system \ |
108 | --shell /bin/bash \ |
109 | --group \ |
110 | --disabled-password \ |
111 | --home /home/oragono \ |
112 | oragono</code></pre></li> |
113 | </ol> |
114 | <h4 id="allowing-connections-on-port-6697">Allowing connections on port 6697</h4> |
115 | <p>You will need to allow connections on port 6697, which is the port people will use to connect to your IRC server.</p> |
116 | <h5 id="to-allow-connections-on-port-6697">To allow connections on port 6697</h5> |
117 | <ol type="1"> |
118 | <li>Run <code>sudo ufw allow 6697</code></li> |
119 | </ol> |
120 | <h3 id="setting-up-oragono">Setting up Oragono</h3> |
121 | <p>This section will guide you through downloading, extracting, and configuring Oragono’s files.</p> |
122 | <p>This section consists of the following topics:</p> |
123 | <ul> |
124 | <li><a href="#downloading-oragono">Downloading Oragono</a></li> |
125 | <li><a href="#extracting-the-downloaded-files">Extracting the downloaded files</a></li> |
126 | <li><a href="#configuring-oragono">Configuring Oragono</a></li> |
127 | </ul> |
128 | <h4 id="downloading-oragono">Downloading Oragono</h4> |
129 | <p>Downloading the Oragono files will allow you to access the files required to run the IRC server.</p> |
130 | <h5 id="to-download-oragono">To download Oragono</h5> |
131 | <ol type="1"> |
132 | <li>Run <code>sudo su oragono</code></li> |
133 | <li>Run <code>cd</code></li> |
134 | <li>Run <code>wget https://github.com/oragono/oragono/releases/download/v2.4.0/oragono-2.4.0-linux-x86_64.tar.gz</code></li> |
135 | </ol> |
136 | <aside class="border"> |
137 | <p> |
138 | <strong>Note</strong> In this guide, I am using Oragono version 2.4.0. For the latest release number, see Oragono’s <a href="https://github.com/oragono/oragono/releases/">releases page</a>. |
139 | </p> |
140 | </aside> |
141 | <h4 id="extracting-the-downloaded-files">Extracting the downloaded files</h4> |
142 | <p>Extracting the downloaded files allows you to access, use, and modify the contents that were compressed inside the <code>.tar.gz</code> directory.</p> |
143 | <h5 id="to-extract-the-downloaded-files">To extract the downloaded files</h5> |
144 | <ol type="1"> |
145 | <li>Run <code>tar -xf oragono-2.4.0-linux-x86_64.tar.gz</code></li> |
146 | <li>Run <code>mv oragono-2.4.0-linux-x86_64 oragono1</code></li> |
147 | <li>Run <code>mv oragono1/* /home/oragono/</code></li> |
148 | <li>Run <code>rm -rf oragono1</code></li> |
149 | </ol> |
150 | <h4 id="configuring-oragono">Configuring Oragono</h4> |
151 | <p>You will need to switch to the <code>oragono</code> user to properly configure Oragono.</p> |
152 | <h5 id="to-configure-oragono">To configure Oragono</h5> |
153 | <ol type="1"> |
154 | <li>Run <code>cp default.yaml ircd.yaml</code></li> |
155 | <li>Edit <code>ircd.yaml</code> and <code>oragono.motd</code> to your liking.</li> |
156 | </ol> |
157 | <aside class="border"> |
158 | <p> |
159 | <strong>Note</strong>: For more information on editing <code>ircd.yaml</code>, see the <a href="https://github.com/oragono/oragono/blob/stable/docs/MANUAL.md#accountnick-modes">Account/Nick Modes</a> section on the <a href="https://github.com/oragono/oragono/blob/stable/docs/MANUAL.md">Oragono manual</a>. |
160 | </p> |
161 | </aside> |
162 | <h4 id="creating-a-irc-server-administrator-password">Creating a IRC server administrator password</h4> |
163 | <p>A server administrator account allows you to supersede other users and settings when needed.</p> |
164 | <h5 id="to-create-a-irc-server-administrator-password">To create a IRC server administrator password</h5> |
165 | <ol type="1"> |
166 | <li>Run <code>./oragono genpasswd</code></li> |
167 | <li>Copy the generated password hash</li> |
168 | <li>Paste the password has in the <code>ircd.yaml</code> file in the <code>opers</code> section</li> |
169 | </ol> |
170 | <h3 id="productionizing-oragono">Productionizing Oragono</h3> |
171 | <p>This section will guide you through enabling autostarting Oragono every time you restart your server, and creating a post-renew hook for <code>certbot</code> when renewing SSL and TLS certificates.</p> |
172 | <p>This section consists of the following sections:</p> |
173 | <ul> |
174 | <li><a href="#autostarting-oragono">Autostarting Oragono</a></li> |
175 | <li><a href="#auto-renewing-oragonos-ssl-and-tls-certificates">Auto-renewing Oragono’s SSL and TLS certificates</a></li> |
176 | </ul> |
177 | <h4 id="autostarting-oragono">Autostarting Oragono</h4> |
178 | <p>Autostarting Oragono removes the need to manually start Oragono on system restarts.</p> |
179 | <h5 id="to-autostart-oragono">To autostart Oragono</h5> |
180 | <ol type="1"> |
181 | <li><p>Run <code>sudo su</code></p></li> |
182 | <li><p>Add the following to <code>/etc/systemd/system/oragono.service</code>:</p> |
183 | <pre><code> [Unit] |
184 | Description=oragono |
185 | After=network.target |
186 | # If you are using MySQL for history storage, comment out the above line |
187 | # and uncomment these two instead (you must independently install and configure |
188 | # MySQL for your system): |
189 | # Wants=mysql.service |
190 | # After=network.target mysql.service |
191 |
|
192 | [Service] |
193 | Type=simple |
194 | User=oragono |
195 | WorkingDirectory=/home/oragono |
196 | ExecStart=/home/oragono/oragono run --conf /home/oragono/ircd.yaml |
197 | ExecReload=/bin/kill -HUP $MAINPID |
198 | Restart=on-failure |
199 | LimitNOFILE=1048576 |
200 |
|
201 | [Install] |
202 | WantedBy=multi-user.target</code></pre></li> |
203 | <li><p>Run <code>systemctl daemon-reload</code></p></li> |
204 | <li><p>Run <code>systemctl enable oragono</code></p></li> |
205 | <li><p>Run <code>systemctl start oragono</code></p></li> |
206 | </ol> |
207 | <h4 id="auto-renewing-oragonos-ssl-and-tls-certificates">Auto-renewing Oragono’s SSL and TLS certificates</h4> |
208 | <p>Auto-renewing Oragono’s SSL and TLS certificates removes the need to manually copy your website domain’s certificates to the <code>/home/oragono/</code> directory.</p> |
209 | <h5 id="to-auto-renew-oragonos-ssl-and-tls-certificates">To Auto-renew Oragono’s SSL and TLS certificates</h5> |
210 | <ol type="1"> |
211 | <li><p>Add the following in <code>/etc/letsencrypt/renewal-hooks/post/install-oragono-certificates</code>:</p> |
212 | <pre><code> #!/bin/bash |
213 |
|
214 | set -eu |
215 |
|
216 | umask 077 |
217 | cp /etc/letsencrypt/live/m455.casa/fullchain.pem /home/oragono/ |
218 | cp /etc/letsencrypt/live/m455.casa/privkey.pem /home/oragono/ |
219 | chown oragono:oragono /home/oragono/*.pem |
220 | # rehash oragono, which will reload the certificates: |
221 | systemctl reload oragono.service</code></pre></li> |
222 | <li><p>Run <code>chmod 755 /etc/letsencrypt/renewal-hooks/post/install-oragono-certificates</code></p></li> |
223 | <li><p>Run <code>certbot renew</code></p></li> |
224 | </ol> |
225 | <aside class="border"> |
226 | <p> |
227 | <strong>Note</strong>: Sometimes <code>certbot</code> has issues with post-renew scripts, so if the script doesn’t run automatically after you’ve renewed your certificates, try running the <code>install-oragono-certificates</code> script manually as root. |
228 | </p> |
229 | </aside> |
230 | </main> |
231 | </body> |
232 | </html> |