Unconstant Conjunction A personal blog

IRC Hybrid on Arch Linux

I recently tried to get an IRC server working on an installation of Arch Linux, and it failed to work “out of the box”. Below are the steps I took to get it working, including the work I did to get an SSL connection up and running.

First, get the package from the AUR::

$ cd ~/builds # or wherever else you like to put builds
$ curl -O https://aur.archlinux.org/packages/ir/ircd-hybrid/ircd-hybrid.tar.gz
$ tar -xvzf ircd-hybrid.tar.gz && cd ircd-hybrid

As of writing, simply installing this will cause the daemon to fail because it cannot find the .la files for the modules. To fix this you need to prevent the .la files from being removed. Open the PKGBUILD file and add:

options=("libtool")

then build and install the package:

$ makepkg -s
$ pacman -U ircd-hybrid-8.1.1-5-x86_64.pkg.tar.xz

you should now be able to run the service with systemctl start ircd-hybrid.

Setting up SSL

I mostly lifted this from the guide here.

To set up the server to run over SSL, you need to create the certificates and keys as follows:

$ cd /etc/ircd-hybrid/ssl
$ openssl genrsa -out rsa.key 2048
$ openssl req -new -days 365 -x509 -key rsa.key -out cert.pem
$ openssl dhparam -out dhparam.pem 2048

Fair warning: the last command can take several minutes to run. Afterwards you will need to make these files visible to the ircd user, since this is the user associated with the daemon::

$ cd ..
$ chown -hR ircd ssl

The next is to enable SSL correctly in the /etc/ircd-hybrid/ircd.conf file. In the listen section make sure to have the following:

host = "0.0.0.0";
#port = 6667; /* Only include this line if you want to allow non-SSL connections on another port. */
flags = ssl;
port = 6697;

You can modify the port number; 6697 seems to be the standard, and is used by Freenode. In the serverinfo section, make sure to indicate the location of the files that you’ve just created::

rsa_private_key_file = "/etc/ircd-hybrid/ssl/rsa.key";
ssl_certificate_file = "/etc/ircd-hybrid/ssl/cert.pem";
ssl_dh_param_file = "/etc/ircd-hybrid/ssl/dhparam.pem";
ssl_server_method = tlsv1, sslv3;

Once these changes have been made, save the configuration file and restart the daemon with systemctl start ircd-hybrid. You can check if the service is properly exposed to the outside world with netstat -an | grep -i '6697', which should give a result like:

tcp        0      0 0.0.0.0:6697            0.0.0.0:*               LISTEN

if the port you are using is indeed 6697.

comments powered by Disqus