1 # [ngIRCd](https://ngircd.barton.de) - Installation
3 This document describes how to install ngIRCd, the lightweight Internet Relay
6 The first section lists noteworthy changes to earlier releases; you definitely
7 should read this when upgrading your setup! But you can skip over this section
8 when you are working on a fresh installation.
10 The subsequent sections describe the steps required to build and install ngIRCd
11 _from sources_. The information given here is not relevant when you are using
12 packages provided by your operating system vendor or third-party repositories!
14 Please see the file `doc/QuickStart.md` in the `doc/` directory or on
15 [GitHub](https://github.com/ngircd/ngircd/blob/master/doc/QuickStart.md) for
16 information about _setting up_ and _running_ ngIRCd, including some real-world
17 configuration examples.
19 ## Upgrade Information
21 Differences to version 25
24 All already deprecated legacy options (besides the newly deprecated *Key* and
25 *MaxUsers* settings, see below) were removed in ngIRCd 26, so make sure to
26 update your configuration before upgrading, if you haven't done so already
27 (you got a warning on daemon startup when using deprecated options): you can
28 check your configuration using `ngircd --configtest` -- which is a good idea
31 - Setting modes for predefined channels in *[Channel]* sections has been
32 enhanced: now you can set *all* modes, like in IRC "MODE" commands, and have
33 this setting multiple times per *[Channel]* block. Modifying lists (ban list,
34 invite list, exception list) is supported, too.
36 Both the *Key* and *MaxUsers* settings are now deprecated and should be
37 replaced by `Modes = +l <limit>` and `Modes = +k <key>` respectively.
39 Differences to version 22.x
41 - The *NoticeAuth* `ngircd.conf` configuration variable has been renamed to
42 *NoticeBeforeRegistration*. The old *NoticeAuth* variable still works but
45 - The default value of the SSL *CipherList* variable has been changed to
46 "HIGH:!aNULL:@STRENGTH:!SSLv3" (OpenSSL) and "SECURE128:-VERS-SSL3.0"
47 (GnuTLS) to disable the old SSLv3 protocol by default.
49 To enable connections of clients still requiring the weak SSLv3 protocol,
50 the *CipherList* must be set to its old value (not recommended!), which
51 was "HIGH:!aNULL:@STRENGTH" (OpenSSL) and "SECURE128" (GnuTLS), see below.
53 Differences to version 20.x
55 - Starting with ngIRCd 21, the ciphers used by SSL are configurable and
56 default to "HIGH:!aNULL:@STRENGTH" (OpenSSL) or "SECURE128" (GnuTLS).
57 Previous version were using the OpenSSL or GnuTLS defaults, "DEFAULT"
58 and "NORMAL" respectively.
60 - When adding GLINE's or KLINE's to ngIRCd 21 (or newer), all clients matching
61 the new mask will be KILL'ed. This was not the case with earlier versions
62 that only added the mask but didn't kill already connected users.
64 - The *PredefChannelsOnly* configuration variable has been superseded by the
65 new *AllowedChannelTypes* variable. It is still supported and translated to
66 the appropriate *AllowedChannelTypes* setting but is deprecated now.
68 Differences to version 19.x
70 - Starting with ngIRCd 20, users can "cloak" their hostname only when the
71 configuration variable *CloakHostModeX* (introduced in 19.2) is set.
72 Otherwise, only IRC operators, other servers, and services are allowed to
73 set mode +x. This prevents regular users from changing their hostmask to
74 the name of the IRC server itself, which confused quite a few people ;-)
76 Differences to version 17.x
78 - Support for ZeroConf/Bonjour/Rendezvous service registration has been
79 removed. The configuration option *NoZeroconf* is no longer available.
81 - The structure of `ngircd.conf` has been cleaned up and three new configuration
82 sections have been introduced: *[Limits]*, *[Options]*, and *[SSL]*.
84 Lots of configuration variables stored in the *[Global]* section are now
85 deprecated there and should be stored in one of these new sections (but
86 still work in *[Global]*):
88 - *AllowRemoteOper* -> [Options]
89 - *ChrootDir* -> [Options]
90 - *ConnectIPv4* -> [Options]
91 - *ConnectIPv6* -> [Options]
92 - *ConnectRetry* -> [Limits]
93 - *MaxConnections* -> [Limits]
94 - *MaxConnectionsIP* -> [Limits]
95 - *MaxJoins* -> [Limits]
96 - *MaxNickLength* -> [Limits]
97 - *NoDNS* -> [Options], and renamed to *DNS*
98 - *NoIdent* -> [Options], and renamed to *Ident*
99 - *NoPAM* -> [Options], and renamed to *PAM*
100 - *OperCanUseMode* -> [Options]
101 - *OperServerMode* -> [Options]
102 - *PingTimeout* -> [Limits]
103 - *PongTimeout* -> [Limits]
104 - *PredefChannelsOnly* -> [Options]
105 - *SSLCertFile* -> [SSL], and renamed to *CertFile*
106 - *SSLDHFile* -> [SSL], and renamed to *DHFile*
107 - *SSLKeyFile* -> [SSL], and renamed to *KeyFile*
108 - *SSLKeyFilePassword* -> [SSL], and renamed to *KeyFilePassword*
109 - *SSLPorts* -> [SSL], and renamed to *Ports*
110 - *SyslogFacility* -> [Options]
111 - *WebircPassword* -> [Options]
113 You should adjust your `ngircd.conf` and run `ngircd --configtest` to make
114 sure that your settings are correct and up to date!
116 Differences to version 16.x
118 - Changes to the *MotdFile* specified in `ngircd.conf` now require a ngIRCd
119 configuration reload to take effect (HUP signal, *REHASH* command).
121 Differences to version 0.9.x
123 - The option of the configure script to enable support for Zeroconf/Bonjour/
124 Rendezvous/WhateverItIsNamedToday has been renamed:
126 - `--with-rendezvous` -> `--with-zeroconf`
128 Differences to version 0.8.x
130 - The maximum length of passwords has been raised to 20 characters (instead
131 of 8 characters). If your passwords are longer than 8 characters then they
132 are cut at an other position now.
134 Differences to version 0.6.x
136 - Some options of the configure script have been renamed:
138 - `--disable-syslog` -> `--without-syslog`
139 - `--disable-zlib` -> `--without-zlib`
141 Please call `./configure --help` to review the full list of options!
143 Differences to version 0.5.x
145 - Starting with version 0.6.0, other servers are identified using asynchronous
146 passwords: therefore the variable *Password* in *[Server]*-sections has been
147 replaced by *MyPassword* and *PeerPassword*.
149 - New configuration variables, section *[Global]*: *MaxConnections*, *MaxJoins*
150 (see example configuration file `doc/sample-ngircd.conf`!).
152 ## Standard Installation
154 *Note*: This sections describes installing ngIRCd *from sources*. If you use
155 packages available for your operating system distribution you should skip over
156 and continue with the *Configuration* section, see below.
158 ngIRCd is developed for UNIX-based systems, which means that the installation
159 on modern UNIX-like systems that are supported by GNU autoconf and GNU
160 automake ("`configure` script") should be no problem.
162 The normal installation procedure after getting (and expanding) the source
163 files (using a distribution archive or Git) is as following:
165 1) Satisfy prerequisites
166 2) `./autogen.sh` [only necessary when using "raw" sources with Git]
171 (Please see details below!)
173 Now the newly compiled executable "ngircd" is installed in its standard
174 location, `/usr/local/sbin/`.
176 If no previous version of the configuration file exists (the standard name
177 is `/usr/local/etc/ngircd.conf)`, a sample configuration file containing all
178 possible options will be installed there. You'll find its template in the
179 `doc/` directory: `sample-ngircd.conf`.
181 The next step is to configure and afterwards start the daemon. See the section
182 *Configuration* below.
184 ### Satisfy prerequisites
186 When building from source, you'll need some other software to build ngIRCd:
187 for example a working C compiler, make tool, and a few libraries depending on
188 the feature set you want to enable at compile time (like IDENT, SSL, and PAM).
190 And if you aren't using a distribution archive ("tar.gz" file), but cloned the
191 plain source archive, you need a few additional tools to generate the build
192 system itself: GNU automake and autoconf, as well as pkg-config.
194 If you are using one of the "big" operating systems or Linux distributions,
195 you can use the following commands to install all the required packages to
196 build the sources including all optional features and to run the test suite:
198 #### Red Hat / Fedora based distributions
202 autoconf automake expect gcc glibc-devel gnutls-devel \
203 libident-devel make pam-devel pkg-config tcp_wrappers-devel \
207 *Note:* More recent versions use the DNF package manager; so substitute "yum"
208 with "dnf" in the command above. And neither "libident-devel" (IDENT support)
209 nor "tcp_wrappers-devel" (TCP Wrappers) are provided any more!
211 So the resulting command looks like this:
215 autoconf automake expect gcc glibc-devel gnutls-devel \
216 make pam-devel pkg-config telnet zlib-devel
219 #### Debian / Ubuntu based distributions
223 autoconf automake build-essential expect libgnutls28-dev \
224 libident-dev libpam-dev pkg-config libwrap0-dev libz-dev telnet
227 #### ArchLinux based distributions
231 autoconf automake expect gcc gnutls inetutils libident libwrap \
232 make pam pkg-config zlib
235 #### macOS with Homebrew
237 To build ngIRCd on Apple macOS, you need either Xcode or the command line
238 development tools. You can install the latter with the `xcode-select --install`
241 Additional tools and libraries that are not part of macOS itself are best
242 installed with the [Homebrew](https://brew.sh) package manager:
245 brew install autoconf automake gnutls libident pkg-config
248 Note: To actually use the GnuTLS and IDENT libraries installed by Homebrew, you
249 need to pass the installation path to the `./configure` command (see below). For
253 ./configure --with-gnutls=$(brew --prefix) --with-ident=$(brew --prefix) [...]
258 The first step, to run `./autogen.sh`, is *only* necessary if the `configure`
259 script itself isn't already generated and available. This never happens in
260 official ("stable") releases in "tar.gz" archives, but when cloning the source
261 code repository using Git.
263 **This step is therefore only interesting for developers!**
265 The `autogen.sh` script produces the `Makefile.in`'s, which are necessary for
266 the configure script itself, and some more files for `make(1)`.
268 To run `autogen.sh` you'll need GNU autoconf, GNU automake and pkg-config: at
269 least autoconf 2.61 and automake 1.10 are required, newer is better. But don't
270 use automake 1.12 or newer for creating distribution archives: it will work
271 but lack "de-ANSI-fication" support in the generated Makefile's! Stick with
272 automake 1.11.x for this purpose ...
274 So *automake 1.11.x* and *autoconf 2.67+* is recommended.
276 Again: "end users" do not need this step and neither need GNU autoconf nor GNU
281 The `configure` script is used to detect local system dependencies.
283 In the perfect case, `configure` should recognize all needed libraries, header
284 files and so on. If this shouldn't work, `./configure --help` shows all
287 In addition, you can pass some command line options to `configure` to enable
288 and/or disable some features of ngIRCd. All these options are shown using
289 `./configure --help`, too.
291 Compiling a static binary will avoid you the hassle of feeding a chroot dir
292 (if you want use the chroot feature). Just do something like:
295 CFLAGS=-static ./configure [--your-options ...]
298 Then you can use a void directory as ChrootDir (like OpenSSH's `/var/empty`).
302 The `make(1)` command uses the `Makefile`'s produced by `configure` and
303 compiles the ngIRCd daemon.
307 Use `make install` to install the server and a sample configuration file on
308 the local system. Normally, root privileges are necessary to complete this
309 step. If there is already an older configuration file present, it won't be
312 These files and folders will be installed by default:
314 - `/usr/local/sbin/ngircd`: executable server
315 - `/usr/local/etc/ngircd.conf`: sample configuration (if not already present)
316 - `/usr/local/share/doc/ngircd/`: documentation
317 - `/usr/local/share/man/`: manual pages
319 ### Additional features
321 The following optional features can be compiled into the daemon by passing
322 options to the `configure` script. Most options can handle a `<path>` argument
323 which will be used to search for the required libraries and header files in
324 the given paths (`<path>/lib/...`, `<path>/include/...`) in addition to the
327 - Syslog Logging (autodetected by default):
329 `--with-syslog[=<path>]` / `--without-syslog`
331 Enable (disable) support for logging to "syslog", which should be
332 available on most modern UNIX-like operating systems by default.
334 - ZLib Compression (autodetected by default):
336 `--with-zlib[=<path>]` / `--without-zlib`
338 Enable (disable) support for compressed server-server links.
339 The Z compression library ("libz") is required for this option.
341 - IO Backend (autodetected by default):
343 - `--with-select[=<path>]` / `--without-select`
344 - `--with-poll[=<path>]` / `--without-poll`
345 - `--with-devpoll[=<path>]` / `--without-devpoll`
346 - `--with-epoll[=<path>]` / `--without-epoll`
347 - `--with-kqueue[=<path>]` / `--without-kqueue`
349 ngIRCd can use different IO "backends": the "old school" `select(2)` and
350 `poll(2)` API which should be supported by most UNIX-like operating systems,
351 or the more efficient and flexible `epoll(7)` (Linux >=2.6), `kqueue(2)`
352 (BSD) and `/dev/poll` APIs.
354 By default the IO backend is autodetected, but you can use `--without-xxx`
355 to disable a more enhanced API.
357 When using the `epoll(7)` API, support for `select(2)` is compiled in as
358 well by default, to enable the binary to run on older Linux kernels (<2.6),
363 `--with-ident[=<path>]`
365 Include support for IDENT ("AUTH") lookups. The "ident" library is
366 required for this option.
370 `--with-tcp-wrappers[=<path>]`
372 Include support for Wietse Venemas "TCP Wrappers" to limit client access
373 to the daemon, for example by using `/etc/hosts.{allow|deny}`.
374 The "libwrap" is required for this option.
378 `--with-pam[=<path>]`
380 Enable support for PAM, the Pluggable Authentication Modules library.
381 See `doc/PAM.txt` for details.
385 - `--with-openssl[=<path>]`
386 - `--with-gnutls[=<path>]`
388 Enable support for SSL/TLS using OpenSSL or GnuTLS libraries.
389 See `doc/SSL.txt` for details.
391 - IPv6 (autodetected by default):
393 `--enable-ipv6` / `--disable-ipv6`
395 Enable (disable) support for version 6 of the Internet Protocol, which should
396 be available on most modern UNIX-like operating systems by default.