一.简 介
IRC是英文“Internet Relay Chat”的缩写,它是一种即时交谈工具,是目前全球最流行的在线聊天方式之一。它的特点是速度快,方便的自建和使用个人聊天室,同时开20多个小窗与人 聊天不影响速度,强大的聊天室管理、文件传送功能,是全球网友网上交流的最佳选择。
二. 安装ircd-hybrid系统IRC服务器
为方便统一管理安装的应用程序,设定安装ircd-hybrid到/opt/ircd-hybrid目录。
tar zvxf ircd-hybrid-8.2.24.tgz
cd ircd-hybrid-8.2.24
./configure --prefix=/opt/ircd-hybrid
make
make install
cd ../ rm -rf ircd-hybrid-8.2.24*
以上为解压编译安装,约五分钟后可完成,接下来可根据需要配置ircd.conf文件。我们可以根据源代码压缩包提供的配置文件为实例,在此文件基础上直接编辑修改,这样就可以省去很大的配置工作。
cd /opt/ircd-hybrid/
cp /opt/ircd-hybrid/etc/reference.conf /opt/ircd-hybrid/etc/ircd.conf
chmod 755 * -R
三.配置ssl加密
vim /opt/ircd-hybrid/etc/ircd.conf
简略设置:
serverinfo {
name = "ircd.dirtysea.org";
};
auth {
user = "*@*"; password = "dirtysea"; encrypted = no;
};
其中encrypted参数是:password是否为加密后的字符(使用“mkpasswd”命令生成加密的密码,) 简略配置可保证IRC服务器正常运行,可以试运行启动ircd服务,使用6666端口连接测试. 转到第40行 - serverinfo块 ,并将其更改为您的服务器信息,在我的示例下面: name = "centos.local"; description = "ircd-hybrid Centos server"; network_name = "CentosNet"; network_desc = "This is Centos Network"; 现在编辑195行中的管理员信息 : name = "Centos Admin"; description = "Centos Server Administrator"; 并且在第448行的验证块中,注释“flag”的选项: # flags = need_ident; 并在第456行 设置 irc服务器的oprator或管理员: name = "centos"; #operator username user = "*@192.168.1.*"; # this is my network IP password = "$1$zylz9BKK$AQg/dc/Ig04YuvPgkCtFK0"; #password generated with mkpasswd encrypted = yes; 最后,您必须在连接块行584中“定义要连接的服务器” 。 该配置由ircd-hybrid用于与anope的连接: name = "ircd.ddirtysera.com"; host = "127.0.0.1"; #server ip send_password = "12345"; #use your password accept_password = "12345"; port = 6666; ssl加密配置修改: 在编辑ircd-hybrid配置之前,必须为ircd生成SSL证书。 请转到“hybrid/etc/”目录。 cd /opt/ircd-hybrid/etc 并使用openssl命令生成一个私有rsa.key ,使用chmod将权限更改为600 openssl genrsa -out rsa.key 2048
chmod 600 rsa.key 现在使用我们的rsa.key私钥生成加密客户端连接的SSL证书: openssl req -new -days 365 -x509 -key rsa.key -out cert.pem 在OpenSSL要求时输入您的数据,如国家等。 最后,使用命令生成一个dhparam文件: openssl dhparam -out dhparam.pem 2048 只是等待,因为需要一些时间。 编辑配置文件“ircd.conf” 。
vim /opt/ircd-hybrid/etc/ircd .conf 取消注释 serverinfo块中的ssl配置: rsa_private_key_file = "etc/rsa.key"; # Line 124 ssl_certificate_file = "etc/cert.pem"; # Line 141 ssl_dh_param_file = "etc/dhparam.pem"; # Line 156 (使用letsencrypt免费证书 将privkey1.pem更名为rsa.key 将fullchain1.pem更名为cert.pem 注销 #ssl_dh_param_file = "etc/dhparam.pem"; # Line 156) listen { flags = ssl; port = 6697; #此项其它的参数全部注销掉 }; 配置文件: serverinfo { name = "ircd.dirtysea.org"; sid = "0HY"; description = "ircd-hybrid server"; network_name = "MyNet"; network_desc = "This is My Network"; hub = no; default_max_clients = 512; max_nick_length = 9; max_topic_length = 160; rsa_private_key_file = "etc/rsa.key"; ssl_certificate_file = "etc/cert.pem"; # ssl_dh_param_file = "etc/dhparam.pem"; }; admin { name = "Smurf target"; description = "Main Server Administrator"; }; listen { flags = ssl; port = 6697; #flags = hidden, ssl; #host = "192.0.2.2"; #port = 6697; #host = "192.0.2.3"; #port = 7000, 7001; #host = "2001:DB8::2"; #port = 7002; }; auth { password = "dirtysea"; encrypted = no; spoof = "I.still.hate.packets"; class = "opers"; flags = need_password, spoof_notice, exceed_limit, kline_exempt, xline_exempt, resv_exempt, no_tilde, can_flood; }; auth { redirserv = "server2.example.net"; redirport = 6667; class = "users"; }; auth { class = "users"; #flags = need_ident; }; operator { name = "dirtysea"; password = "$6$3dr$9yiSACEr5oQL9OpPf3SbNOeiI78P2gRVd4vYxpQ30YyWkI0nNLG8HfBlZRHUw02mU/xcK10YHL3mdwvMMPYFK."; encrypted = yes; ssl_connection_required = no; class = "opers"; umodes = locops, servnotice, wallop; flags = admin, connect, connect:remote, die, globops, kill, kill:remote, kline, module, rehash, restart, set, unkline, unxline, xline; }; connect { name = "ircd.dirtysea.org"; host = "127.0.0.1"; vhost = "127.0.0.1"; send_password = "dirtysea"; accept_password = "dirtysea"; encrypted = no; port = 6666; class = "server"; }; connect { name = "ipv6.example.net"; host = "2001:DB8::3"; send_password = "password"; accept_password = "password"; port = 6666; aftype = ipv6; class = "server"; }; 三.运行 ircd服务不能以root权限运行,必须切换非root用户状态。
adduser ircmaster
chown ircmaster:ircmaster /opt/ircd-hybrid -R
su -l ircmaster
/opt/ircd-hybrid/bin/ircd
以上我们是创建了一个ircmaster的系统用户,并切换到该用户,运行正常后,可以通过ps –x来查看服务进程。
ps -ef | grep ircd netstat -antlp | grep 6665 日志文件路径 cat /opt/ircd-hybrid/var/log/ircd.log
#iptables -A INPUT -p tcp -m multiport --dports 6665:6669 -j ACCEPT iptables -A INPUT -p tcp -m multiport --dports 66979 -j ACCEPT service iptables save 这样,服务器就正常启动了ircd服务,开放6665-6669端口,非加密连接端口6666;ssl加密连接端口6697,所以可以只开启这个端口 四. 测试 尝试使用IRC客户端连接到您的IRC服务器,我将在这里使用pidgin |