To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.

Reverse Proxy and Backlog: Difference between pages

From ZNC
(Difference between pages)
Jump to navigation Jump to search
m Fixed port number on example
 
mNo edit summary
 
Line 1: Line 1:
== About Reverse Proxies ==
{{DISPLAYTITLE:backlog}}
While ZNC is a fantastic bouncer, in many situations it can be beneficial to utilize a reverse proxy in front of it for features such as:
{{External Module}}
* Subdomains
'''znc-backlog''' is a ZNC module that makes it easy to request backlog. Its intended use is for when you have just launched your IRC client and gotten a few lines of backlog sent to you, but want to read more. Instead of having to deal with shelling into the box where you run ZNC and manually sifting through the logs, you can issue a short command in your IRC client to request any amount of the most recent lines of log.
* Tighter control of SSL ciphers and protocols
* ECDH support
* SSL session caching
* SSL stapling
* Compression


=== Notes ===
== Setup ==
*  <code>TrustedProxy</code> must be set in your configuration for web access logs to reflect actual addresses instead of the reverse proxy address (<code>127.0.0.1</code> / <code>::1</code>):
<nowiki>
TrustedProxy = 127.0.0.1
TrustedProxy = ::1</nowiki>


== Nginx ==
You can get this module's source code [http://github.com/fruitiex/znc-backlog/ here]. Read the [https://github.com/FruitieX/znc-backlog/blob/master/README.md README] for information on compiling and installing.
'''Note:''' If you plan on utilizing Nginx for IRC in conjunction with HTTP/HTTPS, the port number (''or'' address) of the two services '''must be different'''.


=== HTTP ===
At the moment you must specify a log path manually: See [[log]] for information on where ZNC's log module stores logs.
==== As a Subdomain ====
<nowiki>server {
    listen      80;
    listen      [::]:80;
    # To listen on a specific address only:
    # listen      192.0.2.1:80;
    # listen      [2001:db8::192:0:2:1]:80;
    server_name znc.example.test;
    access_log  /var/log/nginx/znc.example.test/znc-access.log;
    error_log  /var/log/nginx/znc.example.test/znc-error.log;


    location / {
'''For ZNC versions after 1.6, you would use something like'''
        proxy_pass http://[::1]:6667/;
        # For IPv4 loopback (there's almost no reason to do this)
        # proxy_pass http://127.0.0.1:6667/;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}</nowiki>
==== As a Subdirectory ====
'''Note:'''
* There is intentionally no <code>/</code> after the port number
* You must set <code>URIPrefix</code> of the Listener in ZNC to the target location (<code>/znc/</code> in this example)


  <nowiki>server {
  /msg *backlog LogPath  /path/to/your/logs/$USER/$NETWORK/$WINDOW/*.log
    ...
    location /znc/ {
        proxy_pass http://[::1]:6667;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}</nowiki>


On most distributions this would be put in <code>/etc/nginx/conf.d/znc.example.test.conf</code> .
'''For ZNC versions prior to 1.6, you would use something like'''


=== HTTPS ===
  /msg *backlog LogPath /path/to/your/logs/$USER_$NETWORK_$WINDOW_*.log
This is a basic configuration utilizing Diffie Hellman key exchange:
  <nowiki>
server {
    listen      7001 ssl http2;
    listen      [::]:7001 ssl http2;
    # To listen on a specific address only:
    # listen      192.0.2.1:7001 ssl http2;
    # listen      [2001:db8::192:0:2:1]:7001 ssl http2;
    server_name znc.example.test;
    access_log  /var/log/nginx/znc.example.test/znc_ssl-access.log;
    error_log  /var/log/nginx/znc.example.test/znc_ssl-error.log;


    # SSL options
<code>$USER</code> will be replaced with your ZNC username, <code>$NETWORK</code> with the current network and <code>$WINDOW</code> with the requested channel/window name. The last found asterisk character '<code>*</code>' in the string is assumed to be a date, and the order in which the files are read is determined by a simple alphabetical sort (i.e. date format order must be year-month-day, which is true of output from the [[log]] module).
    add_header              Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
    ssl_certificate        /etc/letsencrypt/live/znc.example.test/fullchain.pem;
    ssl_certificate_key    /etc/letsencrypt/live/znc.example.test/privkey.pem;
    ssl_dhparam            /etc/letsencrypt/live/znc.example.test/dhparam.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/znc.example.test/chain.pem;


    location / {
Optionally, you may specify this path as an argument to the module, either in the [[webadmin]] textbox, or in the ZNC config file.
        proxy_pass http://[::1]:7001$request_uri;
        # For IPv4 loopback (there's almost no reason to do this)
        # proxy_pass http://127.0.0.1:7001$request_uri;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}</nowiki>
On most distributions this would be put in <code>/etc/nginx/conf.d/znc.example.test.conf</code> .


=== IRC ===
== Usage ==
Nginx has a directive separate from <code>http</code> called [https://nginx.org/en/docs/stream/ngx_stream_core_module.html stream] for protocols other than HTTP. We can utilize this to allow nginx to act as a reverse proxy for ZNC:
<nowiki>
upstream znc {
    server [::1]:7000;
    # For IPv4 loopback (there's almost no reason to do this)
    # server 127.0.0.1:7000;
}


server {
After the module is loaded and LogPath is set, you can request for logs with:


    listen      7000 ssl;
/msg *backlog <window-name> [num-lines]
    listen      [::]:7000 ssl;
e.g.
    # To listen on a specific address only:
/msg *backlog #znc 42
    # listen      192.0.2.1:7000 ssl;
    # listen      [2001:db8::192:0:2:1]:7000 ssl;


    # SSL options
<code>[num-lines]</code> is optional and defaults to 150.
    ssl_certificate        /etc/letsencrypt/live/znc.example.test/fullchain.pem;
    ssl_certificate_key    /etc/letsencrypt/live/znc.example.test/privkey.pem;
    ssl_dhparam            /etc/letsencrypt/live/znc.example.test/dhparam.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/znc.example.test/chain.pem;
   
    proxy_pass znc;
}</nowiki>
On most distributions these would be put in <code>/etc/nginx/conf.d/znc.example.test.stream</code> .


=== Additional Configuration Abilities ===
=== Commands ===
Nginx has many configuration options that can enhance the behavior of both the ZNC web interface and IRC, so the <code>http</code> or <code>server</code> nginx directive options below only demonstrate the most common portions of them:
<nowiki>
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay        on;
    keepalive_timeout  65;
    types_hash_max_size 2048;


    server_tokens off;
Help


    # Compression
Prints this text
    gzip                on;
    gzip_comp_level    9;
    gzip_types          application/javascript application/vnd.ms-fontobject application/x-font-otf application/x-font-ttf application/x-font-woff image/jpg image/png image/svg image/x-icon text/css;


    ###############
LogPath <path>
    # SSL options #
    ###############
    ssl_ciphers                ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256;
    ssl_ecdh_curve              secp384r1;
    ssl_protocols              TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers  on;
    ssl_session_cache          shared:https:15m;
    ssl_session_timeout        15m;


    # Stapling
Sets path to log files. Use keywords <code>$USER</code>, <code>$NETWORK</code>, <code>$WINDOW</code> and an asterisk <code>*</code> to stand-in for a year-month-day date.
    ssl_stapling                on;
    ssl_stapling_verify        on;
    resolver                    1.1.1.1 8.8.8.8 [2606:4700:4700::1111] [2001:4860:4860::8888];
</nowiki>


== lighttpd ==
PrintStatusMsgs <true | false>
=== HTTP ===
 
  <nowiki>$HTTP["host"] =~ "^(sub\.domain\.com)$" {
Show join/part/rename/etc. messages, in addition to lines of chat.
  proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => 6667 ) ) )
 
}</nowiki>
== Tips ==
 
=== ZNC Alias Module ===
You can make requesting backlogs slightly easier in any client with ZNC's alias module.
 
First, make sure the alias module is loaded:
 
  /msg *status LoadMod alias
Create an alias for using backlog:
 
/msg *alias create BL
/msg *alias add BL PRIVMSG *backlog :%1% %?2% 50
This creates and then adds to an alias named "'''BL'''" that you can use to playback logs. <code>%1%</code> will be replaced by the channel/window name you type when using the alias. <code>%?2%</code> will optionally be the number of lines to play back. If no number of lines is supplied, then the last number is used instead—in this example <code>50</code>. You can set this number to anything you want.
 
Now try it out. To play back the default number of lines you set (50 in our example) in the channel #znc:
 
/bl #znc
To play back exactly 32 lines in the channel #znc:
 
/bl #znc 32
 
 
 
=== WeeChat ===
 
In [http://weechat.org weechat], you can create an alias to make requesting logs for the current window easier:
/alias add bl msg *backlog $channel $1
Now you can:
/bl 42
or just:
/bl

Revision as of 22:49, 24 October 2019

 This is an external module.
Please note that it may or may not work with the current release (1.9.0).
This module is not included in the default ZNC installation, and you will need to manually compile it before you can load this module.
Contact the author if you have any questions, but feel free to ask in #znc on Libera.Chat. Someone might be able to help you there.

znc-backlog is a ZNC module that makes it easy to request backlog. Its intended use is for when you have just launched your IRC client and gotten a few lines of backlog sent to you, but want to read more. Instead of having to deal with shelling into the box where you run ZNC and manually sifting through the logs, you can issue a short command in your IRC client to request any amount of the most recent lines of log.

Setup

You can get this module's source code here. Read the README for information on compiling and installing.

At the moment you must specify a log path manually: See log for information on where ZNC's log module stores logs.

For ZNC versions after 1.6, you would use something like 

/msg *backlog LogPath  /path/to/your/logs/$USER/$NETWORK/$WINDOW/*.log

For ZNC versions prior to 1.6, you would use something like 

/msg *backlog LogPath /path/to/your/logs/$USER_$NETWORK_$WINDOW_*.log

$USER will be replaced with your ZNC username, $NETWORK with the current network and $WINDOW with the requested channel/window name. The last found asterisk character '*' in the string is assumed to be a date, and the order in which the files are read is determined by a simple alphabetical sort (i.e. date format order must be year-month-day, which is true of output from the log module).

Optionally, you may specify this path as an argument to the module, either in the webadmin textbox, or in the ZNC config file.

Usage

After the module is loaded and LogPath is set, you can request for logs with: 

/msg *backlog <window-name> [num-lines]

e.g. 

/msg *backlog #znc 42

[num-lines] is optional and defaults to 150.

Commands

Help

Prints this text 

LogPath <path>

Sets path to log files. Use keywords $USER, $NETWORK, $WINDOW and an asterisk * to stand-in for a year-month-day date. 

PrintStatusMsgs <true | false>

Show join/part/rename/etc. messages, in addition to lines of chat.

Tips

ZNC Alias Module

You can make requesting backlogs slightly easier in any client with ZNC's alias module.

First, make sure the alias module is loaded: 

/msg *status LoadMod alias

Create an alias for using backlog: 

/msg *alias create BL
/msg *alias add BL PRIVMSG *backlog :%1% %?2% 50

This creates and then adds to an alias named "BL" that you can use to playback logs. %1% will be replaced by the channel/window name you type when using the alias. %?2% will optionally be the number of lines to play back. If no number of lines is supplied, then the last number is used instead—in this example 50. You can set this number to anything you want.

Now try it out. To play back the default number of lines you set (50 in our example) in the channel #znc: 

/bl #znc

To play back exactly 32 lines in the channel #znc: 

/bl #znc 32


WeeChat

In weechat, you can create an alias to make requesting logs for the current window easier: 

/alias add bl msg *backlog $channel $1

Now you can: 

/bl 42

or just: 

/bl
Retrieved from "https://wiki.znc.in/index.php?title=Reverse_Proxy&oldid=2632"