MediaWiki API result
This is the HTML representation of the JSON format. HTML is good for debugging, but is unsuitable for application use.
Specify the format parameter to change the output format. To see the non-HTML representation of the JSON format, set format=json.
See the complete documentation, or the API help for more information.
{
"batchcomplete": "",
"continue": {
"gapcontinue": "Route_replies",
"continue": "gapcontinue||"
},
"warnings": {
"main": {
"*": "Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/> for notice of API deprecations and breaking changes."
},
"revisions": {
"*": "Because \"rvslots\" was not specified, a legacy format has been used for the output. This format is deprecated, and in the future the new format will always be used."
}
},
"query": {
"pages": {
"206": {
"pageid": 206,
"ns": 0,
"title": "Replaybuffer",
"revisions": [
{
"contentformat": "text/x-wiki",
"contentmodel": "wikitext",
"*": "{{External Module}}\n\n\nThis module saves the channel buffers and replays them when you join those channels again.\n\nBy default, ZNC deletes channel buffers when users part channels.\n\nIt was originated from savebuff, but it doesn't use encryption, so savebuff and replaybuffer aren't compatible.\n\nThis means replaybuffer is intended to be run on a '''single-user environment''' whether it is znc on your own machine or znc on an encrypted file system in a remote virtual machine.\nAlso, this module can't be built against 0.204. It can be built against ZNC from the git master.\n\nsavebuff saves buffers and restores them when you join channels, but the restored buffer is not shown until you detach from znc and reattach to it in your IRC client.\n\nreplaybuffer solved this problem by replaying the restored buffer right after IRC clients join a channel..\n\nThis module has a useful set of commands that savebuff doesn't have, including \"help\" command.\n\n== Installing ==\nThe code for this module can be found at [https://github.com/crocket/replaybuffer https://github.com/crocket/replaybuffer].\n\nFollow the guideline in [[Compiling modules]] to build it.\n\n== Usage ==\n'''/msg *replaybuffer help''' shows you available commands.\n\n{{Module arguments|type=network}}\n\n== Note ==\nPlease contact '''crocket''' at crockabiscuit at gmail dot com if you have any questions or suggestions about this module."
}
]
},
"209": {
"pageid": 209,
"ns": 0,
"title": "Reverse Proxy",
"revisions": [
{
"contentformat": "text/x-wiki",
"contentmodel": "wikitext",
"*": "== About Reverse Proxies ==\nWhile ZNC is a fantastic bouncer, in many situations it can be beneficial to utilize a reverse proxy in front of it for features such as:\n* Subdomains\n* Tighter control of SSL ciphers and protocols\n* ECDH support\n* SSL session caching\n* SSL stapling\n* Compression\n\n=== Notes ===\n* <code>TrustedProxy</code> must be set in your configuration for web access logs to reflect actual addresses instead of the reverse proxy address (<code>127.0.0.1</code> / <code>::1</code>):\n <nowiki>\nTrustedProxy = 127.0.0.1\nTrustedProxy = ::1</nowiki>\n\n== Nginx ==\n'''Note:''' If you plan on utilizing Nginx for IRC in conjunction with HTTP/HTTPS, the port number (''or'' address) of the two services '''must be different'''.\n\n=== HTTP ===\n==== As a Subdomain ====\n <nowiki>server {\n listen 80;\n listen [::]:80;\n # To listen on a specific address only:\n # listen 192.0.2.1:80;\n # listen [2001:db8::192:0:2:1]:80;\n server_name znc.example.test;\n access_log /var/log/nginx/znc.example.test/znc-access.log;\n error_log /var/log/nginx/znc.example.test/znc-error.log;\n\n location / {\n proxy_pass http://[::1]:6667/;\n # For IPv4 loopback (there's almost no reason to do this)\n # proxy_pass http://127.0.0.1:6667/;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n }\n}</nowiki>\n==== As a Subdirectory ====\n'''Note:'''\n* There is intentionally no <code>/</code> after the port number \n* You must set <code>URIPrefix</code> of the Listener in ZNC to the target location (<code>/znc/</code> in this example)\n\n <nowiki>server {\n ...\n location /znc/ {\n proxy_pass http://[::1]:6667;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n }\n}</nowiki>\n\nOn most distributions this would be put in <code>/etc/nginx/conf.d/znc.example.test.conf</code> .\n\n=== HTTPS ===\nThis is a basic configuration utilizing Diffie Hellman key exchange:\n <nowiki>\nserver {\n listen 7001 ssl http2;\n listen [::]:7001 ssl http2;\n # To listen on a specific address only:\n # listen 192.0.2.1:7001 ssl http2;\n # listen [2001:db8::192:0:2:1]:7001 ssl http2;\n server_name znc.example.test;\n access_log /var/log/nginx/znc.example.test/znc_ssl-access.log;\n error_log /var/log/nginx/znc.example.test/znc_ssl-error.log;\n\n # SSL options\n add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains; preload\" always;\n ssl_certificate /etc/letsencrypt/live/znc.example.test/fullchain.pem;\n ssl_certificate_key /etc/letsencrypt/live/znc.example.test/privkey.pem;\n ssl_dhparam /etc/letsencrypt/live/znc.example.test/dhparam.pem;\n ssl_trusted_certificate /etc/letsencrypt/live/znc.example.test/chain.pem;\n\n location / {\n proxy_pass http://[::1]:7001$uri;\n # For IPv4 loopback (there's almost no reason to do this)\n # proxy_pass http://127.0.0.1:7001$uri;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n }\n}</nowiki>\nOn most distributions this would be put in <code>/etc/nginx/conf.d/znc.example.test.conf</code> .\n\n=== IRC ===\nNginx has a directive separate from <code>http</code> called [https://nginx.org/en/docs/stream/ngx_stream_core_module.html stream] for protocols other than HTTP. We can utilize this to allow nginx to act as a reverse proxy for ZNC:\n <nowiki>\nupstream znc {\n server [::1]:7000;\n # For IPv4 loopback (there's almost no reason to do this)\n # server 127.0.0.1:7000;\n}\n\nserver {\n\n listen 7000 ssl;\n listen [::]:7000 ssl;\n # To listen on a specific address only:\n # listen 192.0.2.1:7000 ssl;\n # listen [2001:db8::192:0:2:1]:7000 ssl;\n\n # SSL options\n ssl_certificate /etc/letsencrypt/live/znc.example.test/fullchain.pem;\n ssl_certificate_key /etc/letsencrypt/live/znc.example.test/privkey.pem;\n ssl_dhparam /etc/letsencrypt/live/znc.example.test/dhparam.pem;\n ssl_trusted_certificate /etc/letsencrypt/live/znc.example.test/chain.pem;\n \n proxy_pass znc;\n}</nowiki> \nOn most distributions these would be put in <code>/etc/nginx/conf.d/znc.example.test.stream</code> .\n\n=== Additional Configuration Abilities ===\nNginx has many configuration options that can enhance the behavior of both the ZNC web interface and IRC, so the <code>http</code> or <code>server</code> nginx directive options below only demonstrate the most common portions of them:\n <nowiki>\n sendfile on;\n tcp_nopush on;\n tcp_nodelay on;\n keepalive_timeout 65;\n types_hash_max_size 2048;\n\n server_tokens off;\n\n # Compression\n gzip on;\n gzip_comp_level 9;\n gzip_types application/javascript application/vnd.ms-fontobject application/x-font-otf application/x-font-ttf application/x-font-woff image/jpg image/png image/svg image/x-icon text/css;\n\n ###############\n # SSL options #\n ###############\n ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256;\n ssl_ecdh_curve secp384r1;\n ssl_protocols TLSv1.2 TLSv1.3;\n ssl_prefer_server_ciphers on;\n ssl_session_cache shared:https:15m;\n ssl_session_timeout 15m;\n\n # Stapling\n ssl_stapling on;\n ssl_stapling_verify on;\n resolver 1.1.1.1 8.8.8.8 [2606:4700:4700::1111] [2001:4860:4860::8888];\n</nowiki>\n\n== lighttpd ==\n=== HTTP ===\n <nowiki>$HTTP[\"host\"] =~ \"^(sub\\.domain\\.com)$\" {\n proxy.server = ( \"\" => ( ( \"host\" => \"127.0.0.1\", \"port\" => 6667 ) ) )\n}</nowiki>\n\n== Traefik ==\n\nIt is possible to run ZNC as a docker container, and use [https://traefik.io/ Traefik] to provide proxying services for this. The IRC port needs to be separated from the web interface port to achieve this.\n\n=== Traefik setup ===\n\nTraefik needs to be configured to listen on a specific port for IRC access to ZNC. In this example, I'm using port 7000 for 'web' based access, and 7001 for 'IRC' access. This can be done in docker-compose as follows:\n\n<pre>\nversion: \"3.5\"\nnetworks:\n default:\n name: traefik\n\nservices:\n traefik:\n image: \"traefik:v2.3\"\n command:\n --entryPoints.web.address=:7000\n --entryPoints.irc.address=:7001\n --providers.docker=true\n ports:\n - \"7000:7000\"\n - \"7001:7001\"\n</pre>\n\n=== ZNC setup ===\n\nZNC also needs to be configured to allow a separate port for IRC access. In this example, I'm using port 6501 for web access, and 6502 for IRC access. This is configured as follows:\n\n[[File:Znc-ports-traefik.png|center|ZNC Port Configuration]]\n\nThe ZNC docker container then needs to be configured with appropriate labels to configure traefik to send traffic to it. This can be done in docker-compose as follows (in this case, the host name 'znc.example.com' is being used to access the ZNC service):\n\n<pre>\n---\nversion: \"3.5\"\n\nnetworks:\n traefik:\n external: true\n\n default:\n name: znc\n\nservices:\n znc:\n image: znc\n container_name: znc\n volumes:\n - ./zncconfig:/znc-data\n networks:\n - default\n - traefik\n ports:\n - 6501:6501\n - 6502:6502\n restart: unless-stopped\n labels:\n - \"traefik.enable=true\"\n - \"traefik.http.routers.zncweb.rule=Host(`znc.example.com`)\"\n - \"traefik.http.routers.zncweb.tls=true\"\n - \"traefik.http.routers.zncweb.entryPoints=web\"\n - \"traefik.http.services.zncweb.loadbalancer.server.port=6501\"\n - \"traefik.tcp.routers.zncirc.rule=HostSNI(`znc.example.com`)\"\n - \"traefik.tcp.routers.zncirc.tls=true\"\n - \"traefik.tcp.routers.zncirc.entryPoints=irc\"\n - \"traefik.tcp.services.zncirc.loadbalancer.server.port=6502\"\n - \"traefik.docker.network=traefik\"\n</pre>\n\n=== IRC client setup ===\n\nAll that is required then is to configure your IRC client to connect securely to 'znc.example.com' on port 7001, with SSL enabled. Traefik will then provide the appropriate certificate for the connection, and pass traffic to port 6502 on the ZNC container.\n\n=== ZNC web control panel ===\n\nThe ZNC web control panel can be accessed using (in this case) <code>https://znc.example.com:7000/</code>\n\n\n== Caddy ==\n\n[https://caddyserver.com/ Caddy] is an extensible, cross-platform, open-source web server written in Go, with automatic TLS certificate provisioning.\n\nCaddy only supports reverse proxying for HTTP out of the box, but the [https://github.com/mholt/caddy-l4 caddy-l4] plugin allows Caddy to proxy arbitrary streams, which makes it useful for ZNC. When using Caddy in this mode, the web control panel and IRC can be served from a single port.\n\nBuild Caddy with the caddy-l4 plugin by following the directions in caddy-l4's README.\n\ncaddy-l4 is configured by adding a `layer4` object to the `apps` object of a JSON Caddy configuration, like the one below. Note that the comments must be removed.\n\n <nowiki>\n{\n \"apps\": {\n \"layer4\": {\n \"servers\": {\n \"znc\": {\n \"listen\": [\n \":1337\" // Caddy will listen on this interface\n ],\n \"routes\": [\n {\n \"handle\": [\n {\n // Terminate TLS\n \"handler\": \"tls\",\n \"connection_policies\": [\n {\n \"alpn\": [\n // Caddy always tries to negotiate HTTP/2 by default,\n // which ZNC's web interface doesn't support, so we need\n // to override the default protocol list\n \"http/1.1\",\n \"http/1.0\"\n ],\n // Some IRC clients don't support SNI negotiation, so you\n // need to tell Caddy which certificate to send\n \"default_sni\": \"your.hostname.com\"\n }\n ]\n },\n {\n // Forward cleartext to ZNC\n \"handler\": \"proxy\",\n \"upstreams\": [\n {\n \"dial\": [\n \"localhost:2337\" // The address where ZNC is listening\n ]\n }\n ]\n }\n ]\n }\n ]\n }\n }\n }\n }\n}\n</nowiki>"
}
]
}
}
}
}