To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.

Configuration: Difference between revisions

From ZNC
Jump to navigation Jump to search
DoctorD90 (talk | contribs)
m PASS field: improved the description, added linux command to calculate hashed/salted the password
DoctorD90 (talk | contribs)
m Updated the PASSWORD key command name based on the 1.8 version test
 
Line 371: Line 371:
| <tt>NoTrafficTimeout = 180</tt>
| <tt>NoTrafficTimeout = 180</tt>
|-
|-
| rowspan="2" | '''Pass'''<br/>
| rowspan="2" | '''Password'''<br/>
| The password for the user account. It can be in plaintext or hashed with md5 or sha256.<br/>
| The password for the user account. It can be in plaintext or hashed with md5 or sha256.<br/>
If using hashed password, explicit the hash function name used just before the hash, in the form: <hash name>#<hash><br/>
If using hashed password, explicit the hash function name used just before the hash, in the form: <hash name>#<hash><br/>

Latest revision as of 22:21, 28 December 2024

Creating a config file

To generate a basic configuration file, run znc --makeconf after installation. It is NOT a good idea to create a new config file manually, please use znc --makeconf!

File locations

  • Configuration - ZNC gets its configuration by reading the file ~/.znc/configs/znc.conf.
  • Misc - Other files are also stored in the ~/.znc directory, such as the SSL certificate (znc.pem) and the PidFile (znc.pid).
  • Local Modules - Stored in ~/.znc/modules. ZNC will look in the local module directory first when trying to load a module.
  • Global Modules - Stored in /usr/local/lib/znc by default (where /usr/local is the prefix you chose). This is /usr/lib/znc if you used the Debian package.
  • Binaries - znc, znc-config, and znc-buildmod are all stored in /usr/local/bin (or in /usr/bin) by default. You can change this when you configure by using ./configure --prefix=/whatever/path/you/want.

Editing config

In most cases you should NOT edit znc.conf directly. Use webadmin instead.

If you really need to edit znc.conf by hand, do the following:

  1. pkill -SIGUSR1 znc
    to save current runtime configuration to znc.conf
  2. pkill znc
    to shutdown running ZNC instance
  3. Edit znc.conf
  4. znc
    to start it again with new configuration

Config file structure

The following pseudo content illustrates the config structure with single listener, user, network and channel. Naturally, there can be multiple instances of each.

Key = Value

<Listener name>
    Key = Value
</Listener>

<User name>
    Key = Value

    <Network name>
        Key = Value

        <Chan name>
            Key = Value
        </Chan>
    </Network>
    
    <Pass password>
        Key = Value
    </Pass>
</User>

Config file settings

ZNC 1.6 configuration file consists of the following settings. All values are examples.

Global

AnonIPLimit The limit of anonymous unidentified connections per IP.
AnonIPLimit = 10
AuthOnlyViaModule
(since 1.7)
Allow user authentication by external modules only.
AuthOnlyViaModule = false
BindHost The list of allowed bindhosts. Users can select one of these values.
BindHost = ...
BindHost = ...
ConnectDelay The number of seconds every IRC connection is delayed. IRC servers may refuse a connection when reconnecting too fast. NOTE: Affects connections between ZNC and IRC servers; not connections between IRC clients and ZNC.
ConnectDelay = 5
HideVersion
(since 1.6)
Whether the version number is hidden from the web interface and CTCP VERSION replies.
HideVersion = true
LoadModule The list of global modules loaded on ZNC startup.
LoadModule = webadmin
LoadModule = modperl
LoadModule = modpython
MaxBufferSize The maximum playback buffer size. Only admin users can exceed the limit.
MaxBufferSize = 500
Motd The list of "message of the day" lines that are sent to clients on connect via notice from *status.
Motd = ...
Motd = ...
PidFile An optional PID file location. See the FAQ for how to crontab ZNC.
PidFile = /home/znc/.znc/znc.pid
ProtectWebSessions Whether IP changing during each web session is disallowed.
ProtectWebSessions = true
ServerThrottle The number of seconds between connect attempts to the same hostname.
ServerThrottle = 30
Skin The default web interface skin. Users can override the value.
Skin = _default_
SSLCertFile The file with SSL/TLS certificate, used for ZNC's listening port. Defaults to ~/.znc/znc.pem
SSLCertFile = /home/znc/.znc/znc.pem
SSLCiphers
(since 1.6)
The allowed SSL ciphers. Default value is from Mozilla's recomendations
SSLCiphers = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
SSLDHParamFile
(since 1.7)
The file with Diffie-Hellman parameters of SSL/TLS, used for ZNC's listening port. Defaults to ~/.znc/znc.pem. If the file doesn't contain DH parameters, ciphers which use DH can't be used.
SSLDHParamFile = /home/znc/.znc/znc.pem
SSLKeyFile
(since 1.7)
The file with private key of SSL/TLS certificate, used for ZNC's listening port. Defaults to ~/.znc/znc.pem
SSLKeyFile = /home/znc/.znc/znc.pem
SSLProtocols
(since 1.6)
The accepted SSL protocols. Available protocols are All, SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2. A non-prefixed value overrides any existing values, whereas a '-' or '+' prefixed value disables or enables an additional protocol. It is recommended to keep the ZNC defaults that may change in future versions, and only disable (or enable) additional protocols if necessary. NOTE: ZNC 1.6 disables SSLv2 and SSLv3 by default.
SSLProtocols = +SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2
StatusPrefix The default prefix for status and module queries. Users can override the value.
StatusPrefix = *
TrustedProxy
(since 1.6)
The list of trusted proxies.
TrustedProxy = ...
TrustedProxy = ...
Version The version of ZNC that was used to write the config file.
Version = 1.6.0

Listener

Definition of a port that ZNC listens on. There can be multiple ports, and they can allow different protocols.

AllowIRC Whether the port allows IRC connections.
AllowIRC = true
AllowWeb Whether the port allows web connections.
AllowWeb = true
Host An optional host or IP on which ZNC listens.
Host = ...
IPv4 Whether the port listens using IPv4.
IPv4 = true
IPv6 Whether the port listens using IPv6.
IPv6 = true
Port The port number. WARNING: Some web browsers reject port 6667.
Port = 12345
SSL Whether the port is listening using SSL.
SSL = true
URIPrefix
(since 1.6)
An optional URI prefix for the ZNC web interface. Can be used to make ZNC available behind a reverse proxy.
URIPrefix = /znc/

User

Definition of a user. There can be multiple users and each can have multiple networks.

Admin Whether the user has admin rights.
Admin = true
Allow The list of allowed IPs for the user. Wildcards (*) are supported.
Allow = *
AltNick The default alternate nick used if the primary nick is reserved. Networks can override the value.
AltNick = somebody_
AppendTimestamp Whether timestamps are appended to buffer playback messages. NOTE: Only used for clients that do not support server-time.
AppendTimestamp = false
AuthOnlyViaModule
(since 1.7)
Allow user authentication by external modules only.
AuthOnlyViaModule = false
AutoClearChanBuffer Whether channel buffers are automatically cleared after playback. When disabled, messages are buffered even while clients are attached, and already seen messages may be repeated each time clients connect.
AutoClearChanBuffer = true
AutoClearQueryBuffer
(since 1.6)
Whether query buffers are automatically cleared after playback. When disabled, messages are buffered even while clients are attached, and already seen messages may be repeated each time clients connect.
AutoClearQueryBuffer = true
BindHost An optional bindhost for the user. Must be one of the values specified in the global list of allowed bindhosts.
BindHost = ...
Buffer The maximum amount of lines stored for each channel or query playback buffer. The buffers are stored in memory, and oldest lines are discarded when the limit is reached. Only admin users can exceed the maximum buffer size specified in the global section.
Buffer = 300
ChanBufferSize
(since 1.7)
The maximum amount of lines stored for each channel playback buffer. The buffers are stored in memory, and oldest lines are discarded when the limit is reached. Only admin users can exceed the maximum buffer size specified in the global section.
ChanBufferSize = 300
ChanModes The default modes ZNC sets when joining an empty channel.
ChanModes = +stn
ClientEncoding
(since 1.6)
The client encoding.
ClientEncoding = UTF-8
CTCPReply An optional list of CTCP request-reply-pairs. Syntax: <request> <reply>.
CTCPReply = VERSION unknown v1.0
DCCBindHost An optional bindhost for DCC connections.
DCCBindHost = ...
DenyLoadMod Whether the user is denied access to load modules.
DenyLoadMod = false
DenySetBindHost Whether the user is denied access to set a bindhost.
DenySetBindHost = false
DenySetCTCPReplies
(since 1.9)
Whether the user is denied access to adding/removing CTCP replies.
DenySetCTCPReplies = false
DenySetIdent
(since 1.9)
Whether the user is denied access to setting a ident.
DenySetIdent = false
DenySetNetwork
(since 1.9)
Whether the user is denied access to adding/removing networks/servers.
DenySetNetwork = false
DenySetQuitMsg
(since 1.9)
Whether the user is denied access to setting a quitmsg.
DenySetQuitMsg = false
DenySetRealName
(since 1.9)
Whether the user is denied access to setting a realname.
DenySetRealName = false
Ident The default ident. Networks can override the value.
Ident = znc
JoinTries The amount of times channels are attempted to join in case of a failure eg. due to channel modes +i/+k/+b.
JoinTries = 3
Language
(since 1.7)
Language of UI translation shown for this user. If not specified, English is used.
Language = ru-RU
LoadModule The list of user modules loaded on ZNC startup.
LoadModule = controlpanel
LoadModule = chansaver
MaxJoins
(since 1.2)
The maximum number of channels ZNC joins at once. Lower the value in case getting disconnected for 'Excess flood'.
MaxJoins = 3
MaxNetworks The maximum number of networks the user is allowed to have.
MaxNetworks = 5
MaxQueryBuffers
(since 1.6)
The maximum number of query buffers that are stored. 0 is unlimited.
MaxQueryBuffers = 50
MultiClients Whether multiple clients are allowed to connect simultaneously.
MultiClients = true
Nick The default primary nick. Networks can override the value.
Nick = somebody
NoTrafficTimeout
(since 1.7)
How much time ZNC waits (in seconds) until it receives something from network or declares the connection timeout. This happens after attempts to ping the peer.
NoTrafficTimeout = 180
Password
The password for the user account. It can be in plaintext or hashed with md5 or sha256.

If using hashed password, explicit the hash function name used just before the hash, in the form: <hash name>#<hash>
An md5 hash type can be specified with a dash after the hash.
Optionally a salt (an arbitrary string, concatenated to the plain password - thesalt in this example) can be specified just after the salted hash, in the form: <hash name>#<salted hash>#<salt>#
On linux you can run these commands to calculate the corresponding hashes:
echo -n "hunter2" | md5sum
echo -n "hunter2" | sha256sum
echo -n "hunter2thesalt" | sha256sum

Pass = hunter2

Pass = plain#hunter2
Pass = md5#2ab96390c7dbe3439de74d0c9b0b1767
Pass = 2ab96390c7dbe3439de74d0c9b0b1767 -
Pass = sha256#f52fbd32b2b3b86ff88ef6c490628285f482af15ddcb29541f94bcf526a3f6c7
Pass = sha256#9509bdb169d55773074b1b6181dd85cffb6d2ba1e65d7a61869b9d1df2951b06#thesalt#

PrependTimestamp Whether timestamps are prepended to buffer playback messages. NOTE: Only used for clients that do not support server-time.
PrependTimestamp = true
QueryBufferSize
(since 1.7)
The maximum amount of lines stored for each query playback buffer. The buffers are stored in memory, and oldest lines are discarded when the limit is reached. Only admin users can exceed the maximum buffer size specified in the global section.
QueryBufferSize = 300
QuitMsg The default quit message ZNC uses when disconnecting or shutting down. Networks can override the value.
QuitMsg = ZNC - http://znc.in
RealName The default real name. Networks can override the value.
Real Name = Got ZNC?
Skin The web interface skin.
Skin = _default_
StatusPrefix The prefix for status and module queries.
StatusPrefix = *
TimestampFormat The format of the timestamps used in buffer playback messages. NOTE: Only used for clients that do not support server-time.
TimestampFormat = [%H:%M:%S]
Timezone The timezone used for timestamps in buffer playback messages. NOTE: Only used for clients that do not support server-time.
Timezone = Europe/Berlin

Network

Definition of a network. A user can have multiple networks, up to the limit specified by MaxNetworks.

AltNick An optional network specific alternate nick used if the primary nick is reserved.
AltNick = somebody_
BindHost An optional bindhost for the network. Must be one of the values specified in the global list of allowed bindhosts.
BindHost = ...
Encoding
(since 1.6)
An optional network specific encoding.
Encoding = UTF-8
FloodBurst The maximum amount of lines ZNC sends at once.
FloodBurst = 4
FloodRate The seconds between lines ZNC sends after reaching the FloodBurst limit.
FloodRate = 1.00
Ident An optional network specific ident.
Ident = znc
IRCConnectEnabled Whether the network is enabled ie. connects to IRC.
IRCConnectEnabled = false
JoinDelay
(since 1.6)
The delay in seconds, until channels are joined after getting connected.
JoinDelay = 0
LoadModule The list of network modules loaded on ZNC startup.
LoadModule = simple_away
LoadModule = route_replies
Nick An optional network specific primary nick.
Nick = somebody
QuitMsg
(since 1.6)
An optional network specific quit message ZNC uses when disconnecting or shutting down.
QuitMsg = ZNC - http://znc.in
RealName An optional network specific real name.
RealName = Got ZNC?
Server The list of IRC servers. Prefix the port number with a '+' to enable SSL. Syntax: <host> [[+]port] [password].
Server = irc.libera.chat +6697
TrustAllCerts
(since 1.7)
Disable certificate validation (takes precedence over TrustPKI). INSECURE!
TrustAllCerts = false
TrustPKI
(since 1.7)
Setting this to false will trust only certificates you added fingerprints for.
TrustPKI = true
TrustedServerFingerprint
(since 1.6)
The list of trusted server fingerprints.
TrustedServerFingerprint = fi:ng:er

Chan

Definition of a channel that ZNC joins when it connects to IRC. A network can have multiple channels.

AutoClearChanBuffer Whether the channel specific buffer is automatically cleared after playback.
AutoClearChanBuffer = false
Buffer The maximum amount of lines stored for the channel specific playback buffer.
Buffer = 100
Detached Whether the channel is detached. Detached channels are not visible to clients.
Detached = true
Disabled
(since 1.6)
Whether the channel is disabled. ZNC does not join disabled channels.
Disabled = true
Key An optional channel key.
Key = secret
Modes An optional set of default channel modes ZNC sets when joining an empty channel.
Modes = +stn

Pass

Definition of a password, used by clients to connect to ZNC. Generated using znc --makepass.

ZNC 1.9.0 added support for libargon2. If your ZNC was compiled with argon2 ( /msg *status version or znc -v ) your ZNC will use argon2. All existing user passwords will be transparently upgraded upon login.

SHA-256:

Hash The hash of a salted password.
Hash = 44ccdd8655fb2c9bf8e6026fc51dfeabfd3e361f696c9373c00a496a4dcaed6f
Method The password hashing method.
Method = sha256
Salt A random set of 20 characters for salting the password.
Salt = ,e9a+t9WwSCjR_5:XAQu


Argon2:

Hash The hash of a salted password.
Hash = $argon2id$v=19$m=6144,t=6,p=1$ZXhhbXBsZTEyMzQ1$HOZjBzWTZBs+407psfw5VQ
Method The password hashing method.
Method = Argon2id

Config file change history

Added in 1.9

  • DenySetCTCPReplies (User)
  • DenySetIdent (User)
  • DenySetNetwork (User)
  • DenySetQuitMsg (User)
  • DenySetRealName (User)

Added in 1.7

  • SSLDHParamFile and SSLKeyFile (Global)
  • ChanBufferSize, Language, NoTrafficTimeout and QueryBufferSize (User)
  • TrustAllCerts and TrustPKI (Network)
  • AuthOnlyViaModule (Global, User)

Added in 1.6

  • HideVersion, SSLCiphers, SSLProtocols and TrustedProxy (Global)
  • URIPrefix (Listener)
  • AutoClearQueryBuffer, ClientEncoding and MaxQueryBuffers (User)
  • Encoding, JoinDelay, QuitMsg and TrustedServerFingerprint (Network)
  • Disabled (Chan)

Added in 1.2

  • MaxJoins (User)

Older pre 1.x settings

  • DCCVHost - This is the IP address used for DCC bouncing.
  • BounceDCCs - If set to true, the DCCs will be bounced by ZNC.
  • DCCLookupMethod - If set to default, ZNC will use the IP the clients sends for the DCC connections; if set to client, ZNC will use the IP the client connects from.
  • Listener = [web_only|irc_only] [host or IP] [+]port - Configuration of listening port. Use web_only or irc_only, if you don't want port to be universal. Put host/IP before the port with a space between to bind to a specific IP (notice that in this case the listener can't listen on both ipv4 and ipv6). Then goes the port ZNC will listen on. If the port is prepended with a '+' (without space) then ZNC listens using SSL. You can have several listeners in one ZNC. (Introduced in 0.090, see next chapter for older versions)
  • Listener4 or Listener6 - Exactly the same as Listener, but will use only IPv4 or IPv6.
  • ISpoofFile - ZNC will write the ident of the user trying to connect to this file. Very useful if your shell supports oidentd.
  • ISpoofFormat - The format of the ISpoofFile.

Before 0.096

  • BindHost was named vHost

Before 0.090:

  • Listen was similar to Listener4 from last version, without irc_only/web_only support.
  • Listen6 was similar to Listener or Listener6 (depending on your OS) from last version, without irc_only/web_only support.
  • TODO: When did Listeners become their own substructure?