To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.
Configuration: Difference between revisions
m PASS field: improved the description, added linux command to calculate hashed/salted the password |
m Updated the PASSWORD key command name based on the 1.8 version test |
||
Line 371: | Line 371: | ||
| <tt>NoTrafficTimeout = 180</tt> | | <tt>NoTrafficTimeout = 180</tt> | ||
|- | |- | ||
| rowspan="2" | ''' | | rowspan="2" | '''Password'''<br/> | ||
| The password for the user account. It can be in plaintext or hashed with md5 or sha256.<br/> | | The password for the user account. It can be in plaintext or hashed with md5 or sha256.<br/> | ||
If using hashed password, explicit the hash function name used just before the hash, in the form: <hash name>#<hash><br/> | If using hashed password, explicit the hash function name used just before the hash, in the form: <hash name>#<hash><br/> |
Latest revision as of 22:21, 28 December 2024
Creating a config file
To generate a basic configuration file, run znc --makeconf
after installation.
It is NOT a good idea to create a new config file manually, please use znc --makeconf
!
File locations
- Configuration - ZNC gets its configuration by reading the file
~/.znc/configs/znc.conf
. - Misc - Other files are also stored in the
~/.znc
directory, such as the SSL certificate (znc.pem) and the PidFile (znc.pid). - Local Modules - Stored in
~/.znc/modules
. ZNC will look in the local module directory first when trying to load a module. - Global Modules - Stored in
/usr/local/lib/znc
by default (where/usr/local
is the prefix you chose). This is/usr/lib/znc
if you used the Debian package. - Binaries -
znc
,znc-config
, andznc-buildmod
are all stored in/usr/local/bin
(or in/usr/bin
) by default. You can change this when you configure by using./configure --prefix=/whatever/path/you/want
.
Editing config
In most cases you should NOT edit znc.conf directly. Use webadmin instead.
If you really need to edit znc.conf by hand, do the following:
- pkill -SIGUSR1 znc
- to save current runtime configuration to znc.conf
- pkill znc
- to shutdown running ZNC instance
- Edit znc.conf
- znc
- to start it again with new configuration
Config file structure
The following pseudo content illustrates the config structure with single listener, user, network and channel. Naturally, there can be multiple instances of each.
Key = Value <Listener name> Key = Value </Listener> <User name> Key = Value <Network name> Key = Value <Chan name> Key = Value </Chan> </Network> <Pass password> Key = Value </Pass> </User>
Config file settings
ZNC 1.6 configuration file consists of the following settings. All values are examples.
Global
AnonIPLimit | The limit of anonymous unidentified connections per IP. |
AnonIPLimit = 10 | |
AuthOnlyViaModule (since 1.7) |
Allow user authentication by external modules only. |
AuthOnlyViaModule = false | |
BindHost | The list of allowed bindhosts. Users can select one of these values. |
BindHost = ... BindHost = ... | |
ConnectDelay | The number of seconds every IRC connection is delayed. IRC servers may refuse a connection when reconnecting too fast. NOTE: Affects connections between ZNC and IRC servers; not connections between IRC clients and ZNC. |
ConnectDelay = 5 | |
HideVersion (since 1.6) |
Whether the version number is hidden from the web interface and CTCP VERSION replies. |
HideVersion = true | |
LoadModule | The list of global modules loaded on ZNC startup. |
LoadModule = webadmin LoadModule = modperl LoadModule = modpython | |
MaxBufferSize | The maximum playback buffer size. Only admin users can exceed the limit. |
MaxBufferSize = 500 | |
Motd | The list of "message of the day" lines that are sent to clients on connect via notice from *status. |
Motd = ... Motd = ... | |
PidFile | An optional PID file location. See the FAQ for how to crontab ZNC. |
PidFile = /home/znc/.znc/znc.pid | |
ProtectWebSessions | Whether IP changing during each web session is disallowed. |
ProtectWebSessions = true | |
ServerThrottle | The number of seconds between connect attempts to the same hostname. |
ServerThrottle = 30 | |
Skin | The default web interface skin. Users can override the value. |
Skin = _default_ | |
SSLCertFile | The file with SSL/TLS certificate, used for ZNC's listening port. Defaults to ~/.znc/znc.pem |
SSLCertFile = /home/znc/.znc/znc.pem | |
SSLCiphers (since 1.6) |
The allowed SSL ciphers. Default value is from Mozilla's recomendations |
SSLCiphers = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 | |
SSLDHParamFile (since 1.7) |
The file with Diffie-Hellman parameters of SSL/TLS, used for ZNC's listening port. Defaults to ~/.znc/znc.pem. If the file doesn't contain DH parameters, ciphers which use DH can't be used. |
SSLDHParamFile = /home/znc/.znc/znc.pem | |
SSLKeyFile (since 1.7) |
The file with private key of SSL/TLS certificate, used for ZNC's listening port. Defaults to ~/.znc/znc.pem |
SSLKeyFile = /home/znc/.znc/znc.pem | |
SSLProtocols (since 1.6) |
The accepted SSL protocols. Available protocols are All, SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2. A non-prefixed value overrides any existing values, whereas a '-' or '+' prefixed value disables or enables an additional protocol. It is recommended to keep the ZNC defaults that may change in future versions, and only disable (or enable) additional protocols if necessary. NOTE: ZNC 1.6 disables SSLv2 and SSLv3 by default. |
SSLProtocols = +SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2 | |
StatusPrefix | The default prefix for status and module queries. Users can override the value. |
StatusPrefix = * | |
TrustedProxy (since 1.6) |
The list of trusted proxies. |
TrustedProxy = ... TrustedProxy = ... | |
Version | The version of ZNC that was used to write the config file. |
Version = 1.6.0 |
Listener
Definition of a port that ZNC listens on. There can be multiple ports, and they can allow different protocols.
AllowIRC | Whether the port allows IRC connections. |
AllowIRC = true | |
AllowWeb | Whether the port allows web connections. |
AllowWeb = true | |
Host | An optional host or IP on which ZNC listens. |
Host = ... | |
IPv4 | Whether the port listens using IPv4. |
IPv4 = true | |
IPv6 | Whether the port listens using IPv6. |
IPv6 = true | |
Port | The port number. WARNING: Some web browsers reject port 6667. |
Port = 12345 | |
SSL | Whether the port is listening using SSL. |
SSL = true | |
URIPrefix (since 1.6) |
An optional URI prefix for the ZNC web interface. Can be used to make ZNC available behind a reverse proxy. |
URIPrefix = /znc/ |
User
Definition of a user. There can be multiple users and each can have multiple networks.
Admin | Whether the user has admin rights. |
Admin = true | |
Allow | The list of allowed IPs for the user. Wildcards (*) are supported. |
Allow = * | |
AltNick | The default alternate nick used if the primary nick is reserved. Networks can override the value. |
AltNick = somebody_ | |
AppendTimestamp | Whether timestamps are appended to buffer playback messages. NOTE: Only used for clients that do not support server-time. |
AppendTimestamp = false | |
AuthOnlyViaModule (since 1.7) |
Allow user authentication by external modules only. |
AuthOnlyViaModule = false | |
AutoClearChanBuffer | Whether channel buffers are automatically cleared after playback. When disabled, messages are buffered even while clients are attached, and already seen messages may be repeated each time clients connect. |
AutoClearChanBuffer = true | |
AutoClearQueryBuffer (since 1.6) |
Whether query buffers are automatically cleared after playback. When disabled, messages are buffered even while clients are attached, and already seen messages may be repeated each time clients connect. |
AutoClearQueryBuffer = true | |
BindHost | An optional bindhost for the user. Must be one of the values specified in the global list of allowed bindhosts. |
BindHost = ... | |
Buffer | The maximum amount of lines stored for each channel or query playback buffer. The buffers are stored in memory, and oldest lines are discarded when the limit is reached. Only admin users can exceed the maximum buffer size specified in the global section. |
Buffer = 300 | |
ChanBufferSize (since 1.7) |
The maximum amount of lines stored for each channel playback buffer. The buffers are stored in memory, and oldest lines are discarded when the limit is reached. Only admin users can exceed the maximum buffer size specified in the global section. |
ChanBufferSize = 300 | |
ChanModes | The default modes ZNC sets when joining an empty channel. |
ChanModes = +stn | |
ClientEncoding (since 1.6) |
The client encoding. |
ClientEncoding = UTF-8 | |
CTCPReply | An optional list of CTCP request-reply-pairs. Syntax: <request> <reply>. |
CTCPReply = VERSION unknown v1.0 | |
DCCBindHost | An optional bindhost for DCC connections. |
DCCBindHost = ... | |
DenyLoadMod | Whether the user is denied access to load modules. |
DenyLoadMod = false | |
DenySetBindHost | Whether the user is denied access to set a bindhost. |
DenySetBindHost = false | |
DenySetCTCPReplies (since 1.9) |
Whether the user is denied access to adding/removing CTCP replies. |
DenySetCTCPReplies = false | |
DenySetIdent (since 1.9) |
Whether the user is denied access to setting a ident. |
DenySetIdent = false | |
DenySetNetwork (since 1.9) |
Whether the user is denied access to adding/removing networks/servers. |
DenySetNetwork = false | |
DenySetQuitMsg (since 1.9) |
Whether the user is denied access to setting a quitmsg. |
DenySetQuitMsg = false | |
DenySetRealName (since 1.9) |
Whether the user is denied access to setting a realname. |
DenySetRealName = false | |
Ident | The default ident. Networks can override the value. |
Ident = znc | |
JoinTries | The amount of times channels are attempted to join in case of a failure eg. due to channel modes +i/+k/+b. |
JoinTries = 3 | |
Language (since 1.7) |
Language of UI translation shown for this user. If not specified, English is used. |
Language = ru-RU | |
LoadModule | The list of user modules loaded on ZNC startup. |
LoadModule = controlpanel LoadModule = chansaver | |
MaxJoins (since 1.2) |
The maximum number of channels ZNC joins at once. Lower the value in case getting disconnected for 'Excess flood'. |
MaxJoins = 3 | |
MaxNetworks | The maximum number of networks the user is allowed to have. |
MaxNetworks = 5 | |
MaxQueryBuffers (since 1.6) |
The maximum number of query buffers that are stored. 0 is unlimited.
|
MaxQueryBuffers = 50 | |
MultiClients | Whether multiple clients are allowed to connect simultaneously. |
MultiClients = true | |
Nick | The default primary nick. Networks can override the value. |
Nick = somebody | |
NoTrafficTimeout (since 1.7) |
How much time ZNC waits (in seconds) until it receives something from network or declares the connection timeout. This happens after attempts to ping the peer. |
NoTrafficTimeout = 180 | |
Password |
The password for the user account. It can be in plaintext or hashed with md5 or sha256. If using hashed password, explicit the hash function name used just before the hash, in the form: <hash name>#<hash> |
Pass = hunter2 Pass = plain#hunter2 | |
PrependTimestamp | Whether timestamps are prepended to buffer playback messages. NOTE: Only used for clients that do not support server-time. |
PrependTimestamp = true | |
QueryBufferSize (since 1.7) |
The maximum amount of lines stored for each query playback buffer. The buffers are stored in memory, and oldest lines are discarded when the limit is reached. Only admin users can exceed the maximum buffer size specified in the global section. |
QueryBufferSize = 300 | |
QuitMsg | The default quit message ZNC uses when disconnecting or shutting down. Networks can override the value. |
QuitMsg = ZNC - http://znc.in | |
RealName | The default real name. Networks can override the value. |
Real Name = Got ZNC? | |
Skin | The web interface skin. |
Skin = _default_ | |
StatusPrefix | The prefix for status and module queries. |
StatusPrefix = * | |
TimestampFormat | The format of the timestamps used in buffer playback messages. NOTE: Only used for clients that do not support server-time. |
TimestampFormat = [%H:%M:%S] | |
Timezone | The timezone used for timestamps in buffer playback messages. NOTE: Only used for clients that do not support server-time. |
Timezone = Europe/Berlin |
Network
Definition of a network. A user can have multiple networks, up to the limit specified by MaxNetworks.
AltNick | An optional network specific alternate nick used if the primary nick is reserved. |
AltNick = somebody_ | |
BindHost | An optional bindhost for the network. Must be one of the values specified in the global list of allowed bindhosts. |
BindHost = ... | |
Encoding (since 1.6) |
An optional network specific encoding. |
Encoding = UTF-8 | |
FloodBurst | The maximum amount of lines ZNC sends at once. |
FloodBurst = 4 | |
FloodRate | The seconds between lines ZNC sends after reaching the FloodBurst limit. |
FloodRate = 1.00 | |
Ident | An optional network specific ident. |
Ident = znc | |
IRCConnectEnabled | Whether the network is enabled ie. connects to IRC. |
IRCConnectEnabled = false | |
JoinDelay (since 1.6) |
The delay in seconds, until channels are joined after getting connected. |
JoinDelay = 0 | |
LoadModule | The list of network modules loaded on ZNC startup. |
LoadModule = simple_away LoadModule = route_replies | |
Nick | An optional network specific primary nick. |
Nick = somebody | |
QuitMsg (since 1.6) |
An optional network specific quit message ZNC uses when disconnecting or shutting down. |
QuitMsg = ZNC - http://znc.in | |
RealName | An optional network specific real name. |
RealName = Got ZNC? | |
Server | The list of IRC servers. Prefix the port number with a '+' to enable SSL. Syntax: <host> [[+]port] [password]. |
Server = irc.libera.chat +6697 | |
TrustAllCerts (since 1.7) |
Disable certificate validation (takes precedence over TrustPKI). INSECURE! |
TrustAllCerts = false | |
TrustPKI (since 1.7) |
Setting this to false will trust only certificates you added fingerprints for. |
TrustPKI = true | |
TrustedServerFingerprint (since 1.6) |
The list of trusted server fingerprints. |
TrustedServerFingerprint = fi:ng:er |
Chan
Definition of a channel that ZNC joins when it connects to IRC. A network can have multiple channels.
AutoClearChanBuffer | Whether the channel specific buffer is automatically cleared after playback. |
AutoClearChanBuffer = false | |
Buffer | The maximum amount of lines stored for the channel specific playback buffer. |
Buffer = 100 | |
Detached | Whether the channel is detached. Detached channels are not visible to clients. |
Detached = true | |
Disabled (since 1.6) |
Whether the channel is disabled. ZNC does not join disabled channels. |
Disabled = true | |
Key | An optional channel key. |
Key = secret | |
Modes | An optional set of default channel modes ZNC sets when joining an empty channel. |
Modes = +stn |
Pass
Definition of a password, used by clients to connect to ZNC. Generated using znc --makepass
.
ZNC 1.9.0 added support for libargon2. If your ZNC was compiled with argon2 ( /msg *status version
or znc -v
) your ZNC will use argon2. All existing user passwords will be transparently upgraded upon login.
SHA-256:
Hash | The hash of a salted password. |
Hash = 44ccdd8655fb2c9bf8e6026fc51dfeabfd3e361f696c9373c00a496a4dcaed6f | |
Method | The password hashing method. |
Method = sha256 | |
Salt | A random set of 20 characters for salting the password. |
Salt = ,e9a+t9WwSCjR_5:XAQu |
Argon2:
Hash | The hash of a salted password. |
Hash = $argon2id$v=19$m=6144,t=6,p=1$ZXhhbXBsZTEyMzQ1$HOZjBzWTZBs+407psfw5VQ | |
Method | The password hashing method. |
Method = Argon2id |
Config file change history
Added in 1.9
- DenySetCTCPReplies (User)
- DenySetIdent (User)
- DenySetNetwork (User)
- DenySetQuitMsg (User)
- DenySetRealName (User)
Added in 1.7
- SSLDHParamFile and SSLKeyFile (Global)
- ChanBufferSize, Language, NoTrafficTimeout and QueryBufferSize (User)
- TrustAllCerts and TrustPKI (Network)
- AuthOnlyViaModule (Global, User)
Added in 1.6
- HideVersion, SSLCiphers, SSLProtocols and TrustedProxy (Global)
- URIPrefix (Listener)
- AutoClearQueryBuffer, ClientEncoding and MaxQueryBuffers (User)
- Encoding, JoinDelay, QuitMsg and TrustedServerFingerprint (Network)
- Disabled (Chan)
Added in 1.2
- MaxJoins (User)
Older pre 1.x settings
- DCCVHost - This is the IP address used for DCC bouncing.
- BounceDCCs - If set to
true
, the DCCs will be bounced by ZNC. - DCCLookupMethod - If set to
default
, ZNC will use the IP the clients sends for the DCC connections; if set toclient
, ZNC will use the IP the client connects from. - Listener = [web_only|irc_only] [host or IP] [+]port - Configuration of listening port. Use web_only or irc_only, if you don't want port to be universal. Put host/IP before the port with a space between to bind to a specific IP (notice that in this case the listener can't listen on both ipv4 and ipv6). Then goes the port ZNC will listen on. If the port is prepended with a '+' (without space) then ZNC listens using SSL. You can have several listeners in one ZNC. (Introduced in 0.090, see next chapter for older versions)
- Listener4 or Listener6 - Exactly the same as Listener, but will use only IPv4 or IPv6.
- ISpoofFile - ZNC will write the ident of the user trying to connect to this file. Very useful if your shell supports oidentd.
- ISpoofFormat - The format of the ISpoofFile.
Before 0.096
- BindHost was named vHost
Before 0.090:
- Listen was similar to Listener4 from last version, without irc_only/web_only support.
- Listen6 was similar to Listener or Listener6 (depending on your OS) from last version, without irc_only/web_only support.
- TODO: When did Listeners become their own substructure?