Ratbox with SSL
Before we begin you should understand that this howto works with development code and tools. If you are not comfortable working with and compiling code then you should wait for its release. Secondly I am not going to go through how to configure a working IRCd, instead just how to manage the SSL bits. This particular setup is aimed at VoidNet but should be good for all.
Building the IRCd
The current stable release of ratbox (2.2.8 at the time of writing) doesn't contain the code for IRCS, so we need to download the development code (note that I unpack a particular revision that I know works, you can try the latest code to see how it goes).
$ svn co http://svn.ratbox.org/svnroot/ircd-ratbox/trunk ratbox-svn .... output .... $ cd ratbox-svn
Thanks to the ratbox developers we now have all the required parts for VoidNet within the actual ratbox code, so there is no need for our patches anymore.
Now we need to configure that source, obviously you should work out what options you actually want here, I will setup an VoidNet IRCd here.
$ ./configure --enable-small-net --enable-services --enable-ssl \ --disable-dependency-tracking --enable-sslonly-channels \ --with-nicklen=10 .... output .... Compiling libratbox devel Installing into: /usr/local/ircd IPv6 support ................... yes Assert debugging ............... no Block allocator ................ yes OpenSSL ........................ yes Compiling ircd-ratbox devel Installing into: /usr/local/ircd Ziplinks ....................... yes OpenSSL ........................ yes Modules ........................ shared IPv6 support ................... no IO Debugging hooks ............. no Assert debugging ............... no Small network .................. yes ratbox-services compatibility .. yes Configured limits: NICKLEN ................. 10
You must confirm that the OpenSSL is marked as yes. If you find it isn't then it is possible that you are missing openssl from your system (or the -dev/-devel packages). Install those and run the configure again. Then we can continue and make:
$ make .... output ....
And it should continue to build fine at which point you can install the IRCd with:
$ make install .... output ....
Now you should go away and setup the ratbox ircd.conf and make your ratbox work without SSL. This will ensure you have a working configuration before we attempt to add SSL to it.
SSL Preparation
OK, so now we have a working IRCd and wish to add SSL clients to it. We need to prepare a certificate first. If you are on VoidNet you need to speak to me to get a valid certificate, this is just for others!
$ mkdir /usr/local/ircd/etc/ssl $ cd /usr/local/ircd/etc/ssl $ openssl req -new -nodes -out req.pem .... Fill in the details for the certificate .... $ openssl req -x509 -days 3650 -in req.pem -key privkey.pem -out cert.pem $ openssl dhparam -out dh.pem 2048 .... LOTS of output .... $ mv privkey.pem rsa.key $ chmod og-rwx req.pem cert.pem rsa.key
Now we have all the bits in place, all we need to do is setup the IRCd to
use it. Edit your ircd.conf then within the serverinfo { }
section, add:
ssl_private_key = "etc/ssl/rsa.key";
ssl_cert = "etc/ssl/cert.pem";
ssl_dh_params = "etc/ssl/dh.pem";
ssld_count = 1;
And again in your ircd.conf but within the listen { } block
add in your SSL port to listen on:
sslport = 6697;
Start up your IRCd again and you should now have a working SSL port :)
If you want to link two servers with SSL, then use the ssl port to link on and add ssl to the flags for the server link.
I would like to offer thanks to AndroSyn, who gave me the information I needed to get this working. He has also responded to all our queries and fixed all the bugs we have come across! I also owe thanks to remorse who created the original +S patches for us. For anyone who is interested, you can connect to VoidNet via SSL on irc.trance.net:6697 :)
