Tip of the day: You can use a SSL/TLS certificate fingerprints to exempt trusted users from server bans or allow them to send more commands per second. |
Remote includes
Remote includes are a great way to share your configuration settings between servers. Simply specify an URL instead of a file, like this: include "https://user:[email protected]/conf/opers.conf";
Put your (shared) configuration files on a secure location, like a trusted web server and have IRC servers fetch these configuration files when they boot or the configuration is /REHASH'ed.
Even better. If you have a multi-server network, then you can change the configuration file(s) on the web server and just run REHASH -global
on IRC. All IRC servers on your network will then reload the configuration, including your changes.
You can also use URLs in other places where a file is expected in the configuration, for example: set { staff-file "https://example.org/staff.txt"; }
Requirements
In the Windows version, remote includes support is always enabled.
On *NIX, in UnrealIRCd 6 remote includes are always available for https:// links. So only if you need support for protocols other than HTTPS (such as SMB or FTP) then you need to run ./Config
and answer Yes to the cURL remote includes question and recompile UnrealIRCd.
Example
In the example below we will assume you have a website called admin.example.org:
Create and password-protect a HTTP directory
Note: operations below are executed on the shell and assume shell access, it also assumes you use Apache (see further down for Nginx). You may possibly achieve the same via an admin panel like cPanel and SCP/SFTP.
- SSH to your www shell, go to the WWW directory and create a directory to store the configuration files:
irc@system:~$ cd public_html irc@system:~/public_html$ mkdir conf irc@system:~/public_html$ cd conf irc@system:~/public_html/conf$
- Create an .htaccess file
irc@system:~/public_html/conf$ nano .htaccess
Put in that file the following (change the path where needed!):
AuthType Basic AuthName "restricted test" AuthUserFile /home/irc/public_html/conf/.htpasswd Require valid-user
- Create a .htpasswd file with the appropriate password
irc@system:~/public_html/conf$ htpasswd -c /home/irc/public_html/conf/.htpasswd restricted New password: Re-type new password: Adding password for user 'restricted'
- Create or upload a file called opers.conf in this ~/public_html/conf/ directory.
Use remote includes to fetch the conf
This is simple, you just write down the URL in the include directive. In our example that would be like this:
HTTPS is best, but requires your site to have HTTPS enabled:
include "https://restricted:[email protected]/conf/opers.conf";
Nginx tips
If you use nginx rather than apache as webserver, the way to configure the location is:
location ~* ^/conf/*$ { auth_basic "Remote configuration"; auth_basic_user_file /home/irc/public_html/conf/.htpasswd; }
What if your web server is down
When UnrealIRCd can't load a remote file it will used a "cached copy" (stored in the cache/
subdirectory in UnrealIRCd). A cached copy is always available, unless you are using the URL for the first time.
This way, you can safely use remote files. Even if there's a (partial) internet outage or some problem with the web server, your IRC servers will still be able to boot or REHASH. (Many years ago this wasn't the case and an outage of the web servers would cause a really problematic situation)