Tip of the day: You can use a SSL/TLS certificate fingerprints to exempt trusted users from server bans or allow them to send more commands per second.

Remote includes

From UnrealIRCd documentation wiki
Jump to navigation Jump to search
This page contains changes which are not marked for translation.
Other languages:

Remote includes are a great way to share your configuration settings between servers. Simply specify an URL instead of a file, like this: include "https://user:[email protected]/conf/opers.conf";

Put your (shared) configuration files on a secure location, like a trusted web server and have IRC servers fetch these configuration files when they boot or the configuration is /REHASH'ed.

Even better. If you have a multi-server network, then you can change the configuration file(s) on the web server and just run REHASH -global on IRC. All IRC servers on your network will then reload the configuration, including your changes.

You can also use URLs in other places where a file is expected in the configuration, for example: set { staff-file "https://example.org/staff.txt"; }

Requirements

In the Windows version, remote includes support is always enabled.

On *NIX, in UnrealIRCd 6 remote includes are always available for https:// links. So only if you need support for protocols other than HTTPS (such as SMB or FTP) then you need to run ./Config and answer Yes to the cURL remote includes question and recompile UnrealIRCd.

Example

In the example below we will assume you have a website called admin.example.org:

Create and password-protect a HTTP directory

Note: operations below are executed on the shell and assume shell access, it also assumes you use Apache (see further down for Nginx). You may possibly achieve the same via an admin panel like cPanel and SCP/SFTP.

  • SSH to your www shell, go to the WWW directory and create a directory to store the configuration files:
irc@system:~$ cd public_html
irc@system:~/public_html$ mkdir conf
irc@system:~/public_html$ cd conf
irc@system:~/public_html/conf$
  • Create an .htaccess file
irc@system:~/public_html/conf$ nano .htaccess

Put in that file the following (change the path where needed!):

AuthType Basic
AuthName "restricted test"
AuthUserFile /home/irc/public_html/conf/.htpasswd
Require valid-user
  • Create a .htpasswd file with the appropriate password
irc@system:~/public_html/conf$ htpasswd -c /home/irc/public_html/conf/.htpasswd restricted
New password:
Re-type new password:
Adding password for user 'restricted'
  • Create or upload a file called opers.conf in this ~/public_html/conf/ directory.

Use remote includes to fetch the conf

This is simple, you just write down the URL in the include directive. In our example that would be like this:

HTTPS is best, but requires your site to have HTTPS enabled:

include "https://restricted:[email protected]/conf/opers.conf";

Nginx tips

If you use nginx rather than apache as webserver, the way to configure the location is:

location ~* ^/conf/*$ {
   auth_basic "Remote configuration";
   auth_basic_user_file /home/irc/public_html/conf/.htpasswd;
}

What if your web server is down

When UnrealIRCd can't load a remote file it will used a "cached copy" (stored in the cache/ subdirectory in UnrealIRCd). A cached copy is always available, unless you are using the URL for the first time.

This way, you can safely use remote files. Even if there's a (partial) internet outage or some problem with the web server, your IRC servers will still be able to boot or REHASH. (Many years ago this wasn't the case and an outage of the web servers would cause a really problematic situation)