Listen block

The listen block defines the TCP/IP ports and/or UNIX socket that the IRCd will listen on.

Syntax
listen { /* For IPv4 or IPv6: */ ip ; port ; /* For UNIX sockets: */ file ; mode ; spoof-ip ;

/* Options: */ options { ;		 ;		...	};

/* Specific SSL/TLS configuration to this listen block */ tls-options { ...	}; };

ip
Simply set ip to * (an asterisk) to bind to all available IP's on the machine, OR specify an IP to only bind to that IP address (this latter is usually required at shell providers).

port
This is the port you want to listen on, like 6667. You can also specify a port range, like 6667-6669.

file
This is the full path (filename) to a UNIX socket that will be created on the machine. This feature is rarely used, so if you don't what this is then don't use and don't set it. If you have a file item then you cannot have an ip or port in the same listen block.

mode
Optionally, if the listener is a file, then you can specify permissions mode here. Valid choices are: 0700 (user only, rwx--, the default), 0770 (user and group, rwxrwx---), and 0777 (world writable, rwxrwxrwx, not recommended). This can be useful if you have a webserver on the same machine which needs to access the *NIX socket, for example. This option only exists in UnrealIRCd 6.0.6 or later.

spoof-ip
If the socket is a file, then connections over this UNIX domain socket are spoofed to come from  by default. You can override this by setting spoof-ip to a different IP address. This can be useful for Running Tor hidden service with UnrealIRCd. This requires UnrealIRCd 6.1.0 or higher

options block (optional)
You can specify options for the port. Valid options are:
 * tls: SSL/TLS encrypted port
 * clientsonly: port is only for clients
 * serversonly: port is only for servers
 * websocket: port is for WebSocket. You also need to specify a type, like:
 * rpc: for remote control via JSON-RPC

tls-options block (optional)
Valid options are all the SSL/TLS settings that also exist in set::tls. For example you may want to use an Lets Encrypt certificate/key on all normal client ports (via set::tls::certificate). But for this port you want to use another SSL certificate/key: listen { ...       tls-options { certificate "ssl/server.cert.pem"; key "ssl/server.key.pem"; }; };

Standard port 6667, insecure plaintext
listen { ip *; port 6667; };

Standard SSL/TLS port 6697
listen { ip *; port 6697; options { tls; }; };

Or, with a Let's Encrypt certificate: listen { ip *; port 6697; options { tls; }; tls-options { certificate "/etc/letsencrypt/live/irc.example.org/fullchain.pem"; key "/etc/letsencrypt/live/irc.example.org/privkey.pem"; }; };

Websocket port
Example of Websockets on port 8000 with Let's Encrypt certificate: listen { ip *; port 8000; options { tls; websocket { type text; } // type must be either 'text' or 'binary' };   tls-options { certificate "/etc/letsencrypt/live/irc.example.org/fullchain.pem"; key "/etc/letsencrypt/live/irc.example.org/privkey.pem"; options { no-client-certificate; };   }; };

JSON-RPC port
A JSON-RPC port: listen { ip *; port 8600; options { rpc; } } NOTE: this requires including, see JSON-RPC.