# Self hosted: Remain connected to irc even when **you** are offline - ft. weechat relay.
Prerequisites:
- A stable server somewhere:
AnyOf:
- VPS instance on AWS/Linode/Droplet/GCS etc
- Personal Desktop Computer that remains online 24/7 +
Good network (public ipv4 address / ipv6 support)
- Raspberry Pi etc +
Good network (public ipv4 address / ipv6 support)
- Familiarity with the command line (terminal) on a Linux system
Recommended:
- A domain name # so you can use a familiar url to connect instead of an ip address
- These ports accesible on your server or ability to open these:
AllOf:
- "80" # We'll require this for letsencrypt (or some other) certificate
- "9001" # A port for the relay to listen on. Any will do, 9001 is conventional.
We shall be assuming you have taken care of the prerequisites. If you are hesitant about VPS, trust me, you could keep your cost fairly down ~ $2pm. (You could even get it under free-tier/student-free-tier at some service providers)
Also, I am assuming you know how to get into your vps/computer say with ssh or sitting in front of it.
First I'll go through some basic software install and OS setup setups ([Install](#0---install-necessary-packages),[OS-Setup](#1---setup-system-and-security)).
Then we'll take a tour of our star of this show - weechat. ([Weechat](#2---Setting-up-weechat))
Lastly we'll setup the relay, so you can connect from anywhere to your persistent irc connection. ([Relay](#3---Setting-up-a-relay))
I will be using Alpine Linux as choice of OS for the sake of this tutorial.
Advantages include:
- Lightweight requirements:
- storage : < 1GB # my actual usage was ~250MB but my cloud host's minimum storage tier is a 1GB vdisk.
- ram : < 500MB
- Security hardened by default (supposedly)
- It works without much fuss ¯\_(ツ)_/¯
If you use different OS you may need to translate the exact commands for the first two base setup sections ([Install](#0---install-necessary-packages), [OS-Setup](#1---setup-system-and-security)). But you can follow thereafter.
## 0 - Install necessary packages.
With alpine installing packages is a breeze!
sudo apk add weechat
sudo apk add tmux
sudo apk add nano
#firewall for protection
sudo apk add awall awall-policies
#letsencrypt certificate
sudo apk add certbot
And that's about all you'll need!
## 1 - Setup system and security
sudo setup-alpine # Just follow the instructions, the defaults _should_ be fine
sudo setup-firewall
By default the firewall blocks almost all incoming connections . (That's good!)
If above is not true for your system, you're on your own (on this front) :p
We'll open up what we need. (port 80 and 9001 that is)
To configure alpine's firewall (i.e awall) we need to put little json files at /etc/awall/optional/ on the file system.
The exact format of instructions in these files is out of scope for this tutorial. You can look at [zero-to-awall](https://wiki.alpinelinux.org/wiki/Zero-To-Awall#Service_policies) on their wiki to get a clue.
On simple inspection they should give you a fair idea what's happening though.
This file should do the job.
>custom-irc-relay.json
{
"description": "IRC relay open",
"filter": [ { "out": "_fw", "service": { "proto": "tcp", "port": 9001 } } ]
}
Use nano to write the file contents, then:
# Copy it over so awall knows about it
cp custom-irc.json /etc/awall/optional/
# Enable the ports in awall
sudo awall enable adp-http-server
sudo awall enable custom-irc-relay
## 2 - Setting up weechat
Let's start weechat. But first we'll open tmux session.
Tmux will allow our application to run on the server even when we disconnect our ssh connction, or close the shell (terminal).
To open a named termux session:
tmux new-session -s WeechatSession
Whatever follows the `-s` will be the name of your tmux "session". Tmux sessions can continue running in the background even when you disconnect from ssh or close the terminal window. We name them so we can easily reconnect later.
For example if you detach from the session (say using 'Ctrl+B' then pressing 'D')
To reconnect to a detached session you can `tmux attach-session -d WeechatSession`
Once you're in a tmux session. We start weechat!
weechat
simple!
Ok now, if you've used irc / weechat before you prabably know how to set your nickname and other cool tricks.
But we'll go through it here again for completeness. (+ it was new to me!)
### Weechat basics (skip if you got this)
The whole weechat tui can seem intimidating, but just focus on what you can do: type commands / text in that little bar at the bottom.
First we'll run one of my fave first commands.
/mouse enable
> // Why isn't this the default!? This will let you use your mouse pointer to scroll and navigate the ui a little. Try clicking and scrolling randomly :p.
Tip: Another very useful command is `/help`. It followed by any other command name (above the name is "mouse") will give you info about how to use them etc.
To set any settings we'll use the set command. Some examples:
/set irc.server_default.nicks "matabeno,notabene,allonsy"
/set irc.server_default.realname "Real Who"
Tip: In weechat just entering /set without any options should show you all the settings available.
We're going to leave weechat on, so it can stay connected to irc networks and keep getting and saving messages.
So just detach from the session without quitting (`Ctrl+B` then press `D`)
Tip: To close weechat explicitly use /quit command
#### Todo:
- irc network server setup section
- configure logs to rotate by day
## 3 - Setting up a relay
First we'll set the relay password. As soon as you open the relay you're open to an onslaught of malicious connections. So we'll set protection right away.
/set relay.network.password "myveryniceandseriouslygoodpassword"
To connect to your relay another thing is essential, [SSL], so no one enroute can spy over your communications.
To enable ssl we need the serve to have a certificate.
A simple self signed certificate can be generated by `openssl req -nodes -newkey rsa:2048 -keyout relay.pem -x509 -out relay.pem` . But I don't recommend it.
Self-signed certificates are not by default trusted by browsers, nor many other ssl capable clients as their legitimacy can't be automatically verified. So you'd have to disable the secuity. And that's a bad deal overall. Instead opting for a validated cert is very easy and convenient.
### Recommended: Obtain a certificate from letsencrypt
sudo apk add certbot
Assuming you have registered a domain name, and it points to your server computer get a cert for it like below:
# obtain test cert to make sure certbot is working fine
sudo certbot certonly --standalone --test-cert -d your.domain.name
# after fixing any problems in previous step, go for it
sudo certbot certonly --standalone -d your.domain.name
Once you have the cert we just need to pass it over for wechat to use. (Replace with your domain name)
# copy over the different parts of cert into one file weechat can access
sudo cat /etc/letsencrypt/live//privkey.pem >> ~/.weechat/ssl/relay.pem
sudo cat /etc/letsencrypt/live//fullchain.pem >> ~/.weechat/ssl/relay.pem
### Turning on your relay!
Get back into weechat (if detached):
tmux attach-session -d WeechatSession
Then we'll start the relay in two steps
# 1. Ask the program to load the cert we presented it earlier.
/relay sslcertkey
# 2. Start an ssl weechat relay on your post of choice
/relay add ssl.weechat 9001
Yay! we have a relay set.
Weechat can remain connected to your irc networks and you have opened a secure relay so you can connect to it from anywhere to read your messages.
But now what? How do we connect to it from our portable devices?.
You can use a relay client to connect to your irc relay. Many people recommend [glowing-bear](https://www.glowing-bear.org)
Dedicated irc-relay clients for Android/iOS can also be found.
---
You may find me on oftc going by cenne [irc-link]