Today I installed and configured an IRC daemon. Although there are many existing networks, I’ve always wanted to try hosting one myself. I used ngircd and FreeBSD and it was a very pleasant experience. Let’s walk through how to setup an IRC server on FreeBSD.

We will be setting up a very basic irc server without any services (ie NickServ, ChanServ, BotServ, etc). While services are very useful, they aren’t a hard requirement.

Get a server

I used the FreeBSD 12.2-RELEASE image with ZFS on a VPS. A VPS is not required, you could choose to run your IRC server out of your house. The steps will be mostly the same either way.

Install ngircd

ssh into your system and install ngircd.

$ pkg install ngircd 

Generate SSL certs

In order to prevent password sniffing, we’ll need to configure ngircd to use TLS. OpenSSl comes with the base system and we can use it to create SSL certificates.

$ mkdir -p /usr/local/etc/ssl
$ cd /usr/local/etc/ssl
$ openssl req -newkey rsa:2048 -x509 -keyout server-key.pem -out server-cert.pem -days 1461
$ openssl dhparam -2 -out dhparams.pem 4096`

Note: IRC is NOT an encrypted messaging system. Your messages are not end-to-end encrypted, even with TLS. Be careful not to share anything you don’t want becoming public information.

Configure ngircd

While this step is extremely variable, my example configuration will be helpful. When configuring most software, I like to copy the default configuration files to a .sample or a .deafult file in case I make a mistake and need to start back again from scratch. With a backup file created, let’s open a text editor and begin modifying some things.

$ cp /usr/local/etc/ngircd.conf /usr/local/etc/ngircd.conf.sample 
$ vim /usr/local/etc/ngircd.conf

The configuration file might be unfamilliar but don’t be afraid. The general process will be to scroll through each section, read the comments that start with a ‘#’, decide on whether or not to enable or disable the variables that are commented with a ‘;’, and substitute the default values for your own. My config file looks similar to the following. Uncomment and modify your config file accordingly. Copying and pasting will likely result in a non-functional server.

  Name = irc.server.tld
  AdminInfo1 = Admin
  AdminInfo2 = Admin
  AdminEMail =
  HelpFile = /usr/local/share/doc/ngircd/Commands.txt
  Info = irc server for irc.server.tld 
  Listen = ::,
  MotdFile = /usr/local/etc/ngircd.motd
  MotdPhrase =
  Network =
  Password =
  PidFile = /var/run/ngircd/
  Ports = 6667, 6668, 6669
  ServerGID = wheel
  ServerUID = root

  ConnectRetry = 60
  IdleTimeout = 0
  MaxConnections = 0
  MaxConnectionsIP = 5
  MaxJoins = 10
  MaxNickLength = 9
  MaxPenaltyTime = -1
  MaxListSize = 100
  PingTimeout = 120
  PongTimeout = 20

  AllowedChannelTypes = #&+
  AllowRemoteOper = yes
  ChrootDir =
  CloakHost =
  CloakHostModeX =
  CloakHostSalt = <WmR`R[$[#p"ni!2-ZiI$P^h=UkdHN1#
  CloakUserToNick = no
  ConnectIPv4 = yes
  ConnectIPv6 = yes
  DefaultUserModes =
  DNS = yes
  IncludeDir = /usr/local/etc/ngircd.conf.d
  MorePrivacy = no
  NoticeBeforeRegistration = no
  OperCanUseMode = no
  OperChanPAutoOp = yes
  OperServerMode = no
  PAM = no
  PAMIsOptional = no
  PAMServiceName = ngircd
  RequireAuthPing = no
  ScrubCTCP = no
  SyslogFacility = local5
  WebircPassword =

  CertFile = /usr/local/etc/ssl/server-cert.pem
  CipherList = HIGH:!aNULL:@STRENGTH:!SSLv3
  DHFile = /usr/local/etc/ssl/dhparams.pem
  KeyFile = /usr/local/etc/ssl/server-key.pem
  KeyFilePassword = <secret>
  Ports = 6697, 9999

  Name = op_name
  Password = op_pass
  Mask =

  Name = #general
  Modes =
  Key =
  MaxUsers = 0
  Topic = general discussion
  KeyFile =

When you think you are done with the configuration file, run the following command. This will check the config file for errors and typos.

$ ngircd --configtest

Enable and start the ngircd service

After writing our config file, we’ll need to configure ngircd to start at boot time. This is accomplished with sysrc.

$ sysrc ngircd_enable=yes
$ sysctl ngircd start

Connect to the server

There are many IRC clients you can choose from (I prefer irssi) but the command syntax should similar if not identical. First we’ll check if the non-tls ports are working, disconnect, then reconnect with TLS.

/connect irc.server.tld
/connect -tls irc.server.tld 9999

Note: If you are getting authentication errors, you might need to set ‘PAM=no’ in ngircd.conf.

Create a MOTD

The MOTD is printed when a user logs in. Useful information about the server can be put here. To edit this file, run the following:

$ vim /usr/local/etc/ngircd.motd

I found two useful tools to create pretty a MOTD: A text to ascii art generator, and A tool that helps create colored MOTDs.

Final Thoughts

At this point, we have a bare bones IRC server. We have not yet installed any services so we are missing functionality seen on large networks like FreeNode. I currently don’t have the need for services. And even more so, I don’t have the motivation to sift through the documentation plagued with the toxicity that seems to go with the IRC elitist types. But eventually I’m sure I’ll figure out services. Maybe I’ll do a part 2.

The hardest part is yet to come: convincing my friends to use IRC.