Ngircd /
Providing TLS for Ngircd
Prerequisites
Before you can enable TLS for ngircd, you must first have a properly-signed SSL cert.
Check to see if you have the following two files:
/etc/ssl/example.com.fullchain.pem /etc/ssl/private/example.com.key
You will, of course, need to replace example.com with your actual hostname.
Copying the cert and key
We'll need to copy the cert and key into /etc/ngircd/
$ doas cp /etc/ssl/example.com.fullchain.pem /etc/ngircd/ $ doas cp /etc/ssl/private/example.com.key /etc/ngircd/
In /etc/ngircd/ngircd.conf, change the following lines in the [SSL] block:
# SSL Server Key Certificate
CertFile = /etc/ngircd/example.com.fullchain.pem
...
# SSL Server Key
KeyFile = /etc/ngircd/example.com.key
...
# Additional Listen Ports that expect SSL/TLS encrypted connections
Ports = 6697, 9999, 16697
Optional: If you want to have a DHFile,
$ doas openssl dhparam -out /etc/ngircd/dhparams.pem 2048 $ doas chown _ngircd:_ngircd /etc/ngircd/dhparams.pem
Then, uncomment DHFile = /etc/ngircd/dhparams.pem in /etc/ngircd/ngircd.conf.