|
|
@@ -5,7 +5,7 @@
|
|
5
|
5
|
▐█▌.▐▌▐█•█▌▐█ ▪▐▌▐█▄▪▐█▐█▌ ▐▌██▐█▌▐█▌.▐▌
|
|
6
|
6
|
▀█▄▀▪.▀ ▀ ▀ ▀ ·▀▀▀▀ ▀█▄▀ ▀▀ █▪ ▀█▄▀▪
|
|
7
|
7
|
|
|
8
|
|
- Oragono IRCd Manual 2019-06-12
|
|
|
8
|
+ Oragono IRCd Manual v2.1.0
|
|
9
|
9
|
https://oragono.io/
|
|
10
|
10
|
|
|
11
|
11
|
_Copyright © Daniel Oaks <daniel@danieloaks.net>, Shivaram Lingamneni <slingamn@cs.stanford.edu>_
|
|
|
@@ -40,8 +40,10 @@ _Copyright © Daniel Oaks <daniel@danieloaks.net>, Shivaram Lingamneni <slingamn
|
|
40
|
40
|
- User Modes
|
|
41
|
41
|
- Channel Modes
|
|
42
|
42
|
- Channel Prefixes
|
|
|
43
|
+ - Client certificates
|
|
43
|
44
|
- Commands
|
|
44
|
45
|
- Working with other software
|
|
|
46
|
+ - Kiwi IRC
|
|
45
|
47
|
- HOPM
|
|
46
|
48
|
- Tor
|
|
47
|
49
|
- Acknowledgements
|
|
|
@@ -68,7 +70,7 @@ Oragono's core design goals are:
|
|
68
|
70
|
* Bleeding-edge [IRCv3 support](http://ircv3.net/software/servers.html), suitable for use as an IRCv3 reference implementation
|
|
69
|
71
|
* Highly customizable via a rehashable (i.e., reloadable at runtime) YAML config
|
|
70
|
72
|
|
|
71
|
|
-In addition to its unique features (integrated services and bouncer, comprehensive internationalization), Oragono also strives for feature parity with other major servers. Oragono has multiple communities using it as a day-to-day chat server and is fairly mature --- we encourage you to consider it for your organization or community!
|
|
|
73
|
+In addition to its unique features (integrated services and bouncer, comprehensive internationalization), Oragono also strives for feature parity with other major servers. Oragono is a mature project with multiple communities using it as a day-to-day chat server --- we encourage you to consider it for your organization or community!
|
|
72
|
74
|
|
|
73
|
75
|
## Scalability
|
|
74
|
76
|
|
|
|
@@ -443,6 +445,12 @@ You may want to configure a reverse proxy, such as nginx, for TLS termination --
|
|
443
|
445
|
1. Add the reverse proxy's IP to `proxy-allowed-from` and `ip-limits.exempted`. (Use `localhost` to exempt all loopback IPs and Unix domain sockets.)
|
|
444
|
446
|
1. Configure your reverse proxy to connect to an appropriate Oragono listener and send the PROXY line. In this [example nginx config](https://github.com/darwin-network/slash/commit/aae9ba08d70128eb4b700cade333fe824a53562d), nginx connects to Oragono via a Unix domain socket.
|
|
445
|
447
|
|
|
|
448
|
+## Client certificates
|
|
|
449
|
+
|
|
|
450
|
+Oragono supports authenticating to user accounts via TLS client certificates. The end user must enable the client certificate in their client and also enable SASL with the `EXTERNAL` method. To register an account using only a client certificate for authentication, connect with the client certificate and use `/NS REGISTER *` (or `/NS REGISTER * email@example.com` if email verification is enabled on the server). To add a client certificate to an existing account, obtain the SHA-256 fingerprint of the certificate (either by connecting with it and looking at your own `/WHOIS` response, in particular the `276 RPL_WHOISCERTFP` line, or using the openssl command `openssl x509 -noout -fingerprint -sha256 -in example_client_cert.pem`), then use the `/NS CERT` command).
|
|
|
451
|
+
|
|
|
452
|
+Client certificates are not supported over websockets due to a [Chrome bug](https://bugs.chromium.org/p/chromium/issues/detail?id=329884).
|
|
|
453
|
+
|
|
446
|
454
|
|
|
447
|
455
|
--------------------------------------------------------------------------------------------
|
|
448
|
456
|
|
|
|
@@ -694,9 +702,9 @@ One exception is services frameworks like [Anope](https://github.com/anope/anope
|
|
694
|
702
|
|
|
695
|
703
|
If you're looking for a bot that supports modern IRCv3 features, check out [bitbot](https://github.com/jesopo/bitbot/)!
|
|
696
|
704
|
|
|
697
|
|
-## Kiwi
|
|
|
705
|
+## Kiwi IRC
|
|
698
|
706
|
|
|
699
|
|
-[Kiwi IRC](https://github.com/kiwiirc/kiwiirc/) is a web-based IRC client at the bleeding edge of IRCv3 support. In particular, it is the only major client to support fully Oragono's server-side history features. For a demonstration of these features, see the [Oragono testnet](https://testnet.oragono.io/kiwi).
|
|
|
707
|
+[Kiwi IRC](https://github.com/kiwiirc/kiwiirc/) is a web-based IRC client with excellent IRCv3 support. In particular, it is the only major client to fully support Oragono's server-side history features. For a demonstration of these features, see the [Oragono testnet](https://testnet.oragono.io/kiwi).
|
|
700
|
708
|
|
|
701
|
709
|
Current versions of Kiwi are 100% static files (HTML and Javascript), running entirely in the end user's browser without the need for a separate server-side backend. This frontend can connect directly to Oragono, using Oragono's support for native websockets. For best interoperability with firewalls, you should run an externally facing web server on port 443 that can serve both the static files and the websocket path, then have it reverse-proxy the websocket path to Oragono. For example, configure the following listener in ircd.yaml:
|
|
702
|
710
|
|
Shivaram Lingamneni
4 years ago