To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.

Configuration: Difference between revisions

From ZNC
Jump to navigation Jump to search
>Jpnurmi
m User/AutoClearQueryBuffer
KindOne (talk | contribs)
m Pass: Add Argon2 example.
 
(49 intermediate revisions by 8 users not shown)
Line 28: Line 28:
== Config file structure ==
== Config file structure ==


<span style="font-size:xx-large">This is outdated!</span>
The following pseudo content illustrates the config structure with single listener, user, network and channel. Naturally, there can be multiple instances of each.


Basically, a configuration file consists of the following settings:
<pre>
Key = Value


<!-- Please keep this in the order it is inside the znc.conf. Sorry, but no idea what that order is. I just used the order that is used inside the source code, but if you want me to guess: The file is written with alphabetical order. -->
<Listener name>
<!-- This will in theory make it simpler to check/verify against a znc.conf -->
    Key = Value
<!-- GLOBAL SETTINGS -->
</Listener>
* '''AnonIPLimit''' - Limits the number of unidentified connections per IP.
 
* '''ConnectDelay''' - The time every connection will be delayed, in seconds. Some servers refuse your connection if you reconnect too fast. This affects the connection between ZNC and the IRC server; not the connection between your IRC client and ZNC.
<User name>
* '''MaxBufferSize''' - Sets the global Max Buffer Size a user can have.
    Key = Value
* '''ProtectedWebSessions''' - ...
 
* '''SSLCertFile''' - It's the TLS/SSL certificate file from which ZNC reads its server certificate.
    <Network name>
* '''ServerThrottle''' - The time between two connect attempts to the same hostname.
        Key = Value
* '''Skin''' - ...
 
* '''Motd''' - ...
        <Chan name>
* '''TrustedProxy''' - ...
            Key = Value
* '''LoadModule''' - ...
        </Chan>
* '''StatusPrefix''' - The prefix for the status and module queries. This setting may be overwritten by users.
    </Network>
* '''Version''' - The ZNC version that wrote this file.
   
<!-- No clue what order the rest of these go.. sort these later -->
    <Pass password>
* '''ISpoofFile''' - ZNC will write the ident of the user trying to connect to this file. Very useful if your shell supports oidentd.
        Key = Value
* '''ISpoofFormat''' - The format of the ISpoofFile.
    </Pass>
* '''PidFile''' - Make ZNC write a pid file. ZNC does not need this itself. See [[FAQ#How_can_I_restart_ZNC_automatically_.28in_case_of_a_machine_reboot.2C_crash.2C_etc..29.3F|the FAQ]] on info how to crontab ZNC.
</User>
* '''MOTD''' - The "message of the day" which is sent to clients on connect via notice from *status. Can be specified multiple times.
</pre>
* '''BindHost''' - This is a list of allowed bindhosts. It is used by the [[webadmin]] module for users to select one. (Set different bindhosts in "Settings" on your Webadmin-Interface first - one per line - to make them appear in users configs afterwards)
 
* '''Listener''' = ''[web_only|irc_only] [host or IP] [+]port'' - Configuration of listening port. Use ''web_only'' or ''irc_only'', if you don't want port to be universal. Put host/IP before the port with a space between to bind to a specific IP ''(notice that in this case the listener can't listen on both ipv4 and ipv6)''. Then goes the port ZNC will listen on. If the port is prepended with a '+' (without space) then ZNC listens using SSL. You can have several listeners in one ZNC. (Introduced in [[ChangeLog/0.090|0.090]], see next chapter for older versions)
== Config file settings ==
* '''Listener4''' or '''Listener6''' - Exactly the same as '''Listener''', but will use only IPv4 or IPv6.
 
ZNC 1.6 configuration file consists of the following settings. All values are examples.
 
=== Global ===
 
{| class="wikitable" style="width:100%"
|-
| rowspan="2" style="width:20%" | '''AnonIPLimit'''
| The limit of anonymous unidentified connections per IP.
|-
| <tt>AnonIPLimit = 10</tt>
|-
| rowspan="2" | '''AuthOnlyViaModule'''<br/><sub>(since 1.7)</sub>
| Allow user authentication by external modules only.
|-
| <tt>AuthOnlyViaModule = false</tt>
|-
| rowspan="2" | '''BindHost'''
| The list of allowed bindhosts. Users can select one of these values.
|-
| <tt>BindHost = ...<br/>BindHost = ...</tt>
|-
| rowspan="2" | '''ConnectDelay'''
| The number of seconds every IRC connection is delayed. IRC servers may refuse a connection when reconnecting too fast. NOTE: Affects connections between ZNC and IRC servers; not connections between IRC clients and ZNC.
|-
| <tt>ConnectDelay = 5</tt>
|-
| rowspan="2" | '''HideVersion'''<br/><sub>(since 1.6)</sub>
| Whether the version number is hidden from the web interface and CTCP VERSION replies.
|-
| <tt>HideVersion = true</tt>
|-
| rowspan="2" | '''LoadModule'''
| The list of global [[Modules|modules]] loaded on ZNC startup.
|-
| <tt>LoadModule = webadmin<br/>LoadModule = modperl<br/>LoadModule = modpython</tt>
|-
| rowspan="2" | '''MaxBufferSize'''
| The maximum playback buffer size. Only admin users can exceed the limit.
|-
| <tt>MaxBufferSize = 500</tt>
|-
| rowspan="2" | '''Motd'''
| The list of "message of the day" lines that are sent to clients on connect via notice from *status.
|-
| <tt>Motd = ...<br/>Motd = ...</tt>
|-
| rowspan="2" | '''PidFile'''
| An optional PID file location. See the [[FAQ#How_can_I_restart_ZNC_automatically_.28in_case_of_a_machine_reboot.2C_crash.2C_etc..29.3F|FAQ]] for how to crontab ZNC.
|-
| <tt>PidFile = /home/znc/.znc/znc.pid</tt>
|-
| rowspan="2" | '''ProtectWebSessions'''
| Whether IP changing during each web session is disallowed.
|-
| <tt> ProtectWebSessions = true</tt>
|-
| rowspan="2" | '''ServerThrottle'''
| The number of seconds between connect attempts to the same hostname.
|-
| <tt>ServerThrottle = 30</tt>
|-
| rowspan="2" | '''Skin'''
| The default web interface skin. Users can override the value.
|-
| <tt>Skin = _default_</tt>
|-
| rowspan="2" | '''SSLCertFile'''
| The file with SSL/TLS certificate, used for ZNC's listening port. Defaults to ~/.znc/znc.pem
|-
| <tt>SSLCertFile = /home/znc/.znc/znc.pem</tt>
|-
| rowspan="2" | '''SSLCiphers'''<br/><sub>(since 1.6)</sub>
| The allowed [https://www.openssl.org/docs/apps/ciphers.html SSL ciphers]. Default value is from [https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 Mozilla's recomendations]
|-
| <tt>SSLCiphers = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305</tt>
|-
| rowspan="2" | '''SSLDHParamFile'''<br/><sub>(since 1.7)</sub>
| The file with Diffie-Hellman parameters of SSL/TLS, used for ZNC's listening port. Defaults to ~/.znc/znc.pem. If the file doesn't contain DH parameters, ciphers which use DH can't be used.
|-
| <tt>SSLDHParamFile = /home/znc/.znc/znc.pem</tt>
|-
| rowspan="2" | '''SSLKeyFile'''<br/><sub>(since 1.7)</sub>
| The file with private key of SSL/TLS certificate, used for ZNC's listening port. Defaults to ~/.znc/znc.pem
|-
| <tt>SSLKeyFile = /home/znc/.znc/znc.pem</tt>
|-
| rowspan="2" | '''SSLProtocols'''<br/><sub>(since 1.6)</sub>
| The accepted SSL protocols. Available protocols are All, SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2. A non-prefixed value overrides any existing values, whereas a '-' or '+' prefixed value disables or enables an additional protocol. It is recommended to keep the ZNC defaults that may change in future versions, and only disable (or enable) additional protocols if necessary. NOTE: ZNC 1.6 disables SSLv2 and SSLv3 by default.
|-
| <tt>SSLProtocols = +SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2</tt>
|-
| rowspan="2" | '''StatusPrefix'''
| The default prefix for status and module queries. Users can override the value.
|-
| <tt>StatusPrefix = *</tt>
|-
| rowspan="2" | '''TrustedProxy'''<br/><sub>(since 1.6)</sub>
| The list of trusted proxies.
|-
| <tt>TrustedProxy = ...<br/>TrustedProxy = ...</tt>
|-
| rowspan="2" | '''Version'''
| The version of ZNC that was used to write the config file.
|-
| <tt>Version = 1.6.0</tt>
|}
 
=== Listener ===
 
Definition of a port that ZNC listens on. There can be multiple ports, and they can allow different protocols.
 
{| class="wikitable" style="width:100%"
|-
| rowspan="2" style="width:20%" | '''AllowIRC'''
| Whether the port allows IRC connections.
|-
| <tt>AllowIRC  = true</tt>
|-
| rowspan="2" | '''AllowWeb'''
| Whether the port allows web connections.
|-
| <tt>AllowWeb  = true</tt>
|-
| rowspan="2" | '''Host'''
| An optional host or IP on which ZNC listens.
|-
| <tt>Host = ...</tt>
|-
| rowspan="2" | '''IPv4'''
| Whether the port listens using IPv4.
|-
| <tt>IPv4 = true</tt>
|-
| rowspan="2" | '''IPv6'''
| Whether the port listens using IPv6.
|-
| <tt>IPv6 = true</tt>
|-
| rowspan="2" | '''Port'''
| The port number. WARNING: Some web browsers reject port 6667.
|-
| <tt>Port = 12345</tt>
|-
| rowspan="2" | '''SSL'''
| Whether the port is listening using SSL.
|-
| <tt>SSL = true</tt>
|-
| rowspan="2" | '''URIPrefix'''<br/><sub>(since 1.6)</sub>
| An optional URI prefix for the ZNC web interface. Can be used to make ZNC available behind a reverse proxy.
|-
| <tt>URIPrefix = /znc/</tt>
|}
 
=== User ===
 
Definition of a user. There can be multiple users and each can have multiple networks.
 
{| class="wikitable" style="width:100%"
|-
| rowspan="2" style="width:20%" | '''Admin'''
| Whether the user has admin rights.
|-
| <tt>Admin = true</tt>
|-
| rowspan="2" | '''Allow'''
| The list of allowed IPs for the user. Wildcards (*) are supported.
|-
| <tt>Allow = *</tt>
|-
| rowspan="2" | '''AltNick'''
| The default alternate nick used if the primary nick is reserved. Networks can override the value.
|-
| <tt>AltNick = somebody_</tt>
|-
| rowspan="2" | '''AppendTimestamp'''
| Whether [[timestamps]] are appended to buffer playback messages. NOTE: Only used for clients that do not support server-time.
|-
| <tt>AppendTimestamp = false</tt>
|-
| rowspan="2" | '''AuthOnlyViaModule'''<br/><sub>(since 1.7)</sub>
| Allow user authentication by external modules only.
|-
| <tt>AuthOnlyViaModule = false</tt>
|-
| rowspan="2" | '''AutoClearChanBuffer'''
| Whether channel buffers are automatically cleared after playback. When disabled, messages are buffered even while clients are attached, and already seen messages may be repeated each time clients connect.
|-
| <tt>AutoClearChanBuffer = true</tt>
|-
| rowspan="2" | '''AutoClearQueryBuffer'''<br/><sub>(since 1.6)</sub>
| Whether [[query buffers]] are automatically cleared after playback. When disabled, messages are buffered even while clients are attached, and already seen messages may be repeated each time clients connect.
|-
| <tt>AutoClearQueryBuffer = true</tt>
|-
| rowspan="2" | '''BindHost'''
| An optional bindhost for the user. Must be one of the values specified in the global list of allowed bindhosts.
|-
| <tt>BindHost = ...</tt>
|-
| rowspan="2" | '''Buffer'''
| The maximum amount of lines stored for each channel or query playback buffer. The buffers are stored in memory, and oldest lines are discarded when the limit is reached. Only admin users can exceed the maximum buffer size specified in the global section.
|-
| <tt>Buffer = 300</tt>
|-
| rowspan="2" | '''ChanBufferSize'''<br/><sub>(since 1.7)</sub>
| The maximum amount of lines stored for each channel playback buffer. The buffers are stored in memory, and oldest lines are discarded when the limit is reached. Only admin users can exceed the maximum buffer size specified in the global section.
|-
| <tt> ChanBufferSize = 300</tt>
|-
| rowspan="2" | '''ChanModes'''
| The default modes ZNC sets when joining an empty channel.
|-
| <tt>ChanModes = +stn</tt>
|-
| rowspan="2" | '''ClientEncoding'''<br/><sub>(since 1.6)</sub>
| The client encoding.
|-
| <tt>ClientEncoding = UTF-8</tt>
|-
| rowspan="2" | '''CTCPReply'''
| An optional list of CTCP request-reply-pairs. Syntax: <tt><request> <reply></tt>.
|-
| <tt>CTCPReply = VERSION unknown v1.0</tt>
|-
| rowspan="2" | '''DCCBindHost'''
| An optional bindhost for DCC connections.
|-
| <tt>DCCBindHost = ...</tt>
|-
| rowspan="2" | '''DenyLoadMod'''
| Whether the user is denied access to load modules.
|-
| <tt>DenyLoadMod = false</tt>
|-
| rowspan="2" | '''DenySetBindHost'''
| Whether the user is denied access to set a bindhost.
|-
| <tt>DenySetBindHost = false</tt>
|-
| rowspan="2" | '''DenySetCTCPReplies'''<br/><sub>(since 1.9)</sub>
| Whether the user is denied access to adding/removing CTCP replies.
|-
| <tt> DenySetCTCPReplies = false</tt>
|-
| rowspan="2" | '''DenySetIdent'''<br/><sub>(since 1.9)</sub>
| Whether the user is denied access to setting a ident.
|-
| <tt> DenySetIdent = false</tt>
|-
| rowspan="2" | '''DenySetNetwork'''<br/><sub>(since 1.9)</sub>
| Whether the user is denied access to adding/removing networks/servers.
|-
| <tt> DenySetNetwork = false</tt>
|-
| rowspan="2" | '''DenySetQuitMsg'''<br/><sub>(since 1.9)</sub>
| Whether the user is denied access to setting a quitmsg.
|-
| <tt> DenySetQuitMsg = false</tt>
|-
| rowspan="2" | '''DenySetRealName'''<br/><sub>(since 1.9)</sub>
| Whether the user is denied access to setting a realname.
|-
| <tt> DenySetRealName = false</tt>
|-
| rowspan="2" | '''Ident'''
| The default ident. Networks can override the value.
|-
| <tt>Ident = znc</tt>
|-
| rowspan="2" | '''JoinTries'''
| The amount of times channels are attempted to join in case of a failure eg. due to channel modes +i/+k/+b.
|-
| <tt>JoinTries = 3</tt>
|-
| rowspan="2" | '''Language'''<br/><sub>(since 1.7)</sub>
| Language of UI translation shown for this user. If not specified, English is used.
|-
| <tt>Language = ru-RU</tt>
|-
| rowspan="2" | '''LoadModule'''
| The list of user [[Modules|modules]] loaded on ZNC startup.
|-
| <tt>LoadModule = controlpanel<br/>LoadModule = chansaver</tt>
|-
| rowspan="2" | '''MaxJoins'''<br/><sub>(since 1.2)</sub>
| The maximum number of channels ZNC joins at once. Lower the value in case getting disconnected for 'Excess flood'.
|-
| <tt>MaxJoins = 3</tt>
|-
| rowspan="2" | '''MaxNetworks'''
| The maximum number of networks the user is allowed to have.
|-
| <tt>MaxNetworks = 5</tt>
|-
| rowspan="2" | '''MaxQueryBuffers'''<br/><sub>(since 1.6)</sub>
| The maximum number of query buffers that are stored. <code>0</code> is unlimited.
|-
| <tt>MaxQueryBuffers = 50</tt>
|-
| rowspan="2" | '''MultiClients'''
| Whether multiple clients are allowed to connect simultaneously.
|-
| <tt>MultiClients = true</tt>
|-
| rowspan="2" | '''Nick'''
| The default primary nick. Networks can override the value.
|-
| <tt>Nick = somebody</tt>
|-
| rowspan="2" | '''NoTrafficTimeout'''<br/><sub>(since 1.7)</sub>
| How much time ZNC waits (in seconds) until it receives something from network or declares the connection timeout. This happens after attempts to ping the peer.
|-
| <tt>NoTrafficTimeout = 180</tt>
|-
| rowspan="2" | '''Pass'''<br/>
| The password for the user account. It can be in plaintext or hashed with md5 or sha256.<br/>
If using hash, prefix the hash with <hash>#.<br/>
Optionally a salt can be specified just after the salt, in the form: <hash name>#<salted hash>#<salt>#<br/>
An md5 hast type can be specified with a dash after the hash
|-
| <tt>Pass = hunter2</tt><br/>
<tt>Pass = 2ab96390c7dbe3439de74d0c9b0b1767 -</tt><br/>
<tt>Pass = plain#hunter2</tt><br/>
<tt>Pass = md5#2ab96390c7dbe3439de74d0c9b0b1767</tt><br/>
<tt>Pass = sha256#f52fbd32b2b3b86ff88ef6c490628285f482af15ddcb29541f94bcf526a3f6c7</tt><br/>
<tt>Pass = sha256#7e0b4f79376c001055fc47c44a95487e8fe99173c6360176f77e86ad44db5bb1#salt#</tt>
|-
| rowspan="2" | '''PrependTimestamp'''
| Whether [[timestamps]] are prepended to buffer playback messages. NOTE: Only used for clients that do not support server-time.
|-
| <tt>PrependTimestamp = true</tt>
|-
| rowspan="2" | '''QueryBufferSize'''<br/><sub>(since 1.7)</sub>
| The maximum amount of lines stored for each query playback buffer. The buffers are stored in memory, and oldest lines are discarded when the limit is reached. Only admin users can exceed the maximum buffer size specified in the global section.
|-
| <tt> QueryBufferSize = 300</tt>
|-
| rowspan="2" | '''QuitMsg'''
| The default quit message ZNC uses when disconnecting or shutting down. Networks can override the value.
|-
| <tt>QuitMsg = ZNC - http://znc.in</tt>
|-
| rowspan="2" | '''RealName'''
| The default real name. Networks can override the value.
|-
| <tt>Real Name = Got ZNC?</tt>
|-
| rowspan="2" | '''Skin'''
| The web interface skin.
|-
| <tt>Skin = _default_</tt>
|-
| rowspan="2" | '''StatusPrefix'''
| The prefix for status and module queries.
|-
| <tt>StatusPrefix = *</tt>
|-
| rowspan="2" | '''TimestampFormat'''
| The format of the [[timestamps]] used in buffer playback messages. NOTE: Only used for clients that do not support server-time.
|-
| <tt>TimestampFormat = [%H:%M:%S]</tt>
|-
| rowspan="2" | '''Timezone'''
| The timezone used for [[timestamps]] in buffer playback messages. NOTE: Only used for clients that do not support server-time.
|-
| <tt>Timezone = Europe/Berlin</tt>
|}
 
=== Network ===
 
Definition of a network. A user can have multiple networks, up to the limit specified by '''MaxNetworks'''.
 
{| class="wikitable" style="width:100%"
|-
| rowspan="2" style="width:20%" | '''AltNick'''
| An optional network specific alternate nick used if the primary nick is reserved.
|-
| <tt>AltNick = somebody_</tt>
|-
| rowspan="2" | '''BindHost'''
| An optional bindhost for the network. Must be one of the values specified in the global list of allowed bindhosts.
|-
| <tt>BindHost = ...</tt>
|-
| rowspan="2" | '''Encoding'''<br/><sub>(since 1.6)</sub>
| An optional network specific encoding.
|-
| <tt>Encoding = UTF-8</tt>
|-
| rowspan="2" | '''FloodBurst'''
| The maximum amount of lines ZNC sends at once.
|-
| <tt>FloodBurst = 4</tt>
|-
| rowspan="2" | '''FloodRate'''
| The seconds between lines ZNC sends after reaching the '''FloodBurst''' limit.
|-
| <tt>FloodRate = 1.00</tt>
|-
| rowspan="2" | '''Ident'''
| An optional network specific ident.
|-
| <tt>Ident = znc</tt>
|-
| rowspan="2" | '''IRCConnectEnabled'''
| Whether the network is enabled ie. connects to IRC.
|-
| <tt>IRCConnectEnabled = false</tt>
|-
| rowspan="2" | '''JoinDelay'''<br/><sub>(since 1.6)</sub>
| The delay in seconds, until channels are joined after getting connected.
|-
| <tt>JoinDelay = 0</tt>
|-
| rowspan="2" | '''LoadModule'''
| The list of network [[Modules|modules]] loaded on ZNC startup.
|-
| <tt>LoadModule = simple_away<br/>LoadModule = route_replies</tt>
|-
| rowspan="2" | '''Nick'''
| An optional network specific primary nick.
|-
| <tt>Nick = somebody</tt>
|-
| rowspan="2" | '''QuitMsg'''<br/><sub>(since 1.6)</sub>
| An optional network specific quit message  ZNC uses when disconnecting or shutting down.
|-
| <tt>QuitMsg = ZNC - http://znc.in</tt>
|-
| rowspan="2" | '''RealName'''
| An optional network specific real name.
|-
| <tt>RealName = Got ZNC?</tt>
|-
| rowspan="2" | '''Server'''
| The list of IRC servers. Prefix the port number with a '+' to enable SSL. Syntax: <tt><host> [[+]port] [password]</tt>.
|-
| <tt>Server = irc.libera.chat +6697</tt>
|-
| rowspan="2" | '''TrustAllCerts'''<br/><sub>(since 1.7)</sub>
| Disable certificate validation (takes precedence over TrustPKI). INSECURE!
|-
| <tt>TrustAllCerts = false</tt>
|-
| rowspan="2" | '''TrustPKI'''<br/><sub>(since 1.7)</sub>
| Setting this to false will trust only certificates you added fingerprints for.
|-
| <tt>TrustPKI = true</tt>
|-
| rowspan="2" | '''TrustedServerFingerprint'''<br/><sub>(since 1.6)</sub>
| The list of trusted server fingerprints.
|-
| <tt>TrustedServerFingerprint = fi:ng:er</tt>
|}
 
=== Chan ===
 
Definition of a channel that ZNC joins when it connects to IRC. A network can have multiple channels.
 
{| class="wikitable" style="width:100%"
|-
| rowspan="2" style="width:20%" | '''AutoClearChanBuffer'''
| Whether the channel specific buffer is automatically cleared after playback.
|-
| <tt>AutoClearChanBuffer = false</tt>
|-
| rowspan="2" | '''Buffer'''
| The maximum amount of lines stored for the channel specific playback buffer.
|-
| <tt>Buffer = 100</tt>
|-
| rowspan="2" | '''Detached'''
| Whether the channel is [[Detaching|detached]]. Detached channels are not visible to clients.
|-
| <tt>Detached = true</tt>
|-
| rowspan="2" | '''Disabled'''<br/><sub>(since 1.6)</sub>
| Whether the channel is disabled. ZNC does not join disabled channels.
|-
| <tt>Disabled = true</tt>
|-
| rowspan="2" | '''Key'''
| An optional channel key.
|-
| <tt>Key = secret</tt>
|-
| rowspan="2" | '''Modes'''
| An optional set of default channel modes ZNC sets when joining an empty channel.
|-
| <tt>Modes = +stn</tt>
|}
 
=== Pass ===
 
Definition of a password, used by clients to connect to ZNC. Generated using <code>znc --makepass</code>.
 
ZNC 1.9.0 added support for libargon2. If your ZNC was compiled with argon2 ( <code>/msg *status version</code> or <code>znc -v</code> ) your ZNC will use argon2. All existing user passwords will be transparently upgraded upon login.
 
SHA-256:
 
{| class="wikitable alternating" style="width:100%"
|-
| rowspan="2" style="width:20%" | '''Hash'''
| The hash of a salted password.
|-
| <tt>Hash = 44ccdd8655fb2c9bf8e6026fc51dfeabfd3e361f696c9373c00a496a4dcaed6f</tt>
|-
| rowspan="2" | '''Method'''
| The password hashing method.
|-
| <tt>Method = sha256</tt>
|-
| rowspan="2" | '''Salt'''
| A random set of 20 characters for salting the password.
|-
| <tt>Salt = ,e9a+t9WwSCjR_5:XAQu</tt>
|}
 
 
Argon2:
 
{| class="wikitable alternating" style="width:100%"
|-
| rowspan="2" style="width:20%" | '''Hash'''
| The hash of a salted password.
|-
| <tt>Hash = $argon2id$v=19$m=6144,t=6,p=1$ZXhhbXBsZTEyMzQ1$HOZjBzWTZBs+407psfw5VQ</tt>
|-
| rowspan="2" | '''Method'''
| The password hashing method.
|-
| <tt>Method = Argon2id</tt>
|}
 
== Config file change history ==
 
=== Added in 1.9 ===
* '''DenySetCTCPReplies''' (User)
* '''DenySetIdent''' (User)
* '''DenySetNetwork''' (User)
* '''DenySetQuitMsg''' (User)
* '''DenySetRealName''' (User)


<!-- The above Listener is outdated, instead ZNC now generates a Listener section -->
=== Added in 1.7 ===
<!-- LISTENER SETTINGS -->
* '''SSLDHParamFile''' and '''SSLKeyFile''' (Global)
* '''Listener''' - Definition of a port that znc should listen on.
* '''ChanBufferSize''', '''Language''''''NoTrafficTimeout''' and '''QueryBufferSize''' (User)
** '''Host''' - The host or IP on which ZNC listens.
* '''TrustAllCerts''' and '''TrustPKI''' (Network)
** '''URIPrefix''' - Prefix that ZNC should make the web interface available under. This can be used to make ZNC available behind a reverse proxy.
* '''AuthOnlyViaModule''' (Global, User)
** '''Port''' - The port number used.
** '''IPv4''' - If this port is listening using IPv4.
** '''IPv6''' - If this port is listening using IPv6.
** '''SSL''' - If this port is listening using SSL.
** '''AllowIRC''' - If IRC connections are allowed on this listener.
** '''AllowWeb''' - If web connections are allowed on this listener.


<!-- USER SETTINGS -->
=== Added in 1.6 ===
* '''User''' - The user definition, you can have more than one. Each user may only connect to one network, so you need a separate user for each network. This is intended behavior! (See the [[FAQ]] about multiple networks)
* '''HideVersion''', '''SSLCiphers''', '''SSLProtocols''' and '''TrustedProxy''' (Global)
** '''Admin''' - If set to <code>true</code>, the user has admin rights (e.g. in the [[webadmin]] module).
* '''URIPrefix''' (Listener)
<!-- So, this is at the end of the user, just stick it up here. -->
* '''AutoClearQueryBuffer''', '''ClientEncoding''' and '''MaxQueryBuffers''' (User)
** '''Pass''' - Used by the client to connect to ZNC. A hash may be generated using <code>znc --makepass</code>.
* '''Encoding''', '''JoinDelay''', '''QuitMsg''' and '''TrustedServerFingerprint''' (Network)
*** '''Salt''' - ...
* '''Disabled''' (Chan)
*** '''Method''' - ...
*** '''Hash''' - ...
** '''Allow''' - By default everyone is able to connect to ZNC as this user. With an ''Allow'' line you can restrict access to the specified IPs. Wildcards (*) are supported and multiple ''Allow'' lines can be set up.
** '''AltNick''' - The alternate nick ZNC will use if your main nick is in use.
** '''AppendTimestamp''' - Whether to append the [[timestamps]] to the message or not
** '''RealName''' - ...
** '''Bindhost''' - ...
** '''AutoClearChanBuffer''' - If set to <code>false</code>, it will buffer channels even while you are attached, and play the whole buffer back to you each time you connect. If set to <code>true</code>, it won't buffer channels while you are attached, and the buffer will be reset upon each playback.
** '''AutoClearQueryBuffer''' - If set to <code>false</code>, it will buffer queries even while you are attached, and play the whole buffer back to you each time you connect. If set to <code>true</code>, it won't buffer queries while you are attached, and the buffer will be reset upon each playback.
** '''Buffer''' - ...
** '''CTCPReply''' - A request-reply-pair for CTCP-requests. Format: <code><request> <reply></code>, e.g. <code>VERSION unknown v1.0</code>
** '''ChanModes''' - Default modes ZNC will set when you join an empty channel.
** '''Buffer''' - This is the amount of lines that the playback buffer will store before dropping off the oldest line. The buffers are stored in the memory by default.
** '''DCCBindHost''' - ...
** '''DenyLoadMod''' - If set to <code>true</code>, the user isn't able to load modules.
** '''DenySetBindHost''' - If set to <code>true</code>, the user isn't able to change his vhost.
** '''Ident''' - ...
** '''JoinTries''' - How often should ZNC try to join if the first join failed, e.g. due to channel mode +i/+k or if you're banned.
** '''LoadModule''' - Load a [[Modules|module]] for this user on startup.
** '''MaxJoins''' - How many channels should ZNC join at once. Lower this if you get disconnected for 'Excess flood.
** '''MaxNetworks''' - Maximum number of networks a user is allowed to have.
** '''MultiClients''' - Set this to <code>true</code>, if you want to be able to connect with multiple clients at once.
** '''Nick''' - Your primary nick.
** '''PrependTimestamp''' - Whether to prepend the [[timestamps]] to the message or not
** '''QuitMsg''' - The default quit message ZNC will use when you jump servers or call shutdown.
** '''RealName''' - ...
** '''Skin''' - ...
** '''StatusPrefix''' - The prefix for the status and module queries.
** '''TimestampFormat''' - The format for the [[timestamps]] used in buffers, for example <code>[%H:%M:%S]</code>
<!-- Sort these later ... -->
** '''DCCVHost''' - This is the IP address used for DCC bouncing.
** '''BounceDCCs''' - If set to <code>true</code>, the DCCs will be bounced by ZNC.
** '''DCCLookupMethod''' - If set to <code>default</code>, ZNC will use the IP the clients sends for the DCC connections; if set to <code>client</code>, ZNC will use the IP the client connects from.
** '''Timezone''' - Set this to your local setting, so you'll get correct times in your [[timestamps]]. Format is Europe/Berlin, and is case sensitive, dropdown box will not work in IE.
** '''TimestampFormat''' - ...
** '''ClientEncoding''' - ...
<!-- End of sort later -->


<!-- NETWORK SETTINGS -->
=== Added in 1.2 ===
* '''Network'''
* '''MaxJoins''' (User)
** '''FloodBurst''' - How many lines ZNC sends at once.
** '''FloodRate''' - How many lines per second ZNC sends after the FloodBurst
** '''IRCConnectEnabled''' - If set to <code>false</code>, user doesn't connect to IRC servers.
** '''LoadModule''' - Load a [[Modules|module]] for this network on startup.
** '''Server''' - Adds a server to the list of servers this user will be able to connect to. If you want ZNC to connect to the IRC server using SSL, put '+' in front of the port number. The IP can be IPv6. If the server requires a password, just add it as the third argument. Format: <code>Server = <IP-Address/Host> [+]<Port> [<Password>]</code>
<!-- check to sort these later ... -->
** '''Nick''' - ...
** '''AltNick''' - ...
** '''Ident''' - ...
** '''RealName''' - ...
** '''BindHost''' - ...
** '''Encoding''' - ...
** '''JoinDelay''' - Defines the delay in seconds, until channels are joined after getting connected.
** '''QuitMsg''' - A network specific quit message ZNC will use when you jump servers or call shutdown.
** '''Chan''' - Channels you want ZNC to join when connecting.
<!-- check to sort these later ... -->
*** '''Key''' - Key for the channel.
*** '''Modes''' - Use this to override the '''ChanModes''' setting set in the User section.
*** '''Buffer''' - Use this to override the '''Buffer''' setting set in the User section.
*** '''AutoClearChanBuffer''' - Use this to override the '''AutoClearChanBuffer''' setting set in the User section.
*** '''Detached''' - If <code>true</code>, ZNC will join this channel as [[Detaching|detached]] so that the IRC client will not be bothered by it.
*** '''Disabled''' - If <code>true</code>, ZNC will not join this channel at all.


=== Old versions ===
=== Older pre 1.x settings ===
* '''DCCVHost''' - This is the IP address used for DCC bouncing.
* '''BounceDCCs''' - If set to <code>true</code>, the DCCs will be bounced by ZNC.
* '''DCCLookupMethod''' - If set to <code>default</code>, ZNC will use the IP the clients sends for the DCC connections; if set to <code>client</code>, ZNC will use the IP the client connects from.
* '''Listener''' = ''[web_only|irc_only] [host or IP] [+]port'' - Configuration of listening port. Use ''web_only'' or ''irc_only'', if you don't want port to be universal. Put host/IP before the port with a space between to bind to a specific IP ''(notice that in this case the listener can't listen on both ipv4 and ipv6)''. Then goes the port ZNC will listen on. If the port is prepended with a '+' (without space) then ZNC listens using SSL. You can have several listeners in one ZNC. (Introduced in [[ChangeLog/0.090|0.090]], see next chapter for older versions)
* '''Listener4''' or '''Listener6''' - Exactly the same as '''Listener''', but will use only IPv4 or IPv6.
* '''ISpoofFile''' - ZNC will write the ident of the user trying to connect to this file. Very useful if your shell supports oidentd.
* '''ISpoofFormat''' - The format of the ISpoofFile.
Before 0.096
Before 0.096
* '''BindHost''' was named '''vHost'''
* '''BindHost''' was named '''vHost'''

Latest revision as of 03:42, 22 September 2024

Creating a config file

To generate a basic configuration file, run znc --makeconf after installation. It is NOT a good idea to create a new config file manually, please use znc --makeconf!

File locations

  • Configuration - ZNC gets its configuration by reading the file ~/.znc/configs/znc.conf.
  • Misc - Other files are also stored in the ~/.znc directory, such as the SSL certificate (znc.pem) and the PidFile (znc.pid).
  • Local Modules - Stored in ~/.znc/modules. ZNC will look in the local module directory first when trying to load a module.
  • Global Modules - Stored in /usr/local/lib/znc by default (where /usr/local is the prefix you chose). This is /usr/lib/znc if you used the Debian package.
  • Binaries - znc, znc-config, and znc-buildmod are all stored in /usr/local/bin (or in /usr/bin) by default. You can change this when you configure by using ./configure --prefix=/whatever/path/you/want.

Editing config

In most cases you should NOT edit znc.conf directly. Use webadmin instead.

If you really need to edit znc.conf by hand, do the following:

  1. pkill -SIGUSR1 znc
    to save current runtime configuration to znc.conf
  2. pkill znc
    to shutdown running ZNC instance
  3. Edit znc.conf
  4. znc
    to start it again with new configuration

Config file structure

The following pseudo content illustrates the config structure with single listener, user, network and channel. Naturally, there can be multiple instances of each.

Key = Value

<Listener name>
    Key = Value
</Listener>

<User name>
    Key = Value

    <Network name>
        Key = Value

        <Chan name>
            Key = Value
        </Chan>
    </Network>
    
    <Pass password>
        Key = Value
    </Pass>
</User>

Config file settings

ZNC 1.6 configuration file consists of the following settings. All values are examples.

Global

AnonIPLimit The limit of anonymous unidentified connections per IP.
AnonIPLimit = 10
AuthOnlyViaModule
(since 1.7)
Allow user authentication by external modules only.
AuthOnlyViaModule = false
BindHost The list of allowed bindhosts. Users can select one of these values.
BindHost = ...
BindHost = ...
ConnectDelay The number of seconds every IRC connection is delayed. IRC servers may refuse a connection when reconnecting too fast. NOTE: Affects connections between ZNC and IRC servers; not connections between IRC clients and ZNC.
ConnectDelay = 5
HideVersion
(since 1.6)
Whether the version number is hidden from the web interface and CTCP VERSION replies.
HideVersion = true
LoadModule The list of global modules loaded on ZNC startup.
LoadModule = webadmin
LoadModule = modperl
LoadModule = modpython
MaxBufferSize The maximum playback buffer size. Only admin users can exceed the limit.
MaxBufferSize = 500
Motd The list of "message of the day" lines that are sent to clients on connect via notice from *status.
Motd = ...
Motd = ...
PidFile An optional PID file location. See the FAQ for how to crontab ZNC.
PidFile = /home/znc/.znc/znc.pid
ProtectWebSessions Whether IP changing during each web session is disallowed.
ProtectWebSessions = true
ServerThrottle The number of seconds between connect attempts to the same hostname.
ServerThrottle = 30
Skin The default web interface skin. Users can override the value.
Skin = _default_
SSLCertFile The file with SSL/TLS certificate, used for ZNC's listening port. Defaults to ~/.znc/znc.pem
SSLCertFile = /home/znc/.znc/znc.pem
SSLCiphers
(since 1.6)
The allowed SSL ciphers. Default value is from Mozilla's recomendations
SSLCiphers = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
SSLDHParamFile
(since 1.7)
The file with Diffie-Hellman parameters of SSL/TLS, used for ZNC's listening port. Defaults to ~/.znc/znc.pem. If the file doesn't contain DH parameters, ciphers which use DH can't be used.
SSLDHParamFile = /home/znc/.znc/znc.pem
SSLKeyFile
(since 1.7)
The file with private key of SSL/TLS certificate, used for ZNC's listening port. Defaults to ~/.znc/znc.pem
SSLKeyFile = /home/znc/.znc/znc.pem
SSLProtocols
(since 1.6)
The accepted SSL protocols. Available protocols are All, SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2. A non-prefixed value overrides any existing values, whereas a '-' or '+' prefixed value disables or enables an additional protocol. It is recommended to keep the ZNC defaults that may change in future versions, and only disable (or enable) additional protocols if necessary. NOTE: ZNC 1.6 disables SSLv2 and SSLv3 by default.
SSLProtocols = +SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2
StatusPrefix The default prefix for status and module queries. Users can override the value.
StatusPrefix = *
TrustedProxy
(since 1.6)
The list of trusted proxies.
TrustedProxy = ...
TrustedProxy = ...
Version The version of ZNC that was used to write the config file.
Version = 1.6.0

Listener

Definition of a port that ZNC listens on. There can be multiple ports, and they can allow different protocols.

AllowIRC Whether the port allows IRC connections.
AllowIRC = true
AllowWeb Whether the port allows web connections.
AllowWeb = true
Host An optional host or IP on which ZNC listens.
Host = ...
IPv4 Whether the port listens using IPv4.
IPv4 = true
IPv6 Whether the port listens using IPv6.
IPv6 = true
Port The port number. WARNING: Some web browsers reject port 6667.
Port = 12345
SSL Whether the port is listening using SSL.
SSL = true
URIPrefix
(since 1.6)
An optional URI prefix for the ZNC web interface. Can be used to make ZNC available behind a reverse proxy.
URIPrefix = /znc/

User

Definition of a user. There can be multiple users and each can have multiple networks.

Admin Whether the user has admin rights.
Admin = true
Allow The list of allowed IPs for the user. Wildcards (*) are supported.
Allow = *
AltNick The default alternate nick used if the primary nick is reserved. Networks can override the value.
AltNick = somebody_
AppendTimestamp Whether timestamps are appended to buffer playback messages. NOTE: Only used for clients that do not support server-time.
AppendTimestamp = false
AuthOnlyViaModule
(since 1.7)
Allow user authentication by external modules only.
AuthOnlyViaModule = false
AutoClearChanBuffer Whether channel buffers are automatically cleared after playback. When disabled, messages are buffered even while clients are attached, and already seen messages may be repeated each time clients connect.
AutoClearChanBuffer = true
AutoClearQueryBuffer
(since 1.6)
Whether query buffers are automatically cleared after playback. When disabled, messages are buffered even while clients are attached, and already seen messages may be repeated each time clients connect.
AutoClearQueryBuffer = true
BindHost An optional bindhost for the user. Must be one of the values specified in the global list of allowed bindhosts.
BindHost = ...
Buffer The maximum amount of lines stored for each channel or query playback buffer. The buffers are stored in memory, and oldest lines are discarded when the limit is reached. Only admin users can exceed the maximum buffer size specified in the global section.
Buffer = 300
ChanBufferSize
(since 1.7)
The maximum amount of lines stored for each channel playback buffer. The buffers are stored in memory, and oldest lines are discarded when the limit is reached. Only admin users can exceed the maximum buffer size specified in the global section.
ChanBufferSize = 300
ChanModes The default modes ZNC sets when joining an empty channel.
ChanModes = +stn
ClientEncoding
(since 1.6)
The client encoding.
ClientEncoding = UTF-8
CTCPReply An optional list of CTCP request-reply-pairs. Syntax: <request> <reply>.
CTCPReply = VERSION unknown v1.0
DCCBindHost An optional bindhost for DCC connections.
DCCBindHost = ...
DenyLoadMod Whether the user is denied access to load modules.
DenyLoadMod = false
DenySetBindHost Whether the user is denied access to set a bindhost.
DenySetBindHost = false
DenySetCTCPReplies
(since 1.9)
Whether the user is denied access to adding/removing CTCP replies.
DenySetCTCPReplies = false
DenySetIdent
(since 1.9)
Whether the user is denied access to setting a ident.
DenySetIdent = false
DenySetNetwork
(since 1.9)
Whether the user is denied access to adding/removing networks/servers.
DenySetNetwork = false
DenySetQuitMsg
(since 1.9)
Whether the user is denied access to setting a quitmsg.
DenySetQuitMsg = false
DenySetRealName
(since 1.9)
Whether the user is denied access to setting a realname.
DenySetRealName = false
Ident The default ident. Networks can override the value.
Ident = znc
JoinTries The amount of times channels are attempted to join in case of a failure eg. due to channel modes +i/+k/+b.
JoinTries = 3
Language
(since 1.7)
Language of UI translation shown for this user. If not specified, English is used.
Language = ru-RU
LoadModule The list of user modules loaded on ZNC startup.
LoadModule = controlpanel
LoadModule = chansaver
MaxJoins
(since 1.2)
The maximum number of channels ZNC joins at once. Lower the value in case getting disconnected for 'Excess flood'.
MaxJoins = 3
MaxNetworks The maximum number of networks the user is allowed to have.
MaxNetworks = 5
MaxQueryBuffers
(since 1.6)
The maximum number of query buffers that are stored. 0 is unlimited.
MaxQueryBuffers = 50
MultiClients Whether multiple clients are allowed to connect simultaneously.
MultiClients = true
Nick The default primary nick. Networks can override the value.
Nick = somebody
NoTrafficTimeout
(since 1.7)
How much time ZNC waits (in seconds) until it receives something from network or declares the connection timeout. This happens after attempts to ping the peer.
NoTrafficTimeout = 180
Pass
The password for the user account. It can be in plaintext or hashed with md5 or sha256.

If using hash, prefix the hash with <hash>#.
Optionally a salt can be specified just after the salt, in the form: <hash name>#<salted hash>#<salt>#
An md5 hast type can be specified with a dash after the hash

Pass = hunter2

Pass = 2ab96390c7dbe3439de74d0c9b0b1767 -
Pass = plain#hunter2
Pass = md5#2ab96390c7dbe3439de74d0c9b0b1767
Pass = sha256#f52fbd32b2b3b86ff88ef6c490628285f482af15ddcb29541f94bcf526a3f6c7
Pass = sha256#7e0b4f79376c001055fc47c44a95487e8fe99173c6360176f77e86ad44db5bb1#salt#

PrependTimestamp Whether timestamps are prepended to buffer playback messages. NOTE: Only used for clients that do not support server-time.
PrependTimestamp = true
QueryBufferSize
(since 1.7)
The maximum amount of lines stored for each query playback buffer. The buffers are stored in memory, and oldest lines are discarded when the limit is reached. Only admin users can exceed the maximum buffer size specified in the global section.
QueryBufferSize = 300
QuitMsg The default quit message ZNC uses when disconnecting or shutting down. Networks can override the value.
QuitMsg = ZNC - http://znc.in
RealName The default real name. Networks can override the value.
Real Name = Got ZNC?
Skin The web interface skin.
Skin = _default_
StatusPrefix The prefix for status and module queries.
StatusPrefix = *
TimestampFormat The format of the timestamps used in buffer playback messages. NOTE: Only used for clients that do not support server-time.
TimestampFormat = [%H:%M:%S]
Timezone The timezone used for timestamps in buffer playback messages. NOTE: Only used for clients that do not support server-time.
Timezone = Europe/Berlin

Network

Definition of a network. A user can have multiple networks, up to the limit specified by MaxNetworks.

AltNick An optional network specific alternate nick used if the primary nick is reserved.
AltNick = somebody_
BindHost An optional bindhost for the network. Must be one of the values specified in the global list of allowed bindhosts.
BindHost = ...
Encoding
(since 1.6)
An optional network specific encoding.
Encoding = UTF-8
FloodBurst The maximum amount of lines ZNC sends at once.
FloodBurst = 4
FloodRate The seconds between lines ZNC sends after reaching the FloodBurst limit.
FloodRate = 1.00
Ident An optional network specific ident.
Ident = znc
IRCConnectEnabled Whether the network is enabled ie. connects to IRC.
IRCConnectEnabled = false
JoinDelay
(since 1.6)
The delay in seconds, until channels are joined after getting connected.
JoinDelay = 0
LoadModule The list of network modules loaded on ZNC startup.
LoadModule = simple_away
LoadModule = route_replies
Nick An optional network specific primary nick.
Nick = somebody
QuitMsg
(since 1.6)
An optional network specific quit message ZNC uses when disconnecting or shutting down.
QuitMsg = ZNC - http://znc.in
RealName An optional network specific real name.
RealName = Got ZNC?
Server The list of IRC servers. Prefix the port number with a '+' to enable SSL. Syntax: <host> [[+]port] [password].
Server = irc.libera.chat +6697
TrustAllCerts
(since 1.7)
Disable certificate validation (takes precedence over TrustPKI). INSECURE!
TrustAllCerts = false
TrustPKI
(since 1.7)
Setting this to false will trust only certificates you added fingerprints for.
TrustPKI = true
TrustedServerFingerprint
(since 1.6)
The list of trusted server fingerprints.
TrustedServerFingerprint = fi:ng:er

Chan

Definition of a channel that ZNC joins when it connects to IRC. A network can have multiple channels.

AutoClearChanBuffer Whether the channel specific buffer is automatically cleared after playback.
AutoClearChanBuffer = false
Buffer The maximum amount of lines stored for the channel specific playback buffer.
Buffer = 100
Detached Whether the channel is detached. Detached channels are not visible to clients.
Detached = true
Disabled
(since 1.6)
Whether the channel is disabled. ZNC does not join disabled channels.
Disabled = true
Key An optional channel key.
Key = secret
Modes An optional set of default channel modes ZNC sets when joining an empty channel.
Modes = +stn

Pass

Definition of a password, used by clients to connect to ZNC. Generated using znc --makepass.

ZNC 1.9.0 added support for libargon2. If your ZNC was compiled with argon2 ( /msg *status version or znc -v ) your ZNC will use argon2. All existing user passwords will be transparently upgraded upon login.

SHA-256:

Hash The hash of a salted password.
Hash = 44ccdd8655fb2c9bf8e6026fc51dfeabfd3e361f696c9373c00a496a4dcaed6f
Method The password hashing method.
Method = sha256
Salt A random set of 20 characters for salting the password.
Salt = ,e9a+t9WwSCjR_5:XAQu


Argon2:

Hash The hash of a salted password.
Hash = $argon2id$v=19$m=6144,t=6,p=1$ZXhhbXBsZTEyMzQ1$HOZjBzWTZBs+407psfw5VQ
Method The password hashing method.
Method = Argon2id

Config file change history

Added in 1.9

  • DenySetCTCPReplies (User)
  • DenySetIdent (User)
  • DenySetNetwork (User)
  • DenySetQuitMsg (User)
  • DenySetRealName (User)

Added in 1.7

  • SSLDHParamFile and SSLKeyFile (Global)
  • ChanBufferSize, Language, NoTrafficTimeout and QueryBufferSize (User)
  • TrustAllCerts and TrustPKI (Network)
  • AuthOnlyViaModule (Global, User)

Added in 1.6

  • HideVersion, SSLCiphers, SSLProtocols and TrustedProxy (Global)
  • URIPrefix (Listener)
  • AutoClearQueryBuffer, ClientEncoding and MaxQueryBuffers (User)
  • Encoding, JoinDelay, QuitMsg and TrustedServerFingerprint (Network)
  • Disabled (Chan)

Added in 1.2

  • MaxJoins (User)

Older pre 1.x settings

  • DCCVHost - This is the IP address used for DCC bouncing.
  • BounceDCCs - If set to true, the DCCs will be bounced by ZNC.
  • DCCLookupMethod - If set to default, ZNC will use the IP the clients sends for the DCC connections; if set to client, ZNC will use the IP the client connects from.
  • Listener = [web_only|irc_only] [host or IP] [+]port - Configuration of listening port. Use web_only or irc_only, if you don't want port to be universal. Put host/IP before the port with a space between to bind to a specific IP (notice that in this case the listener can't listen on both ipv4 and ipv6). Then goes the port ZNC will listen on. If the port is prepended with a '+' (without space) then ZNC listens using SSL. You can have several listeners in one ZNC. (Introduced in 0.090, see next chapter for older versions)
  • Listener4 or Listener6 - Exactly the same as Listener, but will use only IPv4 or IPv6.
  • ISpoofFile - ZNC will write the ident of the user trying to connect to this file. Very useful if your shell supports oidentd.
  • ISpoofFormat - The format of the ISpoofFile.

Before 0.096

  • BindHost was named vHost

Before 0.090:

  • Listen was similar to Listener4 from last version, without irc_only/web_only support.
  • Listen6 was similar to Listener or Listener6 (depending on your OS) from last version, without irc_only/web_only support.
  • TODO: When did Listeners become their own substructure?