henrywang · March 11, 2022 11:01
diff --git a/letsencrypt b/letsencrypt
 # Install Certbot to obtain a certification
 sudo dnf install -y certbot
 sudo certbot certonly --standalone --preferred-challenges http -d irc.henrywang.org
 # All generated keys and issued certificates can be found in /etc/letsencrypt/live/irc.henrywang.org
 sudo cat /etc/letsencrypt/live/irc.henrywang.org/{privkey,cert,chain}.pem > /tmp/znc.pem
 sudo docker cp /tmp/znc.pem znc:/znc-data
 sudo docker rm -f znc
 sudo docker run -d --name znc -p 6697:6697 -v znc-cfg:/znc-data znc
 sudo rm -f /tmp/znc.pem

 # Setup systemd.timer to run certbot renew every 12 hours to auto renew certificate
 # Let's Encrypt certificates last for 90 days

 # Create a service to run cerbot renew script
 cat /etc/systemd/system/letsrenew.service
 [Unit]
 Description=Renew Lets Encrypt certificate for irc.henrywang.org

 [Service]
 Type=oneshot
 ExecStart=/usr/bin/certbot renew --pre-hook "firewall-cmd --zone=FedoraServer --add-service=http" --post-hook "firewall-cmd --zone=FedoraServer --remove-service=http && cat /etc/letsencrypt/live/irc.henrywang.org/{privkey,cert,chain}.pem > /tmp/znc.pem && docker cp /tmp/znc.pem znc:/znc-data && docker rm -f znc && docker run -d --name znc -p 6697:6697 -v znc-cfg:/znc-data znc && rm -f /tmp/znc.pem"

 # Create a time file to run it by systemd
 cat /etc/systemd/system/letsrenew.timer
 [Unit]
 Description=Runs letsrenew everyday

 [Timer]
 # Time to wait after booting before we run first time
 OnBootSec=10min
 OnCalendar=daily
 # Appy a random delay up to one day.
 RandomizedDelaySec=1day
 # Catch up when an invocation was missed.
 Persistent=true

 [Install]
 WantedBy=timers.target

 # Run letsrenew timer
 sudo systemctl daemon-reload
 sudo systemctl start letsrenew.timer
 sudo systemctl enable letsrenew.timer
diff --git a/Setup ZNC b/Setup ZNC
 # In this guide, the server is hosted by Linode and with Fedora 27 server as OS.
 # Register a freenode nick name by following https://freenode.net/kb/answer/registration
 # ZNC setup needs this information
 sudo dnf -y update
 # Follow docker installation doc https://docs.docker.com/install/linux/docker-ce/fedora/#os-requirements
 sudo dnf remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-selinux \
                  docker-engine-selinux \
                  docker-engine

 sudo dnf -y install dnf-plugins-core
 sudo dnf config-manager \
    --add-repo \
    https://download.docker.com/linux/fedora/docker-ce.repo
 sudo dnf -y install docker-ce

 # Download znc docker image from https://hub.docker.com/r/library/znc/
 sudo docker pull znc
 # Run znc --makeconf to setup znc and save configuration files to volume znc-cfg
 sudo docker run -it -v znc-cfg:/znc-data znc --makeconf
 # Please follow https://wiki.znc.in/Introduction to configure znc

 # To enable SSL, a certificate has to be generated
 # By defulat, the znc will generate a self-signed cert, but it's not trusted by public CA
 # Apply and obtain a "real" certificate from Let's Encrypt

 # Install Certbot to obtain a certification
 sudo dnf install -y certbot
 sudo certbot certonly --standalone --preferred-challenges http -d irc.henrywang.org
 # All generated keys and issued certificates can be found in /etc/letsencrypt/live/irc.henrywang.org
 sudo cat /etc/letsencrypt/live/irc.henrywang.org/{privkey,cert,chain}.pem > /tmp/znc.pem
 sudo docker cp /tmp/znc.pem znc:/znc-data
 sudo docker rm -f znc
 sudo docker run -d --name znc -p 6697:6697 -v znc-cfg:/znc-data znc
 sudo rm -f /tmp/znc.pem

 # ISSUES AND SOLUTIONS
 # For MacOS, the CA cert needs to be configured to verify znc certificate signed by Let's Encrypt
 # Weechat: /set weechat.network.gnutls_ca_file "/usr/local/etc/openssl/cert.pem"
 # ZNC doc resource:
 # https://github.com/znc/znc#setting-up-zncconf
 # https://wiki.znc.in/Using_commands

 # Weechat: /msg *status help #Generate a *status channel, the following znc command can be run in this channel
 # Weechat: /go *status

 # How to use SASL to login freenode
 # Weechat: /go *status
 # Weechat: LoadMod sasl
 # Weechat: Saveconfig
 # Weechat: /query *status
 # Weechat: /go *sasl
 # Configure sasl by following http://wiki.znc.in/Sasl#example
	# Install Certbot to obtain a certification
	sudo dnf install -y certbot
	sudo certbot certonly --standalone --preferred-challenges http -d irc.henrywang.org
	# All generated keys and issued certificates can be found in /etc/letsencrypt/live/irc.henrywang.org
	sudo cat /etc/letsencrypt/live/irc.henrywang.org/{privkey,cert,chain}.pem > /tmp/znc.pem
	sudo docker cp /tmp/znc.pem znc:/znc-data
	sudo docker rm -f znc
	sudo docker run -d --name znc -p 6697:6697 -v znc-cfg:/znc-data znc
	sudo rm -f /tmp/znc.pem

	# Setup systemd.timer to run certbot renew every 12 hours to auto renew certificate
	# Let's Encrypt certificates last for 90 days

	# Create a service to run cerbot renew script
	cat /etc/systemd/system/letsrenew.service
	[Unit]
	Description=Renew Lets Encrypt certificate for irc.henrywang.org

	[Service]
	Type=oneshot
	ExecStart=/usr/bin/certbot renew --pre-hook "firewall-cmd --zone=FedoraServer --add-service=http" --post-hook "firewall-cmd --zone=FedoraServer --remove-service=http && cat /etc/letsencrypt/live/irc.henrywang.org/{privkey,cert,chain}.pem > /tmp/znc.pem && docker cp /tmp/znc.pem znc:/znc-data && docker rm -f znc && docker run -d --name znc -p 6697:6697 -v znc-cfg:/znc-data znc && rm -f /tmp/znc.pem"

	# Create a time file to run it by systemd
	cat /etc/systemd/system/letsrenew.timer
	[Unit]
	Description=Runs letsrenew everyday

	[Timer]
	# Time to wait after booting before we run first time
	OnBootSec=10min
	OnCalendar=daily
	# Appy a random delay up to one day.
	RandomizedDelaySec=1day
	# Catch up when an invocation was missed.
	Persistent=true

	[Install]
	WantedBy=timers.target

	# Run letsrenew timer
	sudo systemctl daemon-reload
	sudo systemctl start letsrenew.timer
	sudo systemctl enable letsrenew.timer
	# In this guide, the server is hosted by Linode and with Fedora 27 server as OS.
	# Register a freenode nick name by following https://freenode.net/kb/answer/registration
	# ZNC setup needs this information
	sudo dnf -y update
	# Follow docker installation doc https://docs.docker.com/install/linux/docker-ce/fedora/#os-requirements
	sudo dnf remove docker \
	docker-client \
	docker-client-latest \
	docker-common \
	docker-latest \
	docker-latest-logrotate \
	docker-logrotate \
	docker-selinux \
	docker-engine-selinux \
	docker-engine

	sudo dnf -y install dnf-plugins-core
	sudo dnf config-manager \
	--add-repo \
	https://download.docker.com/linux/fedora/docker-ce.repo
	sudo dnf -y install docker-ce

	# Download znc docker image from https://hub.docker.com/r/library/znc/
	sudo docker pull znc
	# Run znc --makeconf to setup znc and save configuration files to volume znc-cfg
	sudo docker run -it -v znc-cfg:/znc-data znc --makeconf
	# Please follow https://wiki.znc.in/Introduction to configure znc

	# To enable SSL, a certificate has to be generated
	# By defulat, the znc will generate a self-signed cert, but it's not trusted by public CA
	# Apply and obtain a "real" certificate from Let's Encrypt

	# Install Certbot to obtain a certification
	sudo dnf install -y certbot
	sudo certbot certonly --standalone --preferred-challenges http -d irc.henrywang.org
	# All generated keys and issued certificates can be found in /etc/letsencrypt/live/irc.henrywang.org
	sudo cat /etc/letsencrypt/live/irc.henrywang.org/{privkey,cert,chain}.pem > /tmp/znc.pem
	sudo docker cp /tmp/znc.pem znc:/znc-data
	sudo docker rm -f znc
	sudo docker run -d --name znc -p 6697:6697 -v znc-cfg:/znc-data znc
	sudo rm -f /tmp/znc.pem

	# ISSUES AND SOLUTIONS
	# For MacOS, the CA cert needs to be configured to verify znc certificate signed by Let's Encrypt
	# Weechat: /set weechat.network.gnutls_ca_file "/usr/local/etc/openssl/cert.pem"
	# ZNC doc resource:
	# https://github.com/znc/znc#setting-up-zncconf
	# https://wiki.znc.in/Using_commands

	# Weechat: /msg status help #Generate a status channel, the following znc command can be run in this channel
	# Weechat: /go *status

	# How to use SASL to login freenode
	# Weechat: /go *status
	# Weechat: LoadMod sasl
	# Weechat: Saveconfig
	# Weechat: /query *status
	# Weechat: /go *sasl
	# Configure sasl by following http://wiki.znc.in/Sasl#example