Providing TLS for Ngircd
Before you can enable TLS for ngircd, you must first have a properly-signed SSL cert.
Check to see if you have the following two files:
You will, of course, need to replace example.com with your actual hostname.
Copying the cert and key
We'll need to copy the cert and key into /etc/ngircd/
$ doas cp /etc/ssl/example.com.fullchain.pem /etc/ngircd/ $ doas cp /etc/ssl/private/example.com.key /etc/ngircd/
In /etc/ngircd/ngircd.conf, change the following lines in the [SSL] block:
# SSL Server Key Certificate CertFile = /etc/ngircd/example.com.fullchain.pem ... # SSL Server Key KeyFile = /etc/ngircd/example.com.key ... # Additional Listen Ports that expect SSL/TLS encrypted connections Ports = 6697, 9999, 16697
Optional: If you want to have a DHFile,
$ doas openssl dhparam -out /etc/ngircd/dhparams.pem 2048 $ doas chown _ngircd:_ngircd /etc/ngircd/dhparams.pem
DHFile = /etc/ngircd/dhparams.pem in /etc/ngircd/ngircd.conf.