Weechat IRC client – unattended relay

chat icon

Coming from irssi, getting accustomed to weechat was not that difficult as both these IRC clients are very robust and works on a terminal directly. Weechat adds a nifty feature which is not supported by irrsi so far which made me to make this transformation at the first place.

Few words about weechat:

From the wiki, “WeeChat (Wee Enhanced Environment for Chat) is a free and open-source Internet Relay Chat client, which is designed to be light and fast. 

The client uses a curses frontend, and there are remote interfaces for Web, Qt, Android and Emacs.

In WeeChat everything can be done with a keyboard, though it also supports mouse. It is customizable and extensible with plugins and scripts.” In addition to that, it also supports SSL connections, Proxy connections Scripting support for various languages such as Perl, Python, Ruby, Tcl, Ruby etc. You can check out full feature list at weechat website or wiki.

Case Scenario:

One server (normally a VPS) runs weechat in a nifty utility called screen, this instance of weechat being a relay so that it accepts connections from anywhere around the world. You (being at the client end) and not on the server directly, connects to this relay and use weechat just like it is running on your own system.

Reason: If your ISP blocks connection to IRC or if you are at your work place where connection to IRC is blocked, then this setup will surely work for you and at the same time makes sure that your actual IP (work pace or ISP) does not show up in IRC logs, the IP will be of your server where this instance of weechat is running. As a server administrator, we love IRC because we can share different ideas on different technologies, that too in different channels. It is important to mention here that although IRC is very useful, it is also very dangerous. Dangerous in terms of network hacking, system crashing etc. IRC, for a layman is an invite to a hacking attempt but if you know how to use it, there is nothing better than this.

Configuring WeeChat for Relay:

This is time to configure the setup. Follow the steps mentioned below:

1. First, install two following programs called ‘screen‘ and ‘weechat‘:

# yum install screen -y
# yun install weechat -y

2. Run weechat in the screen program so that even if you quit the SSH session, weechat will be running in the background. Important point to keep in mind here is to run the weechat as normal user and not as ‘root’ for security reasons:

# su - username
$ screen && weechat

3. Following command must be run inside weechat to configure the setup properly and not on shell/terminal itself:

/set weechat.network.gnutls_ca_file "/etc/pki/tls/certs/ca-bundle.crt"
/set irc.server.freenode.ssl_dhkey_size 1024
/set weechat.network.gnutls_ca_file "/etc/pki/tls/certs/ca-bundle.crt"
/set irc.server.freenode.addresses "chat.freenode.net/7000"
/set irc.server.freenode.ssl on
/set irc.server.freenode.ssl_dhkey_size 1024
/connect freenode

Some changes: /etc/pki/tls/certs/ca-bundle.crt” is the path to ca-certificates bundle package. If you do not have them installed, you can install it as:

# yum install ca-certificates -y

4. Basic configuration is now finished and you should have your weechat configured. It is now time to configure the relay so that you can connect to it using any weechat client, my favorite is “Glowing Bear“. It’s time to configure Glowing Bear to make connection to the weechat relay that we have configured in previous step.

Configuring Glowing Bear for relay connection:

Glowing Bear is my favorite tool to connect to my unattended weechat relay that is running on one of my VPS’s. It is browser based, so any modern browser should be able to run it without any issues. Let’s get it configured:

1. Visit glowing bear homepage which will present a nice and sleek design interface. The relay has not yet been configured, hence we will do that first. To setup relay, head back to weechat window and run the following to add an unencrypted relay:

/set relay.network.password yourpassword
/relay add weechat 9001

2. The above step will run the relay on port 9001 which is not encrypted. To get the connection encrypted, you need to generate the SSL certificates first. On the server shell/terminal (not the weechat window), run the following as normal user:

$ mkdir -p ~/.weechat/ssl
$ cd ~/.weechat/ssl
$ openssl req -nodes -newkey rsa:4096 -keyout relay.pem -x509 -days 365 -out relay.pem -subj "/CN=localhost/"

3. The above step will generate a self-signed SSL certificate which we will make use of in order to encrypt the connection. Next, head over to the weechat window and run the following:

/relay sslcertkey
/relay add ssl.weechat 8000

4. Now your relay is configured and that too encrypted. You can check from the server shell (not weechat) if any service is running on port 8000 using:

# lsof -i:8000

Having said that, everything is in place and now there is only one minor thing to take care of: before trying to connect, you actually need to accept the self signed certificate manually in order to connect to your relay. This is something browser specific and not an issue with either weechat or glowing bear. If you have already opened up the glowing bear homepage, click on “Encryption instructions” and you will see the reason.

Head over to a browser (Chrome or Firefox) and access: https://yoursiteURL.xxx:8000 and accept the certificate. Then try to connect using glowing bear’s homepage (Connection Settings).

1. “localhost” should be replaced with your own URL/IP of VPS on which this relay has been configured.

2. Port number ‘9001’ should be replaced with ‘8000’ as we are running encrypted connection there.

3. “WeeChat relay password” is the one which we used at the time of relay configuration.

If you face any issues or have any queries, you are most welcome to leave a comment below!

Leave a Reply

Your email address will not be published. Required fields are marked *