Context Navigation

soju.1.scd@ 556

Last change on this file since 556 was 556, checked in by contact, 4 years ago
doc/soju.1: explain http-origin defaults
File size: 9.4 KB

Rev	Line
[169]	1	soju(1)
	2
	3	# NAME
	4
	5	soju - IRC bouncer
	6
	7	# SYNOPSIS
	8
	9	soju [options...]
	10
	11	# DESCRIPTION
	12
	13	soju is a user-friendly IRC bouncer. It connects to upstream IRC servers on
	14	behalf of the user to provide extra features.
	15
	16	- Multiple separate users sharing the same bouncer, each with their own
	17	upstream servers
	18	- Clients connecting to multiple upstream servers via a single connection to
	19	the bouncer
	20	- Sending the backlog (messages received while the user was disconnected from
	21	the bouncer), with per-client buffers
	22
	23	When joining a channel, the channel will be saved and automatically joined on
	24	the next connection. When registering or authenticating with NickServ, the
	25	credentials will be saved and automatically used on the next connection if the
[284]	26	server supports SASL. When parting a channel with the reason "detach", the
	27	channel will be detached instead of being left.
[169]	28
[214]	29	When all clients are disconnected from the bouncer, the user is automatically
	30	marked as away.
	31
[169]	32	soju supports two connection modes:
	33
	34	- Single upstream mode: one downstream connection maps to one upstream
	35	connection. To enable this mode, connect to the bouncer with the username
	36	"<username>/<network>". If the bouncer isn't connected to the upstream
	37	server, it will get automatically added. Then channels can be joined and
	38	parted as if you were directly connected to the upstream server.
	39	- Multiple upstream mode: one downstream connection maps to multiple upstream
	40	connections. Channels and nicks are suffixed with the network name. To join
	41	a channel, you need to use the suffix too: _/join #channel/network_. Same
	42	applies to messages sent to users.
	43
[190]	44	For per-client history to work, clients need to indicate their name. This can
	45	be done by adding a "@<client>" suffix to the username.
	46
[475]	47	soju will reload the TLS certificate and key when it receives the HUP signal.
	48
[169]	49	# OPTIONS
	50
	51	-h, -help
	52	Show help message and quit.
	53
	54	-config <path>
[264]	55	Path to the config file. If unset, a default config file is used.
[169]	56
	57	-debug
	58	Enable debug logging (this will leak sensitive information such as
	59	passwords).
	60
[317]	61	-listen <uri>
[491]	62	Listening URI (default: ":6697"). Can be specified multiple times.
[169]	63
	64	# CONFIG FILE
	65
	66	The config file has one directive per line.
	67
[368]	68	Example:
	69
	70	```
	71	listen ircs://
	72	tls cert.pem key.pem
	73	hostname example.org
	74	```
	75
	76	The following directives are supported:
	77
[317]	78	listen <uri>
	79	Listening URI (default: ":6697").
[169]	80
[317]	81	The following URIs are supported:
	82
	83	- _[ircs://][host][:port]_ listens with TLS over TCP (default port if
	84	omitted: 6697)
	85	- _irc+insecure://[host][:port]_ listens with plain-text over TCP (default
	86	port if omitted: 6667)
[466]	87	- _unix:///<path>_ listens on a Unix domain socket
[323]	88	- _wss://[host][:port]_ listens for WebSocket connections over TLS (default
	89	port: 443)
	90	- _ws+insecure://[host][:port]_ listens for plain-text WebSocket
	91	connections (default port: 80)
[386]	92	- _ident://[host][:port]_ listens for plain-text ident connections (default
	93	port: 113)
[317]	94
	95	If the scheme is omitted, "ircs" is assumed. If multiple listen
	96	directives are specified, soju will listen on each of them.
	97
[169]	98	hostname <name>
	99	Server hostname (default: system hostname).
	100
	101	tls <cert> <key>
	102	Enable TLS support. The certificate and the key files must be PEM-encoded.
	103
[507]	104	db sqlite3 <path>
	105	Set the SQLite database path (default: "soju.db" in the current directory).
[169]	106
[507]	107	log fs <path>
[264]	108	Path to the bouncer logs root directory, or empty to disable logging. By
	109	default, logging is disabled.
[178]	110
[323]	111	http-origin <patterns...>
	112	List of allowed HTTP origins for WebSocket listeners. The parameters are
	113	interpreted as shell patterns, see glob(7).
	114
[556]	115	By default, only the request host is authorized. Use this directive to
	116	enable cross-origin WebSockets.
	117
[370]	118	accept-proxy-ip <cidr...>
	119	Allow the specified IPs to act as a proxy. Proxys have the ability to
[372]	120	overwrite the remote and local connection addresses (via the X-Forwarded-\*
[426]	121	HTTP header fields). The special name "localhost" accepts the loopback
	122	addresses 127.0.0.0/8 and ::1/128. By default, all IPs are rejected.
[370]	123
[169]	124	# IRC SERVICE
	125
	126	soju exposes an IRC service called BouncerServ to manage the bouncer.
	127	Commands can be sent via regular private messages
	128	(_/msg BouncerServ <command> [args...]_). Commands may be written in full or
	129	abbreviated form, for instance network can be abbreviated as net or just
	130	n.
	131
	132	help [command]
	133	Show a list of commands. If _command_ is specified, show a help message for
	134	the command.
	135
	136	network create -addr <addr> [options...]
[269]	137	Connect to a new network at _addr_. _-addr_ is mandatory.
[169]	138
[269]	139	_addr_ supports several connection types:
[317]	140
[353]	141	- _[ircs://]<host>[:port]_ connects with TLS over TCP
	142	- _irc+insecure://<host>[:port]_ connects with plain-text TCP
[369]	143	- _irc+unix:///<path>_ connects to a Unix socket
[269]	144
	145	Other options are:
	146
[169]	147	-name <name>
	148	Short network name. This will be used instead of _addr_ to refer to the
	149	network.
	150
	151	-username <username>
	152	Connect with the specified username. By default, the nickname is used.
	153
	154	-pass <pass>
	155	Connect with the specified server password.
	156
	157	-realname <realname>
	158	Connect with the specified real name. By default, the nickname is used.
	159
	160	-nick <nickname>
	161	Connect with the specified nickname. By default, the account's username
	162	is used.
	163
[542]	164	-enabled true\|false
	165	Enable or disable the network. If the network is disabled, the bouncer
	166	won't connect to it. By default, the network is enabled.
	167
[524]	168	-connect-command <command>
	169	Send the specified command as a raw IRC message right after connecting
	170	to the server. This can be used to identify to an account when the
	171	server doesn't support SASL.
	172
	173	For instance, to identify with _NickServ_, the following command can be
	174	used:
	175
	176	```
	177	PRIVMSG NickServ :IDENTIFY <password>
	178	```
	179
	180	The flag can be specified multiple times to send multiple IRC messages.
	181	To clear all commands, set it to the empty string.
	182
[361]	183	network update <name> [options...]
	184	Update an existing network. The options are the same as the
	185	_network create_ command.
	186
	187	When this command is executed, soju will disconnect and re-connect to the
	188	network.
	189
[329]	190	network delete <name>
	191	Disconnect and delete a network.
	192
	193	network status
	194	Show a list of saved networks and their current status.
	195
[539]	196	channel status [options...]
	197	Show a list of saved channels and their current status.
	198
	199	Options:
	200
	201	-network <name>
	202	Only show channels for the specified network. By default, only the
	203	channels in the current network are displayed.
	204
[436]	205	channel update <name> [options...]
	206	Update the options of an existing channel.
	207
	208	Options are:
	209
	210	-relay-detached <mode>
	211	Set when to relay messages from detached channels to the user with a BouncerServ NOTICE.
	212
	213	Modes are:
	214
	215	message
	216	Relay any message from this channel when detached.
	217
	218	highlight
	219	Relay only messages mentioning you when detached.
	220
	221	none
	222	Don't relay any messages from this channel when detached.
	223
	224	default
	225	Currently same as highlight. This is the default behaviour.
	226
	227	-reattach-on <mode>
	228	Set when to automatically reattach to detached channels.
	229
	230	Modes are:
	231
	232	message
	233	Reattach to this channel when any message is received.
	234
	235	highlight
	236	Reattach to this channel when any message mentioning you is received.
	237
	238	none
	239	Never automatically reattach to this channel.
	240
	241	default
	242	Currently same as none. This is the default behaviour.
	243
	244	-detach-after <duration>
	245	Automatically detach this channel after the specified duration has elapsed without receving any message corresponding to -detach-on.
	246
	247	Example duration values: 1h30m, 30s, 2.5h.
	248
	249	Setting this value to 0 will disable this behaviour, i.e. this channel will never be automatically detached. This is the default behaviour.
	250
	251	-detach-on <mode>
	252	Set when to reset the auto-detach timer used by -detach-after, causing it to wait again for the auto-detach duration timer before detaching.
	253	Joining, reattaching, sending a message, or changing any channel option will reset the timer, in addition to the messages specified by the mode.
	254
	255	Modes are:
	256
	257	message
	258	Receiving any message from this channel will reset the auto-detach timer.
	259
	260	highlight
	261	Receiving any message mentioning you from this channel will reset the auto-detach timer.
	262
	263	none
	264	Receiving messages from this channel will not reset the auto-detach timer. Sending messages or joining the channel will still reset the timer.
	265
	266	default
	267	Currently same as message. This is the default behaviour.
	268
[361]	269	certfp generate [options...] <network name>
[365]	270	Generate self-signed certificate and use it for authentication (via SASL
	271	EXTERNAL).
[307]	272
[365]	273	Generates a RSA-3072 private key by default.
[307]	274
	275	Options are:
	276
	277	-key-type <type>
	278	Private key algoritm to use. Valid values are: rsa, ecdsa, ed25519.
	279	ecdsa uses NIST P-521 curve.
	280
	281	-bits <bits>
	282	Size of RSA key to generate. Ignored for other key types.
	283
	284	certfp fingerprint <network name>
	285	Show SHA-1 and SHA-256 fingerprints for the certificate
	286	currently used with the network.
	287
[363]	288	sasl set-plain <network name> <username> <password>
	289	Set SASL PLAIN credentials.
	290
[364]	291	sasl reset <network name>
	292	Disable SASL authentication and remove stored credentials.
	293
[329]	294	user create -username <username> -password <password> [-admin]
[331]	295	Create a new soju user. Only admin users can create new accounts.
[329]	296
[525]	297	user delete <username>
	298	Delete a soju user. Only admins can delete accounts.
	299
[320]	300	change-password <new password>
	301	Change current user password.
	302
[169]	303	# AUTHORS
	304
	305	Maintained by Simon Ser <contact@emersion.fr>, who is assisted by other
	306	open-source contributors. For more information about soju development, see
[321]	307	https://sr.ht/~emersion/soju.

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format