=== Badwolf Web IRC Client - Configuration Guide === Version: 5.2.0 Last Updated: January 18, 2026 === Table of Contents === 1. WordPress Plugin Configuration 2. UnrealIRCd Server Configuration 3. SSL/TLS Certificate Setup 4. Advanced Configuration Options 5. Security Considerations ================================================================================ 1. WORDPRESS PLUGIN CONFIGURATION ================================================================================ After activating the plugin, navigate to: WordPress Admin → Settings → Badwolf Web IRC Client --- Required Settings --- WebSocket URL: • Format: wss://irc.yourdomain.com:7443 • Must use wss:// (secure WebSocket) for production • Port must match your UnrealIRCd WebSocket listener • Example: wss://irc.example.com:7443 Default Channel: • IRC channel users will join automatically • Can include or omit the # symbol • Example: #general or general • Must be a valid IRC channel name --- Optional Settings --- Nickname Prefix: • Prefix for auto-generated nicknames • Random numbers will be appended • Example: guest → guest1234 • Default: supportguest Real Name: • Default real name shown in IRC • Visible in /WHOIS queries • Example: Web IRC User • Default: Web IRC User Theme: • Light or Dark theme • Can be overridden per shortcode • Default: light Auto Connect: • Yes: Connect automatically when page loads • No: User must click to connect • Default: Yes --- Shortcode Usage --- Basic shortcode: [web_irc_client] With custom attributes: [web_irc_client theme="dark" width="100%" height="600px"] Available attributes: • theme: "light" or "dark" • width: Any CSS width value (100%, 800px, etc.) • height: Any CSS height value (70vh, 500px, etc.) ================================================================================ 2. UNREALIRCD SERVER CONFIGURATION ================================================================================ --- Minimum Requirements --- UnrealIRCd Version: 6.0.0 or higher Modules Required: websocket, webserver --- Load Required Modules --- Add to your unrealircd.conf: loadmodule "websocket"; loadmodule "webserver"; --- WebSocket Listener Configuration --- Basic WebSocket with TLS (Recommended): listen { ip *; port 7443; options { tls; websocket; } tls-options { certificate "/path/to/fullchain.pem"; key "/path/to/privkey.pem"; options { no-client-certificate; } } } Multiple Ports Configuration: Regular IRC with TLS listen { ip *; port 6697; options { tls; } tls-options { certificate "/path/to/fullchain.pem"; key "/path/to/privkey.pem"; } } WebSocket with TLS listen { ip *; port 7443; options { tls; websocket; } tls-options { certificate "/path/to/fullchain.pem"; key "/path/to/privkey.pem"; options { no-client-certificate; } } } Plain IRC (not recommended for production) listen { ip *; port 6667; } --- Important Notes --- 1. Always use TLS (wss://) for production environments 2. Certificate paths must be absolute paths 3. UnrealIRCd user must have read access to certificate files 4. After config changes, restart UnrealIRCd (not just rehash) --- Restart UnrealIRCd --- cd /path/to/unrealircd ./unrealircd restart --- Verify Configuration --- Check if UnrealIRCd is running ps aux | grep unrealircd Check if port is listening sudo netstat -tlnp | grep 7443 Check logs for errors tail -f /path/to/unrealircd/logs/ircd.log ================================================================================ 3. SSL/TLS CERTIFICATE SETUP ================================================================================ --- Using Let's Encrypt (Recommended) --- Step 1: Install Certbot Debian/Ubuntu sudo apt-get update sudo apt-get install certbot CentOS/RHEL sudo yum install certbot Step 2: Obtain Certificate Standalone method (requires port 80 to be free) sudo certbot certonly --standalone -d irc.yourdomain.com Webroot method (if you have a web server running) sudo certbot certonly --webroot -w /var/www/html -d irc.yourdomain.com Step 3: Copy Certificates to UnrealIRCd sudo cp /etc/letsencrypt/live/irc.yourdomain.com/fullchain.pem /path/to/unrealircd/conf/tls/ sudo cp /etc/letsencrypt/live/irc.yourdomain.com/privkey.pem /path/to/unrealircd/conf/tls/ Step 4: Set Correct Permissions sudo chown unrealircd:unrealircd /path/to/unrealircd/conf/tls/*.pem sudo chmod 600 /path/to/unrealircd/conf/tls/privkey.pem sudo chmod 644 /path/to/unrealircd/conf/tls/fullchain.pem Step 5: Restart UnrealIRCd cd /path/to/unrealircd ./unrealircd restart --- Auto-Renewal Setup --- Create renewal hook script: sudo nano /etc/letsencrypt/renewal-hooks/deploy/copy-to-unrealircd.sh Add this content (adjust paths): #!/bin/bash cp /etc/letsencrypt/live/irc.yourdomain.com/fullchain.pem /path/to/unrealircd/conf/tls/ cp /etc/letsencrypt/live/irc.yourdomain.com/privkey.pem /path/to/unrealircd/conf/tls/ chown unrealircd:unrealircd /path/to/unrealircd/conf/tls/*.pem chmod 600 /path/to/unrealircd/conf/tls/privkey.pem chmod 644 /path/to/unrealircd/conf/tls/fullchain.pem /path/to/unrealircd/unrealircd rehash Make it executable: sudo chmod +x /etc/letsencrypt/renewal-hooks/deploy/copy-to-unrealircd.sh Test auto-renewal: sudo certbot renew --dry-run --- Using Self-Signed Certificates (Testing Only) --- Generate self-signed certificate: cd /path/to/unrealircd/conf/tls openssl req -x509 -newkey rsa:4096 -keyout privkey.pem -out fullchain.pem -days 365 -nodes Note: Self-signed certificates will show browser warnings and are NOT recommended for production. ================================================================================ 4. ADVANCED CONFIGURATION OPTIONS ================================================================================ --- Connection Limits --- In unrealircd.conf, adjust connection limits: class clients { pingfreq 90; maxclients 1000; sendq 200k; recvq 8000; } allow { mask *; class clients; maxperip 15; # Max connections per IP } --- Channel Configuration --- Set default channel modes: set { modes-on-join "+nt"; # No external messages, topic protection } --- Anti-Flood Settings --- Configure flood protection: set { anti-flood { connect-flood 3:60; # 3 connections per 60 seconds } } --- WebSocket-Specific Settings --- If you need to adjust WebSocket behavior, check UnrealIRCd documentation: https://www.unrealircd.org/docs/WebSocket_support ================================================================================ 5. SECURITY CONSIDERATIONS ================================================================================ --- Essential Security Measures --- 1. ALWAYS use TLS (wss://) in production - Never use ws:// (unencrypted) for public-facing sites - Browsers may block non-secure WebSocket connections 2. Use valid SSL certificates - Let's Encrypt provides free, trusted certificates - Self-signed certificates cause browser warnings 3. Keep certificates up to date - Set up auto-renewal - Monitor certificate expiration 4. Firewall Configuration - Only open necessary ports - Consider IP whitelisting for admin access 5. Regular Updates - Keep UnrealIRCd updated - Keep WordPress and plugin updated - Monitor security advisories --- Firewall Rules --- Allow WebSocket port: UFW sudo ufw allow 7443/tcp iptables sudo iptables -A INPUT -p tcp --dport 7443 -j ACCEPT sudo iptables-save --- Connection Rate Limiting --- Use UnrealIRCd's built-in connection throttling: set { connthrottle { new-users { local-throttle 20:60; global-throttle 30:60; } } } --- Monitoring --- Monitor UnrealIRCd logs regularly: tail -f /path/to/unrealircd/logs/ircd.log Check for: • Failed connection attempts • Certificate warnings • Unusual activity patterns ================================================================================ For more information and support: • GitHub: https://github.com/badwolf1972/web-irc-client • UnrealIRCd Docs: https://www.unrealircd.org/docs/ • WordPress Support: https://wordpress.org/support/plugin/badwolf-web-irc-client/