For now, avoid setting up the web server on port 31337. We will instead use [relayd](/relayd/acceleration) so that the web server can viewed on the default port for https: port 443. ## Configuring SSL In order to provide SSL for the bouncer, you must first configure [OpenHTTPd](openhttpd/configure) and request a certificate with [acme-client](/acme-client/configure). In order to provide SSL for the bouncer, you must first configure [OpenHTTPd](openhttpd/configure) and request a certificate with [acme-client](/acme-client/configure). AllowIRC = false AllowWeb = true Host = 127.0.0.1 IPv4 = true IPv6 = false Port = 1338 SSL = false URIPrefix = / Please read the [ZNC wiki](/https://wiki.znc.in/Configuration) to understand the meaning of each option. You will need to replace `bnc.example.com` with your actual hostname. In the listeners, you need to replace `192.168.1.1` and `2001:db8::` with your server's [public IPv4 and IPv6 address](/IP/myaddress). **NOTE**: Do **not** replace `127.0.0.1`. This is [localhost](/localhost/intro) and must not be changed. It's recommended to keep the ports 1337 for plaintext, 31337 for SSL, and 1338 for web. This convention is followed on the public servers on IRCNow. Note that znc binds to port 1338 without SSL for the web server. We later use [relayd](/openbsd/relayd) to provide TLS acceleration on port 443. ## Packet Filter If [packet filter](/pf/intro) is set to deny all incoming connects, you can add this rule to /etc/pf.conf: pass in log quick proto tcp to port {http https} keep state (max-src-conn 300, max-src-conn-rate 300/60) #relayd web pass in log quick proto tcp to port {1337 31337} keep state (max 3000, max-src-conn 300) #bnc To load the new ruleset: # pfctl -f /etc/pf.conf ## Web Panel While you are at it, you will want to redirect any plaintext requests to the webpanel on port 80 to use SSL on port 443. Add this to /etc/httpd.conf: server "bnc.example.com" { listen on * port 80 location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } location * { block return 302 "https://$HTTP_HOST$REQUEST_URI" } } Go ahead and reboot the web server: $ doas rcctl restart httpd ## Control Panel See [[znc/usage]] for help on how to use the controlpanel. ## Troubleshooting