WeeChat version 0.4.2 or higher is required—we recommend at least 1.0.
-To start using Glowing Bear, follow the instructions below to set up an encrypted relay.
- The communication goes directly between your browser and your WeeChat relay and is fully encrypted. We never see any of your data or your password, and you don't need to trust a "cloud". All settings, including your password, are saved locally in your own browser between sessions. -To start using Glowing Bear, follow the instructions below to set up an encrypted relay. All communication goes directly between your browser and your WeeChat relay! This means that your server must be accessible. We never see any of your data or your password, and you don't need to trust a "cloud". All settings, including your password, are saved locally in your own browser between sessions.
+When using encryption, all communication between your browser and WeeChat will be securely encrypted with TLS. This means that you have to set up a certificate. While it's possible to use a self-signed cert, we recommend against it, because it's handled poorly in browsers, and may not work at all on mobile devices. If you don't already have a certificate for your domain (or you don't have a domain), we strongly encourage you to get a certificate from Let's Encrypt—it's free and easy. We'll walk you through it.
+If you don't have a domain you can get a free subdomain from providers such as afraid. You'll want to set up an 'A' record to your server's IP address, and quite possibly an AAAA record to its IPv6 address. These might take a few hours to propagate, if the steps below don't work right away, try again in a few hours.
+Getting a certificate is easy. You'll need certbot—just follow the encryptions at https://certbot.eff.org. If you're not serving webpages on the same server or are unsure, select "none of the above" (if you are, you can probably use that webserver to proxy your relay, and skip this—check out the instructions in our Wiki). Next, get the certificate with certbot certonly --standalone -d {{ settings.host || your.domain.com }} and follow the instructions.
Nearly done! Now you just need to copy the files into place. To do that, use the following commands, replacing the username placeholder with your actual username:
+mkdir -p ~username/.weechat/ssl
+cat /etc/letsencrypt/live/{{ settings.host || your.domain.com }}/{fullchain,privkey}.pem > ~username/.weechat/ssl/relay.pem
+chown -R username:username ~username/.weechat/ssl/
+ Once you've got the certificate and moved it in place, you can set up an encrypted relay on port {{ settings.port || 9001 }} with these WeeChat commands:
+
+/set relay.network.password y0ur_StRonG-pa$sw0rd:of*choice
+/relay sslcertkey
+/relay add ssl.weechat {{ settings.port || 9001 }}
+
+ Your certificate needs to be renewed every couple of months. Either follow the instructions for automatic renewal at https://certbot.eff.org, or run certbot renew manually when renewal is due. Important: You'll need to follow the instructions for copying the certificate to the right place again, and re-run /relay sslcertkey in WeeChat.
By default, all communication between your browser and WeeChat will be encrypted with TLS. This means that you have to set up a certificate. While it's possible to use a self-signed cert, we recommend against it, because it's handled poorly in browsers, and may not work at all on mobile devices. If you don't already have a certificate for your domain (or you don't have a domain), we strongly encourage you to get a certificate from Let's Encrypt—it's free and easy. We'll walk you through it.
-If you don't have a domain you can get a free subdomain from providers such as afraid. You'll want to set up an 'A' record to your server's IP address, and quite possibly an AAAA record to its IPv6 address. These might take a few hours to propagate, if the steps below don't work right away, try again in a few hours.
-Getting a certificate is easy. You'll need certbot—just follow the encryptions at https://certbot.eff.org. If you're not serving webpages on the same server or are unsure, select "none of the above" (if you are, you can probably use that webserver to proxy your relay, and skip this—check out the instructions in our Wiki). Next, get the certificate with certbot certonly --standalone -d {{ settings.host || your.domain.com }} and follow the instructions.
Nearly done! Now you just need to copy the files into place. To do that, use the following commands, replacing the username placeholder with your actual username:
-mkdir -p ~username/.weechat/ssl
-cat /etc/letsencrypt/live/{{ settings.host || your.domain.com }}/{fullchain,privkey}.pem > ~username/.weechat/ssl/relay.pem
-chown -R username:username ~username/.weechat/ssl/
- Once you've got the certificate and moved it in place, you can set up an encrypted relay on port {{ settings.port || 9001 }} with these WeeChat commands:
-
-/set relay.network.password y0ur_StRonG-pa$sw0rd:of*choice
-/relay sslcertkey
-/relay add ssl.weechat {{ settings.port || 9001 }}
-
- Your certificate needs to be renewed every couple of months. Either follow the instructions for automatic renewal at https://certbot.eff.org, or run certbot renew manually when renewal is due. Important: You'll need to follow the instructions for copying the certificate to the right place again, and re-run /relay sslcertkey in WeeChat.