1. Introduction
Here, I provide a short tutorial on how to install a low-cost, light-weight, open-source, cross-platform, anonymous, secure, self-hosted social network based on Internet Relay Chat (IRC) technology [1] using DOCKER containers [2]. The current software stack provides a low-cost solution to build a social network with anonymity for clients and servers (via the Tor network [3]) and encryption for the client-server connection (via Transport Layer Security (TLS) [4] or via Tor hidden services). In addition, encryption for the end-to-end (client-to-client) connection [5] can be applied with an appropriate IRC client.
For example, a small server (eg 2 virtual CPUs, 2 GB Memory, 150Mbit/sec bandwidth) will be able to serve several thousands of users who are chatting simultaneously (text-only) on hundreds of channels. Such a small server is safely estimated to be able to handle about 15,000 simultaneous IRC users using external IRC clients [15]. These features make this technology easily accessible to civil political (“grassroots”) movements with little budget, especially in the Global South.
The name “AEREEnet” alludes to “aerie”, which refers to an eagle’s nest, as a metaphor for a remote place, which is hidden in the mountains and cannot be reached by others. “Eagle” is also phonetically similar to the author’s last name. The different spelling should make the term more easily searchable and the domain was cheaper and free 🙂 . “AEREEnet” is spelled in one word (ie not as “aeree.net”) because it stands for the overall open-source software architecture, ie configuration of Docker containers, and not only for the domain at https://aeree.net. The code is open-source and freely available under the GNU Public License (V3.0) [13].
IRC Server (Demo):
- Clearnet (Use Standard Browser!): https://aeree.net
- Darknet (Use Tor Browser!): yi5dvnkqev4gsbcy6wdaa4udhlqhsvcnq3nylxnjfratnlhpu7bz7aid.onion
Important! This demo server has a “hybrid” configuration with a “clearnet” and a “darknet” address. This setup was selected to demonstrate the available options to configure a social network as “clearnet” or “darknet” server on a single demo server. However, this means that the darknet (.onion) address is not hidden anymore, but identifiable via its clearnet (IP) address. For “real life” applications, an administrator should chose either the configuration as a either “clearnet” or “darknet” server.
The following list contains all tutorials in the AEREEnet tutorial series:
- [Users, Tutorial] Igl, W (2025). AEREEnet: Using a low-cost, light-weight, scalable, anonymous, secure social network – A Short Tutorial for IRC Users. https://biosphere.wilmarigl.de/en/?p=4776
- [Admins, Short tutorial] Igl, W. (2025). AEREEnet: Creating a low-cost, light-weight, scalable, anonymous, secure social network – A Short Tutorial for Admins. https://biosphere.wilmarigl.de/en/?p=4654
- [Admins, Complete Tutorial] Igl, W. (2025). AEREEnet: Creating a low-cost, light-weight, scalable, anonymous, secure social network – A Complete Tutorial for Admins. https://biosphere.wilmarigl.de/en/?p=4559
2. Installation
The following installation is based on installation scripts for LINUX operating systems, however, the basic configuration files for the Docker containers are applicable on all platforms, for which Docker services are available. Installation scripts may be provided for other operating systems (eg, Windows, Mac, Android, iOS) in the future.
Clearnet is a term that typically refers to the publicly accessible Internet which is composed of web pages and databases that are indexed by traditional search engines. The clearnet is mostly based on the World Wide Web, in which information is shared the http(s) protocol. It can be further categorized in the “surface web“, which is accessible to anyone using the Internet, and the “deep web“, which is only accessible by a direct (cryptographic) URL or IP address and may require a password or other security information to access actual content, eg bank services or paywalled newspapers.
Darknet is a term that refers to an overlay network within the Internet that can only be accessed with specific software, configurations, or authorization, and often uses a unique customized communication protocol, eg the Tor network. While the term “Darknet” is often associated with illegal or immoral activities, it is used here as purely technical term to describe that alternative protocols for data transmission are used.
Hybridnet is no official term, but used in this tutorial to describe servers which serve both the Clearnet and the Darknet.
2.1 “Darknet” server Installation [Primary Recommendation]
2.1.1 Requirements
The following requirements should have been met to successfully install the AEREEnet (Darknet):
- You have opened these ports in your firewall and/or used port-forwarding for these ports in your router:
- 80 (http/Tor), 443 (https)
- 6697 (IRC/TLS), 9000(TheLounge)
- 9050 (Tor)
2.1.2 Installation
The following two lines of code will download the required Docker images for the require software (ie, “Caddy” web server, “ERGO” IRC server, “TheLounge” IRC client, and “Tor” server) and configure and run the corresponding Docker containers. The complete procedure is expected to take <10 minutes and will download about 295MB of software.
# Download the Docker Container Configuration Code
SERVER> cd ~; git clone https://wiliglpm@bitbucket.org/wiliglpm/aereenet.git
# Run Docker Container Installation Script
SERVER> bash ~/aereenet/11_AEREENET_DARKNET_INSTALL.sh
2.1.3 Documentation
The installation script will inform the user about the progress of the download and installation process, set a safe admin(istrator)/oper(ator) password for the IRC server, retrieve the darknet (.onion) address and document the basic server configuration (including IRC admin password) in the log output in the terminal window. This information should be stored safely, eg in a password manager. You can automatically create a copy of the install log (including admin password!) in a text file in your home folder (outside the version-controlled ~/aereenet/ folder!) with the following installation command (replacing the corresponding command above):
SERVER>bash ~/aereenet/11_AEREENET_DARKNET_INSTALL.sh | tee ~/11_AEREENET_DARKNET_INSTALL_$(date '+%Y%m%d_%H%M%S').log
2.1.4 Data Privacy Information
To have high-level anonymity of clients (users) and server (admin) and high-level security of the client-server connections, the “darknet” installation is recommended. This installation is expected to provide a high level of safety for users in regions with a high risk of intrusion by individual, corporate-type or state-type hackers. Anonymity or security may be corrupted if the randomly chosen server in the Tor network where the client-server connection is made (the “rendezvous point”) is under control of an attacker, eg hostile admin or intruding hacker. However, this is considered a highly complex and unlikely scenario. Since the inception of the Tor network, there has been no publicly verified evidence reported of such systematic attacks, although targeted attacks on specific users cannot completed excluded. Personally I would assume that – considering the complexity of such attacks – such attacks would only be plausible and motivated for high-profile activists, like Julian Assange or Edward Snowden, or serious crime organizations. Additional security measures can be taken by using end-to-end-encryption with suitable clients and algorithms, eg HexChat (FiSH). More information is given in section 4 below.
2.2 “Clearnet” Server Installation [Secondary Recommendation]
2.2.1 Requirements
The following requirements should have been met to successfully install the AEREEnet (Clearnet):
- You have opened these ports in your firewall and/or used port-forwarding for these ports in your router:
- 80 (http/Tor), 443 (https)
- 6697 (IRC/TLS), 9000(TheLounge)
- 9050 (Tor)
- You have registered an internet address, eg https://aeree.net.
- You have created a Type A record pointing at the IP address of your server.
- You have replaced the default domain ‘aeree.net’ in the file (~/aereenet/caddy/Caddyfile_clearnet).
2.2.2 Installation
The following two lines of code will download the required Docker images for the require software (ie, “Caddy” web server, “ERGO” IRC server, “TheLounge” IRC client, and “Tor” server) and configure and run the corresponding Docker containers. The complete procedure is expected to take <10 minutes and will download about 295MB of software.
# Download the Docker Container Configuration Code
SERVER> cd ~; git clone https://wiliglpm@bitbucket.org/wiliglpm/aereenet.git
# Run Docker Container Installation Script
SERVER> bash ~/aereenet/21_AEREENET_CLEARNET_INSTALL.sh
2.2.3 Documentation
The installation script will inform the user about the progress of the download and installation process, set a safe admin(istrator)/oper(ator) password for the IRC server, and document the basic server configuration (including IRC admin password) in the log output in the terminal window. This information should be stored safely, eg in a password manager. You can automatically create a copy of the install log (including admin password!) in a text file in your home folder (outside the version-controlled ~/aereenet/ folder!) with the following installation command (replacing the corresponding command above):
SERVER>bash ./aereenet/21_AEREENET_CLEARNET_INSTALL.sh | tee ~/21_AEREENET_CLEARNET_INSTALL_$(date '+%Y%m%d_%H%M%S').log
2.2.4 Data Privacy Information
To have basic-level anonymity for clients (users) and for the server (admin), but high-level security of the client-server connections, the “clearnet” installation is recommended. Users and admin will still have some anonymity against other users by using anonymous nicknames (user names) and by their hidden (“cloaked”) IP addresses from other users, but an admin or cloud/internet providers may still be able to track down IP addresses of users and the internet (IP) address and location will be available. This installation is expected to provide basic safety for users in regions with strong civil liberties and data privacy rights, but state-level actors with search warranties will technically be able to identify the server, admin and get the meta-data (ie, connection data).
2.3 “Hybridnet” Server Installation [Demo only]
2.3.1 Requirements
The following requirements should have been met to successfully install the AEREEnet (Hybridnet):
- You have opened these ports in your firewall and/or used port-forwarding for these ports in your router:
- 80 (http/Tor), 443 (https)
- 6697 (IRC/TLS), 9000(TheLounge)
- 9050 (Tor)
- You have registered an internet address, eg https://aeree.net.
- You have created a Type A record pointing at the IP address of your server.
- You have replaced the default domain ‘aeree.net’ in the file (~/aereenet/caddy/Caddyfile_clearnet).
2.3.2 Installation
# Download the Docker Container Configuration Code
SERVER> cd ~; git clone https://wiliglpm@bitbucket.org/wiliglpm/aereenet.git
# Run Docker Container Installation Script
SERVER> bash ~/aereenet/31_AEREENET_HYBRIDNET_INSTALL.sh
2.3.3 Documentation
The installation script will inform the user about the progress of the download and installation process, set a safe admin(istrator)/oper(ator) password for the IRC server, and document the basic server configuration (including IRC admin password) in the log output in the terminal window. This information should be stored safely, eg in a password manager. You can automatically create a copy of the install log (including admin password!) in a text file (with time stamp) in your home folder (outside the version-controlled ~/aereenet/ folder!) with the following installation command (replacing the corresponding command above):
SERVER> bash ./aereenet/31_AEREENET_HYBRIDNET_INSTALL.sh | tee ~/31_AEREENET_HYBRIDNET_INSTALL_$(date '+%Y%m%d_%H%M%S').log
2.3.4 Data Privacy Information
To demonstrate the features of the “darknet” and “clearnet” on a single server, the “hybridnet” installation can be used for demonstration purposes only. It provides at least the same data safety features as the “clearnet” installation.
Additionally, users may connect with a Tor Browser to the “darknet” (.onion) address with high-level anonymity for users.
However, the hybrid design may lead to potential misunderstandings of users assuming to be anoymous by connecting to the “clearnet” address with a standard internet browser. Therefore, to protect users from potentially compromising their safety, the “hybridnet” installation is only recommended for demo purposes.
3. De-Installation
The Deinstallation scripts will:
- stop the Docker containers
- remove the Docker containers
- remove the Docker images
- remove the Docker volumes (ie, virtual folders)
- remove the Docker networks
- archive the current Docker container configuration in the “~/aereenet/” folder into a compressed archive “~/aereenet_yyyymmdd_hhmmss.tar.gz” .
- keep the current folder with the Docker configuration in the “~/aereenet/” folder
To avoid accidentally removing the AEREENET installation, the script contains an interactive safety check request.
3.1 “Darknet” server De-Installation
# Run Docker Container De-Installation Script
SERVER> cd ~; bash ~/aereenet/12_AEREENET_DARKNET_DEINSTALL.sh
3.2 “Clearnet” server De-Installation
# Run Docker Container De-Installation Script
SERVER> cd ~; bash ~/aereenet/22_AEREENET_CLEARNET_DEINSTALL.sh
3.3 “Hybridnet” server De-Installation
# Run Docker Container De-Installation Script
SERVER> cd ~; bash ~/aereenet/22_AEREENET_CLEARNET_DEINSTALL.sh
References
[1] https://en.wikipedia.org/wiki/IRC
[2] https://en.wikipedia.org/wiki/Docker_(software)
[3] https://en.wikipedia.org/wiki/Tor_(network)
[4] https://en.wikipedia.org/wiki/Transport_Layer_Security
[5] https://en.wikipedia.org/wiki/End-to-end_encryption
[6] https://caddyserver.com
[7] https://ergo.chat
[8] https://thelounge.chat
[9] https://github.com/leplusorg/docker-tor
[10] https://hexchat.github.io
[11] https://weechat.org
[12] Prompt “Assume a server with 2GB of memory and a bandwidth of 150Mbit/second, which runs a minimal Linux operating System, such as Alpine Linux, an IRC server, eg ERGO chat, and an IRC web client, eg TheLounge. All connections use TLS encryption. Questions: 1) How much memory is available for handling Internet Relay Chat (IRC) traffic, if the web client is not used by any users? How many IRC users can simultaneously be active on such a server? 2) How much memory is available for handling Internet Relay Chat (IRC) traffic, if the web client is used by all users? How many IRC users can simultaneously be active on such a server?”, Retrieved 2025-01-28 from https://chatgpt.com.
[13] https://www.gnu.org/licenses/gpl-3.0.en.html
[14] Prompt “Have rendezvous points for hidden services in the Tor network been corrupted since the beginning of the Tor network risking user privacy?”, Retrieved 2015-02-02, from https://chatgpt.com
[15] Igl, W. (2025). Estimation of capacity for IRC users of an IRC server based on memory usage and bandwith using ChatGPT. https://biosphere.wilmarigl.de/en/?p=4705
[16] https://en.wikipedia.org/wiki/Fish_(cryptography)
[17] https://en.wikipedia.org/wiki/Pretty_Good_Privacy
[18] https://learn.microsoft.com/en-us/windows/wsl/install
[19] https://www.otakubox.de/irc/connect/tor/