This is an opinionated guide on setting up The Lounge, a self-hosted web IRC client. This guide is opinionated as in there are certain choices I've made that work for me and make it easy to set up, migrate, and allows for installation of other services on the same server if desired.
It is an open-source alternative to IRCCloud, which is proprietary and paid. Like IRCCloud, The Lounge acts as a bouncer keeping you connected 24/7 and includes various modern features such as scroll-back, push notifications, file uploads, settings synchronization, a responsive and modern web interface, and multi-user support.
Given that you will be authenticating over the public internet to your IRC bouncer, a TLS certificate is required to prevent against man-in-the-middle attacks. Any service that does not have SSL/TLS is not secure. This guide uses LetsEncrypt as its TLS provider as they are a non-profit that provides TLS certificates for anyone. This guide runs through a wildcard certificate so that you can add other services to your server without having to generate more TLS certificates. LetsEncrypt requires wildcard certificates to be renewed via DNS authentication, and non-wildcard cert domains can be renewed via HTTP authentication.
The Lounge has a dependency on nodejs (among various other things). This guide uses Docker to eliminate any dependency issues and to provide your application an immutable environment. A docker-compose file is a file that uses Docker and includes all the settings needed to re-create your application and setup without any other configuration files. This makes adding other applications to self-host in the future more easily accessible without going through dependency hell.
In order for LetsEncrypt to give you a cert, you need a domain name. Up to you whether you want to pay for yours or not. Either way, ensure you have domain privacy so people can't lookup your domain and find out where you live. Most registrars will include domain privacy complementary when you purchase/renew a domain from them.
There are several registrars I recommend:
| domain name registrar | notes |
|---|---|
| porkbun | I personally like them. |
| njalla | They care about privacy as these are the guys that used to run ThePirateBay (TPB). |
| namecheap | I used to use them to get away from GoDaddy. Switched when they tried to upsell everything and made getting my renewals done a pain in the ass. |
| namesilo | I've heard good things about them, but haven't used them myself. |
I have less experience with these. Generally paid ones have faster DNS propagation updates while free ones may make you wait up to 48 hours.
-
if student: https://education.github.com/pack (for a year at some registrars)
You should set your domain nameservers to your preferred DNS provider under "authoritative nameservers". More information on DNS hosting is provided below.
Once you have a domain, you have to point it somewhere. When someone (or you) types in <domain.tld>, it hits the domain registrar's name servers. The domain registrar's name server replies with where you point the DNS to be, and that DNS registrar will point to your server's IP.
I recommend a registrar on this list as certbot, LetsEncrypt's renewal tool, officially supports automated cert renewals if you have your DNS hosted at one of these providers. Popular and free DNS hosts include Cloudflare, DigitalOcean (a credit card on file is required, but no server "droplet" is required to be running for DNS to be available for use), and Hurricane Electric (TLS via Certbot hook [1, 2, 3]).
You should set up your domain name entries to your VPS host via A records.
It should be similar to below:
| Type | Hostname | Value | TTL (seconds) |
|---|---|---|---|
| A | lounge.<domain.tld> | 60 if you're messing with it 3600 if your service is set up properly |
Like domain and DNS hosting, you can pay for a VPS or piggy back off a free/promotional server.
Free ones are nice to test out services or run low demand services on them. Paid ones are nice as performance (CPU, networking) is faster and development can be done quicker.
Here are some common ones for both:
- oracle cloud free tier (2 x 1/8 CPU w/ 1GB RAM, 50GB HDD, 50mbps hard cap bandwidth limit, 10TB bandwidth limit)
- google cloud compute engine free tier (1 GB bandwidth/month, overages are EXPENSIVE)
- BuyVM (affiliate)
- DigitalOcean (affiliate, $100 credit)
- Linode
- Vultr
TLS is used to set up a secure webserver. Free certs can be provided by LetsEncrypt. Certbot is the tool to obtain LetsEncrypt certs.
I prefer a system-wide certbot installation. You can certainly dockerize this if you prefer.
apt install certbot + installing your DNS plugin should do, but the full instructions are below:
-
Install certbot: https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx
-
Make sure to install the DNS plugin as well for your DNS provider. An example is provided below:
chmod 600 ~/.secrets/certbot/digitalocean.ini
certbot certonly \
--dns-digitalocean \
--dns-digitalocean-credentials ~/.secrets/certbot/digitalocean.ini \
--dns-digitalocean-propagation-seconds 60 \
-d domain.tld \
-d "*.domain.tld"
certbot renew --post-hook "service nginx reload" # tells nginx to reload once we've got new certs every 90 days
sudo certbot renew --dry-run # debugging/test renewal processyour files are located here:
cert + chain: /etc/letsencrypt/live/domain.tld/fullchain.pem
key: /etc/letsencrypt/live/domain.tld/privkey.pem
I prefer nginx as my reverse proxy of choice as it's performant, battle-tested, and easy to configure. It is a system-wide installation as only one nginx instance generally needs to exist on any given system. Feel free to use traefik, apache, or whatever. You can certainly dockerize this if you prefer.
sudo apt update
sudo apt install nginx
cd /etc/nginx/sites-enabled
touch lounge.<domain.tld>-
insert
lounge.domain.tldgist content in your/etc/nginx/sites-enabled/lounge.<domain.tld> -
modify lines:
3, 9, 10, 11
systemctl status nginx can be run to confirm it is working. See https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04 for more instructions if required.
copy docker-compose.yml to your directory of choice.
in ~./thelounge/config.js:
- line 52: set
reverseProxytotrue - line 177: set
maxFileSizeto a limit you're happy with (in kB)
docker-compose up -d
docker exec --user node -it thelounge thelounge add <user> # as per https://github.com/thelounge/thelounge-docker#running-a-containerThe Lounge should now be accessible at https://lounge.<domain.tld>
is trivial:
docker-compose up --force-recreate --build -d- https://github.com/thelounge/thelounge/wiki/Purging-SQLite-database-from-logs-older-than-X-days
- https://github.com/thelounge/thelounge/wiki/Cronjob-to-remove-files-older-than-X-days-(if-file-uploading-is-enabled)
I prefer AMOLED black.
docker exec --user node -it [container_name] thelounge install thelounge-theme-amoled/* remove channel padding */
.channel-list-item {
padding: 0px 0px 0px 25px;
}/* hide thelounge logo */
#sidebar > div > div.logo-container > img.logo-inverted {
display: none;
}/* Change font size for mobile */
#chat .msg {
font-size: 13px;
}You may need to set up identd if you want to host more than just yourself.