AethelNet is a "full-stack" infrastructure platform specifically designed for private networks and industrial edge environments. It integrates DNS governance, a high-performance HTTPS gateway, edge computing (JavaScript Workers), static site hosting (Pages), and an enterprise-grade mail system (AethelMail). It aims to provide a Cloudflare-like edge cloud experience for offline networks or enterprise intranets.
AethelNet utilizes a four-layer plane architecture to ensure high decoupling between control flow and data flow:
- Data Plane: Driven by efficient coroutines, it handles DNS resolution, TLS termination, WAF filtering, protocol routing, and edge caching.
- Compute Plane: Features a built-in QuickJS engine, supporting the execution of JavaScript scripts at the edge with Cloudflare Workers compatibility.
- Control Plane: Provides multi-tenant management, automated certificate issuance (Internal CA), TTL policy governance, and resource quota control.
- User Plane: Integrates a visual Web Dashboard with bilingual support (Chinese/English), offering real-time traffic analytics and resource orchestration capabilities.
- Smart DNS: Automatic TLD routing (default
.iya), supporting deep TTL policy governance (min/max/negative cache/Stale-while-revalidate controls). - Dynamic TLS: Built-in Root Certificate Authority (Root CA) that automatically issues leaf certificates in real-time based on the accessed domain name.
- WAF: Millisecond-level request inspection to defend against common attacks such as SQL injection, XSS, and cross-directory access.
- Protocol Conversion: Supports automatic redirection from HTTP to secure HTTPS links.
- Standard Compatibility: Follows the Fetch API standard (Request/Response/Headers).
- Lightweight Isolation: Each Worker runs in an independent stack space with controllable memory limits and ultra-low startup latency.
- Edge Persistence: Provides KV storage interfaces and distributed cache (Caches) support.
- Full Protocol Support: Offers standard SMTP access, IMAP access, and a proprietary lightweight JSON mail protocol.
- Identity Integration: Mail accounts are deeply bound to the platform's Principal identity, supporting automated system mail notifications.
- Ubuntu Native Optimization: Automatically configures
systemd-resolvedrouting,loloopback address binding, and system-level CA trust. - Root/Rootless Modes: Supports both high-privilege production deployment and low-privilege (Rootless) development verification.
| Metric | Description |
|---|---|
| Language | Python 3.11+ (Asynchronous IO) |
| Runtime | QuickJS (C-level Binding) |
| Database | SQLite (WAL mode) / SQLAlchemy 2.0 |
| Web Framework | FastAPI + Hypercorn (Dual-stack) |
| Network TLD | .iya (Internal Yellow Area) |
| Default Gateway | 1.8.8.2 (IPv4) / fd00:8::2 (IPv6) |
- macOS 13+
- Ubuntu 22.04 LTS or higher
- Python 3.11+
- System Privileges:
sudois required for production deployment.
Run the following command to complete the full-stack installation, network interface binding, and system service registration:
sudo ./scripts/deploy-ubuntu-root.shOnce deployed, you can access the dashboard via:
- Dashboard URL:
https://noteaethel.iya - Initial account:
ae12321@aesystem.iya(Password:aem12345or seebootstrap_admin_credentials.txt)
If you only need to verify features or run in a restricted environment, use the rootless mode:
./scripts/rootless-test.shNote: In this mode, DNS runs on port 1053 and HTTPS runs on port 8443.
aethelnet/
├── api/ # Core RESTful interfaces
├── core/ # Configuration, Security base, I18N
├── dns/ # DNS protocol stack & recursive resolver
├── mail/ # SMTP/IMAP protocol implementation
├── models/ # Database models (SQLAlchemy)
├── proxy/ # HTTP/HTTPS routing and forwarding logic
├── runtime/ # Worker JS runtime & Polyfills
├── services/ # Business logic (Certs, Accounts, WAF, etc.)
├── storage/ # File system abstraction
└── templates/ # Dashboard UI templates
- Certificate Trust: Before accessing the dashboard for the first time, please download and trust the AethelNet Root CA via
http://1.8.8.2/_aethelnet/install. - Important Security Notice: This system is designed exclusively for internal networks. Exposing it directly to the public internet is not supported, may be insecure, and violates intended usage.