https://github.com/james-see/fugitive
a secure ephemoral (self-deleting) web chat application written in php with minimal dependancies
https://github.com/james-see/fugitive
chat-application messaging-system php security-tools webchat-server
Last synced: over 1 year ago
JSON representation
a secure ephemoral (self-deleting) web chat application written in php with minimal dependancies
- Host: GitHub
- URL: https://github.com/james-see/fugitive
- Owner: james-see
- License: mit
- Created: 2017-09-24T20:38:35.000Z (almost 9 years ago)
- Default Branch: master
- Last Pushed: 2017-10-26T13:04:25.000Z (over 8 years ago)
- Last Synced: 2024-10-12T00:33:19.716Z (almost 2 years ago)
- Topics: chat-application, messaging-system, php, security-tools, webchat-server
- Language: PHP
- Homepage: https://fugitive.chat
- Size: 75.2 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README

# fugitive
a secure ephemoral (self-deleting) web chat application written in php with minimal dependancies
## goals
1. run this server on a dark net server (.onion, .i2p, .bit, etc.)
2. no javascript to exploit
3. no logins to exploit
4. no logs / data stored permanently
5. private chat rooms anyone can create with blockchain (base58) hash for room id (yay, we are blockchain bandwagon!)
6. users and chat rooms auto-wiped on inactivity as well as via destroy button
7. communicate securely using out-of-band verification (users can confirm via second form of comms their current session usernames and chat hash id and then 'go secure' much like OTR chat.
8. deploy quickly with minimal / no dependancies on any server including raspberry pi's / other lite hardware.
9. auto-burn messages so you don't have to worry about leaving a trail, because we already have a lot of worries in life!
10. avoid incarceration, coercion, blackmail, capture, etc. for speaking your mind to others. even in a police state, this server will keep you secure to type your mind to another. This will not protect your machine though! remember you could still have keyloggers, etc. backdooring your machine and owning your ass. secure yourself Qubes, Tails, etc. on open source hardware / software using DNScrypt, Privoxy, etc. This is BEYOND the scope of this project. Stay safe out there!
## quickstart
_note: not fully working yet, only user info is displayed and stored as session, welcome to fork and merge request to add messaging into the build-in sqlite db or redis expiring hashes (planned soon)_
1. Ensure you have PHP installed and Predis and Redis
2. clone this repo then cd to `public` and then `php -S localhost:8000` and visit the address in your browser. You should see a new username generated and a session started. You will get errors if Redis is not running at default without password set on localhost redis instance. Set password accordingly in index.php (separate config yaml coming soon).
## install guide OSX
1. install homebrew (https://brew.sh) or run
```
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
```
2. `brew install php72 --with-pear`
3. `brew install redis-server`
4. `brew install php72-redis`
5. `pear channel-discover pear.nrk.io`
6. `pear install nrk/predis`
## install guide Ubuntu 16.04 LTS
1. update apt
2. install redis, php7+, e.g. `sudo apt install -y redis-server php7.0-fpm php7.0-redis php7.0-mcrypt`
3. install nginx `sudo apt install -y nginx`
# install guide Ubuntu 14.04 LTS
1. `sudo add-apt-repository ppa:ondrej/php`
2. `sudo add-apt-repository sudo add-apt-repository ppa:ondrej/nginx`
3. `sudo apt-get update && sudo apt-get upgrade`
4. `sudo apt-get install php7.0-fpm redis-server`
5. `sudo apt-get install php7.0-redis php7.0-mcrypt`
6. `sudo apt-get install php7.0-xml`
7. `pear channel-discover pear.nrk.io`
8. `pear install nrk/predis`
# regardless of OS do these after following steps above
clone repo to a nice folder
copy over nginx-fugitive.example to /etc/nginx/sites-available/fugitive
modify it as necessary `sudo nano /etc/nginx/sites-available/fugitive` change root location and domain name
confirm you have a domain and dns zone file setup to point to your host and then run certbot to enforce https
## style guide
Logo: link: (https://j1c.co/2y1TQZV)
font: Josefin Sans
## default nginx for php-fpm
```
server {
listen 80;
# ssl stuff to secure your shit
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
root /home/[yourusername]/projects/fugitive/public/;
index index.php index.html index.htm;
access_log /home/[yourusername]/projects/logs/access.log;
error_log /home/cjer/[yourusername]/logs/error.log error;
server_name mycooldomain.chat;
# header info
add_header X-Frame-Options DENY;
add_header Strict-Transport-Security max-age=15768000;
location / {
try_files $uri $uri/ =404;
rewrite ^(.+)/ $1.php;
}
location ~ \.php$ {
try_files $uri $uri/ @rewrites;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# rewrites
location @rewrites {
if ($uri ~* ^/([a-z]+)$) {
set $page_to_view "/$1.php";
rewrite ^/([a-z]+)$ /$1.php last;
}
location ~ /\.ht {
deny all;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/yourcooldomain.chat/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/yourcooldomain.chat/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
error_page 502 /502.html;
location = /502.html {
root /home/[yourusername]/projects/errors/;
}
}
```
## Screenshot of working demo:
