Skip to content

bilde2910/Hauk

Repository files navigation

Hauk

Hauk

GitHub license GitHub issues Translation status GitHub stars F-Droid GitHub release (latest by date) GitHub code size in bytes Docker hub

Get it on F-Droid Get it on Google Play

Hauk is a fully open source, self-hosted location sharing service. Install the backend code on a PHP-compatible web server, install the companion app on your phone, and you're good to go!

System Requirements

  • Web server running PHP and Memcached or Redis.
  • PHP memcached, memcache or redis extension installed on the web server.
  • PHP ldap extension if using LDAP authentication.
  • Android 6 or above to run the companion Android app.

Installation instructions

  1. Clone or download this repository: git clone https://github.com/bilde2910/Hauk.git
  2. Run sudo ./install.sh -c web_root where web_root is the folder you want to install Hauk in, for example /var/www/html. Follow the instructions given by the install script. Make sure to set a secure hashed password and edit your site's domain in the configuration file after installation.
  3. Start the web server and make sure Memcached or Redis is running and properly configured and firewalled.
  4. Install the companion Android app (from your favourite store linked above) on your phone and enter your server's settings.

Manual installation

If you prefer not to use the install script, you can instead choose to copy the files manually.

  1. Clone or download this repository: git clone https://github.com/bilde2910/Hauk.git
  2. Copy all files in the backend-php and frontend folders to a common folder in your web root, for example /var/www/html.
  3. Modify include/config.php to your liking. Make sure to set a secure hashed password and edit your site's domain in this file.
  4. Start the web server and make sure Memcached or Redis is running and properly configured and firewalled.
  5. Install the companion Android app (from your favourite store linked above) on your phone and enter your server's settings.

Distribution-specific packages

The Hauk backend is available as packages for the following distributions:

Arch Linux

Install hauk-server from AUR. The backend will be installed to /usr/share/webapps/hauk-server.

Via Docker Compose

The official Docker image on Docker Hub is bilde2910/hauk. It comes with several different tags:

Tag Description
latest Updated with each commit to this repository and always has the latest changes.
stable-1.x The latest tagged release of version 1.x.
X.Y.Z A specific release of the Hauk backend. Note that old versions are not supported and are provided for your convenience only.

latest, stable-1.x and all releases from 1.5.2 and up are multi-arch and compiled for x86_64, armv7l and aarch64. 1.5.1 and older are x86_64 only. You can use any of these tags for all architectures, and Docker will automatically pick the correct one. If you need the image for a specific architecture, however, you can fetch them using *-amd64 (x86_64), *-arm32v7 (armv7l) or *-arm64v8 (aarch64) versions of any of the tags (e.g. latest-arm32v7).

docker-compose.yml

version: '3.4'

services:
  hauk:
    image: bilde2910/hauk
    container_name: hauk
    volumes:
      - ./config/hauk:/etc/hauk

Copy the config.php file to the ./config/hauk directory and customize it. Leave the memcached connection details as-is; memcached is included in the Docker image.

The Docker container exposes port 80. For security reasons, you should use a reverse proxy in front of Hauk that can handle TLS termination, and only expose Hauk via HTTPS. If you expose Hauk directly on port 80, or via a reverse proxy on port 80, anyone between the clients and server can intercept and read your location data.

Here's an example config for an nginx instance running in another container. You may want to customize this, especially the TLS settings and ciphers if you want compatibility with older devices.

server {
    listen 443 ssl;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305';
    ssl_session_cache shared:SSL:10m;
    ssl_stapling on;
    ssl_stapling_verify on;

    ssl_ecdh_curve 'secp521r1:secp384r1';
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 10m;
    ssl_session_tickets off;

    ssl_certificate /etc/letsencrypt/live/hauk.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/hauk.example.com/privkey.pem;

    add_header Referrer-Policy same-origin always;
    add_header X-Frame-Options DENY always;
    add_header X-Content-Type-Options nosniff always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Robots-Tag "noindex, nofollow" always;

    server_name hauk.example.com;

    location / {
        proxy_pass http://hauk:80;
    }
}

Upgrading to newer versions

Hauk is versioned according to Semantic Versioning 2.0.0. Any update that is not a major update is guaranteed to be without breaking changes, and you can keep the same configuration file for the updated release.

  • Major updates add breaking changes that either require manual intervention, or breaks backward compatibility. Update instructions for major versions will be listed in the release notes, as well as either this README or in the wiki. To date there have been no major updates.
  • Minor updates add functionality, but does not break backward compatibility. You can still use an older client on a newer server, or a newer client on an older server, though some functionality may be missing. This will be dynamically detected by the client and server, which could e.g. lead to some UI elements being disabled in the app, or a notification made if a user tries to use new functionality that the other endpoint does not support.
  • Patch updates are primarily bugfixes.

Aside from certain major changes, you can keep your configuration file. New options may have been added to the config, but these will have sane defaults applied automatically. If you wish to change any new options, you can either reconfigure Hauk from the new config.php template, or copy and paste the relevant options from the new template to your existing file and change the appropriate values.

Installations done using either the installer (install.sh) or via manual file copy can be upgraded simply by pulling the latest version of this repository and running the installer again, or overwriting the installation with the new files.

Installations done via distribution-specific packages will be updated to the latest version by your package manager.

Docker installations will be updated whenever you pull the image. If you're using Docker, you can reserve yourself from receiving major updates (which may contain breaking changes) by using the stable-* tag instead of latest. If you use a specific versioned tag, your installation will be locked at that specific version and you will not receive feature updates or bugfixes unless you manually change the tag and pull.

Demo server

If you'd like to see what Hauk can do, download the app and insert connection details for the demo server:

Server: https://apps.varden.info/demo/hauk/
Password: demo

Location shares on the demo server is limited to 2 minutes and is only meant for demonstration purposes. Set up your own server to use Hauk to its full extent.

Demo server privacy policy - Last updated December 26, 2019

Last updated: December 26, 2019

The demo server is limited by configuration to shares no longer than 2 minutes. This means that no matter what happens, the location data you send to the demo server will be deleted automatically after at most 2 minutes from session initiation. Location data is never logged to disk in any way and only stays in RAM for this time. After the session ends, the data is no longer available. It is a vanilla installation of Hauk from GitHub and the code has not been altered in any way.

The server currently uses CloudFlare for DDoS protection, hence CloudFlare can see the data in transit. You may refer to their privacy policy as well.

The HTTP daemon keeps a standard access log for 7 days. This log contains the link ID (which is useless after the 2 minute session expiration), full URLs, user agents, timestamps, and referring URL (if any). It also logs the IP addresses of the CloudFlare proxy server you connect through. It does not contain your IP address, only that of a CloudFlare data center somewhere. It's thus not possible to track individuals using it, and not possible to get any meaningful data from it. This log file is used for abuse prevention only.

The server itself is located in Norway and is thus covered under Norwegian privacy regulations.

Translators

Hauk depends on volunteers to translate the project. Want to help out? Head over to the translation portal to get started.

Translation status

  • Basque - osoitz
  • Catalan - xordiet
  • Dutch - Jdekoning141
  • French - thifranc and LukeMarlin
  • German - natrius, hurradiegams, lemmerk, code-surfer and Marmo
  • Italian - Vieler
  • Norwegian Bokmål - bilde2910
  • Norwegian Nynorsk - bilde2910
  • Polish - krystiancha and RuralYak
  • Portugese (Brazil) - arajooj
  • Romanian - Licaon_Kter
  • Russian - RuralYak, Brujerizmo90
  • Spanish - sdstolworthy
  • Turkish - kylethedeveloper, ayyilmaz
  • Ukrainian - RuralYak

Translation status

Translation status

Donate

Hauk is an ad-free, open source project, and I am not doing this for financial gain. Thus, my time spent making this is unpaid. I do however accept donations from anyone who appreciates my work enough that they feel inclined to compensate me, no matter the amount. Donations mean a lot to me, as they help cover costs associated with server upkeep, domains and hosting, and general cost of living, and they serve as an incentive for me to keep working on open-source projects.

If you wish to donate to me, you may check out my donations page on my website.