Compare commits
3 Commits
e3de4168e6
...
e7b283b282
Author | SHA1 | Date |
---|---|---|
Aravinth Manivannan | e7b283b282 | |
Aravinth Manivannan | cf24b937e4 | |
Aravinth Manivannan | 457ec237d2 |
|
@ -13,86 +13,112 @@ weight: 532
|
||||||
toc: true
|
toc: true
|
||||||
---
|
---
|
||||||
|
|
||||||
### 2. Configure
|
## 1. Install Database
|
||||||
|
|
||||||
mcaptcha is highly configurable.
|
The following databases are supported:
|
||||||
|
|
||||||
|
1. Postgres
|
||||||
|
2. MariaDB
|
||||||
|
|
||||||
|
Please install the database of your choice. Then:
|
||||||
|
|
||||||
|
1. Create new database user for mCaptcha
|
||||||
|
2. Create new database for mCaptcha
|
||||||
|
|
||||||
|
mCaptcha binary has migrations baked-in and is applied on start up. The
|
||||||
|
choice of database is described using the [scheme](https://developer.mozilla.org/en-US/docs/Learn/Common_questions/Web_mechanics/What_is_a_URL#scheme) of the database URL. For
|
||||||
|
instance:
|
||||||
|
|
||||||
|
1. Postgres: `postgres://mcaptcha:password@localhost:5432/mcaptcha`
|
||||||
|
2. Mariadb: `mysql://mcaptcha:password@localhost:3306/mcaptcha`
|
||||||
|
|
||||||
|
## 2. Optionally, install mCaptcha/cache
|
||||||
|
|
||||||
|
We recommend this for larger instances. For single-user instances or for
|
||||||
|
instances that protect personal websites, we recommend using the
|
||||||
|
internal cache system. To do so, please comment out the
|
||||||
|
[`redis`](https://github.com/mCaptcha/mCaptcha/blob/d4967626ee59504b32b0f85e409b4e3444ddc4f0/config/default.toml#L54) section of the configuration file.
|
||||||
|
|
||||||
|
Please see [`mCaptcha/cache`](https://github.com/mCaptcha/cache) for more details.
|
||||||
|
|
||||||
|
## 3. Install mCaptcha
|
||||||
|
|
||||||
|
### 3.1 Install from source
|
||||||
|
|
||||||
|
To build `mcaptcha`, you need the following dependencies:
|
||||||
|
|
||||||
|
1. rust
|
||||||
|
2. node(`v20`)
|
||||||
|
3. yarn(JavaScript package manager)
|
||||||
|
4. make
|
||||||
|
|
||||||
|
With all dependencies installed, run:
|
||||||
|
|
||||||
|
```
|
||||||
|
make dev-env && make release
|
||||||
|
```
|
||||||
|
|
||||||
|
And the following commands to install the compiled binary:
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo cp ./target/release/mcaptcha /usr/bin/ && \
|
||||||
|
mkdir sudo /etc/mcaptcha && \
|
||||||
|
sudo cp config/default.toml /etc/mcaptcha/config.toml
|
||||||
|
```
|
||||||
|
|
||||||
|
### 3.2 Install pre-compiled binary
|
||||||
|
|
||||||
|
#### i. Download assets
|
||||||
|
|
||||||
|
```
|
||||||
|
wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz.asc
|
||||||
|
wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz.sha256
|
||||||
|
wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz
|
||||||
|
```
|
||||||
|
|
||||||
|
### ii Verify checksum
|
||||||
|
|
||||||
|
```
|
||||||
|
sha256sum -c mcaptcha-master-linux-amd64.tar.gz.sha256
|
||||||
|
```
|
||||||
|
|
||||||
|
### iii Verify GPG signature
|
||||||
|
|
||||||
|
All mcaptcha binaries are signed with [our GPG
|
||||||
|
key](https://keyserver.ubuntu.com/pks/lookup?search=73DAC973A9ADBB9ADCB5CDC4595A08135BA9FF73&fingerprint=on&op=index).
|
||||||
|
Please verify signatures to verify authenticity.
|
||||||
|
|
||||||
|
```
|
||||||
|
gpg --keyserver keyserver.ubuntu.com --recv 73DAC973A9ADBB9ADCB5CDC4595A08135BA9FF73
|
||||||
|
gpg --verify mcaptcha-master-linux-amd64.tar.gz.asc
|
||||||
|
```
|
||||||
|
|
||||||
|
### iv. Install
|
||||||
|
|
||||||
|
```
|
||||||
|
tar -xvzf mcaptcha-master-linux-amd64.tar.gz \
|
||||||
|
&& sudo cp mcaptcha-master-linux-amd64/mcaptcha /usr/local/bin \
|
||||||
|
&& sudo mkdir /etc/mcaptcha \
|
||||||
|
&& sudo cp mcaptcha-master-linux-amd64/config.toml /etc/mcaptcha/
|
||||||
|
```
|
||||||
|
|
||||||
|
### 4. Configuration
|
||||||
|
|
||||||
|
mCaptcha is highly configurable.
|
||||||
|
|
||||||
Configuration is applied/merged in the following order:
|
Configuration is applied/merged in the following order:
|
||||||
|
|
||||||
1. path to configuration file passed in via `MCAPTCHA_CONFIG`
|
1. path to configuration file passed in via `MCAPTCHA_CONFIG`
|
||||||
2. `./config/default.toml`
|
2. `./config/default.toml`
|
||||||
3. `/etc/mcaptcha/config.toml`
|
3. `/etc/mcaptcha/config.toml`
|
||||||
4. environment variables.
|
4. environment variables. Please see
|
||||||
|
[here](https://github.com/mCaptcha/mCaptcha/blob/master/docs/CONFIGURATION.md) for a full list of environment variables.
|
||||||
|
|
||||||
|
### 5. Systemd service configuration:
|
||||||
|
|
||||||
### 1. Install postgres if you don't have it already.
|
|
||||||
For Debian based distributions:
|
|
||||||
```bash
|
|
||||||
sudo apt install postgres
|
|
||||||
```
|
|
||||||
|
|
||||||
### 2. Create new user for running `mcaptcha`
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ sudo useradd -b /srv -m -s /usr/bin/zsh mcaptcha
|
|
||||||
```
|
|
||||||
|
|
||||||
### 3. Create new user in Postgres
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ sudo -iu postgres # switch to `postgres` user
|
|
||||||
$ psql
|
|
||||||
postgres=# CREATE USER mcaptcha WITH PASSWORD 'my super long password and yes you need single quote`;
|
|
||||||
$ createdb -O mcaptcha mcaptcha # create db 'mcaptcha' with 'mcaptcha' as owner
|
|
||||||
```
|
|
||||||
|
|
||||||
### 4. Install and load [`mCaptcha/cache`](https://github.com/mCaptcha/cache) module:
|
|
||||||
|
|
||||||
See [`mCaptcha/cache`](https://github.com/mCaptcha/cache) for more
|
|
||||||
details.
|
|
||||||
|
|
||||||
### 4. Build `mcaptcha`
|
|
||||||
|
|
||||||
To build `mcaptcha`, you need the following dependencies:
|
|
||||||
|
|
||||||
1. rust
|
|
||||||
2. node(`v14.16.0`)
|
|
||||||
3. yarn(JavaScript package manager)
|
|
||||||
4. make
|
|
||||||
|
|
||||||
## How to build
|
|
||||||
|
|
||||||
1. Install Cargo using [rustup](https://rustup.rs/) with:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
|
|
||||||
```
|
|
||||||
|
|
||||||
2. Install node(`v14.16.0`)
|
|
||||||
|
|
||||||
3. Install yarn(JavaScript package manager)
|
|
||||||
|
|
||||||
4. Build with make:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ make dev-env && \
|
|
||||||
make release
|
|
||||||
```
|
|
||||||
|
|
||||||
### 5. Install package:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ sudo cp ./target/release/mcaptcha /usr/bin/ && \
|
|
||||||
mkdir sudo /etc/mcaptcha && \
|
|
||||||
sudo cp config/default.toml /etc/mcaptcha/config.toml
|
|
||||||
```
|
|
||||||
|
|
||||||
### 6. Systemd service configuration:
|
|
||||||
|
|
||||||
1. Copy the following to `/etc/systemd/system/mcaptcha.service`:
|
1. Copy the following to `/etc/systemd/system/mcaptcha.service`:
|
||||||
|
|
||||||
```systemd
|
```
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=mCaptcha: a CAPTCHA system that gives attackers a run for their money
|
Description=mCaptcha: a CAPTCHA system that gives attackers a run for their money
|
||||||
|
|
||||||
|
@ -122,9 +148,33 @@ WantedBy=multi-user.target
|
||||||
|
|
||||||
2. Enable service:
|
2. Enable service:
|
||||||
|
|
||||||
```bash
|
```
|
||||||
$ sudo systemctl daemon-reload && \
|
sudo systemctl daemon-reload && \
|
||||||
sudo systemctl enable mcaptcha && \ # Auto startup during boot
|
sudo systemctl enable mcaptcha && \ # Auto startup during boot
|
||||||
sudo systemctl start mcaptcha
|
sudo systemctl start mcaptcha
|
||||||
``
|
```
|
||||||
|
|
||||||
|
### 6. Install and configure Nginx
|
||||||
|
|
||||||
|
mCaptcha doesn't implement SSL yet. Please use a reverse proxy like
|
||||||
|
Nginx to add SSL to your deployment. Here's an example virtual host
|
||||||
|
configuration for Nginx:
|
||||||
|
|
||||||
|
```
|
||||||
|
server {
|
||||||
|
server_name <your mcaptcha hostname>;
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.1:<mcaptcha_port>;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
```
|
```
|
||||||
|
|
|
@ -1,101 +0,0 @@
|
||||||
---
|
|
||||||
title: "Database and cache"
|
|
||||||
description: "mCaptcha server requires dependencies like a Postgres
|
|
||||||
database and a Redis cache"
|
|
||||||
lead: "mCaptcha server requires dependencies like a Postgres
|
|
||||||
database and a Redis cache"
|
|
||||||
date: 2021-07-21 14:49
|
|
||||||
lastmod: 2021-07-21 14:49
|
|
||||||
draft: false
|
|
||||||
images: []
|
|
||||||
menu:
|
|
||||||
docs:
|
|
||||||
parent: "Self-Hosting"
|
|
||||||
weight: 535
|
|
||||||
toc: true
|
|
||||||
---
|
|
||||||
|
|
||||||
## Notes
|
|
||||||
|
|
||||||
### Database
|
|
||||||
|
|
||||||
- Database migrations are baked into the server binary so don't worry
|
|
||||||
about them.
|
|
||||||
|
|
||||||
- When compiling from source, unset database configuration(comment out
|
|
||||||
database configuration/ `unset` relevant environment variables).
|
|
||||||
`mCaptcha` uses [`sqlx`](https://crates.io/crates/sqlx) database client
|
|
||||||
library which checks SQL queries at compile time. So if you are starting
|
|
||||||
with a fresh database without migrations applied, compilation will fail.
|
|
||||||
|
|
||||||
### Redis
|
|
||||||
|
|
||||||
- Redis is an optional dependency. Currently, the non-Redis configuration
|
|
||||||
doesn't persist CAPTCHA heat. So if there's a systems failure, CAPTCHA
|
|
||||||
heat will be reset and visitor count will start from 0. For small
|
|
||||||
installations, this should post a problem as heat is short lived and is
|
|
||||||
reset anyways at cool down period.
|
|
||||||
|
|
||||||
- mCaptcha uses a custom Redis module called
|
|
||||||
[cache](https://github.com/mCaptcha/cache) to overcome some of Redis'
|
|
||||||
limitations.
|
|
||||||
|
|
||||||
|
|
||||||
## Instructions
|
|
||||||
|
|
||||||
Once again, there are two ways to go about this:
|
|
||||||
|
|
||||||
1. Docker
|
|
||||||
2. Bare metal
|
|
||||||
|
|
||||||
### Docker
|
|
||||||
|
|
||||||
### Database
|
|
||||||
|
|
||||||
Download and run Postgres
|
|
||||||
|
|
||||||
```bash
|
|
||||||
docker create --name mcaptcha-postgres \
|
|
||||||
-e POSTGRES_PASSWORD=<database-password> \
|
|
||||||
-p 5432:5432 \
|
|
||||||
postgres && docker start mcaptcha-postgres
|
|
||||||
```
|
|
||||||
|
|
||||||
### Redis
|
|
||||||
|
|
||||||
```bash
|
|
||||||
docker create --name mcaptcha-cache \
|
|
||||||
-p 6379:6379 \
|
|
||||||
mcaptcha/cache && docker start mcaptcha-cache
|
|
||||||
```
|
|
||||||
|
|
||||||
See [mCaptcha/cache](https://github.com/mCaptcha/cache) for more
|
|
||||||
details.
|
|
||||||
|
|
||||||
### 1. Install Postgres if you don't have it already.
|
|
||||||
|
|
||||||
For Debian based distributions:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
sudo apt install postgres
|
|
||||||
```
|
|
||||||
|
|
||||||
### 2. Create new user for running `mCaptcha`
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ sudo useradd -b /srv -m -s /usr/bin/bash mcaptcha
|
|
||||||
```
|
|
||||||
|
|
||||||
### 3. Create new user in Postgres
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ sudo -iu postgres # switch to `postgres` user
|
|
||||||
$ psql
|
|
||||||
postgres=# CREATE USER mcaptcha WITH PASSWORD 'my super long password and yes you need single quote';
|
|
||||||
$ createdb -O mcaptcha mcaptcha # create db 'mcaptcha' with 'mcaptcha' as owner
|
|
||||||
```
|
|
||||||
|
|
||||||
### 4. Install [`mCaptcha/cache`](https://github.com/mCaptcha/cache)
|
|
||||||
|
|
||||||
See [`mCaptcha/cache`](https://github.com/mCaptcha/cache) for more
|
|
||||||
details.
|
|
|
@ -33,7 +33,7 @@ for configurable options.
|
||||||
|
|
||||||
If you have already have a Postgres instance running, then:
|
If you have already have a Postgres instance running, then:
|
||||||
|
|
||||||
```bash
|
```
|
||||||
docker run -p <host-machine-port>:<port-in-configuration-file> \
|
docker run -p <host-machine-port>:<port-in-configuration-file> \
|
||||||
--add-host=database:<database-ip-addrss> \
|
--add-host=database:<database-ip-addrss> \
|
||||||
-e RUST_LOG=debug \
|
-e RUST_LOG=debug \
|
||||||
|
@ -42,18 +42,26 @@ docker run -p <host-machine-port>:<port-in-configuration-file> \
|
||||||
```
|
```
|
||||||
|
|
||||||
If you don't have a Postgres instance running, you can either install
|
If you don't have a Postgres instance running, you can either install
|
||||||
one using a package manager or launch one with docker. A [docker-compose
|
one using a package manager or launch one with docker.
|
||||||
configuration]('../docker-compose.yml) is available that will launch both
|
|
||||||
a database instance mcaptcha instance.
|
|
||||||
|
|
||||||
## With docker-compose
|
## With docker-compose
|
||||||
|
|
||||||
1. Follow steps above to build docker image.
|
1. Download docker-compose file and the configuration file:
|
||||||
|
|
||||||
2. Set database password [docker-compose configuration]('../docker-compose.yml).
|
```
|
||||||
|
wget https://raw.githubusercontent.com/mCaptcha/mCaptcha/master/.env.docker-compose
|
||||||
|
wget https://raw.githubusercontent.com/mCaptcha/mCaptcha/master/docker-compose.yml
|
||||||
|
```
|
||||||
|
|
||||||
3. Launch network
|
2. Configure deployment using `.env.docker-compose` environment variable
|
||||||
|
file
|
||||||
|
|
||||||
```bash
|
3. Launch containers:
|
||||||
|
|
||||||
|
```
|
||||||
docker-compose up -d
|
docker-compose up -d
|
||||||
```
|
```
|
||||||
|
|
||||||
|
4. Configure SSL using reverse proxy: mCaptcha doesn't support SSL at
|
||||||
|
the moment, so please use a reverse proxy to secure your instance. A
|
||||||
|
reference nginx virtual host configuration file is available [here](../bare-metal/#6-install-and-configure-nginx).
|
||||||
|
|
Loading…
Reference in New Issue