---
title: "Deploy bare metal"
description: "Bare metal deployment is tedious, most of this will be automated with a script in the future."
lead: "Bare metal deployment is tedious, most of this will be automated with a script in the future."
date: 2021-07-21 14:49
lastmod: 2021-07-21 14:49
draft: false
images: []
menu:
  docs:
    parent: "Self-Hosting"
weight: 532
toc: true
---

## 1. Install Database

The following databases are supported:

1. Postgres
2. MariaDB

Please install the database of your choice. Then:

1. Create new database user for mCaptcha
2. Create new database for mCaptcha

mCaptcha binary has migrations baked-in and is applied on start up. The
choice of database is described using the [scheme](https://developer.mozilla.org/en-US/docs/Learn/Common_questions/Web_mechanics/What_is_a_URL#scheme) of the database URL. For
instance:

1. Postgres: `postgres://mcaptcha:password@localhost:5432/mcaptcha`
2. Mariadb: `mysql://mcaptcha:password@localhost:3306/mcaptcha`

## 2. Optionally, install mCaptcha/cache

We recommend this for larger instances. For single-user instances or for
instances that protect personal websites, we recommend using the
internal cache system. To do so, please comment out the
[`redis`](https://github.com/mCaptcha/mCaptcha/blob/d4967626ee59504b32b0f85e409b4e3444ddc4f0/config/default.toml#L54) section of the configuration file.

Please see [`mCaptcha/cache`](https://github.com/mCaptcha/cache) for more details.

## 3. Install mCaptcha

### 3.1 Install from source

To build `mcaptcha`, you need the following dependencies:

1. rust
2. node(`v20`)
3. yarn(JavaScript package manager)
4. make

With all dependencies installed, run:

```
make dev-env && make release
```

And the following commands to install the compiled binary:

```
sudo cp ./target/release/mcaptcha /usr/bin/ && \
	mkdir sudo /etc/mcaptcha && \
	sudo cp config/default.toml /etc/mcaptcha/config.toml
```

### 3.2 Install pre-compiled binary

#### i. Download assets

```
wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz.asc
wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz.sha256
wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz
```

### ii Verify checksum

```
sha256sum -c mcaptcha-master-linux-amd64.tar.gz.sha256
```

### iii Verify GPG signature

All mcaptcha binaries are signed with [our GPG
key](https://keyserver.ubuntu.com/pks/lookup?search=73DAC973A9ADBB9ADCB5CDC4595A08135BA9FF73&fingerprint=on&op=index).
Please verify signatures to verify authenticity.

```
gpg --keyserver keyserver.ubuntu.com --recv 73DAC973A9ADBB9ADCB5CDC4595A08135BA9FF73
gpg --verify mcaptcha-master-linux-amd64.tar.gz.asc
```

### iv. Install

```
tar -xvzf mcaptcha-master-linux-amd64.tar.gz \
  && sudo cp mcaptcha-master-linux-amd64/mcaptcha /usr/local/bin \
  && sudo mkdir /etc/mcaptcha \
  && sudo cp mcaptcha-master-linux-amd64/config.toml /etc/mcaptcha/
```

### 4. Configuration

mCaptcha is highly configurable.

Configuration is applied/merged in the following order:

1. path to configuration file passed in via `MCAPTCHA_CONFIG`
2. `./config/default.toml`
3. `/etc/mcaptcha/config.toml`
4. environment variables. Please see
   [here](https://github.com/mCaptcha/mCaptcha/blob/master/docs/CONFIGURATION.md) for a full list of environment variables.

### 5. Systemd service configuration:

1. Copy the following to `/etc/systemd/system/mcaptcha.service`:

```
[Unit]
Description=mCaptcha: a CAPTCHA system that gives attackers a run for their money

[Service]
Type=simple
User=mcaptcha
ExecStart=/usr/bin/mcaptcha
Restart=on-failure
RestartSec=1
SuccessExitStatus=3 4
RestartForceExitStatus=3 4
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
NoNewPrivileges=true
Environment="RUST_LOG=info"

[Unit]
After=sound.target
Wants=network-online.target
Wants=network-online.target
Requires=postgresql.service
After=syslog.target

[Install]
WantedBy=multi-user.target
```

2. Enable service:

```
sudo systemctl daemon-reload && \
	sudo systemctl enable mcaptcha && \ # Auto startup during boot
	sudo systemctl start mcaptcha
```

### 6. Install and configure Nginx

mCaptcha doesn't implement SSL yet. Please use a reverse proxy like
Nginx to add SSL to your deployment. Here's an example virtual host
configuration for Nginx:

```
server {
  server_name <your mcaptcha hostname>;
	listen 80;
	listen [::]:80;

	location / {
		proxy_pass http://127.0.0.1:<mcaptcha_port>;
		proxy_set_header Host $host;
    proxy_set_header Host $host;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
	}

}
```