4.7 KiB
title | description | lead | date | lastmod | draft | images | menu | weight | toc | ||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Deploy bare metal | Bare metal deployment is tedious, most of this will be automated with a script in the future. | Bare metal deployment is tedious, most of this will be automated with a script in the future. | 2021-07-21 14:49 | 2021-07-21 14:49 | false |
|
532 | true |
1. Install Database
The following databases are supported:
- Postgres
- MariaDB
Please install the database of your choice. Then:
- Create new database user for mCaptcha
- Create new database for mCaptcha
mCaptcha binary has migrations baked-in and is applied on start up. The choice of database is described using the scheme of the database URL. For instance:
- Postgres:
postgres://mcaptcha:password@localhost:5432/mcaptcha
- Mariadb:
mysql://mcaptcha:password@localhost:3306/mcaptcha
2. Optionally, install mCaptcha/cache
We recommend this for larger instances. For single-user instances or for
instances that protect personal websites, we recommend using the
internal cache system. To do so, please comment out the
redis
section of the configuration file.
Please see mCaptcha/cache
for more details.
3. Install mCaptcha
3.1 Install from source
To build mcaptcha
, you need the following dependencies:
- rust
- node(
v20
) - yarn(JavaScript package manager)
- make
With all dependencies installed, run:
make dev-env && make release
And the following commands to install the compiled binary:
sudo cp ./target/release/mcaptcha /usr/bin/ && \
mkdir sudo /etc/mcaptcha && \
sudo cp config/default.toml /etc/mcaptcha/config.toml
3.2 Install pre-compiled binary
i. Download assets
wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz.asc
wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz.sha256
wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz
ii Verify checksum
sha256sum -c mcaptcha-master-linux-amd64.tar.gz.sha256
iii Verify GPG signature
All mcaptcha binaries are signed with our GPG key. Please verify signatures to verify authenticity.
gpg --keyserver keyserver.ubuntu.com --recv 73DAC973A9ADBB9ADCB5CDC4595A08135BA9FF73
gpg --verify mcaptcha-master-linux-amd64.tar.gz.asc
iv. Install
tar -xvzf mcaptcha-master-linux-amd64.tar.gz \
&& sudo cp mcaptcha-master-linux-amd64/mcaptcha /usr/local/bin \
&& sudo mkdir /etc/mcaptcha \
&& sudo cp mcaptcha-master-linux-amd64/config.toml /etc/mcaptcha/
4. Configuration
mCaptcha is highly configurable.
Configuration is applied/merged in the following order:
- path to configuration file passed in via
MCAPTCHA_CONFIG
./config/default.toml
/etc/mcaptcha/config.toml
- environment variables. Please see here for a full list of environment variables.
5. Systemd service configuration:
- Copy the following to
/etc/systemd/system/mcaptcha.service
:
[Unit]
Description=mCaptcha: a CAPTCHA system that gives attackers a run for their money
[Service]
Type=simple
User=mcaptcha
ExecStart=/usr/bin/mcaptcha
Restart=on-failure
RestartSec=1
SuccessExitStatus=3 4
RestartForceExitStatus=3 4
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
NoNewPrivileges=true
Environment="RUST_LOG=info"
[Unit]
After=sound.target
Wants=network-online.target
Wants=network-online.target
Requires=postgresql.service
After=syslog.target
[Install]
WantedBy=multi-user.target
- Enable service:
sudo systemctl daemon-reload && \
sudo systemctl enable mcaptcha && \ # Auto startup during boot
sudo systemctl start mcaptcha
6. Install and configure Nginx
mCaptcha doesn't implement SSL yet. Please use a reverse proxy like Nginx to add SSL to your deployment. Here's an example virtual host configuration for Nginx:
server {
server_name <your mcaptcha hostname>;
listen 80;
listen [::]:80;
location / {
proxy_pass http://127.0.0.1:<mcaptcha_port>;
proxy_set_header Host $host;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}