180 lines
4.7 KiB
Markdown
180 lines
4.7 KiB
Markdown
---
|
|
title: "Deploy bare metal"
|
|
description: "Bare metal deployment is tedious, most of this will be automated with a script in the future."
|
|
lead: "Bare metal deployment is tedious, most of this will be automated with a script in the future."
|
|
date: 2021-07-21 14:49
|
|
lastmod: 2021-07-21 14:49
|
|
draft: false
|
|
images: []
|
|
menu:
|
|
docs:
|
|
parent: "Self-Hosting"
|
|
weight: 532
|
|
toc: true
|
|
---
|
|
|
|
## 1. Install Database
|
|
|
|
The following databases are supported:
|
|
|
|
1. Postgres
|
|
2. MariaDB
|
|
|
|
Please install the database of your choice. Then:
|
|
|
|
1. Create new database user for mCaptcha
|
|
2. Create new database for mCaptcha
|
|
|
|
mCaptcha binary has migrations baked-in and is applied on start up. The
|
|
choice of database is described using the [scheme](https://developer.mozilla.org/en-US/docs/Learn/Common_questions/Web_mechanics/What_is_a_URL#scheme) of the database URL. For
|
|
instance:
|
|
|
|
1. Postgres: `postgres://mcaptcha:password@localhost:5432/mcaptcha`
|
|
2. Mariadb: `mysql://mcaptcha:password@localhost:3306/mcaptcha`
|
|
|
|
## 2. Optionally, install mCaptcha/cache
|
|
|
|
We recommend this for larger instances. For single-user instances or for
|
|
instances that protect personal websites, we recommend using the
|
|
internal cache system. To do so, please comment out the
|
|
[`redis`](https://github.com/mCaptcha/mCaptcha/blob/d4967626ee59504b32b0f85e409b4e3444ddc4f0/config/default.toml#L54) section of the configuration file.
|
|
|
|
Please see [`mCaptcha/cache`](https://github.com/mCaptcha/cache) for more details.
|
|
|
|
## 3. Install mCaptcha
|
|
|
|
### 3.1 Install from source
|
|
|
|
To build `mcaptcha`, you need the following dependencies:
|
|
|
|
1. rust
|
|
2. node(`v20`)
|
|
3. yarn(JavaScript package manager)
|
|
4. make
|
|
|
|
With all dependencies installed, run:
|
|
|
|
```
|
|
make dev-env && make release
|
|
```
|
|
|
|
And the following commands to install the compiled binary:
|
|
|
|
```
|
|
sudo cp ./target/release/mcaptcha /usr/bin/ && \
|
|
mkdir sudo /etc/mcaptcha && \
|
|
sudo cp config/default.toml /etc/mcaptcha/config.toml
|
|
```
|
|
|
|
### 3.2 Install pre-compiled binary
|
|
|
|
#### i. Download assets
|
|
|
|
```
|
|
wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz.asc
|
|
wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz.sha256
|
|
wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz
|
|
```
|
|
|
|
### ii Verify checksum
|
|
|
|
```
|
|
sha256sum -c mcaptcha-master-linux-amd64.tar.gz.sha256
|
|
```
|
|
|
|
### iii Verify GPG signature
|
|
|
|
All mcaptcha binaries are signed with [our GPG
|
|
key](https://keyserver.ubuntu.com/pks/lookup?search=73DAC973A9ADBB9ADCB5CDC4595A08135BA9FF73&fingerprint=on&op=index).
|
|
Please verify signatures to verify authenticity.
|
|
|
|
```
|
|
gpg --keyserver keyserver.ubuntu.com --recv 73DAC973A9ADBB9ADCB5CDC4595A08135BA9FF73
|
|
gpg --verify mcaptcha-master-linux-amd64.tar.gz.asc
|
|
```
|
|
|
|
### iv. Install
|
|
|
|
```
|
|
tar -xvzf mcaptcha-master-linux-amd64.tar.gz \
|
|
&& sudo cp mcaptcha-master-linux-amd64/mcaptcha /usr/local/bin \
|
|
&& sudo mkdir /etc/mcaptcha \
|
|
&& sudo cp mcaptcha-master-linux-amd64/config.toml /etc/mcaptcha/
|
|
```
|
|
|
|
### 4. Configuration
|
|
|
|
mCaptcha is highly configurable.
|
|
|
|
Configuration is applied/merged in the following order:
|
|
|
|
1. path to configuration file passed in via `MCAPTCHA_CONFIG`
|
|
2. `./config/default.toml`
|
|
3. `/etc/mcaptcha/config.toml`
|
|
4. environment variables. Please see
|
|
[here](https://github.com/mCaptcha/mCaptcha/blob/master/docs/CONFIGURATION.md) for a full list of environment variables.
|
|
|
|
### 5. Systemd service configuration:
|
|
|
|
1. Copy the following to `/etc/systemd/system/mcaptcha.service`:
|
|
|
|
```
|
|
[Unit]
|
|
Description=mCaptcha: a CAPTCHA system that gives attackers a run for their money
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=mcaptcha
|
|
ExecStart=/usr/bin/mcaptcha
|
|
Restart=on-failure
|
|
RestartSec=1
|
|
SuccessExitStatus=3 4
|
|
RestartForceExitStatus=3 4
|
|
SystemCallArchitectures=native
|
|
MemoryDenyWriteExecute=true
|
|
NoNewPrivileges=true
|
|
Environment="RUST_LOG=info"
|
|
|
|
[Unit]
|
|
After=sound.target
|
|
Wants=network-online.target
|
|
Wants=network-online.target
|
|
Requires=postgresql.service
|
|
After=syslog.target
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
```
|
|
|
|
2. Enable service:
|
|
|
|
```
|
|
sudo systemctl daemon-reload && \
|
|
sudo systemctl enable mcaptcha && \ # Auto startup during boot
|
|
sudo systemctl start mcaptcha
|
|
```
|
|
|
|
### 6. Install and configure Nginx
|
|
|
|
mCaptcha doesn't implement SSL yet. Please use a reverse proxy like
|
|
Nginx to add SSL to your deployment. Here's an example virtual host
|
|
configuration for Nginx:
|
|
|
|
```
|
|
server {
|
|
server_name <your mcaptcha hostname>;
|
|
listen 80;
|
|
listen [::]:80;
|
|
|
|
location / {
|
|
proxy_pass http://127.0.0.1:<mcaptcha_port>;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
}
|
|
```
|