# Deploy bare metal ## 1. Install Database The following databases are supported: 1. Postgres 2. MariaDB Please install the database of your choice. Then: 1. Create new database user for mCaptcha 2. Create new database for mCaptcha mCaptcha binary has migrations baked-in and is applied on start up. The choice of database is described using the [scheme](https://developer.mozilla.org/en-US/docs/Learn/Common_questions/Web_mechanics/What_is_a_URL#scheme) of the database URL. For instance: 1. Postgres: `postgres://mcaptcha:password@localhost:5432/mcaptcha` 2. Mariadb: `mysql://mcaptcha:password@localhost:3306/mcaptcha` ## 2. Optionally, install mCaptcha/cache We recommend this for larger instances. For single-user instances or for instances that protect personal websites, we recommend using the internal cache system. To do so, please comment out the [`redis`](https://github.com/mCaptcha/mCaptcha/blob/d4967626ee59504b32b0f85e409b4e3444ddc4f0/config/default.toml#L54) section of the configuration file. Please see [`mCaptcha/cache`](https://github.com/mCaptcha/cache) for more details. ## 3. Install mCaptcha ### 3.1 Install from source To build `mcaptcha`, you need the following dependencies: 1. rust 2. node(`v20`) 3. yarn(JavaScript package manager) 4. make With all dependencies installed, run: ``` make dev-env && make release ``` And the following commands to install the compiled binary: ``` sudo cp ./target/release/mcaptcha /usr/bin/ && \ mkdir sudo /etc/mcaptcha && \ sudo cp config/default.toml /etc/mcaptcha/config.toml ``` ### 3.2 Install pre-compiled binary #### i. Download assets ``` wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz.asc wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz.sha256 wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz ``` ### ii Verify checksum ``` sha256sum -c mcaptcha-master-linux-amd64.tar.gz.sha256 ``` ### iii Verify GPG signature All mcaptcha binaries are signed with [our GPG key](https://keyserver.ubuntu.com/pks/lookup?search=73DAC973A9ADBB9ADCB5CDC4595A08135BA9FF73&fingerprint=on&op=index). Please verify signatures to verify authenticity. ``` gpg --keyserver keyserver.ubuntu.com --recv 73DAC973A9ADBB9ADCB5CDC4595A08135BA9FF73 gpg --verify mcaptcha-master-linux-amd64.tar.gz.asc ``` ### iv. Install ``` tar -xvzf mcaptcha-master-linux-amd64.tar.gz \ && sudo cp mcaptcha-master-linux-amd64/mcaptcha /usr/local/bin \ && sudo mkdir /etc/mcaptcha \ && sudo cp mcaptcha-master-linux-amd64/config.toml /etc/mcaptcha/ ``` ### 4. Configuration mCaptcha is highly configurable. Configuration is applied/merged in the following order: 1. path to configuration file passed in via `MCAPTCHA_CONFIG` 2. `./config/default.toml` 3. `/etc/mcaptcha/config.toml` 4. environment variables. Please see [here](https://github.com/mCaptcha/mCaptcha/blob/master/docs/CONFIGURATION.md) for a full list of environment variables. ### 5. Systemd service configuration: 1. Copy the following to `/etc/systemd/system/mcaptcha.service`: ``` [Unit] Description=mCaptcha: a CAPTCHA system that gives attackers a run for their money [Service] Type=simple User=mcaptcha ExecStart=/usr/bin/mcaptcha Restart=on-failure RestartSec=1 SuccessExitStatus=3 4 RestartForceExitStatus=3 4 SystemCallArchitectures=native MemoryDenyWriteExecute=true NoNewPrivileges=true Environment="RUST_LOG=info" [Unit] After=sound.target Wants=network-online.target Wants=network-online.target Requires=postgresql.service After=syslog.target [Install] WantedBy=multi-user.target ``` 2. Enable service: ``` sudo systemctl daemon-reload && \ sudo systemctl enable mcaptcha && \ # Auto startup during boot sudo systemctl start mcaptcha ``` ### 6. Install and configure Nginx mCaptcha doesn't implement SSL yet. Please use a reverse proxy like Nginx to add SSL to your deployment. Here's an example virtual host configuration for Nginx: ``` server { server_name ; listen 80; listen [::]:80; location / { proxy_pass http://127.0.0.1:; proxy_set_header Host $host; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; } } ```