Skip to content
Snippets Groups Projects
Normal view Permalink
CAPTCHA_SETUP.md 1.08 KiB
Newer Older
dstipp's avatar
(#5849) Convert rst to markdown (#6040)  
dstipp committed
1 
# Overview
David Baker's avatar
Update CAPTCHA_SETUP (it continues to ignore fallback, but I guess I should...  
David Baker committed
2 
Captcha can be enabled for this home server. This file explains how to do that.
David Baker's avatar
Add original, unmodified CAPTCHA-SETUP from the webclient repo before...
David Baker committed
3 4 
The captcha mechanism used is Google's ReCaptcha. This requires API keys from Google.
dstipp's avatar
(#5849) Convert rst to markdown (#6040)  
dstipp committed
5 6 
## Getting keys
Yash Jipkate's avatar
Modify doc to update Google ReCaptcha terms (#6257)  
Yash Jipkate committed
7 
Requires a site/secret key pair from:
David Baker's avatar
Add original, unmodified CAPTCHA-SETUP from the webclient repo before...
David Baker committed
8
dstipp's avatar
(#5849) Convert rst to markdown (#6040)  
dstipp committed
9 
<https://developers.google.com/recaptcha/>
David Baker's avatar
Add original, unmodified CAPTCHA-SETUP from the webclient repo before...
David Baker committed
10
Aaron Raimist's avatar
Specify the type of reCAPTCHA key to use (#5013)  
Aaron Raimist committed
11 
Must be a reCAPTCHA v2 key using the "I'm not a robot" Checkbox option
David Baker's avatar
Add original, unmodified CAPTCHA-SETUP from the webclient repo before...
David Baker committed
12
dstipp's avatar
(#5849) Convert rst to markdown (#6040)  
dstipp committed
13 14 
## Setting ReCaptcha Keys
Richard van der Hoff's avatar
rename CAPTCHA_SETUP  
Richard van der Hoff committed
15 
The keys are a config option on the home server config. If they are not
dstipp's avatar
(#5849) Convert rst to markdown (#6040)  
dstipp committed
16 17 
visible, you can generate them via `--generate-config`. Set the following value:
Yash Jipkate's avatar
Modify doc to update Google ReCaptcha terms (#6257)  
Yash Jipkate committed
18 19 
    recaptcha_public_key: YOUR_SITE_KEY
    recaptcha_private_key: YOUR_SECRET_KEY
David Baker's avatar
Add original, unmodified CAPTCHA-SETUP from the webclient repo before...
David Baker committed
20
dstipp's avatar
(#5849) Convert rst to markdown (#6040)  
dstipp committed
21 
In addition, you MUST enable captchas via:
Richard van der Hoff's avatar
rename CAPTCHA_SETUP  
Richard van der Hoff committed
22
dstipp's avatar
(#5849) Convert rst to markdown (#6040)  
dstipp committed
23 
    enable_registration_captcha: true
David Baker's avatar
Add original, unmodified CAPTCHA-SETUP from the webclient repo before...
David Baker committed
24
dstipp's avatar
(#5849) Convert rst to markdown (#6040)  
dstipp committed
25 
## Configuring IP used for auth
David Baker's avatar
Add original, unmodified CAPTCHA-SETUP from the webclient repo before...
David Baker committed
26 27 28 

The ReCaptcha API requires that the IP address of the user who solved the
captcha is sent. If the client is connecting through a proxy or load balancer,
dstipp's avatar
(#5849) Convert rst to markdown (#6040)  
dstipp committed
29 30 
it may be required to use the `X-Forwarded-For` (XFF) header instead of the origin
IP address. This can be configured using the `x_forwarded` directive in the
Daniel Dent's avatar
Update CAPTCHA_SETUP.rst X-Forwarded-For docs  
Daniel Dent committed
31 
listeners section of the homeserver.yaml configuration file.