mirror of
https://mau.dev/maunium/synapse.git
synced 2024-10-01 01:36:05 -04:00
3e1beb75e6
* Update CAPTCHA documentation to mention turning off verify origin Signed-off-by: Aaron Raimist <aaron@raim.ist>
1.7 KiB
1.7 KiB
Overview
A captcha can be enabled on your homeserver to help prevent bots from registering accounts. Synapse currently uses Google's reCAPTCHA service which requires API keys from Google.
Getting API keys
- Create a new site at https://www.google.com/recaptcha/admin/create
- Set the label to anything you want
- Set the type to reCAPTCHA v2 using the "I'm not a robot" Checkbox option. This is the only type of captcha that works with Synapse.
- Add the public hostname for your server, as set in
public_baseurl
inhomeserver.yaml
, to the list of authorized domains. If you have not setpublic_baseurl
, useserver_name
. - Agree to the terms of service and submit.
- Copy your site key and secret key and add them to your
homeserver.yaml
configuration filerecaptcha_public_key: YOUR_SITE_KEY recaptcha_private_key: YOUR_SECRET_KEY
- Enable the CAPTCHA for new registrations
enable_registration_captcha: true
- Go to the settings page for the CAPTCHA you just created
- Uncheck the "Verify the origin of reCAPTCHA solutions" checkbox so that the captcha can be displayed in any client. If you do not disable this option then you must specify the domains of every client that is allowed to display the CAPTCHA.
Configuring IP used for auth
The reCAPTCHA API requires that the IP address of the user who solved the
CAPTCHA is sent. If the client is connecting through a proxy or load balancer,
it may be required to use the X-Forwarded-For
(XFF) header instead of the origin
IP address. This can be configured using the x_forwarded
directive in the
listeners section of the homeserver.yaml
configuration file.