add mcaptcha.md

content/en/docs/customisation/mcaptcha.md

+---
+title: "mCaptcha"
+weight: 3300
+toc: true
+---
+
+mCaptcha offers a self-hosted captcha, which is already featured in docker-compose so the installation is pretty easy. 
+
+## Docker setup
+
+### First Steps
+
+First thing you have to do is uncomment the mcaptcha lines on your `docker-compose.yml`:
+
+```yaml
+services:
+  web:
+    <...>
+    links:
+      <...>
+      - mcaptcha
+```
+
+```yaml
+  mcaptcha:
+      <...>
+    environment:
+      PORT: 7493
+      MCAPTCHA_redis_URL: "redis://mcaptcha_redis/"
+      MCAPTCHA_allow_registration: true
+      MCAPTCHA_server_DOMAIN: "example.tld"
+      <...>
+
+
+  mcaptcha_redis:
+      <...>
+```
+
+Of course, here you want to change `example.tld` to the domain that'll be hosting the mCaptcha interface.
+
+### Nginx Configuration
+
+We also need to configure Nginx to proxy our service to the web as we do with Sharkey.
+
+Borrowing from Misskey, this is the config I use for mCaptcha:
+
+```
+server {
+    server_name example.tld;
+        listen 80;
+        listen [::]:80;
+    # For SSL domain validation
+    root /var/www/html;
+    location /.well-known/acme-challenge/ { allow all; }
+    location /.well-known/pki-validation/ { allow all; }
+    location / { return 301 https://$server_name$request_uri; }}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+    server_name example.tld;
+
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:ssl_session_cache:10m;
+    ssl_session_tickets off;
+
+    # To use Let's Encrypt certificate
+    ssl_certificate     /etc/letsencrypt/live/example.tld/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/example.tld/privkey.pem;
+
+    # To use Debian/Ubuntu's self-signed certificate (For testing or before issuing a certificate)
+    #ssl_certificate     /etc/ssl/certs/ssl-cert-snakeoil.pem;
+    #ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+
+    # SSL protocol settings
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:E>
+    ssl_prefer_server_ciphers off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    # Change to your upload limit
+    client_max_body_size 80m;
+
+    # Proxy to Node
+    location / {
+        proxy_pass http://127.0.0.1:7493;
+        proxy_set_header Host $host;
+        proxy_http_version 1.1;
+        proxy_redirect off;
+
+        # If it's behind another reverse proxy or CDN, remove the following.
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+
+        # For WebSocket
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+
+        # Cache settings
+        proxy_cache cache1;
+        proxy_cache_lock on;
+        proxy_cache_use_stale updating;
+        proxy_force_ranges on;
+        add_header X-Cache $upstream_cache_status;
+    }
+}
+```
+
+Again, make sure `example.tld` gets set to your domain and your SSL certificate is correctly setup.
+
+Don't forget to run `nginx -t` to test your configuration file.
+
+### mCaptcha Configuration
+
+After having mCaptcha up and running, create an account and start configuring a website.
+
+The configuration is incredibly easy as you just type in the traffic you expect (it can be adjusted whenever), though if you want to have more control, it can get more complex: [Configuring Difficulty Factor](https://mcaptcha.org/docs/webmasters/configuring-difficulty-factor).
+
+You need to save the public/"sitekey" and private keys. You can get the sitekey on the sidebar.
+
+### Sharkey Setup
+
+On the control panel as an administrator, access the Security page, where you can enable mCaptcha.
+
+As straight forward as it is, the fields are where you input your keys and the domain (now in `https://example.tld/` format).
+
+After saving, test the captcha in the same page, but also be sure to check it out in the signup form.
+
+### Finishing Touches
+
+As you probably don't want someone else creating an account on your captcha service, now's the time to go back to your `docker-compose.yml` and set `MCAPTCHA_allow_registration: false`. Otherwise, you can leave it.
+
+