Files
cap/docs/guide/standalone/index.md
T
2026-01-10 16:26:36 +00:00

112 lines
3.0 KiB
Markdown

# Cap Standalone
Cap Standalone is the default way of self-hosting Cap's backend. It provides a simple HTTP API for the widget to use and a siteverify endpoint compatible with hCaptcha or reCAPTCHA's, along with the ability to use multiple site keys.
## Installation
You'll need to have [Docker Engine 20.10 or higher](https://docs.docker.com/get-docker/) installed on your server.
Start by creating a docker compose file named `docker-compose.yml` with the following content:
```yaml
version: "3.8"
services:
cap:
image: tiago2/cap:latest
container_name: cap
ports:
- "3000:3000"
environment:
ADMIN_KEY: your_secret_password
volumes:
- cap-data:/usr/src/app/.data
restart: unless-stopped
volumes:
cap-data:
```
::: tip Tips
* Make sure to add an admin key to log into the web UI. It should be at least 12 characters long.
* If your port 3000 is already in use, feel free to change it to something else.
* If you're having trouble accessing the dashboard, add `network_mode: "host"` under the Cap service.
:::
Start the container:
```bash
docker compose up -d
```
And access your web dashboard at `http://localhost:3000` or by accessing port 3000 on your machine.
Log in with your admin key and create a new site key. Take note of both the site key and secret key.
You'll also need to make the server publicly accessible from the internet, as the widget needs to be able to reach it. If you're using a reverse proxy, make sure to check [the options guide](/guide/standalone/options.md) to configure rate-limiting properly.
## Usage
### Client-side
You'll need to configure your widget to use your self-hosted Cap Standalone server. To do this, set the widget's API endpoint option to:
```
https://<instance_url>/<site_key>/
```
Make sure to replace:
- `<instance_url>`: The actual URL where your Cap Standalone instance is running. This URL must be publicly accessible from the internet.
- `<site_key>`: Your site key from this dashboard.
Example:
```html
<cap-widget
data-cap-api-endpoint="https://cap.example.com/d9256640cb53/"
></cap-widget>
```
### Server-side
After a user completes the CAPTCHA on your site, your backend needs to verify their token using this server's API.
You can do this by sending a `POST` request from your server to the following endpoint:
```
https://<instance_url>/<site_key>/siteverify
```
Your request needs to include the following data:
- `secret`: Your key secret from this dashboard. This is **not** the admin key, but rather your site key's secret.
- `response`: The CAPTCHA token generated by the widget on the client-side
Example using `curl`:
```bash
curl "https://<instance_url>/<site_key>/siteverify" \
-X POST \
-H "Content-Type: application/json" \
-d '{ "secret": "<key_secret>", "response": "<captcha_token>" }'
```
A successful response will return:
```json
{
"success": true
}
```
::: tip Client-side library storage
Cap Standalone can also serve the widget and floating client-side library files. [Learn more](options.md#asset-server)
:::