A captcha can be enabled on your homeserver to help prevent bots from registering accounts. Synapse currently uses Google’s reCAPTCHA service which requires API keys from Google.
public_baseurl
in homeserver.yaml
, to the list of authorized domains. If you have not set
public_baseurl
, use server_name
.homeserver.yaml
configuration file
recaptcha_public_key: YOUR_SITE_KEY
recaptcha_private_key: YOUR_SECRET_KEY
enable_registration_captcha: true
The reCAPTCHA API requires that the IP address of the user who solved the
CAPTCHA is sent. If the client is connecting through a proxy or load balancer,
it may be required to use the X-Forwarded-For
(XFF) header instead of the origin
IP address. This can be configured using the x_forwarded
directive in the
listeners section of the homeserver.yaml
configuration file.