docs.benjamin-altpeter.de

ntfy

Installed at 10.1.1.29, not available publicly.

The application runs in an unprivileged Ubuntu 22.04 LXC container.

Setup #

Based on 1, 2.

apt install apt-transport-https gnupg2
mkdir -p /etc/apt/keyrings
curl -fsSL https://archive.heckel.io/apt/pubkey.txt | gpg --dearmor -o /etc/apt/keyrings/archive.heckel.io.gpg
sh -c "echo 'deb [arch=amd64 signed-by=/etc/apt/keyrings/archive.heckel.io.gpg] https://archive.heckel.io/apt debian main' > /etc/apt/sources.list.d/archive.heckel.io.list"
apt update
apt install ntfy
systemctl enable ntfy
systemctl start ntfy

# Edit the values shown below.
nano /etc/ntfy/server.yml

systemctl restart ntfy

ntfy access '*' 'up*' write-only
ntfy user add --role=admin benni

Configure the reverse proxy to proxy https://ntfy.my-server.in to http://10.1.1.29:80.

Adding users #

To give additional users non-admin read access to UnifiedPush (note that they can theoretically read all users' notifications if they correctly guess the topic but that should be random and complex enough not to be guessable) and read-write access to their own prefix:

ntfy user add <username>
ntfy access <username> 'up*' r
ntfy access <username> '<prefix>-*' rw

# Check:
ntfy access

Configs #

server.yml #

base-url: "https://ntfy.my-server.in"

cache-file: "/var/cache/ntfy/cache.db"
cache-startup-queries: |
   pragma journal_mode = WAL;
   pragma synchronous = normal;
   pragma temp_store = memory;
   pragma busy_timeout = 15000;
   vacuum;   
cache-duration: "36h"

auth-file: "/var/lib/ntfy/user.db"
auth-default-access: "deny-all"

behind-proxy: true

attachment-cache-dir: "/var/cache/ntfy/attachments"
attachment-total-size-limit: "64G"
attachment-file-size-limit: "1G"
attachment-expiry-duration: "36h"

smtp-sender-addr: "smtp.eu.mailgun.org:587"
smtp-sender-user: "<username>"
smtp-sender-pass: "<password>"
smtp-sender-from: "<username>"

global-topic-limit: 1500000
visitor-subscription-limit: 300
visitor-request-limit-burst: 5000
visitor-request-limit-replenish: "1s"
visitor-email-limit-burst: 100
visitor-email-limit-replenish: "1m"
visitor-attachment-total-size-limit: "16G"
visitor-attachment-daily-bandwidth-limit: "128G"