From f1fac8da75bbbfee1bce5859aa3e259546b06486 Mon Sep 17 00:00:00 2001 From: Philipp Heckel Date: Mon, 6 Dec 2021 20:05:06 -0500 Subject: [PATCH] Proxy docs --- docs/config.md | 15 ++++++++++++--- mkdocs.yml | 4 ++-- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/docs/config.md b/docs/config.md index d256ebf..547ce84 100644 --- a/docs/config.md +++ b/docs/config.md @@ -32,17 +32,26 @@ Subscribers can retrieve cached messaging using the [`poll=1` parameter](subscri [`since=` parameter](subscribe/api.md#fetching-cached-messages). ## Behind a proxy (TLS, etc.) - !!! warning - If you are running ntfy behind a proxy, you must set the `behind-proxy` flag. Otherwise, all visitors are + If you are running ntfy behind a proxy, you must set the `behind-proxy` flag. Otherwise, all visitors are [rate limited](#rate-limiting) as if they are one. +It may be desirable to run ntfy behind a proxy, e.g. so you can provide TLS certificates using Let's Encrypt using certbot, +or simply because you'd like to share the ports (80/443) with other services. Whatever your reasons may be, there are a +few things to consider. + ### Rate limiting If you are running ntfy behind a proxy (e.g. nginx, HAproxy or Apache), you should set the `behind-proxy` flag. This will instruct the [rate limiting](#rate-limiting) logic to use the `X-Forwarded-For` header as the primary identifier for a visitor, as opposed to the remote IP address. If the `behind-proxy` flag is not set, all visitors will be counted as one, because from the perspective of the ntfy server, they all share the proxy's IP address. +=== "/etc/ntfy/config.yml" + ``` + # Tell ntfy to use "X-Forwarded-For" to identify visitors + behind-proxy: true + ``` + ### TLS/SSL ntfy supports HTTPS/TLS by setting the `listen-https` [config option](#config-options). However, if you are behind a proxy, it is recommended that TLS/SSL termination is done by the proxy itself (see below). @@ -107,7 +116,7 @@ or the root domain: } ``` -=== "Apache2 (/etc/apache2/sites-*/ntfy.conf" +=== "Apache2 (/etc/apache2/sites-*/ntfy.conf)" ``` ServerName ntfy.sh diff --git a/mkdocs.yml b/mkdocs.yml index 6f6492f..6758aea 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -19,13 +19,13 @@ theme: scheme: default toggle: icon: material/lightbulb-outline - name: Switch to light mode + name: Switch to dark mode - media: "(prefers-color-scheme: dark)" # Dark mode scheme: slate accent: indigo toggle: icon: material/lightbulb - name: Switch to dark mode + name: Switch to light mode features: - search.suggest - search.highlight