vbatts/ntfy
1
0
Fork 0
Code Pull requests Activity

Proxy docs

Browse source
This commit is contained in:
Philipp Heckel 2021-12-06 20:05:06 -05:00
parent faa7de9f37
commit f1fac8da75
2 changed files with 14 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
docs/config.md
View file

@ -32,17 +32,26 @@ Subscribers can retrieve cached messaging using the [`poll=1` parameter](subscri
[`since=` parameter](subscribe/api.md#fetching-cached-messages). [`since=` parameter](subscribe/api.md#fetching-cached-messages).
## Behind a proxy (TLS, etc.) ## Behind a proxy (TLS, etc.)
!!! warning !!! warning
If you are running ntfy behind a proxy, you must set the `behind-proxy` flag. Otherwise, all visitors are If you are running ntfy behind a proxy, you must set the `behind-proxy` flag. Otherwise, all visitors are
[rate limited](#rate-limiting) as if they are one. [rate limited](#rate-limiting) as if they are one.
It may be desirable to run ntfy behind a proxy, e.g. so you can provide TLS certificates using Let's Encrypt using certbot,
or simply because you'd like to share the ports (80/443) with other services. Whatever your reasons may be, there are a
few things to consider.
### Rate limiting ### Rate limiting
If you are running ntfy behind a proxy (e.g. nginx, HAproxy or Apache), you should set the `behind-proxy` If you are running ntfy behind a proxy (e.g. nginx, HAproxy or Apache), you should set the `behind-proxy`
flag. This will instruct the [rate limiting](#rate-limiting) logic to use the `X-Forwarded-For` header as the primary flag. This will instruct the [rate limiting](#rate-limiting) logic to use the `X-Forwarded-For` header as the primary
identifier for a visitor, as opposed to the remote IP address. If the `behind-proxy` flag is not set, all visitors will identifier for a visitor, as opposed to the remote IP address. If the `behind-proxy` flag is not set, all visitors will
be counted as one, because from the perspective of the ntfy server, they all share the proxy's IP address. be counted as one, because from the perspective of the ntfy server, they all share the proxy's IP address.
=== "/etc/ntfy/config.yml"
```
# Tell ntfy to use "X-Forwarded-For" to identify visitors
behind-proxy: true
```
### TLS/SSL ### TLS/SSL
ntfy supports HTTPS/TLS by setting the `listen-https` [config option](#config-options). However, if you ntfy supports HTTPS/TLS by setting the `listen-https` [config option](#config-options). However, if you
are behind a proxy, it is recommended that TLS/SSL termination is done by the proxy itself (see below). are behind a proxy, it is recommended that TLS/SSL termination is done by the proxy itself (see below).
@ -107,7 +116,7 @@ or the root domain:
} }
``` ```
=== "Apache2 (/etc/apache2/sites-*/ntfy.conf" === "Apache2 (/etc/apache2/sites-*/ntfy.conf)"
``` ```
<VirtualHost *:80> <VirtualHost *:80>
ServerName ntfy.sh ServerName ntfy.sh

4
mkdocs.yml
View file

@ -19,13 +19,13 @@ theme:
scheme: default scheme: default
toggle: toggle:
icon: material/lightbulb-outline icon: material/lightbulb-outline
name: Switch to light mode name: Switch to dark mode
- media: "(prefers-color-scheme: dark)" # Dark mode - media: "(prefers-color-scheme: dark)" # Dark mode
scheme: slate scheme: slate
accent: indigo accent: indigo
toggle: toggle:
icon: material/lightbulb icon: material/lightbulb
name: Switch to dark mode name: Switch to light mode
features: features:
- search.suggest - search.suggest
- search.highlight - search.highlight