search

binwiederhier / ntfy

Send push notifications to your phone or desktop using PUT/POST
https://ntfy.sh
Apache License 2.0
18.66k stars 734 forks source link

systemctl script won't start server #1000

Closed bakerken closed 10 months ago

bakerken commented 10 months ago

:lady_beetle: Describe the bug "systemctl start ntfy" fails, but "/usr/bin/ntfy serve --no-log-dates" works

The installed systemctl script fails to start the server. The error message from journalctl is:

Jan 11 18:06:04 ubuntu systemd[1]: Failed to start ntfy server.
Jan 11 18:06:04 ubuntu systemd[1]: ntfy.service: Failed with result 'exit-code'.
Jan 11 18:06:04 ubuntu systemd[1]: ntfy.service: Start request repeated too quickly.
Jan 11 18:06:04 ubuntu systemd[1]: Stopped ntfy server.
Jan 11 18:06:04 ubuntu systemd[1]: ntfy.service: Scheduled restart job, restart counter is at 5.
Jan 11 18:06:04 ubuntu systemd[1]: ntfy.service: Failed with result 'exit-code'.
Jan 11 18:06:04 ubuntu systemd[1]: ntfy.service: Main process exited, code=exited, status=1/FAILURE
Jan 11 18:06:04 ubuntu ntfy[1102]: if set, key file must exist
Jan 11 18:06:04 ubuntu systemd[1]: Started ntfy server.
Jan 11 18:06:04 ubuntu systemd[1]: Stopped ntfy server.

starting the server with 

/usr/bin/ntfy serve --no-log-dates
works. The web page is up, and I can send notifications to my phone client.

The cert is supplied by certbot, and exists. I've tried pointing the config file at the softlink (see below) or the hard files. Both fail.

:computer: Components impacted ntfy server :bulb: Screenshots and/or logs useful part of my server.yml

grep -v \# /etc/ntfy/server.yml | grep .
base-url: "http://ntfy.redacted.co.uk"
listen-http: ""
listen-https: ":443"
key-file: "/etc/letsencrypt/live/ntfy.redacted.co.uk/privkey.pem"
cert-file: "/etc/letsencrypt/live/ntfy.redacted.co.uk/fullchain.pem"
cache-file: "/var/cache/ntfy/cache.db"
cache-duration: "12h"
auth-file: /var/lib/ntfy/user.db
auth-default-access: "deny-all"
attachment-cache-dir: "/var/cache/ntfy/attachments"
attachment-total-size-limit: "1G"
attachment-file-size-limit: "15M"
attachment-expiry-duration: "3h"

:crystal_ball: Additional context

wunter8 commented 10 months ago

The systemd service (by default) runs ntfy as the ntfy user and ntfy group. I'm guessing the ntfy user doesn't have permissions to access the key/cert file. You can test with sudo -u ntfy ls /etc/letsencrypt/live/ntfy.redacted.co.uk/privkey.pem

bakerken commented 10 months ago

\<D'oh!> \<slaps forehead> Of course, thanks wunter8. 😀