Configuring Ntfy with Nginx as a Reverse Proxy: Seeking Assistance

[YezGotIt]

:question: Question

How can I configure Ntfy with Nginx as a reverse proxy? I've tried following the documentation on ntfy.sh but haven't been successful.

And one more thing, I added Cloudflare Tunnel access to the notification service from the public.

[bear]

What part of the current nginx examples are you curious about? Most of what is contained in them are stock nginx items for proxying a web server while terminating SSL with all of the normal production level items covered.

Where are you having trouble? Do you see the ntfy service receiving traffic? I do know that starting the service standalone was more useful for debugging as it allowed me to see the trace and debug logs more easier

[YezGotIt]

This is my setup:

• Nginx version: nginx/1.24.0
• Ntfy version: ntfy 2.7.0
• OS version:
  • Description: Ubuntu 20.04.6 LTS
  • Release: 20.04
  • Codename: focal

I will attach the nginx error.log file. Here is the nginx configuration file, default.conf.txt

[YezGotIt]

If I visit the domain...

This is happening.

If I connect with the localhost IP, such as 10.8.x.x, it works, but not with the actual domain name.

[bear]

A couple of small items first, for your server port 80, you are only going to redirect so you don't need to have any proxy_pass items in it. Those are really being ignored but it helps to be explicit with nginx configs IMO

If you are redirecting all of your port 80 to 443, you can take advantage of some nginx config items - the following tells nginx that the server block is the default for port 80 and that it matches all server names (that's the _ bit). It also uses a simpler "pass on the rest of the URI" method that avoids all of the args and query param junk

server {
    listen 80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
}

Let me know if you have any questions about this change - it's what I have discovered works well when you get the dreaded too many redirects issue.

[YezGotIt]

You can check it here: https://demo.ygi.li/. + Cloudflare tunnel

Here is the configuration:

server {
    listen 80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
}

server {
  listen 443 ssl;
  server_name demo.ygi.li;

  ssl_session_timeout 1d;
  ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
  ssl_session_tickets off;
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-EC                                                                             DSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:                                                                             ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  ssl_prefer_server_ciphers off;

  ssl_certificate /etc/ssl/cert.pem;
  ssl_certificate_key /etc/ssl/key.pem;

  location / {
    proxy_pass http://127.0.0.1:34567;
    proxy_http_version 1.1;

    proxy_set_header Host $host;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_connect_timeout 3m;
    proxy_send_timeout 3m;
    proxy_read_timeout 3m;

    client_max_body_size 0; # Stream request body to backend
  }
}

Still same error.

[binwiederhier]

Feel free to join the Discord or Matrix chat if you're still experiencing issues.