login route #1037

New issue

Closed

opened 2026-05-07 00:29:47 +02:00 by BreizhHardware · 2 comments

BreizhHardware commented

2026-05-07 00:29:47 +02:00

Owner

Originally created by @alex-u-93 on GitHub (Oct 24, 2025).
Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/1473

Hello.

As I understand, by default ntfy has no route i.e. topic auth protection.

So, solution like HTTP basic auth should be picked up. I have setted it up to my root route.

Also I have enabled ntfy native auth system (which gives as protected routes semantics?) - and could not wire it with Nginx HTTP basic auth.

After correct login/password was entered and submitted, browser redirect to ntfy root page and then redirect back to /login route. I have tried different configuration options and finished at this, unworkable code

   server {
     listen xxx.xxx.xxx.xxx:443 ssl;
     http2 on;
     client_max_body_size 1024M;
     proxy_http_version 1.1;
     server_name ntfy.mgek.by;

     ssl_certificate     /etc/letsencrypt/live/domain/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;

     location /login {
       allow all;
       auth_basic off;
       proxy_pass http://ntfy;
       proxy_http_version 1.1;
       proxy_set_header Host $http_host;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_connect_timeout 3m;
       proxy_send_timeout 3m;
       proxy_read_timeout 3m;
       client_max_body_size 0;
     }

     location / {
       auth_basic           "Administrator’s Area";
       auth_basic_user_file /opt/auth;
       proxy_pass http://ntfy;
       proxy_http_version 1.1;
       proxy_set_header Host $http_host;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_connect_timeout 3m;
       proxy_send_timeout 3m;
       proxy_read_timeout 3m;
       client_max_body_size 0;
     }
   }

Can someone help with this piece of misunderstanding?

Originally created by @alex-u-93 on GitHub (Oct 24, 2025). Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/1473 Hello. As I understand, by default `ntfy` has no route i.e. topic auth protection. So, solution like HTTP basic auth should be picked up. I have setted it up to my root route. Also I have enabled `ntfy` native auth system (which gives as protected routes semantics?) - and could not wire it with Nginx HTTP basic auth. After correct login/password was entered and submitted, browser redirect to `ntfy` root page and then redirect back to `/login` route. I have tried different configuration options and finished at this, unworkable code ```nginx server { listen xxx.xxx.xxx.xxx:443 ssl; http2 on; client_max_body_size 1024M; proxy_http_version 1.1; server_name ntfy.mgek.by; ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem; location /login { allow all; auth_basic off; proxy_pass http://ntfy; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 3m; proxy_send_timeout 3m; proxy_read_timeout 3m; client_max_body_size 0; } location / { auth_basic "Administrator’s Area"; auth_basic_user_file /opt/auth; proxy_pass http://ntfy; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 3m; proxy_send_timeout 3m; proxy_read_timeout 3m; client_max_body_size 0; } } ``` <img width="1091" height="1167" alt="Image" src="https://github.com/user-attachments/assets/10709243-ef22-4eac-9713-bc292e21abba" /> Can someone help with this piece of misunderstanding?

BreizhHardware closed this issue

2026-05-07 00:29:47 +02:00

BreizhHardware commented

2026-05-07 00:29:47 +02:00

Author

Owner

@wunter8 commented on GitHub (Oct 25, 2025):

Remove the nginx basic auth stuff and just use the built-in ntfy auth/access controls.

If you're concerned about the web app being accessible to others, see here: https://docs.ntfy.sh/faq/#can-i-disable-the-web-app-can-i-protect-it-with-a-login-screen

@wunter8 commented on GitHub (Oct 25, 2025): Remove the nginx basic auth stuff and just use the built-in ntfy auth/access controls. If you're concerned about the web app being accessible to others, see here: https://docs.ntfy.sh/faq/#can-i-disable-the-web-app-can-i-protect-it-with-a-login-screen

BreizhHardware commented

2026-05-07 00:29:48 +02:00

Author

Owner

@alex-u-93 commented on GitHub (Oct 25, 2025):

@wunter8 You are just right. I have forgotten that auth system is complete, while web UI basic ability to connect to arbitrary ntfy instances is designed by authors.

@alex-u-93 commented on GitHub (Oct 25, 2025): @wunter8 You are just right. I have forgotten that auth system is complete, while web UI basic ability to connect to arbitrary `ntfy` instances is designed by authors.