starred/ntfy
1
0
Fork 0
mirror of https://github.com/binwiederhier/ntfy.git synced 2026-05-09 08:26:00 +02:00
Code Issues 368 Projects Packages Wiki Activity

[GH-ISSUE #398] Matrix gateway fails when mapping ntfy to subpath/subdirectory on a reverse proxy #304

New issue
Closed
opened 2026-05-07 00:22:51 +02:00 by BreizhHardware · 3 comments
BreizhHardware commented 2026-05-07 00:22:51 +02:00
Owner
Copy link

Originally created by @samr7 on GitHub (Sep 11, 2022).
Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/398

I tried mapping ntfy to a subpath on my reverse proxy.
I set base-url: https://server.domain.com/ntfy
I had to configure the reverse proxy to remove the /ntfy path prefix when forwarding requests to the ntfy server.
With these two steps, it mostly works. I can send notifications from the command line, and they are received on my Android phone.
I originally had a trailing slash on the base-url, and that broke UP registration. Removing the slash fixed things.

I also mapped https://server.domain.com/_matrix/push/v1/notify to the ntfy server.
The bug is that the Matrix gateway fails in this configuration. Here's a snip from the trace log:

2022/09/11 03:39:55 DEBUG 2602:61:782f:b000:6a09:24e6:2be8:c498 HTTP GET /evilsam,upuVvjZYI6ddt1/ws?since=1662864357 WebSocket connection opened
2022/09/11 03:40:16 DEBUG 2602:61:782f:b000:6a09:24e6:2be8:c498 HTTP POST /_matrix/push/v1/notify Dispatching request
2022/09/11 03:40:16 TRACE 2602:61:782f:b000:6a09:24e6:2be8:c498 HTTP POST /_matrix/push/v1/notify Entire request (headers and body):
POST /_matrix/push/v1/notify HTTP/1.1
Content-Length: 163
User-Agent: SchildiChat/1.4.34.sc58 (Linux; U; Android 13; Pixel 6a Build/TP1A.220624.021.A; Flavour FDroid; MatrixAndroidSdk2 1.4.34)
Content-Type: application/json; charset=UTF-8
Accept-Encoding: gzip
Connection: close
X-Forwarded-For: 2602:61:782f:b000:6a09:24e6:2be8:c498

{"notification":{"event_id":"$THIS_IS_A_FAKE_EVENT_ID","devices":[{"app_id":"de.spiritcroc.riotx","pushkey":"https://server.domain.com/ntfy/upuVvjZYI6ddt1?up=1"}]}}
2022/09/11 03:40:16 DEBUG 2602:61:782f:b000:6a09:24e6:2be8:c498/ntfy/fimtgdGNTxBb Received message: event=message, body=163 byte(s), delayed=false, firebase=false, cache=true, up=true, email=
2022/09/11 03:40:16 TRACE 2602:61:782f:b000:6a09:24e6:2be8:c498/ntfy/fimtgdGNTxBb Message body: {
  "id": "fimtgdGNTxBb",
  "time": 1662867616,
  "event": "message",
  "topic": "ntfy",
  "message": "{\"notification\":{\"event_id\":\"$THIS_IS_A_FAKE_EVENT_ID\",\"devices\":[{\"app_id\":\"de.spiritcroc.riotx\",\"pushkey\":\"https://server.domain.com/ntfy/upuVvjZYI6ddt1?up=1\"}]}}"
}
2022/09/11 03:40:16 TRACE 2602:61:782f:b000:6a09:24e6:2be8:c498/ntfy/fimtgdGNTxBb No stream or WebSocket subscribers, not forwarding

The topic most certainly is not ntfy, but it's pulling that out of the pushkey.
Should it be cutting the base-url from the beginning of the pushkey before looking for a topic?
This issue is similar to #256, but relates to the backend, not the web UI.

Originally created by @samr7 on GitHub (Sep 11, 2022). Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/398 I tried mapping ntfy to a subpath on my reverse proxy. I set `base-url: https://server.domain.com/ntfy` I had to configure the reverse proxy to remove the `/ntfy` path prefix when forwarding requests to the ntfy server. With these two steps, it mostly works. I can send notifications from the command line, and they are received on my Android phone. I originally had a trailing slash on the base-url, and that broke UP registration. Removing the slash fixed things. I also mapped `https://server.domain.com/_matrix/push/v1/notify` to the ntfy server. The bug is that the Matrix gateway fails in this configuration. Here's a snip from the trace log: ``` 2022/09/11 03:39:55 DEBUG 2602:61:782f:b000:6a09:24e6:2be8:c498 HTTP GET /evilsam,upuVvjZYI6ddt1/ws?since=1662864357 WebSocket connection opened 2022/09/11 03:40:16 DEBUG 2602:61:782f:b000:6a09:24e6:2be8:c498 HTTP POST /_matrix/push/v1/notify Dispatching request 2022/09/11 03:40:16 TRACE 2602:61:782f:b000:6a09:24e6:2be8:c498 HTTP POST /_matrix/push/v1/notify Entire request (headers and body): POST /_matrix/push/v1/notify HTTP/1.1 Content-Length: 163 User-Agent: SchildiChat/1.4.34.sc58 (Linux; U; Android 13; Pixel 6a Build/TP1A.220624.021.A; Flavour FDroid; MatrixAndroidSdk2 1.4.34) Content-Type: application/json; charset=UTF-8 Accept-Encoding: gzip Connection: close X-Forwarded-For: 2602:61:782f:b000:6a09:24e6:2be8:c498 {"notification":{"event_id":"$THIS_IS_A_FAKE_EVENT_ID","devices":[{"app_id":"de.spiritcroc.riotx","pushkey":"https://server.domain.com/ntfy/upuVvjZYI6ddt1?up=1"}]}} 2022/09/11 03:40:16 DEBUG 2602:61:782f:b000:6a09:24e6:2be8:c498/ntfy/fimtgdGNTxBb Received message: event=message, body=163 byte(s), delayed=false, firebase=false, cache=true, up=true, email= 2022/09/11 03:40:16 TRACE 2602:61:782f:b000:6a09:24e6:2be8:c498/ntfy/fimtgdGNTxBb Message body: { "id": "fimtgdGNTxBb", "time": 1662867616, "event": "message", "topic": "ntfy", "message": "{\"notification\":{\"event_id\":\"$THIS_IS_A_FAKE_EVENT_ID\",\"devices\":[{\"app_id\":\"de.spiritcroc.riotx\",\"pushkey\":\"https://server.domain.com/ntfy/upuVvjZYI6ddt1?up=1\"}]}}" } 2022/09/11 03:40:16 TRACE 2602:61:782f:b000:6a09:24e6:2be8:c498/ntfy/fimtgdGNTxBb No stream or WebSocket subscribers, not forwarding ``` The topic most certainly is not ntfy, but it's pulling that out of the pushkey. Should it be cutting the base-url from the beginning of the pushkey before looking for a topic? This issue is similar to #256, but relates to the backend, not the web UI.
BreizhHardware 2026-05-07 00:22:51 +02:00
  • closed this issue
  • added the
    question
         label
BreizhHardware commented 2026-05-07 00:22:52 +02:00
Author
Owner
Copy link

@binwiederhier commented on GitHub (Sep 11, 2022):

Running ntfy on a sub path is not supported. There have been attempts to make it work but it proved tricky or hacky. So as of today you need a subdomain.

<!-- gh-comment-id:1242972374 --> @binwiederhier commented on GitHub (Sep 11, 2022): Running ntfy on a sub path is not supported. There have been attempts to make it work but it proved tricky or hacky. So as of today you need a subdomain.
BreizhHardware commented 2026-05-07 00:22:52 +02:00
Author
Owner
Copy link

@binwiederhier commented on GitHub (Oct 2, 2022):

Related https://github.com/binwiederhier/ntfy/issues/256

<!-- gh-comment-id:1264515895 --> @binwiederhier commented on GitHub (Oct 2, 2022): Related https://github.com/binwiederhier/ntfy/issues/256
BreizhHardware commented 2026-05-07 00:22:52 +02:00
Author
Owner
Copy link

@mredlek commented on GitHub (Aug 20, 2023):

I made this work with a simple patch. I don't know enough about Go to make a PR for this: some details might not be optimal or just working for me.

The point is that the received url is before the reverse proxy. The request is not actually send, but handled as if the application received it directly, which is after the reverse proxy. To make it work, it has to do the same rewrites a the reverse proxy would have done. Because the hostname seems to be ignored, I here replace the baseurl with `http://127.0.0.1"

diff --git a/server/server_matrix.go b/server/server_matrix.go
index c25a1b59..4f6f46b8 100644
--- a/server/server_matrix.go
+++ b/server/server_matrix.go
@@ -127,7 +127,8 @@ func newRequestFromMatrixJSON(r *http.Request, baseURL string, messageLimit int)
        if !strings.HasPrefix(pushKey, baseURL+"/") {
                return nil, &errMatrixPushkeyRejected{rejectedPushKey: pushKey, configuredBaseURL: baseURL}
        }
-       newRequest, err := http.NewRequest(http.MethodPost, pushKey, io.NopCloser(bytes.NewReader(body.PeekedBytes)))
+       pushKeyProxy := "http://127.0.0.1" + strings.TrimPrefix(pushKey, baseURL); // Url after reverse proxy
+       newRequest, err := http.NewRequest(http.MethodPost, pushKeyProxy, io.NopCloser(bytes.NewReader(body.PeekedBytes)))
        if err != nil {
                return nil, err
        }
<!-- gh-comment-id:1685318288 --> @mredlek commented on GitHub (Aug 20, 2023): I made this work with a simple patch. I don't know enough about Go to make a PR for this: some details might not be optimal or just working for me. The point is that the received url is before the reverse proxy. The request is not actually send, but handled as if the application received it directly, which is after the reverse proxy. To make it work, it has to do the same rewrites a the reverse proxy would have done. Because the hostname seems to be ignored, I here replace the baseurl with `http://127.0.0.1" ``` diff --git a/server/server_matrix.go b/server/server_matrix.go index c25a1b59..4f6f46b8 100644 --- a/server/server_matrix.go +++ b/server/server_matrix.go @@ -127,7 +127,8 @@ func newRequestFromMatrixJSON(r *http.Request, baseURL string, messageLimit int) if !strings.HasPrefix(pushKey, baseURL+"/") { return nil, &errMatrixPushkeyRejected{rejectedPushKey: pushKey, configuredBaseURL: baseURL} } - newRequest, err := http.NewRequest(http.MethodPost, pushKey, io.NopCloser(bytes.NewReader(body.PeekedBytes))) + pushKeyProxy := "http://127.0.0.1" + strings.TrimPrefix(pushKey, baseURL); // Url after reverse proxy + newRequest, err := http.NewRequest(http.MethodPost, pushKeyProxy, io.NopCloser(bytes.NewReader(body.PeekedBytes))) if err != nil { return nil, err } ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dependabot/npm_and_yarn/web/fast-uri-3.1.2
email-verification
attachment-no-http2
attachment-fixes
attachment-s3
config-generator
postgres-replica
dockers-v2
postgres-support
postgres-webpush+user+message
postgres-webpush+user
postgres-webpush
1364-copy-action
crashfix
user-header
scalar-api-docs
cancel-scheduled
update-available
windows-server
303-update-notifications
postgres
admin-ui
require-login
http-clipboard
message-cache-lock
debian-stripe
predefined-users
busy-timeout
template-dir
ipv6
client-ip-header
apns-fix
feat_optional_require_login
security-updates
pg-message-cache
templating-disallow
templating-3
templating-2
message-size-limit+delay-limit
remove-rate-topics
html-emails
cf-priority
acl-underscores
auth-user-header
markdown
img-attach
web-improvements
utf8-headers
matrix-507-reject
http-response-writer
new-homepage-design
e2e
canary
windows
electron
update-messages
webhook-templating
v2.22.0
v2.21.0
v2.20.1
v2.20.0
v2.19.2
v2.19.1
v2.19.0
v2.18.0
v2.17.0
v2.16.0
v2.15.0
v2.14.0
v2.13.0
v2.12.0
v2.11.0
v2.10.0
v2.9.0
v2.8.0
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.0
v2.1.2
v2.1.1
v2.1.0
v2.0.1
v2.0.0
v1.31.0
v1.30.1
v1.29.1
v1.29.0
v1.28.0
v1.27.2
v1.27.1
v1.26.0
v1.25.2
v1.25.1
v1.25.0
v1.24.0
v1.23.0
v1.22.0
v1.21.2
v1.21.1
v1.21.0
v1.20.0
v1.19.0
v1.18.1
v1.18.0
v1.17.1
v1.17.0
v1.16.0
v1.15.0
v1.14.1
v1.14.0
v1.13.0
v1.12.1
v1.12.0
v1.11.1
v1.11.2
v1.11.0
v1.10.0
v1.9.0
v1.8.0
v1.7.0
v1.6.1
v1.6.0
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.8
v1.4.7
v1.4.6
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.2
v1.3.3
v1.3.1
v1.3.0
v1.2.5
v1.2.4
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.0
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1
Labels
Clear labels   
ai-generated

   
android-app

   
android-app

   
android-app

   
🪲 bug

   
build

   
build

   
dependencies

   
docs

   
enhancement

   
enhancement

   
🔥 HOT

   
in-progress 🏃

   
ios

   
prio:low

   
prio:low

   
pull-request
Mirrored from GitHub Pull Request

  
question

   
🔒 security

   
server

   
server

   
unified-push

   
web-app

   
website
No labels
ai-generated
android-app
android-app
android-app
🪲 bug
build
build
dependencies
docs
enhancement
enhancement
🔥 HOT
in-progress 🏃
ios
prio:low
prio:low
pull-request
question
🔒 security
server
server
unified-push
web-app
website
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/ntfy#304
No description provided.