[GH-ISSUE #552] Enable HTTP/2 for ntfy.sh #420

New issue

Closed

opened 2026-05-07 00:23:59 +02:00 by BreizhHardware · 8 comments

BreizhHardware commented 2026-05-07 00:23:59 +02:00

Owner

Copy link

Originally created by @otbutz on GitHub (Dec 21, 2022).
Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/552

Any reason that https://ntfy.sh is limited to HTTP/1.1 ?

Originally created by @otbutz on GitHub (Dec 21, 2022). Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/552 Any reason that https://ntfy.sh is limited to HTTP/1.1 ?

BreizhHardware 2026-05-07 00:23:59 +02:00

• closed this issue
• added the
  in-progress 🏃
  server
  question
  labels

BreizhHardware commented 2026-05-07 00:23:59 +02:00

Author

Owner

Copy link

@binwiederhier commented on GitHub (Dec 22, 2022):

Good question. No particular reason, other than I have never set that up for nginx. I could probably do it. Do you happen to have experience with that @otbutz?

Here's how it's set up: https://github.com/binwiederhier/ntfy-ansible/blob/main/roles/nginx/templates/sites-available/ntfy.j2

<!-- gh-comment-id:1362306296 --> @binwiederhier commented on GitHub (Dec 22, 2022): Good question. No particular reason, other than I have never set that up for nginx. I could probably do it. Do you happen to have experience with that @otbutz? Here's how it's set up: https://github.com/binwiederhier/ntfy-ansible/blob/main/roles/nginx/templates/sites-available/ntfy.j2

BreizhHardware commented 2026-05-07 00:24:00 +02:00

Author

Owner

Copy link

@binwiederhier commented on GitHub (Dec 22, 2022):

Looks like it's just adding the http2 stanza: https://ubiq.co/tech-blog/how-to-enable-http2-in-nginx/

Maybe I'll yolo-deploy that tomorrow and see what happens.

<!-- gh-comment-id:1362317662 --> @binwiederhier commented on GitHub (Dec 22, 2022): Looks like it's just adding the `http2` stanza: https://ubiq.co/tech-blog/how-to-enable-http2-in-nginx/ Maybe I'll yolo-deploy that tomorrow and see what happens.

BreizhHardware commented 2026-05-07 00:24:00 +02:00

Author

Owner

Copy link

@otbutz commented on GitHub (Dec 22, 2022):

I would follow Mozillas best practices and also enable TLS1.3 while you're at it:

https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&hsts=false&ocsp=false&guideline=5.6 (You should really consider to ditch HTTP and enforce HTTPS with HSTS.)

You could also switch to caddy if you're feeling adventurous and get HTTP/3 support 😉

<!-- gh-comment-id:1362536305 --> @otbutz commented on GitHub (Dec 22, 2022): I would follow Mozillas best practices and also enable TLS1.3 while you're at it: https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&hsts=false&ocsp=false&guideline=5.6 (You should really consider to ditch HTTP and enforce HTTPS with HSTS.) You could also switch to caddy if you're feeling adventurous and get HTTP/3 support :wink:

BreizhHardware commented 2026-05-07 00:24:00 +02:00

Author

Owner

Copy link

@binwiederhier commented on GitHub (Dec 22, 2022):

I would follow Mozillas best practices and also enable TLS1.3 while you're at it

Sure why not.

You should really consider to ditch HTTP and enforce HTTPS with HSTS

Nope. That prevents the awesome curl -d hi ntfy.sh/yo usage. Don't wanna type https:// all the time, and I am usually not fearing MITM or sharing state secrets. If people are, they can set up their own server.

You could also switch to caddy if you're feeling adventurous and get HTTP/3 support wink

If it ain't broke, don't fix it. :-D

<!-- gh-comment-id:1362686732 --> @binwiederhier commented on GitHub (Dec 22, 2022): > I would follow Mozillas best practices and also enable TLS1.3 while you're at it Sure why not. > You should really consider to ditch HTTP and enforce HTTPS with HSTS Nope. That prevents the awesome `curl -d hi ntfy.sh/yo` usage. Don't wanna type `https://` all the time, and I am usually not fearing MITM or sharing state secrets. If people are, they can set up their own server. > You could also switch to caddy if you're feeling adventurous and get HTTP/3 support wink If it ain't broke, don't fix it. :-D

BreizhHardware commented 2026-05-07 00:24:00 +02:00

Author

Owner

Copy link

@otbutz commented on GitHub (Dec 22, 2022):

That should still work without https:// if you allow curl to follow redirects:

curl -L -d hi ntfy.sh/yo

<!-- gh-comment-id:1362697643 --> @otbutz commented on GitHub (Dec 22, 2022): That should still work without https:// if you allow curl to follow redirects: ```sh curl -L -d hi ntfy.sh/yo ```

BreizhHardware commented 2026-05-07 00:24:00 +02:00

Author

Owner

Copy link

@binwiederhier commented on GitHub (Dec 23, 2022):

See https://github.com/binwiederhier/ntfy-ansible/pull/1

<!-- gh-comment-id:1363604391 --> @binwiederhier commented on GitHub (Dec 23, 2022): See https://github.com/binwiederhier/ntfy-ansible/pull/1

BreizhHardware commented 2026-05-07 00:24:00 +02:00

Author

Owner

Copy link

@binwiederhier commented on GitHub (Dec 23, 2022):

Sadly the Unix socket change causes a (benign) warning in the ntfy code for every single request (r.RemoteAddr now contains @, instead of an IP address), which means I need a small code change to handle that case. Otherwise I'd get flooded in warnings.

<!-- gh-comment-id:1363605427 --> @binwiederhier commented on GitHub (Dec 23, 2022): Sadly the Unix socket change causes a (benign) warning in the ntfy code for every single request (`r.RemoteAddr` now contains `@`, instead of an IP address), which means I need a small code change to handle that case. Otherwise I'd get flooded in warnings.

BreizhHardware commented 2026-05-07 00:24:01 +02:00

Author

Owner

Copy link

@otbutz commented on GitHub (Dec 23, 2022):

Shouldn't the remote address not be populated from X-Forwarded-For header in this case?

<!-- gh-comment-id:1363777321 --> @otbutz commented on GitHub (Dec 23, 2022): Shouldn't the remote address not be populated from `X-Forwarded-For` header in this case?

BreizhHardware referenced this issue 2026-05-07 01:01:44 +02:00

[PR #621] [MERGED] Make email publishing work, when access-control is enabled #1355

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/npm_and_yarn/web/fast-uri-3.1.2

email-verification

attachment-no-http2

attachment-fixes

attachment-s3

config-generator

postgres-replica

dockers-v2

postgres-support

postgres-webpush+user+message

postgres-webpush+user

postgres-webpush

1364-copy-action

crashfix

user-header

scalar-api-docs

cancel-scheduled

update-available

windows-server

303-update-notifications

postgres

admin-ui

require-login

http-clipboard

message-cache-lock

debian-stripe

predefined-users

busy-timeout

template-dir

ipv6

client-ip-header

apns-fix

feat_optional_require_login

security-updates

pg-message-cache

templating-disallow

templating-3

templating-2

message-size-limit+delay-limit

remove-rate-topics

html-emails

cf-priority

acl-underscores

auth-user-header

markdown

img-attach

web-improvements

utf8-headers

matrix-507-reject

http-response-writer

new-homepage-design

e2e

canary

windows

electron

update-messages

webhook-templating

v2.22.0

v2.21.0

v2.20.1

v2.20.0

v2.19.2

v2.19.1

v2.19.0

v2.18.0

v2.17.0

v2.16.0

v2.15.0

v2.14.0

v2.13.0

v2.12.0

v2.11.0

v2.10.0

v2.9.0

v2.8.0

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.1

v2.0.0

v1.31.0

v1.30.1

v1.29.1

v1.29.0

v1.28.0

v1.27.2

v1.27.1

v1.26.0

v1.25.2

v1.25.1

v1.25.0

v1.24.0

v1.23.0

v1.22.0

v1.21.2

v1.21.1

v1.21.0

v1.20.0

v1.19.0

v1.18.1

v1.18.0

v1.17.1

v1.17.0

v1.16.0

v1.15.0

v1.14.1

v1.14.0

v1.13.0

v1.12.1

v1.12.0

v1.11.1

v1.11.2

v1.11.0

v1.10.0

v1.9.0

v1.8.0

v1.7.0

v1.6.1

v1.6.0

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.8

v1.4.7

v1.4.6

v1.4.5

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.3

v1.3.1

v1.3.0

v1.2.5

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.0

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels   

ai-generated

  

android-app

  

android-app

  

android-app

  

🪲 bug

  

build

  

build

  

dependencies

  

docs

  

enhancement

  

enhancement

  

🔥 HOT

  

in-progress 🏃

  

ios

  

prio:low

  

prio:low

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

🔒 security

  

server

  

server

  

unified-push

  

web-app

  

website

No labels

ai-generated

android-app

android-app

android-app

🪲 bug

build

build

dependencies

docs

enhancement

enhancement

🔥 HOT

in-progress 🏃

ios

prio:low

prio:low

pull-request

question

🔒 security

server

server

unified-push

web-app

website

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ntfy#420

No description provided.