[GH-ISSUE #622] Code 40101: unauthorized error #463

New issue

Closed

opened 2026-05-07 00:24:26 +02:00 by BreizhHardware · 2 comments

BreizhHardware commented

2026-05-07 00:24:26 +02:00

Owner

Originally created by @zaidi-01 on GitHub (Feb 19, 2023).
Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/622

I have Ntfy deployed on Docker and it had been working fine for the past few months. Recently updated to 2.0.1 and now I keep getting the following error: {"code":40101,"http":401,"error":"unauthorized","link":"https://ntfy.sh/docs/publish/#authentication"}. I have Traefik reverse proxy with basic auth and never enabled auth on Ntfy so I'm not sure what has changed recently.

Originally created by @zaidi-01 on GitHub (Feb 19, 2023). Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/622 I have Ntfy deployed on Docker and it had been working fine for the past few months. Recently updated to 2.0.1 and now I keep getting the following error: `{"code":40101,"http":401,"error":"unauthorized","link":"https://ntfy.sh/docs/publish/#authentication"}`. I have Traefik reverse proxy with basic auth and never enabled auth on Ntfy so I'm not sure what has changed recently.

BreizhHardware closed this issue

2026-05-07 00:24:26 +02:00

BreizhHardware commented

2026-05-07 00:24:27 +02:00

Author

Owner

@binwiederhier commented on GitHub (Feb 19, 2023):

As part of the access token work, I changed the auth code. If the client is sending any Authorization header to the ntfy server, it'll consider this as an attempt to authenticate (which I think is reasonable). If you do not have auth set up in ntfy (auth-file set), then ntfy will reject every request.

Traefik should probably not be sending an Authorization header to the backend, if it doesn't need it. My apologies that the update broke your workflow, but IMHO the logic makes sense.

The relevant code is in maybeAuthenticate in server.go, see: https://github.com/binwiederhier/ntfy/blob/main/server/server.go#L1505

@binwiederhier commented on GitHub (Feb 19, 2023): As part of the access token work, I changed the auth code. If the client is sending any `Authorization` header to the ntfy server, it'll consider this as an attempt to authenticate (which I think is reasonable). If you do not have auth set up in ntfy (`auth-file` set), then ntfy will reject every request. Traefik should probably not be sending an `Authorization` header to the backend, if it doesn't need it. My apologies that the update broke your workflow, but IMHO the logic makes sense. The relevant code is in `maybeAuthenticate` in `server.go`, see: https://github.com/binwiederhier/ntfy/blob/main/server/server.go#L1505

BreizhHardware commented

2026-05-07 00:24:27 +02:00

Author

Owner

@zaidi-01 commented on GitHub (Feb 19, 2023):

Thanks for the explanation. It was indeed the authorization header causing issues. If anyone else comes across this problem, please ensure there isn't any authorization header being passed in the request.

@zaidi-01 commented on GitHub (Feb 19, 2023): Thanks for the explanation. It was indeed the authorization header causing issues. If anyone else comes across this problem, please ensure there isn't any authorization header being passed in the request.

BreizhHardware referenced this issue

2026-05-07 01:01:29 +02:00

[PR #463] [MERGED] Created documentation for kustomization deployment #1308