[GH-ISSUE #765] NTFY_WEB_ROOT: setting an alternative web root means any URL used gets a subscription added by that name, is this by design? #552

New issue

Open

opened 2026-05-07 00:25:21 +02:00 by BreizhHardware · 4 comments

BreizhHardware commented

2026-05-07 00:25:21 +02:00

Owner

Originally created by @mannp on GitHub (Jun 2, 2023).
Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/765

Hi there

I have configured my self-hosted instance with the following config;

    env:
      TZ: "${TIMEZONE}"
      NTFY_BEHIND_PROXY: true
      NTFY_BASE_URL: "https://ntfy.${SECRET_PROD_DOMAIN_XYZ}"
      NTFY_AUTH_DEFAULT_ACCESS: deny-all
      NTFY_AUTH_FILE: /var/lib/ntfy/user.db
      NTFY_ATTACHMENT_CACHE_DIR: /var/cache/ntfy
      NTFY_WEB_ROOT: /app # or app
      NTFY_ENABLE_SIGNUP: false
      NTFY_ENABLE_LOGIN: false

The strange thing is I enter the url: https://ntfy.${SECRET_PROD_DOMAIN_XYZ}/ghdfdfghdfjk

I get the ui displayed with a subscription added named: ghdfdfghdfjk

Is this by design, as I would like to have / open and /app the url for the ui.

Thanks in advance

Originally created by @mannp on GitHub (Jun 2, 2023). Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/765 Hi there I have configured my self-hosted instance with the following config; ``` env: TZ: "${TIMEZONE}" NTFY_BEHIND_PROXY: true NTFY_BASE_URL: "https://ntfy.${SECRET_PROD_DOMAIN_XYZ}" NTFY_AUTH_DEFAULT_ACCESS: deny-all NTFY_AUTH_FILE: /var/lib/ntfy/user.db NTFY_ATTACHMENT_CACHE_DIR: /var/cache/ntfy NTFY_WEB_ROOT: /app # or app NTFY_ENABLE_SIGNUP: false NTFY_ENABLE_LOGIN: false ``` The strange thing is I enter the url: https://ntfy.${SECRET_PROD_DOMAIN_XYZ}/ghdfdfghdfjk I get the ui displayed with a subscription added named: ghdfdfghdfjk Is this by design, as I would like to have / open and /app the url for the ui. Thanks in advance

BreizhHardware added the

🪲 bug

label

2026-05-07 00:25:21 +02:00

BreizhHardware commented

2026-05-07 00:25:22 +02:00

Author

Owner

@binwiederhier commented on GitHub (Jun 3, 2023):

This is by design. It is a good assumption that if you go the the URL of a topic that you want to see the topic, no?

@binwiederhier commented on GitHub (Jun 3, 2023): This is by design. It is a good assumption that if you go the the URL of a topic that you want to see the topic, no?

BreizhHardware commented

2026-05-07 00:25:22 +02:00

Author

Owner

@mannp commented on GitHub (Jun 3, 2023):

If I had changed the root url to access the ui to /app I would not expect to access a subscription at / no.

The instance is deny all with its ui root url changed to /app, I expected it to do nothing or 404 at /

@mannp commented on GitHub (Jun 3, 2023): If I had changed the root url to access the ui to /app I would not expect to access a subscription at / no. The instance is deny all with its ui root url changed to /app, I expected it to do nothing or 404 at /

BreizhHardware commented

2026-05-07 00:25:22 +02:00

Author

Owner

@binwiederhier commented on GitHub (Jun 12, 2023):

When it's deny-all I agree that it's a bit odd. It's also odd from a UX perspective that there is no "login screen" by default if it's set to deny-all.

@binwiederhier commented on GitHub (Jun 12, 2023): When it's deny-all I agree that it's a bit odd. It's also odd from a UX perspective that there is no "login screen" by default if it's set to deny-all.

BreizhHardware commented

2026-05-07 00:25:22 +02:00

Author

Owner

@nwhistler commented on GitHub (Sep 11, 2023):

Yes, I would prefer that either the setting deny-all or enable-login would force all browser traffic to /login unless otherwise logged in. Is this something we should open a feature request for?

@nwhistler commented on GitHub (Sep 11, 2023): Yes, I would prefer that either the setting `deny-all` or `enable-login` would force all browser traffic to `/login` unless otherwise logged in. Is this something we should open a feature request for?