[GH-ISSUE #958] Can't use https #672

New issue

Closed

opened 2026-05-07 00:26:28 +02:00 by BreizhHardware · 6 comments

BreizhHardware commented 2026-05-07 00:26:28 +02:00

Owner

Copy link

Originally created by @iomari on GitHub (Nov 22, 2023).
Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/958

Greetings,
I can't seem to get https working. Http works fine though. Below is my server.yml file. I have key.pem and cert.pm configured.
I running kubuntu 23.10 and I'm using systemd to control the service. The config below works just fine with http. But if i comment the listen-http line and uncomment the next 3 lines, I get errors when I restart the service.

# ntfy server config file
# server:
#   listen:
#     - port: 48800
#       protocol: http
#     - port: 44300
#       protocol: https
#       cert: /home/iomari/ssl-certificate/ntfy.csr
#       key: /home/iomari/ssl-certificate/ntfy.key
#
# Please refer to the documentation at https://ntfy.sh/docs/config/ for details.
# All options also support underscores (_) instead of dashes (-) to comply with the YAML spec.

# Public facing base URL of the service (e.g. https://ntfy.sh or https://ntfy.example.com)
#
# This setting is required for any of the following features:
# - attachments (to return a download URL)
# - e-mail sending (for the topic URL in the email footer)
# - iOS push notifications for self-hosted servers (to calculate the Firebase poll_request topic)
# - Matrix Push Gateway (to validate that the pushkey is correct)
#
base-url : "https://105.112.138.38"

# Listen address for the HTTP & HTTPS web server. If "listen-https" is set, you must also
# set "key-file" and "cert-file". Format: [<ip>]:<port>, e.g. "1.2.3.4:8080".
#
# To listen on all interfaces, you may omit the IP address, e.g. ":443".
# To disable HTTP, set "listen-http" to "-".
#
listen-http: ":48880"
# listen-https: ":443"
# key-file: /root/ssl-certificate/key.pem
# cert-file: /root/ssl-certificate/cert.pem


# server:
#   listen:
#     - port: 48800
#       protocol: http
#     - port: 44300
#       protocol: https
#       cert: /home/iomari/ssl-certificate/ntfy.csr
#       key: /home/iomari/ssl-certificate/ntfy.key


# Listen on a Unix socket, e.g. /var/lib/ntfy/ntfy.sock
# This can be useful to avoid port issues on local systems, and to simplify permissions.
#
# listen-unix: <socket-path>
# listen-unix-mode: <linux permissions, e.g. 0700>

# Path to the private key & cert file for the HTTPS web server. Not used if "listen-https" is not set.
#
# key-file: <filename>
# cert-file: <filename>

# If set, also publish messages to a Firebase Cloud Messaging (FCM) topic for your app.
# This is optional and only required to save battery when using the Android app.
#
# firebase-key-file: <filename>

# If "cache-file" is set, messages are cached in a local SQLite database instead of only in-memory.
# This allows for service restarts without losing messages in support of the since= parameter.
#
# The "cache-duration" parameter defines the duration for which messages will be buffered
# before they are deleted. This is required to support the "since=..." and "poll=1" parameter.
# To disable the cache entirely (on-disk/in-memory), set "cache-duration" to 0.
# The cache file is created automatically, provided that the correct permissions are set.
#
# The "cache-startup-queries" parameter allows you to run commands when the database is initialized,
# e.g. to enable WAL mode (see https://phiresky.github.io/blog/2020/sqlite-performance-tuning/)).
# Example:
#    cache-startup-queries: |
#       pragma journal_mode = WAL;
#       pragma synchronous = normal;
#       pragma temp_store = memory;
#       pragma busy_timeout = 15000;
#       vacuum;
#
# The "cache-batch-size" and "cache-batch-timeout" parameter allow enabling async batch writing
# of messages. If set, messages will be queued and written to the database in batches of the given
# size, or after the given timeout. This is only required for high volume servers.
#
# Debian/RPM package users:
#   Use /var/cache/ntfy/cache.db as cache file to avoid permission issues. The package
#   creates this folder for you.
#
# Check your permissions:
#   If you are running ntfy with systemd, make sure this cache file is owned by the
#   ntfy user and group by running: chown ntfy.ntfy <filename>.
#
# cache-file: <filename>
# cache-duration: "12h"
# cache-startup-queries:
# cache-batch-size: 0
# cache-batch-timeout: "0ms"

# If set, access to the ntfy server and API can be controlled on a granular level using
# the 'ntfy user' and 'ntfy access' commands. See the --help pages for details, or check the docs.
#
# - auth-file is the SQLite user/access database; it is created automatically if it doesn't already exist
# - auth-default-access defines the default/fallback access if no access control entry is found; it can be
#   set to "read-write" (default), "read-only", "write-only" or "deny-all".
# - auth-startup-queries allows you to run commands when the database is initialized, e.g. to enable
#   WAL mode. This is similar to cache-startup-queries. See above for details.
#
# Debian/RPM package users:
#   Use /var/lib/ntfy/user.db as user database to avoid permission issues. The package
#   creates this folder for you.
#
# Check your permissions:
#   If you are running ntfy with systemd, make sure this user database file is owned by the
#   ntfy user and group by running: chown ntfy.ntfy <filename>.
#
# auth-file: <filename>
# auth-default-access: "read-write"
# auth-startup-queries:

# If set, the X-Forwarded-For header is used to determine the visitor IP address
# instead of the remote address of the connection.
#
# WARNING: If you are behind a proxy, you must set this, otherwise all visitors are rate limited
#          as if they are one.
#
# behind-proxy: false

# If enabled, clients can attach files to notifications as attachments. Minimum settings to enable attachments
# are "attachment-cache-dir" and "base-url".
#
# - attachment-cache-dir is the cache directory for attached files
# - attachment-total-size-limit is the limit of the on-disk attachment cache directory (total size)
# - attachment-file-size-limit is the per-file attachment size limit (e.g. 300k, 2M, 100M)
# - attachment-expiry-duration is the duration after which uploaded attachments will be deleted (e.g. 3h, 20h)
#
# attachment-cache-dir:
# attachment-total-size-limit: "5G"
# attachment-file-size-limit: "15M"
# attachment-expiry-duration: "3h"

# If enabled, allow outgoing e-mail notifications via the 'X-Email' header. If this header is set,
# messages will additionally be sent out as e-mail using an external SMTP server.
#
# As of today, only SMTP servers with plain text auth (or no auth at all), and STARTLS are supported.
# Please also refer to the rate limiting settings below (visitor-email-limit-burst & visitor-email-limit-burst).
#
# - smtp-sender-addr is the hostname:port of the SMTP server
# - smtp-sender-from is the e-mail address of the sender
# - smtp-sender-user/smtp-sender-pass are the username and password of the SMTP user (leave blank for no auth)
#
# smtp-sender-addr:
# smtp-sender-from:
# smtp-sender-user:
# smtp-sender-pass:

# If enabled, ntfy will launch a lightweight SMTP server for incoming messages. Once configured, users can send
# emails to a topic e-mail address to publish messages to a topic.
#
# - smtp-server-listen defines the IP address and port the SMTP server will listen on, e.g. :25 or 1.2.3.4:25
# - smtp-server-domain is the e-mail domain, e.g. ntfy.sh
# - smtp-server-addr-prefix is an optional prefix for the e-mail addresses to prevent spam. If set to "ntfy-",
#   for instance, only e-mails to ntfy-$topic@ntfy.sh will be accepted. If this is not set, all emails to
#   $topic@ntfy.sh will be accepted (which may obviously be a spam problem).
#
# smtp-server-listen:
# smtp-server-domain:
# smtp-server-addr-prefix:

# Web Push support (background notifications for browsers)
#
# If enabled, allows ntfy to receive push notifications, even when the ntfy web app is closed. When enabled, users
# can enable background notifications in the web app. Once enabled, ntfy will forward published messages to the push
# endpoint, which will then forward it to the browser.
#
# You must configure web-push-public/private key, web-push-file, and web-push-email-address below to enable Web Push.
# Run "ntfy webpush keys" to generate the keys.
#
# - web-push-public-key is the generated VAPID public key, e.g. AA1234BBCCddvveekaabcdfqwertyuiopasdfghjklzxcvbnm1234567890
# - web-push-private-key is the generated VAPID private key, e.g. AA2BB1234567890abcdefzxcvbnm1234567890
# - web-push-file is a database file to keep track of browser subscription endpoints, e.g. `/var/cache/ntfy/webpush.db`
# - web-push-email-address is the admin email address send to the push provider, e.g. `sysadmin@example.com`
# - web-push-startup-queries is an optional list of queries to run on startup`
#
# web-push-public-key:
# web-push-private-key:
# web-push-file:
# web-push-email-address:
# web-push-startup-queries:

# If enabled, ntfy can perform voice calls via Twilio via the "X-Call" header.
#
# - twilio-account is the Twilio account SID, e.g. AC12345beefbeef67890beefbeef122586
# - twilio-auth-token is the Twilio auth token, e.g. affebeef258625862586258625862586
# - twilio-phone-number is the outgoing phone number you purchased, e.g. +18775132586
# - twilio-verify-service is the Twilio Verify service SID, e.g. VA12345beefbeef67890beefbeef122586
#
# twilio-account:
# twilio-auth-token:
# twilio-phone-number:
# twilio-verify-service:

# Interval in which keepalive messages are sent to the client. This is to prevent
# intermediaries closing the connection for inactivity.
#
# Note that the Android app has a hardcoded timeout at 77s, so it should be less than that.
#
# keepalive-interval: "45s"

# Interval in which the manager prunes old messages, deletes topics
# and prints the stats.
#
# manager-interval: "1m"

# Defines topic names that are not allowed, because they are otherwise used. There are a few default topics
# that cannot be used (e.g. app, account, settings, ...). To extend the default list, define them here.
#
# Example:
#   disallowed-topics:
#     - about
#     - pricing
#     - contact
#
# disallowed-topics:

# Defines the root path of the web app, or disables the web app entirely.
#
# Can be any simple path, e.g. "/", "/app", or "/ntfy". For backwards-compatibility reasons,
# the values "app" (maps to "/"), "home" (maps to "/app"), or "disable" (maps to "") to disable
# the web app entirely.
#
# web-root: /

# Various feature flags used to control the web app, and API access, mainly around user and
# account management.
#
# - enable-signup allows users to sign up via the web app, or API
# - enable-login allows users to log in via the web app, or API
# - enable-reservations allows users to reserve topics (if their tier allows it)
#
# enable-signup: false
# enable-login: false
# enable-reservations: false

# Server URL of a Firebase/APNS-connected ntfy server (likely "https://ntfy.sh").
#
# iOS users:
#   If you use the iOS ntfy app, you MUST configure this to receive timely notifications. You'll like want this:
#   upstream-base-url: "https://ntfy.sh"
#
# If set, all incoming messages will publish a "poll_request" message to the configured upstream server, containing
# the message ID of the original message, instructing the iOS app to poll this server for the actual message contents.
# This is to prevent the upstream server and Firebase/APNS from being able to read the message.
#
# - upstream-base-url is the base URL of the upstream server. Should be "https://ntfy.sh".
# - upstream-access-token is the token used to authenticate with the upstream server. This is only required
#   if you exceed the upstream rate limits, or the uptream server requires authentication.
#
# upstream-base-url:
# upstream-access-token:

# Rate limiting: Total number of topics before the server rejects new topics.
#
# global-topic-limit: 15000

# Rate limiting: Number of subscriptions per visitor (IP address)
#
# visitor-subscription-limit: 30

# Rate limiting: Allowed GET/PUT/POST requests per second, per visitor:
# - visitor-request-limit-burst is the initial bucket of requests each visitor has
# - visitor-request-limit-replenish is the rate at which the bucket is refilled
# - visitor-request-limit-exempt-hosts is a comma-separated list of hostnames, IPs or CIDRs to be
#   exempt from request rate limiting. Hostnames are resolved at the time the server is started.
#   Example: "1.2.3.4,ntfy.example.com,8.7.6.0/24"
#
# visitor-request-limit-burst: 60
# visitor-request-limit-replenish: "5s"
# visitor-request-limit-exempt-hosts: ""

# Rate limiting: Hard daily limit of messages per visitor and day. The limit is reset
# every day at midnight UTC. If the limit is not set (or set to zero), the request
# limit (see above) governs the upper limit.
#
# visitor-message-daily-limit: 0

# Rate limiting: Allowed emails per visitor:
# - visitor-email-limit-burst is the initial bucket of emails each visitor has
# - visitor-email-limit-replenish is the rate at which the bucket is refilled
#
# visitor-email-limit-burst: 16
# visitor-email-limit-replenish: "1h"

# Rate limiting: Attachment size and bandwidth limits per visitor:
# - visitor-attachment-total-size-limit is the total storage limit used for attachments per visitor
# - visitor-attachment-daily-bandwidth-limit is the total daily attachment download/upload traffic limit per visitor
#
# visitor-attachment-total-size-limit: "100M"
# visitor-attachment-daily-bandwidth-limit: "500M"

# Rate limiting: Enable subscriber-based rate limiting (mostly used for UnifiedPush)
#
# If enabled, subscribers may opt to have published messages counted against their own rate limits, as opposed
# to the publisher's rate limits. This is especially useful to increase the amount of messages that high-volume
# publishers (e.g. Matrix/Mastodon servers) are allowed to send.
#
# Once enabled, a client may send a "Rate-Topics: <topic1>,<topic2>,..." header when subscribing to topics via
# HTTP stream, or websockets, thereby registering itself as the "rate visitor", i.e. the visitor whose rate limits
# to use when publishing on this topic. Note: Setting the rate visitor requires READ-WRITE permission on the topic.
#
# UnifiedPush only: If this setting is enabled, publishing to UnifiedPush topics will lead to a HTTP 507 response if
# no "rate visitor" has been previously registered. This is to avoid burning the publisher's "visitor-message-daily-limit".
#
# visitor-subscriber-rate-limiting: false

# Payments integration via Stripe
#
# - stripe-secret-key is the key used for the Stripe API communication. Setting this values
#   enables payments in the ntfy web app (e.g. Upgrade dialog). See https://dashboard.stripe.com/apikeys.
# - stripe-webhook-key is the key required to validate the authenticity of incoming webhooks from Stripe.
#   Webhooks are essential up keep the local database in sync with the payment provider. See https://dashboard.stripe.com/webhooks.
# - billing-contact is an email address or website displayed in the "Upgrade tier" dialog to let people reach
#   out with billing questions. If unset, nothing will be displayed.
#
# stripe-secret-key:
# stripe-webhook-key:
# billing-contact:

# Metrics
#
# ntfy can expose Prometheus-style metrics via a /metrics endpoint, or on a dedicated listen IP/port.
# Metrics may be considered sensitive information, so before you enable them, be sure you know what you are
# doing, and/or secure access to the endpoint in your reverse proxy.
#
# - enable-metrics enables the /metrics endpoint for the default ntfy server (i.e. HTTP, HTTPS and/or Unix socket)
# - metrics-listen-http exposes the metrics endpoint via a dedicated [IP]:port. If set, this option implicitly
#   enables metrics as well, e.g. "10.0.1.1:9090" or ":9090"
#
# enable-metrics: false
# metrics-listen-http:

# Profiling
#
# ntfy can expose Go's net/http/pprof endpoints to support profiling of the ntfy server. If enabled, ntfy will listen
# on a dedicated listen IP/port, which can be accessed via the web browser on http://<ip>:<port>/debug/pprof/.
# This can be helpful to expose bottlenecks, and visualize call flows. See https://pkg.go.dev/net/http/pprof for details.
#
# profile-listen-http:

# Logging options
#
# By default, ntfy logs to the console (stderr), with an "info" log level, and in a human-readable text format.
# ntfy supports five different log levels, can also write to a file, log as JSON, and even supports granular
# log level overrides for easier debugging. Some options (log-level and log-level-overrides) can be hot reloaded
# by calling "kill -HUP $pid" or "systemctl reload ntfy".
#
# - log-format defines the output format, can be "text" (default) or "json"
# - log-file is a filename to write logs to. If this is not set, ntfy logs to stderr.
# - log-level defines the default log level, can be one of "trace", "debug", "info" (default), "warn" or "error".
#   Be aware that "debug" (and particularly "trace") can be VERY CHATTY. Only turn them on briefly for debugging purposes.
# - log-level-overrides lets you override the log level if certain fields match. This is incredibly powerful
#   for debugging certain parts of the system (e.g. only the account management, or only a certain visitor).
#   This is an array of strings in the format:
#      - "field=value -> level" to match a value exactly, e.g. "tag=manager -> trace"
#      - "field -> level" to match any value, e.g. "time_taken_ms -> debug"
#   Warning: Using log-level-overrides has a performance penalty. Only use it for temporary debugging.
#
# Check your permissions:
#   If you are running ntfy with systemd, make sure this log file is owned by the
#   ntfy user and group by running: chown ntfy.ntfy <filename>.
#
# Example (good for production):
#   log-level: info
#   log-format: json
#   log-file: /var/log/ntfy.log
#
# Example level overrides (for debugging, only use temporarily):
#   log-level-overrides:
#      - "tag=manager -> trace"
#      - "visitor_ip=1.2.3.4 -> debug"
#      - "time_taken_ms -> debug"
#
# log-level: info
# log-level-overrides:
# log-format: text
# log-file:

Originally created by @iomari on GitHub (Nov 22, 2023). Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/958 Greetings, I can't seem to get https working. Http works fine though. Below is my server.yml file. I have key.pem and cert.pm configured. I running kubuntu 23.10 and I'm using systemd to control the service. The config below works just fine with http. But if i comment the listen-http line and uncomment the next 3 lines, I get errors when I restart the service. ``` # ntfy server config file # server: # listen: # - port: 48800 # protocol: http # - port: 44300 # protocol: https # cert: /home/iomari/ssl-certificate/ntfy.csr # key: /home/iomari/ssl-certificate/ntfy.key # # Please refer to the documentation at https://ntfy.sh/docs/config/ for details. # All options also support underscores (_) instead of dashes (-) to comply with the YAML spec. # Public facing base URL of the service (e.g. https://ntfy.sh or https://ntfy.example.com) # # This setting is required for any of the following features: # - attachments (to return a download URL) # - e-mail sending (for the topic URL in the email footer) # - iOS push notifications for self-hosted servers (to calculate the Firebase poll_request topic) # - Matrix Push Gateway (to validate that the pushkey is correct) # base-url : "https://105.112.138.38" # Listen address for the HTTP & HTTPS web server. If "listen-https" is set, you must also # set "key-file" and "cert-file". Format: [<ip>]:<port>, e.g. "1.2.3.4:8080". # # To listen on all interfaces, you may omit the IP address, e.g. ":443". # To disable HTTP, set "listen-http" to "-". # listen-http: ":48880" # listen-https: ":443" # key-file: /root/ssl-certificate/key.pem # cert-file: /root/ssl-certificate/cert.pem # server: # listen: # - port: 48800 # protocol: http # - port: 44300 # protocol: https # cert: /home/iomari/ssl-certificate/ntfy.csr # key: /home/iomari/ssl-certificate/ntfy.key # Listen on a Unix socket, e.g. /var/lib/ntfy/ntfy.sock # This can be useful to avoid port issues on local systems, and to simplify permissions. # # listen-unix: <socket-path> # listen-unix-mode: <linux permissions, e.g. 0700> # Path to the private key & cert file for the HTTPS web server. Not used if "listen-https" is not set. # # key-file: <filename> # cert-file: <filename> # If set, also publish messages to a Firebase Cloud Messaging (FCM) topic for your app. # This is optional and only required to save battery when using the Android app. # # firebase-key-file: <filename> # If "cache-file" is set, messages are cached in a local SQLite database instead of only in-memory. # This allows for service restarts without losing messages in support of the since= parameter. # # The "cache-duration" parameter defines the duration for which messages will be buffered # before they are deleted. This is required to support the "since=..." and "poll=1" parameter. # To disable the cache entirely (on-disk/in-memory), set "cache-duration" to 0. # The cache file is created automatically, provided that the correct permissions are set. # # The "cache-startup-queries" parameter allows you to run commands when the database is initialized, # e.g. to enable WAL mode (see https://phiresky.github.io/blog/2020/sqlite-performance-tuning/)). # Example: # cache-startup-queries: | # pragma journal_mode = WAL; # pragma synchronous = normal; # pragma temp_store = memory; # pragma busy_timeout = 15000; # vacuum; # # The "cache-batch-size" and "cache-batch-timeout" parameter allow enabling async batch writing # of messages. If set, messages will be queued and written to the database in batches of the given # size, or after the given timeout. This is only required for high volume servers. # # Debian/RPM package users: # Use /var/cache/ntfy/cache.db as cache file to avoid permission issues. The package # creates this folder for you. # # Check your permissions: # If you are running ntfy with systemd, make sure this cache file is owned by the # ntfy user and group by running: chown ntfy.ntfy <filename>. # # cache-file: <filename> # cache-duration: "12h" # cache-startup-queries: # cache-batch-size: 0 # cache-batch-timeout: "0ms" # If set, access to the ntfy server and API can be controlled on a granular level using # the 'ntfy user' and 'ntfy access' commands. See the --help pages for details, or check the docs. # # - auth-file is the SQLite user/access database; it is created automatically if it doesn't already exist # - auth-default-access defines the default/fallback access if no access control entry is found; it can be # set to "read-write" (default), "read-only", "write-only" or "deny-all". # - auth-startup-queries allows you to run commands when the database is initialized, e.g. to enable # WAL mode. This is similar to cache-startup-queries. See above for details. # # Debian/RPM package users: # Use /var/lib/ntfy/user.db as user database to avoid permission issues. The package # creates this folder for you. # # Check your permissions: # If you are running ntfy with systemd, make sure this user database file is owned by the # ntfy user and group by running: chown ntfy.ntfy <filename>. # # auth-file: <filename> # auth-default-access: "read-write" # auth-startup-queries: # If set, the X-Forwarded-For header is used to determine the visitor IP address # instead of the remote address of the connection. # # WARNING: If you are behind a proxy, you must set this, otherwise all visitors are rate limited # as if they are one. # # behind-proxy: false # If enabled, clients can attach files to notifications as attachments. Minimum settings to enable attachments # are "attachment-cache-dir" and "base-url". # # - attachment-cache-dir is the cache directory for attached files # - attachment-total-size-limit is the limit of the on-disk attachment cache directory (total size) # - attachment-file-size-limit is the per-file attachment size limit (e.g. 300k, 2M, 100M) # - attachment-expiry-duration is the duration after which uploaded attachments will be deleted (e.g. 3h, 20h) # # attachment-cache-dir: # attachment-total-size-limit: "5G" # attachment-file-size-limit: "15M" # attachment-expiry-duration: "3h" # If enabled, allow outgoing e-mail notifications via the 'X-Email' header. If this header is set, # messages will additionally be sent out as e-mail using an external SMTP server. # # As of today, only SMTP servers with plain text auth (or no auth at all), and STARTLS are supported. # Please also refer to the rate limiting settings below (visitor-email-limit-burst & visitor-email-limit-burst). # # - smtp-sender-addr is the hostname:port of the SMTP server # - smtp-sender-from is the e-mail address of the sender # - smtp-sender-user/smtp-sender-pass are the username and password of the SMTP user (leave blank for no auth) # # smtp-sender-addr: # smtp-sender-from: # smtp-sender-user: # smtp-sender-pass: # If enabled, ntfy will launch a lightweight SMTP server for incoming messages. Once configured, users can send # emails to a topic e-mail address to publish messages to a topic. # # - smtp-server-listen defines the IP address and port the SMTP server will listen on, e.g. :25 or 1.2.3.4:25 # - smtp-server-domain is the e-mail domain, e.g. ntfy.sh # - smtp-server-addr-prefix is an optional prefix for the e-mail addresses to prevent spam. If set to "ntfy-", # for instance, only e-mails to ntfy-$topic@ntfy.sh will be accepted. If this is not set, all emails to # $topic@ntfy.sh will be accepted (which may obviously be a spam problem). # # smtp-server-listen: # smtp-server-domain: # smtp-server-addr-prefix: # Web Push support (background notifications for browsers) # # If enabled, allows ntfy to receive push notifications, even when the ntfy web app is closed. When enabled, users # can enable background notifications in the web app. Once enabled, ntfy will forward published messages to the push # endpoint, which will then forward it to the browser. # # You must configure web-push-public/private key, web-push-file, and web-push-email-address below to enable Web Push. # Run "ntfy webpush keys" to generate the keys. # # - web-push-public-key is the generated VAPID public key, e.g. AA1234BBCCddvveekaabcdfqwertyuiopasdfghjklzxcvbnm1234567890 # - web-push-private-key is the generated VAPID private key, e.g. AA2BB1234567890abcdefzxcvbnm1234567890 # - web-push-file is a database file to keep track of browser subscription endpoints, e.g. `/var/cache/ntfy/webpush.db` # - web-push-email-address is the admin email address send to the push provider, e.g. `sysadmin@example.com` # - web-push-startup-queries is an optional list of queries to run on startup` # # web-push-public-key: # web-push-private-key: # web-push-file: # web-push-email-address: # web-push-startup-queries: # If enabled, ntfy can perform voice calls via Twilio via the "X-Call" header. # # - twilio-account is the Twilio account SID, e.g. AC12345beefbeef67890beefbeef122586 # - twilio-auth-token is the Twilio auth token, e.g. affebeef258625862586258625862586 # - twilio-phone-number is the outgoing phone number you purchased, e.g. +18775132586 # - twilio-verify-service is the Twilio Verify service SID, e.g. VA12345beefbeef67890beefbeef122586 # # twilio-account: # twilio-auth-token: # twilio-phone-number: # twilio-verify-service: # Interval in which keepalive messages are sent to the client. This is to prevent # intermediaries closing the connection for inactivity. # # Note that the Android app has a hardcoded timeout at 77s, so it should be less than that. # # keepalive-interval: "45s" # Interval in which the manager prunes old messages, deletes topics # and prints the stats. # # manager-interval: "1m" # Defines topic names that are not allowed, because they are otherwise used. There are a few default topics # that cannot be used (e.g. app, account, settings, ...). To extend the default list, define them here. # # Example: # disallowed-topics: # - about # - pricing # - contact # # disallowed-topics: # Defines the root path of the web app, or disables the web app entirely. # # Can be any simple path, e.g. "/", "/app", or "/ntfy". For backwards-compatibility reasons, # the values "app" (maps to "/"), "home" (maps to "/app"), or "disable" (maps to "") to disable # the web app entirely. # # web-root: / # Various feature flags used to control the web app, and API access, mainly around user and # account management. # # - enable-signup allows users to sign up via the web app, or API # - enable-login allows users to log in via the web app, or API # - enable-reservations allows users to reserve topics (if their tier allows it) # # enable-signup: false # enable-login: false # enable-reservations: false # Server URL of a Firebase/APNS-connected ntfy server (likely "https://ntfy.sh"). # # iOS users: # If you use the iOS ntfy app, you MUST configure this to receive timely notifications. You'll like want this: # upstream-base-url: "https://ntfy.sh" # # If set, all incoming messages will publish a "poll_request" message to the configured upstream server, containing # the message ID of the original message, instructing the iOS app to poll this server for the actual message contents. # This is to prevent the upstream server and Firebase/APNS from being able to read the message. # # - upstream-base-url is the base URL of the upstream server. Should be "https://ntfy.sh". # - upstream-access-token is the token used to authenticate with the upstream server. This is only required # if you exceed the upstream rate limits, or the uptream server requires authentication. # # upstream-base-url: # upstream-access-token: # Rate limiting: Total number of topics before the server rejects new topics. # # global-topic-limit: 15000 # Rate limiting: Number of subscriptions per visitor (IP address) # # visitor-subscription-limit: 30 # Rate limiting: Allowed GET/PUT/POST requests per second, per visitor: # - visitor-request-limit-burst is the initial bucket of requests each visitor has # - visitor-request-limit-replenish is the rate at which the bucket is refilled # - visitor-request-limit-exempt-hosts is a comma-separated list of hostnames, IPs or CIDRs to be # exempt from request rate limiting. Hostnames are resolved at the time the server is started. # Example: "1.2.3.4,ntfy.example.com,8.7.6.0/24" # # visitor-request-limit-burst: 60 # visitor-request-limit-replenish: "5s" # visitor-request-limit-exempt-hosts: "" # Rate limiting: Hard daily limit of messages per visitor and day. The limit is reset # every day at midnight UTC. If the limit is not set (or set to zero), the request # limit (see above) governs the upper limit. # # visitor-message-daily-limit: 0 # Rate limiting: Allowed emails per visitor: # - visitor-email-limit-burst is the initial bucket of emails each visitor has # - visitor-email-limit-replenish is the rate at which the bucket is refilled # # visitor-email-limit-burst: 16 # visitor-email-limit-replenish: "1h" # Rate limiting: Attachment size and bandwidth limits per visitor: # - visitor-attachment-total-size-limit is the total storage limit used for attachments per visitor # - visitor-attachment-daily-bandwidth-limit is the total daily attachment download/upload traffic limit per visitor # # visitor-attachment-total-size-limit: "100M" # visitor-attachment-daily-bandwidth-limit: "500M" # Rate limiting: Enable subscriber-based rate limiting (mostly used for UnifiedPush) # # If enabled, subscribers may opt to have published messages counted against their own rate limits, as opposed # to the publisher's rate limits. This is especially useful to increase the amount of messages that high-volume # publishers (e.g. Matrix/Mastodon servers) are allowed to send. # # Once enabled, a client may send a "Rate-Topics: <topic1>,<topic2>,..." header when subscribing to topics via # HTTP stream, or websockets, thereby registering itself as the "rate visitor", i.e. the visitor whose rate limits # to use when publishing on this topic. Note: Setting the rate visitor requires READ-WRITE permission on the topic. # # UnifiedPush only: If this setting is enabled, publishing to UnifiedPush topics will lead to a HTTP 507 response if # no "rate visitor" has been previously registered. This is to avoid burning the publisher's "visitor-message-daily-limit". # # visitor-subscriber-rate-limiting: false # Payments integration via Stripe # # - stripe-secret-key is the key used for the Stripe API communication. Setting this values # enables payments in the ntfy web app (e.g. Upgrade dialog). See https://dashboard.stripe.com/apikeys. # - stripe-webhook-key is the key required to validate the authenticity of incoming webhooks from Stripe. # Webhooks are essential up keep the local database in sync with the payment provider. See https://dashboard.stripe.com/webhooks. # - billing-contact is an email address or website displayed in the "Upgrade tier" dialog to let people reach # out with billing questions. If unset, nothing will be displayed. # # stripe-secret-key: # stripe-webhook-key: # billing-contact: # Metrics # # ntfy can expose Prometheus-style metrics via a /metrics endpoint, or on a dedicated listen IP/port. # Metrics may be considered sensitive information, so before you enable them, be sure you know what you are # doing, and/or secure access to the endpoint in your reverse proxy. # # - enable-metrics enables the /metrics endpoint for the default ntfy server (i.e. HTTP, HTTPS and/or Unix socket) # - metrics-listen-http exposes the metrics endpoint via a dedicated [IP]:port. If set, this option implicitly # enables metrics as well, e.g. "10.0.1.1:9090" or ":9090" # # enable-metrics: false # metrics-listen-http: # Profiling # # ntfy can expose Go's net/http/pprof endpoints to support profiling of the ntfy server. If enabled, ntfy will listen # on a dedicated listen IP/port, which can be accessed via the web browser on http://<ip>:<port>/debug/pprof/. # This can be helpful to expose bottlenecks, and visualize call flows. See https://pkg.go.dev/net/http/pprof for details. # # profile-listen-http: # Logging options # # By default, ntfy logs to the console (stderr), with an "info" log level, and in a human-readable text format. # ntfy supports five different log levels, can also write to a file, log as JSON, and even supports granular # log level overrides for easier debugging. Some options (log-level and log-level-overrides) can be hot reloaded # by calling "kill -HUP $pid" or "systemctl reload ntfy". # # - log-format defines the output format, can be "text" (default) or "json" # - log-file is a filename to write logs to. If this is not set, ntfy logs to stderr. # - log-level defines the default log level, can be one of "trace", "debug", "info" (default), "warn" or "error". # Be aware that "debug" (and particularly "trace") can be VERY CHATTY. Only turn them on briefly for debugging purposes. # - log-level-overrides lets you override the log level if certain fields match. This is incredibly powerful # for debugging certain parts of the system (e.g. only the account management, or only a certain visitor). # This is an array of strings in the format: # - "field=value -> level" to match a value exactly, e.g. "tag=manager -> trace" # - "field -> level" to match any value, e.g. "time_taken_ms -> debug" # Warning: Using log-level-overrides has a performance penalty. Only use it for temporary debugging. # # Check your permissions: # If you are running ntfy with systemd, make sure this log file is owned by the # ntfy user and group by running: chown ntfy.ntfy <filename>. # # Example (good for production): # log-level: info # log-format: json # log-file: /var/log/ntfy.log # # Example level overrides (for debugging, only use temporarily): # log-level-overrides: # - "tag=manager -> trace" # - "visitor_ip=1.2.3.4 -> debug" # - "time_taken_ms -> debug" # # log-level: info # log-level-overrides: # log-format: text # log-file: ```

BreizhHardware 2026-05-07 00:26:28 +02:00

• closed this issue
• added the
  🪲 bug
  label

BreizhHardware commented 2026-05-07 00:26:29 +02:00

Author

Owner

Copy link

@binwiederhier commented on GitHub (Nov 22, 2023):

In yaml, lines starting with "#" are comments. So you don't really have TLS configured at all.

<!-- gh-comment-id:1822759635 --> @binwiederhier commented on GitHub (Nov 22, 2023): In yaml, lines starting with "#" are comments. So you don't really have TLS configured at all.

BreizhHardware commented 2026-05-07 00:26:29 +02:00

Author

Owner

Copy link

@iomari commented on GitHub (Nov 22, 2023):

In Tamil, lines starting with "#" are comments. So you don't really have TLS configured at all.

Maybe you didn't read my post carefully.
The current config works because the 3 https lines are commented out. If I uncomment them I get errors.

<!-- gh-comment-id:1822801397 --> @iomari commented on GitHub (Nov 22, 2023): > In Tamil, lines starting with "#" are comments. So you don't really have TLS configured at all. Maybe you didn't read my post carefully. The current config works because the 3 https lines are commented out. If I uncomment them I get errors.

BreizhHardware commented 2026-05-07 00:26:30 +02:00

Author

Owner

Copy link

@binwiederhier commented on GitHub (Nov 22, 2023):

Troubleshooting is best done on discord or matrix. Feel free to join.

If you get errors, it is a really really really good idea to include screenshots or copied text of the errors. Otherwise we cannot help.

You've done the equivalent of your mom telling you "my computer is broken" without giving any more details 😊

<!-- gh-comment-id:1822827380 --> @binwiederhier commented on GitHub (Nov 22, 2023): Troubleshooting is best done on discord or matrix. Feel free to join. If you get errors, it is a really really really good idea to include screenshots or copied text of the errors. Otherwise we cannot help. You've done the equivalent of your mom telling you "my computer is broken" without giving any more details 😊

BreizhHardware commented 2026-05-07 00:26:30 +02:00

Author

Owner

Copy link

@iomari commented on GitHub (Nov 22, 2023):

sudo systemctl restart ntfy ; sleep 2 ; sudo systemctl status ntfy

× ntfy.service - ntfy server                                                                                                                                                                                                      
     Loaded: loaded (/lib/systemd/system/ntfy.service; enabled; vendor preset: enabled)                                                                                                                                           
     Active: failed (Result: exit-code) since Wed 2023-11-22 19:08:49 WAT; 401ms ago                                                                                                                                              
    Process: 1446959 ExecStart=/usr/bin/ntfy serve --no-log-dates (code=exited, status=1/FAILURE)                                                                                                                                 
   Main PID: 1446959 (code=exited, status=1/FAILURE)                                                                                                                                                                              
        CPU: 148ms                                                                                                                                                                                                                
                                                                                                                                                                                                                                  
Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Scheduled restart job, restart counter is at 5.                                                                                                                                   
Nov 22 19:08:49 egwfw systemd[1]: Stopped ntfy server.                                                                                                                                                                            
Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Start request repeated too quickly.                                                                                                                                               
Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Failed with result 'exit-code'.                                                                                                                                                   
Nov 22 19:08:49 egwfw systemd[1]: Failed to start ntfy server.

The output of: sudo journalctl -xeu ntfy.service

░░ A start job for unit ntfy.service has finished with a failure.
░░
░░ The job identifier is 39865 and the job result is failed.
Nov 22 19:08:48 egwfw systemd[1]: Started ntfy server.
░░ Subject: A start job for unit ntfy.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit ntfy.service has finished successfully.
░░
░░ The job identifier is 40173.
Nov 22 19:08:48 egwfw ntfy[1446862]: INFO Listening on :80[http] :443[https], ntfy 2.7.0, log level is INFO (tag=startup)
Nov 22 19:08:48 egwfw ntfy[1446862]: FATAL listen tcp :80: bind: address already in use (exit_code=1)
Nov 22 19:08:48 egwfw ntfy[1446862]: listen tcp :80: bind: address already in use
Nov 22 19:08:48 egwfw systemd[1]: ntfy.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ An ExecStart= process belonging to unit ntfy.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Nov 22 19:08:48 egwfw systemd[1]: ntfy.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit ntfy.service has entered the 'failed' state with result 'exit-code'.
Nov 22 19:08:48 egwfw systemd[1]: ntfy.service: Scheduled restart job, restart counter is at 1.
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ Automatic restarting of the unit ntfy.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Nov 22 19:08:48 egwfw systemd[1]: Stopped ntfy server.
░░ Subject: A stop job for unit ntfy.service has finished
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit ntfy.service has finished.
░░
░░ The job identifier is 40273 and the job result is done.
Nov 22 19:08:48 egwfw systemd[1]: Started ntfy server.
░░ Subject: A start job for unit ntfy.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit ntfy.service has finished successfully.
░░
░░ The job identifier is 40273.
Nov 22 19:08:48 egwfw ntfy[1446891]: INFO Listening on :80[http] :443[https], ntfy 2.7.0, log level is INFO (tag=startup)
Nov 22 19:08:48 egwfw ntfy[1446891]: FATAL listen tcp :80: bind: address already in use (exit_code=1)
Nov 22 19:08:48 egwfw ntfy[1446891]: listen tcp :80: bind: address already in use
Nov 22 19:08:48 egwfw systemd[1]: ntfy.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ An ExecStart= process belonging to unit ntfy.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Nov 22 19:08:48 egwfw systemd[1]: ntfy.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit ntfy.service has entered the 'failed' state with result 'exit-code'.
Nov 22 19:08:48 egwfw systemd[1]: ntfy.service: Scheduled restart job, restart counter is at 2.
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ Automatic restarting of the unit ntfy.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Nov 22 19:08:48 egwfw systemd[1]: Stopped ntfy server.
░░ Subject: A stop job for unit ntfy.service has finished
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit ntfy.service has finished.
░░
░░ The job identifier is 40373 and the job result is done.
Nov 22 19:08:48 egwfw systemd[1]: Started ntfy server.
░░ Subject: A start job for unit ntfy.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit ntfy.service has finished successfully.
░░
░░ The job identifier is 40373.
Nov 22 19:08:48 egwfw ntfy[1446911]: INFO Listening on :80[http] :443[https], ntfy 2.7.0, log level is INFO (tag=startup)
Nov 22 19:08:48 egwfw ntfy[1446911]: FATAL listen tcp :80: bind: address already in use (exit_code=1)
Nov 22 19:08:48 egwfw ntfy[1446911]: listen tcp :80: bind: address already in use
Nov 22 19:08:48 egwfw systemd[1]: ntfy.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ An ExecStart= process belonging to unit ntfy.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Nov 22 19:08:48 egwfw systemd[1]: ntfy.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit ntfy.service has entered the 'failed' state with result 'exit-code'.
Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Scheduled restart job, restart counter is at 3.
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ Automatic restarting of the unit ntfy.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Nov 22 19:08:49 egwfw systemd[1]: Stopped ntfy server.
░░ Subject: A stop job for unit ntfy.service has finished
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit ntfy.service has finished.
░░
░░ The job identifier is 40473 and the job result is done.
Nov 22 19:08:49 egwfw systemd[1]: Started ntfy server.
░░ Subject: A start job for unit ntfy.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit ntfy.service has finished successfully.
░░
░░ The job identifier is 40473.
Nov 22 19:08:49 egwfw ntfy[1446932]: INFO Listening on :80[http] :443[https], ntfy 2.7.0, log level is INFO (tag=startup)
Nov 22 19:08:49 egwfw ntfy[1446932]: FATAL listen tcp :80: bind: address already in use (exit_code=1)
Nov 22 19:08:49 egwfw ntfy[1446932]: listen tcp :80: bind: address already in use
Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ An ExecStart= process belonging to unit ntfy.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit ntfy.service has entered the 'failed' state with result 'exit-code'.
Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Scheduled restart job, restart counter is at 4.
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ Automatic restarting of the unit ntfy.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Nov 22 19:08:49 egwfw systemd[1]: Stopped ntfy server.
░░ Subject: A stop job for unit ntfy.service has finished
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit ntfy.service has finished.
░░
░░ The job identifier is 40573 and the job result is done.
Nov 22 19:08:49 egwfw systemd[1]: Started ntfy server.
░░ Subject: A start job for unit ntfy.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit ntfy.service has finished successfully.
░░
░░ The job identifier is 40573.
Nov 22 19:08:49 egwfw ntfy[1446959]: INFO Listening on :80[http] :443[https], ntfy 2.7.0, log level is INFO (tag=startup)
Nov 22 19:08:49 egwfw ntfy[1446959]: FATAL listen tcp :80: bind: address already in use (exit_code=1)
Nov 22 19:08:49 egwfw ntfy[1446959]: listen tcp :80: bind: address already in use
Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ An ExecStart= process belonging to unit ntfy.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit ntfy.service has entered the 'failed' state with result 'exit-code'.
Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Scheduled restart job, restart counter is at 5.
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ Automatic restarting of the unit ntfy.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Nov 22 19:08:49 egwfw systemd[1]: Stopped ntfy server.
░░ Subject: A stop job for unit ntfy.service has finished
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit ntfy.service has finished.
░░
░░ The job identifier is 40673 and the job result is done.
Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Start request repeated too quickly.
Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit ntfy.service has entered the 'failed' state with result 'exit-code'.
Nov 22 19:08:49 egwfw systemd[1]: Failed to start ntfy server.
░░ Subject: A start job for unit ntfy.service has failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit ntfy.service has finished with a failure.
░░
░░ The job identifier is 40673 and the job result is failed.

<!-- gh-comment-id:1823254776 --> @iomari commented on GitHub (Nov 22, 2023): sudo systemctl restart ntfy ; sleep 2 ; sudo systemctl status ntfy ``` × ntfy.service - ntfy server Loaded: loaded (/lib/systemd/system/ntfy.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Wed 2023-11-22 19:08:49 WAT; 401ms ago Process: 1446959 ExecStart=/usr/bin/ntfy serve --no-log-dates (code=exited, status=1/FAILURE) Main PID: 1446959 (code=exited, status=1/FAILURE) CPU: 148ms Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Scheduled restart job, restart counter is at 5. Nov 22 19:08:49 egwfw systemd[1]: Stopped ntfy server. Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Start request repeated too quickly. Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Failed with result 'exit-code'. Nov 22 19:08:49 egwfw systemd[1]: Failed to start ntfy server. ``` The output of: sudo journalctl -xeu ntfy.service ``` ░░ A start job for unit ntfy.service has finished with a failure. ░░ ░░ The job identifier is 39865 and the job result is failed. Nov 22 19:08:48 egwfw systemd[1]: Started ntfy server. ░░ Subject: A start job for unit ntfy.service has finished successfully ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit ntfy.service has finished successfully. ░░ ░░ The job identifier is 40173. Nov 22 19:08:48 egwfw ntfy[1446862]: INFO Listening on :80[http] :443[https], ntfy 2.7.0, log level is INFO (tag=startup) Nov 22 19:08:48 egwfw ntfy[1446862]: FATAL listen tcp :80: bind: address already in use (exit_code=1) Nov 22 19:08:48 egwfw ntfy[1446862]: listen tcp :80: bind: address already in use Nov 22 19:08:48 egwfw systemd[1]: ntfy.service: Main process exited, code=exited, status=1/FAILURE ░░ Subject: Unit process exited ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ An ExecStart= process belonging to unit ntfy.service has exited. ░░ ░░ The process' exit code is 'exited' and its exit status is 1. Nov 22 19:08:48 egwfw systemd[1]: ntfy.service: Failed with result 'exit-code'. ░░ Subject: Unit failed ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ The unit ntfy.service has entered the 'failed' state with result 'exit-code'. Nov 22 19:08:48 egwfw systemd[1]: ntfy.service: Scheduled restart job, restart counter is at 1. ░░ Subject: Automatic restarting of a unit has been scheduled ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ Automatic restarting of the unit ntfy.service has been scheduled, as the result for ░░ the configured Restart= setting for the unit. Nov 22 19:08:48 egwfw systemd[1]: Stopped ntfy server. ░░ Subject: A stop job for unit ntfy.service has finished ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A stop job for unit ntfy.service has finished. ░░ ░░ The job identifier is 40273 and the job result is done. Nov 22 19:08:48 egwfw systemd[1]: Started ntfy server. ░░ Subject: A start job for unit ntfy.service has finished successfully ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit ntfy.service has finished successfully. ░░ ░░ The job identifier is 40273. Nov 22 19:08:48 egwfw ntfy[1446891]: INFO Listening on :80[http] :443[https], ntfy 2.7.0, log level is INFO (tag=startup) Nov 22 19:08:48 egwfw ntfy[1446891]: FATAL listen tcp :80: bind: address already in use (exit_code=1) Nov 22 19:08:48 egwfw ntfy[1446891]: listen tcp :80: bind: address already in use Nov 22 19:08:48 egwfw systemd[1]: ntfy.service: Main process exited, code=exited, status=1/FAILURE ░░ Subject: Unit process exited ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ An ExecStart= process belonging to unit ntfy.service has exited. ░░ ░░ The process' exit code is 'exited' and its exit status is 1. Nov 22 19:08:48 egwfw systemd[1]: ntfy.service: Failed with result 'exit-code'. ░░ Subject: Unit failed ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ The unit ntfy.service has entered the 'failed' state with result 'exit-code'. Nov 22 19:08:48 egwfw systemd[1]: ntfy.service: Scheduled restart job, restart counter is at 2. ░░ Subject: Automatic restarting of a unit has been scheduled ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ Automatic restarting of the unit ntfy.service has been scheduled, as the result for ░░ the configured Restart= setting for the unit. Nov 22 19:08:48 egwfw systemd[1]: Stopped ntfy server. ░░ Subject: A stop job for unit ntfy.service has finished ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A stop job for unit ntfy.service has finished. ░░ ░░ The job identifier is 40373 and the job result is done. Nov 22 19:08:48 egwfw systemd[1]: Started ntfy server. ░░ Subject: A start job for unit ntfy.service has finished successfully ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit ntfy.service has finished successfully. ░░ ░░ The job identifier is 40373. Nov 22 19:08:48 egwfw ntfy[1446911]: INFO Listening on :80[http] :443[https], ntfy 2.7.0, log level is INFO (tag=startup) Nov 22 19:08:48 egwfw ntfy[1446911]: FATAL listen tcp :80: bind: address already in use (exit_code=1) Nov 22 19:08:48 egwfw ntfy[1446911]: listen tcp :80: bind: address already in use Nov 22 19:08:48 egwfw systemd[1]: ntfy.service: Main process exited, code=exited, status=1/FAILURE ░░ Subject: Unit process exited ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ An ExecStart= process belonging to unit ntfy.service has exited. ░░ ░░ The process' exit code is 'exited' and its exit status is 1. Nov 22 19:08:48 egwfw systemd[1]: ntfy.service: Failed with result 'exit-code'. ░░ Subject: Unit failed ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ The unit ntfy.service has entered the 'failed' state with result 'exit-code'. Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Scheduled restart job, restart counter is at 3. ░░ Subject: Automatic restarting of a unit has been scheduled ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ Automatic restarting of the unit ntfy.service has been scheduled, as the result for ░░ the configured Restart= setting for the unit. Nov 22 19:08:49 egwfw systemd[1]: Stopped ntfy server. ░░ Subject: A stop job for unit ntfy.service has finished ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A stop job for unit ntfy.service has finished. ░░ ░░ The job identifier is 40473 and the job result is done. Nov 22 19:08:49 egwfw systemd[1]: Started ntfy server. ░░ Subject: A start job for unit ntfy.service has finished successfully ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit ntfy.service has finished successfully. ░░ ░░ The job identifier is 40473. Nov 22 19:08:49 egwfw ntfy[1446932]: INFO Listening on :80[http] :443[https], ntfy 2.7.0, log level is INFO (tag=startup) Nov 22 19:08:49 egwfw ntfy[1446932]: FATAL listen tcp :80: bind: address already in use (exit_code=1) Nov 22 19:08:49 egwfw ntfy[1446932]: listen tcp :80: bind: address already in use Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Main process exited, code=exited, status=1/FAILURE ░░ Subject: Unit process exited ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ An ExecStart= process belonging to unit ntfy.service has exited. ░░ ░░ The process' exit code is 'exited' and its exit status is 1. Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Failed with result 'exit-code'. ░░ Subject: Unit failed ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ The unit ntfy.service has entered the 'failed' state with result 'exit-code'. Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Scheduled restart job, restart counter is at 4. ░░ Subject: Automatic restarting of a unit has been scheduled ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ Automatic restarting of the unit ntfy.service has been scheduled, as the result for ░░ the configured Restart= setting for the unit. Nov 22 19:08:49 egwfw systemd[1]: Stopped ntfy server. ░░ Subject: A stop job for unit ntfy.service has finished ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A stop job for unit ntfy.service has finished. ░░ ░░ The job identifier is 40573 and the job result is done. Nov 22 19:08:49 egwfw systemd[1]: Started ntfy server. ░░ Subject: A start job for unit ntfy.service has finished successfully ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit ntfy.service has finished successfully. ░░ ░░ The job identifier is 40573. Nov 22 19:08:49 egwfw ntfy[1446959]: INFO Listening on :80[http] :443[https], ntfy 2.7.0, log level is INFO (tag=startup) Nov 22 19:08:49 egwfw ntfy[1446959]: FATAL listen tcp :80: bind: address already in use (exit_code=1) Nov 22 19:08:49 egwfw ntfy[1446959]: listen tcp :80: bind: address already in use Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Main process exited, code=exited, status=1/FAILURE ░░ Subject: Unit process exited ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ An ExecStart= process belonging to unit ntfy.service has exited. ░░ ░░ The process' exit code is 'exited' and its exit status is 1. Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Failed with result 'exit-code'. ░░ Subject: Unit failed ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ The unit ntfy.service has entered the 'failed' state with result 'exit-code'. Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Scheduled restart job, restart counter is at 5. ░░ Subject: Automatic restarting of a unit has been scheduled ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ Automatic restarting of the unit ntfy.service has been scheduled, as the result for ░░ the configured Restart= setting for the unit. Nov 22 19:08:49 egwfw systemd[1]: Stopped ntfy server. ░░ Subject: A stop job for unit ntfy.service has finished ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A stop job for unit ntfy.service has finished. ░░ ░░ The job identifier is 40673 and the job result is done. Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Start request repeated too quickly. Nov 22 19:08:49 egwfw systemd[1]: ntfy.service: Failed with result 'exit-code'. ░░ Subject: Unit failed ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ The unit ntfy.service has entered the 'failed' state with result 'exit-code'. Nov 22 19:08:49 egwfw systemd[1]: Failed to start ntfy server. ░░ Subject: A start job for unit ntfy.service has failed ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit ntfy.service has finished with a failure. ░░ ░░ The job identifier is 40673 and the job result is failed. ```

BreizhHardware commented 2026-05-07 00:26:30 +02:00

Author

Owner

Copy link

@binwiederhier commented on GitHub (Nov 22, 2023):

I'm a very patient person, but I ask you to learn to do some work yourself. Read the error message, or ask ChatGPT to interpret what's wrong. It's quite obvious.

I'll close this ticket, as it is clearly not a ntfy bug. Happy Thanksgiving 🦃

<!-- gh-comment-id:1823295059 --> @binwiederhier commented on GitHub (Nov 22, 2023): I'm a very patient person, but I ask you to learn to do some work yourself. Read the error message, or ask ChatGPT to interpret what's wrong. It's quite obvious. I'll close this ticket, as it is clearly not a ntfy bug. Happy Thanksgiving :turkey:

BreizhHardware commented 2026-05-07 00:26:30 +02:00

Author

Owner

Copy link

@mdbench commented on GitHub (Aug 5, 2025):

I'm a very patient person, but I ask you to learn to do some work yourself. Read the error message, or ask ChatGPT to interpret what's wrong. It's quite obvious.

I'll close this ticket, as it is clearly not a ntfy bug. Happy Thanksgiving 🦃

I am requesting you reopen this ticket specific to NTFY on a Docker Container. Even when you set server.yml appropriately, HTTPS does not work. It looks like you misconfigured support for HTTPS.

I can help you troubleshoot to fix to your misconfiguration of HTTPS but first thing is first. To reproduce bug on your side, see below:

Here is a dictionary for details removed for privacy reasons:

[generic port] = Port not listed for privacy reasons
[generic path to docker-compose.yml] = Path to yml not listed for privacy reasons
[generic IP] = IP not listed for privacy reasons
[generic path to key] = Path to SSL key not listed for privacy reasons
[generic path to cert] = Path to SSL cert not listed for privacy reasons

I deployed through a simple custom shell script:
#!/bin/bash mkdir -p /opt/ntfy/config mkdir -p /opt/ntfy/cache mkdir -p /opt/ntfy/db if test -f "/opt/ntfy/config/server.yml"; then echo "File exists, moving away from task to make server.yml..." else echo "File does not exist, making server.yml..." touch /opt/ntfy/config/server.yml echo 'listen-https: ":[generic port]"' >> /opt/ntfy/config/server.yml echo 'key-file: /etc/ntfy/certs/key.key' >> /opt/ntfy/config/server.yml echo 'cert-file: /etc/ntfy/certs/cert.crt' >> /opt/ntfy/config/server.yml echo 'auth-file: /var/lib/ntfy/auth.db' >> /opt/ntfy/config/server.yml echo 'auth-default-access: deny-all' >> /opt/ntfy/config/server.yml echo 'enable-login: true' >> /opt/ntfy/config/server.yml echo "Made server.yml" fi cd [generic path to docker-compose.yml] docker compose up -d

Here is docker-compose.yml:
services: ntfy: image: binwiederhier/ntfy:latest container_name: ntfy command: serve environment: - TZ=America/New_York - NTFY_BASE_URL=https://[generic IP] - NTFY_AUTH_FILE=/var/lib/ntfy/auth.db - NTFY_AUTH_DEFAULT_ACCESS=deny-all - NTFY_ENABLE_LOGIN=true volumes: - [generic path to key]:/etc/ntfy/certs/key.key - [generic path to cert]:/etc/ntfy/certs/cert.crt - /opt/ntfy/cache:/var/cache/ntfy - /opt/ntfy/config:/etc/ntfy - /opt/ntfy/db:/var/lib/ntfy - /opt/ntfy/config/server.yml:/etc/ntfy/server.yml ports: - [generic port]:80 - [generic port]:443 restart: unless-stopped

Docker is up and running. HTTP works. HTTPS does not. This was made as simple as possible for this post in accordance with your documentation where you explicitly mentioned "Be sure to use HTTPS to avoid eavesdropping and exposing your password" in reference to Basic Auth. I then saw you did not explicitly mention how to setup HTTPS and when you did you referenced setting it up behind what looks to be a proxy, as you used Let's Encrypt certs for the setup that are really only mentioned in your docs for use behind a proxy.

As an FYI, it is not recommended to use a proxy server to forward HTTP requests to HTTPS as you are not actually using HTTPS, even while the endpoint looks like it is HTTPS. It is recommended that all docker solutions come with HTTPS support out of the box and use of a proxy does not meet that requirement. Don't worry. You aren't the only one doing this. Most GO-based Dockers I have come across do not provide HTTPS support out of the box and it would be impossible to believe that someone could create a GO app and at the end of development stop the project to tell users to just use a proxy manager. But, I have seen some weird coders/dev teams lately...

Since this service probably took a lot of time to make, let's get this fixed just so people don't start believing you didn't write this code and got ChatGPT's mom to write it for you.

<!-- gh-comment-id:3155867864 --> @mdbench commented on GitHub (Aug 5, 2025): > I'm a very patient person, but I ask you to learn to do some work yourself. Read the error message, or ask ChatGPT to interpret what's wrong. It's quite obvious. > > I'll close this ticket, as it is clearly not a ntfy bug. Happy Thanksgiving 🦃 I am requesting you reopen this ticket specific to NTFY on a Docker Container. Even when you set server.yml appropriately, HTTPS does not work. It looks like you misconfigured support for HTTPS. I can help you troubleshoot to fix to your misconfiguration of HTTPS but first thing is first. To reproduce bug on your side, see below: Here is a dictionary for details removed for privacy reasons: [generic port] = Port not listed for privacy reasons [generic path to docker-compose.yml] = Path to yml not listed for privacy reasons [generic IP] = IP not listed for privacy reasons [generic path to key] = Path to SSL key not listed for privacy reasons [generic path to cert] = Path to SSL cert not listed for privacy reasons I deployed through a simple custom shell script: ` #!/bin/bash mkdir -p /opt/ntfy/config mkdir -p /opt/ntfy/cache mkdir -p /opt/ntfy/db if test -f "/opt/ntfy/config/server.yml"; then echo "File exists, moving away from task to make server.yml..." else echo "File does not exist, making server.yml..." touch /opt/ntfy/config/server.yml echo 'listen-https: ":[generic port]"' >> /opt/ntfy/config/server.yml echo 'key-file: /etc/ntfy/certs/key.key' >> /opt/ntfy/config/server.yml echo 'cert-file: /etc/ntfy/certs/cert.crt' >> /opt/ntfy/config/server.yml echo 'auth-file: /var/lib/ntfy/auth.db' >> /opt/ntfy/config/server.yml echo 'auth-default-access: deny-all' >> /opt/ntfy/config/server.yml echo 'enable-login: true' >> /opt/ntfy/config/server.yml echo "Made server.yml" fi cd [generic path to docker-compose.yml] docker compose up -d ` Here is docker-compose.yml: ` services: ntfy: image: binwiederhier/ntfy:latest container_name: ntfy command: serve environment: - TZ=America/New_York - NTFY_BASE_URL=https://[generic IP] - NTFY_AUTH_FILE=/var/lib/ntfy/auth.db - NTFY_AUTH_DEFAULT_ACCESS=deny-all - NTFY_ENABLE_LOGIN=true volumes: - [generic path to key]:/etc/ntfy/certs/key.key - [generic path to cert]:/etc/ntfy/certs/cert.crt - /opt/ntfy/cache:/var/cache/ntfy - /opt/ntfy/config:/etc/ntfy - /opt/ntfy/db:/var/lib/ntfy - /opt/ntfy/config/server.yml:/etc/ntfy/server.yml ports: - [generic port]:80 - [generic port]:443 restart: unless-stopped ` Docker is up and running. HTTP works. HTTPS does not. This was made as simple as possible for this post in accordance with your documentation where you explicitly mentioned "Be sure to use HTTPS to avoid eavesdropping and exposing your password" in reference to Basic Auth. I then saw you did not explicitly mention how to setup HTTPS and when you did you referenced setting it up behind what looks to be a proxy, as you used Let's Encrypt certs for the setup that are really only mentioned in your docs for use behind a proxy. As an FYI, it is not recommended to use a proxy server to forward HTTP requests to HTTPS as you are not actually using HTTPS, even while the endpoint looks like it is HTTPS. It is recommended that all docker solutions come with HTTPS support out of the box and use of a proxy does not meet that requirement. Don't worry. You aren't the only one doing this. Most GO-based Dockers I have come across do not provide HTTPS support out of the box and it would be impossible to believe that someone could create a GO app and at the end of development stop the project to tell users to just use a proxy manager. But, I have seen some weird coders/dev teams lately... Since this service probably took a lot of time to make, let's get this fixed just so people don't start believing you didn't write this code and got ChatGPT's mom to write it for you.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/npm_and_yarn/web/babel/plugin-transform-modules-systemjs-7.29.4

dependabot/npm_and_yarn/web/fast-uri-3.1.2

email-verification

attachment-no-http2

attachment-fixes

attachment-s3

config-generator

postgres-replica

dockers-v2

postgres-support

postgres-webpush+user+message

postgres-webpush+user

postgres-webpush

1364-copy-action

crashfix

user-header

scalar-api-docs

cancel-scheduled

update-available

windows-server

303-update-notifications

postgres

admin-ui

require-login

http-clipboard

message-cache-lock

debian-stripe

predefined-users

busy-timeout

template-dir

ipv6

client-ip-header

apns-fix

feat_optional_require_login

security-updates

pg-message-cache

templating-disallow

templating-3

templating-2

message-size-limit+delay-limit

remove-rate-topics

html-emails

cf-priority

acl-underscores

auth-user-header

markdown

img-attach

web-improvements

utf8-headers

matrix-507-reject

http-response-writer

new-homepage-design

e2e

canary

windows

electron

update-messages

webhook-templating

v2.22.0

v2.21.0

v2.20.1

v2.20.0

v2.19.2

v2.19.1

v2.19.0

v2.18.0

v2.17.0

v2.16.0

v2.15.0

v2.14.0

v2.13.0

v2.12.0

v2.11.0

v2.10.0

v2.9.0

v2.8.0

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.1

v2.0.0

v1.31.0

v1.30.1

v1.29.1

v1.29.0

v1.28.0

v1.27.2

v1.27.1

v1.26.0

v1.25.2

v1.25.1

v1.25.0

v1.24.0

v1.23.0

v1.22.0

v1.21.2

v1.21.1

v1.21.0

v1.20.0

v1.19.0

v1.18.1

v1.18.0

v1.17.1

v1.17.0

v1.16.0

v1.15.0

v1.14.1

v1.14.0

v1.13.0

v1.12.1

v1.12.0

v1.11.1

v1.11.2

v1.11.0

v1.10.0

v1.9.0

v1.8.0

v1.7.0

v1.6.1

v1.6.0

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.8

v1.4.7

v1.4.6

v1.4.5

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.3

v1.3.1

v1.3.0

v1.2.5

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.0

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels   

ai-generated

  

android-app

  

android-app

  

android-app

  

🪲 bug

  

build

  

build

  

dependencies

  

docs

  

enhancement

  

enhancement

  

🔥 HOT

  

in-progress 🏃

  

ios

  

prio:low

  

prio:low

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

🔒 security

  

server

  

server

  

unified-push

  

web-app

  

website

No labels

ai-generated

android-app

android-app

android-app

🪲 bug

build

build

dependencies

docs

enhancement

enhancement

🔥 HOT

in-progress 🏃

ios

prio:low

prio:low

pull-request

question

🔒 security

server

server

unified-push

web-app

website

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ntfy#672

No description provided.