[GH-ISSUE #1383] Is it considered safe to use a selfhosted instance without any auth #978

New issue

Closed

opened 2026-05-07 00:29:17 +02:00 by BreizhHardware · 4 comments

BreizhHardware commented 2026-05-07 00:29:17 +02:00

Owner

Copy link

Originally created by @m1212e on GitHub (Jul 6, 2025).
Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/1383

Hey, thanks for this great tool and the time invested into it!

I'm about to self host an instance and was asking myself if there are some 'best practices' around this. I read through the docs and config instructions and I think I know how to get going but around the whole topic of auth I got a little confused.

Is it ok to not enable auth in any way?

By default, the ntfy server is open for everyone, meaning everyone can read and write to any topic (this is how ntfy.sh is configured). To restrict access to your own server, you can optionally configure authentication and authorization.

I'd very much appreciate if the docs would include some form of recommendation. I see why auth and ACL is there and I also understand how to use it. Currently I ask myself if I should enable it and what implications come with it. Because in theory, please correct me if I'm wrong, I could just use very long and random topic names to prevent unauthorized access to my messages. Since there are reasonable limits, abuse hopefully would not be an issue anyway. What advantage comes with using/not using auth and in which cases should I enable what? Some examples on this whole topic would be very helpful!

Thanks again for taking the time!

(quick sidenote: Enabling the GitHub discussions would be great since those get indexed by search engines and are public, where discord is not)

Originally created by @m1212e on GitHub (Jul 6, 2025). Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/1383 Hey, thanks for this great tool and the time invested into it! I'm about to self host an instance and was asking myself if there are some 'best practices' around this. I read through the docs and config instructions and I think I know how to get going but around the whole topic of auth I got a little confused. Is it ok to not enable auth in any way? > By default, the ntfy server is open for everyone, meaning everyone can read and write to any topic (this is how ntfy.sh is configured). To restrict access to your own server, you can optionally configure authentication and authorization. I'd very much appreciate if the docs would include some form of recommendation. I see why auth and ACL is there and I also understand how to use it. Currently I ask myself if I should enable it and what implications come with it. Because in theory, please correct me if I'm wrong, I could just use very long and random topic names to prevent unauthorized access to my messages. Since there are reasonable limits, abuse hopefully would not be an issue anyway. What advantage comes with using/not using auth and in which cases should I enable what? Some examples on this whole topic would be very helpful! Thanks again for taking the time! (quick sidenote: Enabling the GitHub discussions would be great since those get indexed by search engines and are public, where discord is not)

BreizhHardware 2026-05-07 00:29:17 +02:00

• closed this issue
• added the
  question
  label

BreizhHardware commented 2026-05-07 00:29:18 +02:00

Author

Owner

Copy link

@binwiederhier commented on GitHub (Jul 6, 2025):

I'd very much appreciate if the docs would include some form of recommendation. I see why auth and ACL is there and I also understand how to use it. Currently I ask myself if I should enable it and what implications come with it. Because in theory, please correct me if I'm wrong, I could just use very long and random topic names to prevent unauthorized access to my messages. Since there are reasonable limits, abuse hopefully would not be an issue anyway. What advantage comes with using/not using auth and in which cases should I enable what? Some examples on this whole topic would be very helpful!

Whatever you put on the Internet will eventually be abused, unless you take precautions. That's a fact of life :-)

That said, ntfy has an outrageous amount of rate limits in place to counter that abuse. There are request limits, message limits, bandwidth limit, subscription limits, .... See https://docs.ntfy.sh/config/#rate-limiting for details. With all these limits in place (and enabled by default, albeit quite generous), people will not be able to fill up the disk or otherwise bring down the server (at least not without effort). If you want to be sure about that, you can put fail2ban in place (see https://docs.ntfy.sh/config/#banning-bad-actors-fail2ban), which will block these actors before it even reaches ntfy. See https://github.com/binwiederhier/ntfy-ansible/tree/main/roles/fail2ban too.

ntfy.sh is configured this way, though the request limits and message limits are wayy smaller than the defaults, because otherwise my SaaS business wouldn't make any money.

Advantages:

• It's easier to configure and to publish messages (no curl -u username:password ... everywhere)

Disadvantages:

• Other people may use your server (Is that a disavantage?)
• You can't use simple topic names like "alerts" and "logins"

Let me know if this answers your questions

<!-- gh-comment-id:3042476897 --> @binwiederhier commented on GitHub (Jul 6, 2025): > I'd very much appreciate if the docs would include some form of recommendation. I see why auth and ACL is there and I also understand how to use it. Currently I ask myself if I should enable it and what implications come with it. Because in theory, please correct me if I'm wrong, I could just use very long and random topic names to prevent unauthorized access to my messages. Since there are reasonable limits, abuse hopefully would not be an issue anyway. What advantage comes with using/not using auth and in which cases should I enable what? Some examples on this whole topic would be very helpful! Whatever you put on the Internet will eventually be abused, unless you take precautions. That's a fact of life :-) That said, ntfy has an outrageous amount of rate limits in place to counter that abuse. There are request limits, message limits, bandwidth limit, subscription limits, .... See https://docs.ntfy.sh/config/#rate-limiting for details. With all these limits in place (and enabled by default, albeit quite generous), people will not be able to fill up the disk or otherwise bring down the server (at least not without effort). If you want to be sure about that, you can put fail2ban in place (see https://docs.ntfy.sh/config/#banning-bad-actors-fail2ban), which will block these actors before it even reaches ntfy. See https://github.com/binwiederhier/ntfy-ansible/tree/main/roles/fail2ban too. ntfy.sh is configured this way, though the request limits and message limits are wayy smaller than the defaults, because otherwise my SaaS business wouldn't make any money. Advantages: - It's easier to configure and to publish messages (no `curl -u username:password ...` everywhere) Disadvantages: - Other people may use your server (Is that a disavantage?) - You can't use simple topic names like "alerts" and "logins" Let me know if this answers your questions

BreizhHardware commented 2026-05-07 00:29:18 +02:00

Author

Owner

Copy link

@m1212e commented on GitHub (Jul 7, 2025):

Hey, yes thank you very much for you input!

So a reasonable approach would be to either put auth restrictions in place or to reduce the default rate limits and keep an eye on load/abuse and switch to authenticated if necessary?

<!-- gh-comment-id:3043969022 --> @m1212e commented on GitHub (Jul 7, 2025): Hey, yes thank you very much for you input! So a reasonable approach would be to either put auth restrictions in place or to reduce the default rate limits and keep an eye on load/abuse and switch to authenticated if necessary?

BreizhHardware commented 2026-05-07 00:29:18 +02:00

Author

Owner

Copy link

@binwiederhier commented on GitHub (Jul 7, 2025):

Honestly, there are plenty of ntfy servers without rate limit adjustments on the public Internet and nobody's complained. Some are even advertising it (see ntfy docs). I'd just see how it goes with the defaults.

The beautiful thing is that if you use more or less cryptic topics, there's not much chance of leakage. And typically you're not really sending state secrets anyway :-D

<!-- gh-comment-id:3044003093 --> @binwiederhier commented on GitHub (Jul 7, 2025): Honestly, there are plenty of ntfy servers without rate limit adjustments on the public Internet and nobody's complained. Some are even advertising it (see [ntfy docs](https://docs.ntfy.sh/integrations/#alternative-ntfy-servers)). I'd just see how it goes with the defaults. The beautiful thing is that if you use more or less cryptic topics, there's not much chance of leakage. And typically you're not really sending state secrets anyway :-D

BreizhHardware commented 2026-05-07 00:29:18 +02:00

Author

Owner

Copy link

@m1212e commented on GitHub (Jul 7, 2025):

True that! I'd like to implement some sort of dummy smtp notification relay for all of my selfhosted services. Basically using ntfy as a mail bridge sorta thing so best would be no leaks :D
But I think I know everything I need to know! Thanks a lot for your quick answers and your work on this project!

<!-- gh-comment-id:3044566298 --> @m1212e commented on GitHub (Jul 7, 2025): True that! I'd like to implement some sort of dummy smtp notification relay for all of my selfhosted services. Basically using ntfy as a mail bridge sorta thing so best would be no leaks :D But I think I know everything I need to know! Thanks a lot for your quick answers and your work on this project!

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/npm_and_yarn/web/fast-uri-3.1.2

email-verification

attachment-no-http2

attachment-fixes

attachment-s3

config-generator

postgres-replica

dockers-v2

postgres-support

postgres-webpush+user+message

postgres-webpush+user

postgres-webpush

1364-copy-action

crashfix

user-header

scalar-api-docs

cancel-scheduled

update-available

windows-server

303-update-notifications

postgres

admin-ui

require-login

http-clipboard

message-cache-lock

debian-stripe

predefined-users

busy-timeout

template-dir

ipv6

client-ip-header

apns-fix

feat_optional_require_login

security-updates

pg-message-cache

templating-disallow

templating-3

templating-2

message-size-limit+delay-limit

remove-rate-topics

html-emails

cf-priority

acl-underscores

auth-user-header

markdown

img-attach

web-improvements

utf8-headers

matrix-507-reject

http-response-writer

new-homepage-design

e2e

canary

windows

electron

update-messages

webhook-templating

v2.22.0

v2.21.0

v2.20.1

v2.20.0

v2.19.2

v2.19.1

v2.19.0

v2.18.0

v2.17.0

v2.16.0

v2.15.0

v2.14.0

v2.13.0

v2.12.0

v2.11.0

v2.10.0

v2.9.0

v2.8.0

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.1

v2.0.0

v1.31.0

v1.30.1

v1.29.1

v1.29.0

v1.28.0

v1.27.2

v1.27.1

v1.26.0

v1.25.2

v1.25.1

v1.25.0

v1.24.0

v1.23.0

v1.22.0

v1.21.2

v1.21.1

v1.21.0

v1.20.0

v1.19.0

v1.18.1

v1.18.0

v1.17.1

v1.17.0

v1.16.0

v1.15.0

v1.14.1

v1.14.0

v1.13.0

v1.12.1

v1.12.0

v1.11.1

v1.11.2

v1.11.0

v1.10.0

v1.9.0

v1.8.0

v1.7.0

v1.6.1

v1.6.0

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.8

v1.4.7

v1.4.6

v1.4.5

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.3

v1.3.1

v1.3.0

v1.2.5

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.0

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels   

ai-generated

  

android-app

  

android-app

  

android-app

  

🪲 bug

  

build

  

build

  

dependencies

  

docs

  

enhancement

  

enhancement

  

🔥 HOT

  

in-progress 🏃

  

ios

  

prio:low

  

prio:low

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

🔒 security

  

server

  

server

  

unified-push

  

web-app

  

website

No labels

ai-generated

android-app

android-app

android-app

🪲 bug

build

build

dependencies

docs

enhancement

enhancement

🔥 HOT

in-progress 🏃

ios

prio:low

prio:low

pull-request

question

🔒 security

server

server

unified-push

web-app

website

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ntfy#978

No description provided.