ntfy/server/server.yml

# ntfy server config file
#
# Please refer to the documentation at https://ntfy.sh/docs/config/ for details.
# All options also support underscores (_) instead of dashes (-) to comply with the YAML spec.

# Public facing base URL of the service (e.g. https://ntfy.sh or https://ntfy.example.com)
# This setting is currently only used by the attachments and e-mail sending feature (outgoing mail only).
#
# base-url:

# Listen address for the HTTP & HTTPS web server. If "listen-https" is set, you must also
# set "key-file" and "cert-file". Format: [<ip>]:<port>, e.g. "1.2.3.4:8080".
#
# To listen on all interfaces, you may omit the IP address, e.g. ":443".
# To disable HTTP, set "listen-http" to "-".
#
# listen-http: ":80"
# listen-https:

# Listen on a Unix socket, e.g. /var/lib/ntfy/ntfy.sock
# This can be useful to avoid port issues on local systems, and to simplify permissions.
#
# listen-unix: <socket-path>

# Path to the private key & cert file for the HTTPS web server. Not used if "listen-https" is not set.
#
# key-file: <filename>
# cert-file: <filename>

# If set, also publish messages to a Firebase Cloud Messaging (FCM) topic for your app.
# This is optional and only required to save battery when using the Android app.
#
# firebase-key-file: <filename>

# If set, messages are cached in a local SQLite database instead of only in-memory. This
# allows for service restarts without losing messages in support of the since= parameter.
#
# The "cache-duration" parameter defines the duration for which messages will be buffered
# before they are deleted. This is required to support the "since=..." and "poll=1" parameter.
# To disable the cache entirely (on-disk/in-memory), set "cache-duration" to 0.
# The cache file is created automatically, provided that the correct permissions are set.
#
# Debian/RPM package users:
#   Use /var/cache/ntfy/cache.db as cache file to avoid permission issues. The package
#   creates this folder for you.
#
# Check your permissions:
#   If you are running ntfy with systemd, make sure this cache file is owned by the
#   ntfy user and group by running: chown ntfy.ntfy <filename>.
#
# cache-file: <filename>
# cache-duration: "12h"

# If set, access to the ntfy server and API can be controlled on a granular level using
# the 'ntfy user' and 'ntfy access' commands. See the --help pages for details, or check the docs.
#
# - auth-file is the SQLite user/access database; it is created automatically if it doesn't already exist
# - auth-default-access defines the default/fallback access if no access control entry is found; it can be
#   set to "read-write" (default), "read-only", "write-only" or "deny-all".
#
# Debian/RPM package users:
#   Use /var/lib/ntfy/user.db as user database to avoid permission issues. The package
#   creates this folder for you.
#
# Check your permissions:
#   If you are running ntfy with systemd, make sure this user database file is owned by the
#   ntfy user and group by running: chown ntfy.ntfy <filename>.
#
# auth-file: <filename>
# auth-default-access: "read-write"

# If set, the X-Forwarded-For header is used to determine the visitor IP address
# instead of the remote address of the connection.
#
# WARNING: If you are behind a proxy, you must set this, otherwise all visitors are rate limited
#          as if they are one.
#
# behind-proxy: false

# If enabled, clients can attach files to notifications as attachments. Minimum settings to enable attachments
# are "attachment-cache-dir" and "base-url".
#
# - attachment-cache-dir is the cache directory for attached files
# - attachment-total-size-limit is the limit of the on-disk attachment cache directory (total size)
# - attachment-file-size-limit is the per-file attachment size limit (e.g. 300k, 2M, 100M)
# - attachment-expiry-duration is the duration after which uploaded attachments will be deleted (e.g. 3h, 20h)
#
# attachment-cache-dir:
# attachment-total-size-limit: "5G"
# attachment-file-size-limit: "15M"
# attachment-expiry-duration: "3h"

# If enabled, allow outgoing e-mail notifications via the 'X-Email' header. If this header is set,
# messages will additionally be sent out as e-mail using an external SMTP server. As of today, only
# SMTP servers with plain text auth and STARTLS are supported. Please also refer to the rate limiting settings
# below (visitor-email-limit-burst & visitor-email-limit-burst).
#
# - smtp-sender-addr is the hostname:port of the SMTP server
# - smtp-sender-user/smtp-sender-pass are the username and password of the SMTP user
# - smtp-sender-from is the e-mail address of the sender
#
# smtp-sender-addr:
# smtp-sender-user:
# smtp-sender-pass:
# smtp-sender-from:

# If enabled, ntfy will launch a lightweight SMTP server for incoming messages. Once configured, users can send
# emails to a topic e-mail address to publish messages to a topic.
#
# - smtp-server-listen defines the IP address and port the SMTP server will listen on, e.g. :25 or 1.2.3.4:25
# - smtp-server-domain is the e-mail domain, e.g. ntfy.sh
# - smtp-server-addr-prefix is an optional prefix for the e-mail addresses to prevent spam. If set to "ntfy-",
#   for instance, only e-mails to ntfy-$topic@ntfy.sh will be accepted. If this is not set, all emails to
#   $topic@ntfy.sh will be accepted (which may obviously be a spam problem).
#
# smtp-server-listen:
# smtp-server-domain:
# smtp-server-addr-prefix:

# Interval in which keepalive messages are sent to the client. This is to prevent
# intermediaries closing the connection for inactivity.
#
# Note that the Android app has a hardcoded timeout at 77s, so it should be less than that.
#
# keepalive-interval: "45s"

# Interval in which the manager prunes old messages, deletes topics
# and prints the stats.
#
# manager-interval: "1m"

# Defines if the root route (/) is pointing to the landing page (as on ntfy.sh) or the
# web app. If you self-host, you don't want to change this.
# Can be "app" (default), "home" or "disable" to disable the web app entirely.
#
# web-root: app

# Rate limiting: Total number of topics before the server rejects new topics.
#
# global-topic-limit: 15000

# Rate limiting: Number of subscriptions per visitor (IP address)
#
# visitor-subscription-limit: 30

# Rate limiting: Allowed GET/PUT/POST requests per second, per visitor:
# - visitor-request-limit-burst is the initial bucket of requests each visitor has
# - visitor-request-limit-replenish is the rate at which the bucket is refilled
# - visitor-request-limit-exempt-hosts is a comma-separated list of hostnames and IPs to be
#   exempt from request rate limiting; hostnames are resolved at the time the server is started
#
# visitor-request-limit-burst: 60
# visitor-request-limit-replenish: "5s"
# visitor-request-limit-exempt-hosts: ""

# Rate limiting: Allowed emails per visitor:
# - visitor-email-limit-burst is the initial bucket of emails each visitor has
# - visitor-email-limit-replenish is the rate at which the bucket is refilled
#
# visitor-email-limit-burst: 16
# visitor-email-limit-replenish: "1h"

# Rate limiting: Attachment size and bandwidth limits per visitor:
# - visitor-attachment-total-size-limit is the total storage limit used for attachments per visitor
# - visitor-attachment-daily-bandwidth-limit is the total daily attachment download/upload traffic limit per visitor
#
# visitor-attachment-total-size-limit: "100M"
# visitor-attachment-daily-bandwidth-limit: "500M"
Move config files and folders 2021-12-19 04:02:36 +01:00			`# ntfy server config file`
Support for underscores in server.yml config options 2022-05-16 17:32:21 +02:00			`#`
			`# Please refer to the documentation at https://ntfy.sh/docs/config/ for details.`
			`# All options also support underscores (_) instead of dashes (-) to comply with the YAML spec.`
Makefile, Dockerfile, GoReleaser, config.yml, systemd service 2021-10-24 03:29:45 +02:00
Docs 2021-12-25 00:57:02 +01:00			`# Public facing base URL of the service (e.g. https://ntfy.sh or https://ntfy.example.com)`
Update server.yml docs 2022-01-21 02:40:12 +01:00			`# This setting is currently only used by the attachments and e-mail sending feature (outgoing mail only).`
Docs 2021-12-25 00:57:02 +01:00			`#`
			`# base-url:`

WIP CLI 2021-12-18 20:43:27 +01:00			`# Listen address for the HTTP & HTTPS web server. If "listen-https" is set, you must also`
Do not print ugly WS error; tests 2022-01-16 04:33:35 +01:00			`# set "key-file" and "cert-file". Format: [<ip>]:<port>, e.g. "1.2.3.4:8080".`
Makefile, Dockerfile, GoReleaser, config.yml, systemd service 2021-10-24 03:29:45 +02:00			`#`
Do not print ugly WS error; tests 2022-01-16 04:33:35 +01:00			`# To listen on all interfaces, you may omit the IP address, e.g. ":443".`
Merge branch 'main' into unix-socket 2022-01-15 02:16:12 +01:00			`# To disable HTTP, set "listen-http" to "-".`
			`#`
Makefile, Dockerfile, GoReleaser, config.yml, systemd service 2021-10-24 03:29:45 +02:00			`# listen-http: ":80"`
Add TLS/HTTPS 2021-12-02 14:52:48 +01:00			`# listen-https:`

Merge branch 'main' into unix-socket 2022-01-15 02:16:12 +01:00			`# Listen on a Unix socket, e.g. /var/lib/ntfy/ntfy.sock`
			`# This can be useful to avoid port issues on local systems, and to simplify permissions.`
			`#`
			`# listen-unix: <socket-path>`

WIP CLI 2021-12-18 20:43:27 +01:00			`# Path to the private key & cert file for the HTTPS web server. Not used if "listen-https" is not set.`
Add TLS/HTTPS 2021-12-02 14:52:48 +01:00			`#`
Docs and minor improvements to "ntfy access" 2022-02-01 22:40:33 +01:00			`# key-file: <filename>`
			`# cert-file: <filename>`
Add TLS/HTTPS 2021-12-02 14:52:48 +01:00
Config file 2021-10-29 20:03:41 +02:00			`# If set, also publish messages to a Firebase Cloud Messaging (FCM) topic for your app.`
WIP: Docs 2021-12-02 05:08:12 +01:00			`# This is optional and only required to save battery when using the Android app.`
Config file 2021-10-29 20:03:41 +02:00			`#`
			`# firebase-key-file: <filename>`

Clean up readme 2021-11-03 16:33:34 +01:00			`# If set, messages are cached in a local SQLite database instead of only in-memory. This`
			`# allows for service restarts without losing messages in support of the since= parameter.`
			`#`
Docs and minor improvements to "ntfy access" 2022-02-01 22:40:33 +01:00			`# The "cache-duration" parameter defines the duration for which messages will be buffered`
			`# before they are deleted. This is required to support the "since=..." and "poll=1" parameter.`
Add 'Cache: no' header, closes #41 2021-12-09 16:23:17 +01:00			`# To disable the cache entirely (on-disk/in-memory), set "cache-duration" to 0.`
Update server.yml docs 2022-01-21 02:40:12 +01:00			`# The cache file is created automatically, provided that the correct permissions are set.`
Add 'Cache: no' header, closes #41 2021-12-09 16:23:17 +01:00			`#`
Update server.yml docs 2022-01-21 02:40:12 +01:00			`# Debian/RPM package users:`
			`# Use /var/cache/ntfy/cache.db as cache file to avoid permission issues. The package`
			`# creates this folder for you.`
			`#`
			`# Check your permissions:`
			`# If you are running ntfy with systemd, make sure this cache file is owned by the`
			`# ntfy user and group by running: chown ntfy.ntfy <filename>.`
Make ntfy run as ntfy user/group, closes #38 2021-12-09 04:08:44 +01:00			`#`
Clean up readme 2021-11-03 16:33:34 +01:00			`# cache-file: <filename>`
Docs and minor improvements to "ntfy access" 2022-02-01 22:40:33 +01:00			`# cache-duration: "12h"`
Clean up readme 2021-11-03 16:33:34 +01:00
Docs and minor improvements to "ntfy access" 2022-02-01 22:40:33 +01:00			`# If set, access to the ntfy server and API can be controlled on a granular level using`
			`# the 'ntfy user' and 'ntfy access' commands. See the --help pages for details, or check the docs.`
Config file 2021-10-29 20:03:41 +02:00			`#`
Docs and minor improvements to "ntfy access" 2022-02-01 22:40:33 +01:00			`# - auth-file is the SQLite user/access database; it is created automatically if it doesn't already exist`
			`# - auth-default-access defines the default/fallback access if no access control entry is found; it can be`
			`# set to "read-write" (default), "read-only", "write-only" or "deny-all".`
Add 'Cache: no' header, closes #41 2021-12-09 16:23:17 +01:00			`#`
Docs and minor improvements to "ntfy access" 2022-02-01 22:40:33 +01:00			`# Debian/RPM package users:`
			`# Use /var/lib/ntfy/user.db as user database to avoid permission issues. The package`
			`# creates this folder for you.`
			`#`
			`# Check your permissions:`
			`# If you are running ntfy with systemd, make sure this user database file is owned by the`
			`# ntfy user and group by running: chown ntfy.ntfy <filename>.`
			`#`
			`# auth-file: <filename>`
			`# auth-default-access: "read-write"`
Config file 2021-10-29 20:03:41 +02:00
Docs 2021-12-25 00:57:02 +01:00			`# If set, the X-Forwarded-For header is used to determine the visitor IP address`
			`# instead of the remote address of the connection.`
			`#`
			`# WARNING: If you are behind a proxy, you must set this, otherwise all visitors are rate limited`
			`# as if they are one.`
			`#`
			`# behind-proxy: false`

Docs docs docs 2022-01-13 21:17:30 +01:00			`# If enabled, clients can attach files to notifications as attachments. Minimum settings to enable attachments`
			`# are "attachment-cache-dir" and "base-url".`
			`#`
			`# - attachment-cache-dir is the cache directory for attached files`
			`# - attachment-total-size-limit is the limit of the on-disk attachment cache directory (total size)`
			`# - attachment-file-size-limit is the per-file attachment size limit (e.g. 300k, 2M, 100M)`
			`# - attachment-expiry-duration is the duration after which uploaded attachments will be deleted (e.g. 3h, 20h)`
			`#`
			`# attachment-cache-dir:`
			`# attachment-total-size-limit: "5G"`
			`# attachment-file-size-limit: "15M"`
			`# attachment-expiry-duration: "3h"`

CLI arguments 2021-12-27 22:27:01 +01:00			`# If enabled, allow outgoing e-mail notifications via the 'X-Email' header. If this header is set,`
			`# messages will additionally be sent out as e-mail using an external SMTP server. As of today, only`
			`# SMTP servers with plain text auth and STARTLS are supported. Please also refer to the rate limiting settings`
Docs 2021-12-25 00:57:02 +01:00			`# below (visitor-email-limit-burst & visitor-email-limit-burst).`
			`#`
CLI arguments 2021-12-27 22:27:01 +01:00			`# - smtp-sender-addr is the hostname:port of the SMTP server`
			`# - smtp-sender-user/smtp-sender-pass are the username and password of the SMTP user`
			`# - smtp-sender-from is the e-mail address of the sender`
Docs 2021-12-25 00:57:02 +01:00			`#`
CLI arguments 2021-12-27 22:27:01 +01:00			`# smtp-sender-addr:`
			`# smtp-sender-user:`
			`# smtp-sender-pass:`
			`# smtp-sender-from:`
Docs 2021-12-25 00:57:02 +01:00
Docs docs docs 2021-12-28 17:36:12 +01:00			`# If enabled, ntfy will launch a lightweight SMTP server for incoming messages. Once configured, users can send`
			`# emails to a topic e-mail address to publish messages to a topic.`
			`#`
			`# - smtp-server-listen defines the IP address and port the SMTP server will listen on, e.g. :25 or 1.2.3.4:25`
			`# - smtp-server-domain is the e-mail domain, e.g. ntfy.sh`
			`# - smtp-server-addr-prefix is an optional prefix for the e-mail addresses to prevent spam. If set to "ntfy-",`
			`# for instance, only e-mails to ntfy-$topic@ntfy.sh will be accepted. If this is not set, all emails to`
			`# $topic@ntfy.sh will be accepted (which may obviously be a spam problem).`
			`#`
WIP 2021-12-27 16:39:28 +01:00			`# smtp-server-listen:`
CLI arguments 2021-12-27 22:27:01 +01:00			`# smtp-server-domain:`
			`# smtp-server-addr-prefix:`
WIP 2021-12-27 16:39:28 +01:00
Config file 2021-10-29 20:03:41 +02:00			`# Interval in which keepalive messages are sent to the client. This is to prevent`
			`# intermediaries closing the connection for inactivity.`
			`#`
WIP: Docs 2021-12-02 05:08:12 +01:00			`# Note that the Android app has a hardcoded timeout at 77s, so it should be less than that.`
			`#`
Websockets; working 2022-01-15 19:23:35 +01:00			`# keepalive-interval: "45s"`
Config file 2021-10-29 20:03:41 +02:00
Fix rate limiting behind proxy, make configurable 2021-11-05 18:46:27 +01:00			`# Interval in which the manager prunes old messages, deletes topics`
			`# and prints the stats.`
Config file 2021-10-29 20:03:41 +02:00			`#`
Docs docs docs 2022-01-13 21:17:30 +01:00			`# manager-interval: "1m"`
Fix rate limiting behind proxy, make configurable 2021-11-05 18:46:27 +01:00
Add --web-root switch 2022-03-06 03:28:25 +01:00			`# Defines if the root route (/) is pointing to the landing page (as on ntfy.sh) or the`
Add disable option to web-root Closes #238 2022-05-13 19:08:07 +02:00			`# web app. If you self-host, you don't want to change this.`
Fine tuning 2022-05-13 20:42:25 +02:00			`# Can be "app" (default), "home" or "disable" to disable the web app entirely.`
Add --web-root switch 2022-03-06 03:28:25 +01:00			`#`
			`# web-root: app`

Fix rate limiting behind proxy, make configurable 2021-11-05 18:46:27 +01:00			`# Rate limiting: Total number of topics before the server rejects new topics.`
			`#`
Daily traffic limit 2022-01-13 00:52:07 +01:00			`# global-topic-limit: 15000`
Fix rate limiting behind proxy, make configurable 2021-11-05 18:46:27 +01:00
			`# Rate limiting: Number of subscriptions per visitor (IP address)`
			`#`
			`# visitor-subscription-limit: 30`

			`# Rate limiting: Allowed GET/PUT/POST requests per second, per visitor:`
			`# - visitor-request-limit-burst is the initial bucket of requests each visitor has`
			`# - visitor-request-limit-replenish is the rate at which the bucket is refilled`
Double requests/sec limit; update docs 2022-02-14 23:07:17 +01:00			`# - visitor-request-limit-exempt-hosts is a comma-separated list of hostnames and IPs to be`
			`# exempt from request rate limiting; hostnames are resolved at the time the server is started`
Fix rate limiting behind proxy, make configurable 2021-11-05 18:46:27 +01:00			`#`
			`# visitor-request-limit-burst: 60`
Double requests/sec limit; update docs 2022-02-14 23:07:17 +01:00			`# visitor-request-limit-replenish: "5s"`
			`# visitor-request-limit-exempt-hosts: ""`
Fix rate limiting behind proxy, make configurable 2021-11-05 18:46:27 +01:00
Email rate limiting + tests 2021-12-24 00:03:04 +01:00			`# Rate limiting: Allowed emails per visitor:`
			`# - visitor-email-limit-burst is the initial bucket of emails each visitor has`
			`# - visitor-email-limit-replenish is the rate at which the bucket is refilled`
			`#`
			`# visitor-email-limit-burst: 16`
Docs docs docs 2022-01-13 21:17:30 +01:00			`# visitor-email-limit-replenish: "1h"`

			`# Rate limiting: Attachment size and bandwidth limits per visitor:`
			`# - visitor-attachment-total-size-limit is the total storage limit used for attachments per visitor`
			`# - visitor-attachment-daily-bandwidth-limit is the total daily attachment download/upload traffic limit per visitor`
			`#`
			`# visitor-attachment-total-size-limit: "100M"`
			`# visitor-attachment-daily-bandwidth-limit: "500M"`