# ntfy server config file # # Please refer to the documentation at https://ntfy.sh/docs/config/ for details. # All options also support underscores (_) instead of dashes (-) to comply with the YAML spec. # Public facing base URL of the service (e.g. https://ntfy.sh or https://ntfy.example.com) # # This setting is required for any of the following features: # - attachments (to return a download URL) # - e-mail sending (for the topic URL in the email footer) # - iOS push notifications for self-hosted servers (to calculate the Firebase poll_request topic) # - Matrix Push Gateway (to validate that the pushkey is correct) # base-url: "https://${node.metadata.get('ntfy/domain')}" # Listen address for the HTTP & HTTPS web server. If "listen-https" is set, you must also # set "key-file" and "cert-file". Format: []:, e.g. "1.2.3.4:8080". # # To listen on all interfaces, you may omit the IP address, e.g. ":443". # To disable HTTP, set "listen-http" to "-". # listen-http: "127.0.0.1:22100" # listen-https: # Listen on a Unix socket, e.g. /var/lib/ntfy/ntfy.sock # This can be useful to avoid port issues on local systems, and to simplify permissions. # # listen-unix: # listen-unix-mode: # Path to the private key & cert file for the HTTPS web server. Not used if "listen-https" is not set. # # key-file: # cert-file: # If set, also publish messages to a Firebase Cloud Messaging (FCM) topic for your app. # This is optional and only required to save battery when using the Android app. # # firebase-key-file: # If "cache-file" is set, messages are cached in a local SQLite database instead of only in-memory. # This allows for service restarts without losing messages in support of the since= parameter. # # The "cache-duration" parameter defines the duration for which messages will be buffered # before they are deleted. This is required to support the "since=..." and "poll=1" parameter. # To disable the cache entirely (on-disk/in-memory), set "cache-duration" to 0. # The cache file is created automatically, provided that the correct permissions are set. # # The "cache-startup-queries" parameter allows you to run commands when the database is initialized, # e.g. to enable WAL mode (see https://phiresky.github.io/blog/2020/sqlite-performance-tuning/)). # Example: # cache-startup-queries: | # pragma journal_mode = WAL; # pragma synchronous = normal; # pragma temp_store = memory; # # Debian/RPM package users: # Use /var/cache/ntfy/cache.db as cache file to avoid permission issues. The package # creates this folder for you. # # Check your permissions: # If you are running ntfy with systemd, make sure this cache file is owned by the # ntfy user and group by running: chown ntfy.ntfy . # cache-file: "/var/cache/ntfy/cache.db" cache-duration: "12h" cache-startup-queries: | pragma journal_mode = WAL; pragma synchronous = normal; pragma temp_store = memory; # If set, access to the ntfy server and API can be controlled on a granular level using # the 'ntfy user' and 'ntfy access' commands. See the --help pages for details, or check the docs. # # - auth-file is the SQLite user/access database; it is created automatically if it doesn't already exist # - auth-default-access defines the default/fallback access if no access control entry is found; it can be # set to "read-write" (default), "read-only", "write-only" or "deny-all". # # Debian/RPM package users: # Use /var/lib/ntfy/user.db as user database to avoid permission issues. The package # creates this folder for you. # # Check your permissions: # If you are running ntfy with systemd, make sure this user database file is owned by the # ntfy user and group by running: chown ntfy.ntfy . # auth-file: "/var/lib/ntfy/user.db" auth-default-access: "write-only" # If set, the X-Forwarded-For header is used to determine the visitor IP address # instead of the remote address of the connection. # # WARNING: If you are behind a proxy, you must set this, otherwise all visitors are rate limited # as if they are one. # behind-proxy: true # If enabled, clients can attach files to notifications as attachments. Minimum settings to enable attachments # are "attachment-cache-dir" and "base-url". # # - attachment-cache-dir is the cache directory for attached files # - attachment-total-size-limit is the limit of the on-disk attachment cache directory (total size) # - attachment-file-size-limit is the per-file attachment size limit (e.g. 300k, 2M, 100M) # - attachment-expiry-duration is the duration after which uploaded attachments will be deleted (e.g. 3h, 20h) # attachment-cache-dir: "/var/opt/ntfy" attachment-total-size-limit: "5G" attachment-file-size-limit: "15M" attachment-expiry-duration: "12h" # If enabled, allow outgoing e-mail notifications via the 'X-Email' header. If this header is set, # messages will additionally be sent out as e-mail using an external SMTP server. As of today, only # SMTP servers with plain text auth and STARTLS are supported. Please also refer to the rate limiting settings # below (visitor-email-limit-burst & visitor-email-limit-burst). # # - smtp-sender-addr is the hostname:port of the SMTP server # - smtp-sender-user/smtp-sender-pass are the username and password of the SMTP user # - smtp-sender-from is the e-mail address of the sender # # smtp-sender-addr: # smtp-sender-user: # smtp-sender-pass: # smtp-sender-from: # If enabled, ntfy will launch a lightweight SMTP server for incoming messages. Once configured, users can send # emails to a topic e-mail address to publish messages to a topic. # # - smtp-server-listen defines the IP address and port the SMTP server will listen on, e.g. :25 or 1.2.3.4:25 # - smtp-server-domain is the e-mail domain, e.g. ntfy.sh # - smtp-server-addr-prefix is an optional prefix for the e-mail addresses to prevent spam. If set to "ntfy-", # for instance, only e-mails to ntfy-$topic@ntfy.sh will be accepted. If this is not set, all emails to # $topic@ntfy.sh will be accepted (which may obviously be a spam problem). # # smtp-server-listen: # smtp-server-domain: # smtp-server-addr-prefix: # Interval in which keepalive messages are sent to the client. This is to prevent # intermediaries closing the connection for inactivity. # # Note that the Android app has a hardcoded timeout at 77s, so it should be less than that. # keepalive-interval: "45s" # Interval in which the manager prunes old messages, deletes topics # and prints the stats. # manager-interval: "1m" # Defines if the root route (/) is pointing to the landing page (as on ntfy.sh) or the # web app. If you self-host, you don't want to change this. # Can be "app" (default), "home" or "disable" to disable the web app entirely. # # web-root: app # Various feature flags used to control the web app, and API access, mainly around user and # account management. # # - enable-signup allows users to sign up via the web app, or API # - enable-login allows users to log in via the web app, or API # - enable-reservations allows users to reserve topics (if their tier allows it) # enable-signup: false enable-login: true enable-reservations: false # Server URL of a Firebase/APNS-connected ntfy server (likely "https://ntfy.sh"). # # iOS users: # If you use the iOS ntfy app, you MUST configure this to receive timely notifications. You'll like want this: # upstream-base-url: "https://ntfy.sh" # # If set, all incoming messages will publish a "poll_request" message to the configured upstream server, containing # the message ID of the original message, instructing the iOS app to poll this server for the actual message contents. # This is to prevent the upstream server and Firebase/APNS from being able to read the message. # # upstream-base-url: # Rate limiting: Total number of topics before the server rejects new topics. # global-topic-limit: 15000 # Rate limiting: Number of subscriptions per visitor (IP address) # visitor-subscription-limit: 64 # Rate limiting: Allowed GET/PUT/POST requests per second, per visitor: # - visitor-request-limit-burst is the initial bucket of requests each visitor has # - visitor-request-limit-replenish is the rate at which the bucket is refilled # - visitor-request-limit-exempt-hosts is a comma-separated list of hostnames and IPs to be # exempt from request rate limiting; hostnames are resolved at the time the server is started # visitor-request-limit-burst: 60 visitor-request-limit-replenish: "5s" visitor-request-limit-exempt-hosts: "${','.join(sorted(ratelimit_exempt_hosts))}" # Rate limiting: Allowed emails per visitor: # - visitor-email-limit-burst is the initial bucket of emails each visitor has # - visitor-email-limit-replenish is the rate at which the bucket is refilled # # visitor-email-limit-burst: 16 # visitor-email-limit-replenish: "1h" # Rate limiting: Enable subscriber-based rate limiting (mostly used for UnifiedPush) # # If enabled, subscribers may opt to have published messages counted against their own rate limits, as opposed # to the publisher's rate limits. This is especially useful to increase the amount of messages that high-volume # publishers (e.g. Matrix/Mastodon servers) are allowed to send. # # Once enabled, a client may send a "Rate-Topics: ,,..." header when subscribing to topics via # HTTP stream, or websockets, thereby registering itself as the "rate visitor", i.e. the visitor whose rate limits # to use when publishing on this topic. Note: Setting the rate visitor requires READ-WRITE permission on the topic. # # UnifiedPush only: If this setting is enabled, publishing to UnifiedPush topics will lead to a HTTP 507 response if # no "rate visitor" has been previously registered. This is to avoid burning the publisher's "visitor-message-daily-limit". # # visitor-subscriber-rate-limiting: false # Payments integration via Stripe # # - stripe-secret-key is the key used for the Stripe API communication. Setting this values # enables payments in the ntfy web app (e.g. Upgrade dialog). See https://dashboard.stripe.com/apikeys. # - stripe-webhook-key is the key required to validate the authenticity of incoming webhooks from Stripe. # Webhooks are essential up keep the local database in sync with the payment provider. See https://dashboard.stripe.com/webhooks. # - billing-contact is an email address or website displayed in the "Upgrade tier" dialog to let people reach # out with billing questions. If unset, nothing will be displayed. # # stripe-secret-key: # stripe-webhook-key: # billing-contact: # Metrics # # ntfy can expose Prometheus-style metrics via a /metrics endpoint, or on a dedicated listen IP/port. # Metrics may be considered sensitive information, so before you enable them, be sure you know what you are # doing, and/or secure access to the endpoint in your reverse proxy. # # - enable-metrics enables the /metrics endpoint for the default ntfy server (i.e. HTTP, HTTPS and/or Unix socket) # - metrics-listen-http exposes the metrics endpoint via a dedicated [IP]:port. If set, this option implicitly # enables metrics as well, e.g. "10.0.1.1:9090" or ":9090" # # enable-metrics: false # metrics-listen-http: # Profiling # # ntfy can expose Go's net/http/pprof endpoints to support profiling of the ntfy server. If enabled, ntfy will listen # on a dedicated listen IP/port, which can be accessed via the web browser on http://:/debug/pprof/. # This can be helpful to expose bottlenecks, and visualize call flows. See https://pkg.go.dev/net/http/pprof for details. # # profile-listen-http: # Log level, can be TRACE, DEBUG, INFO, WARN or ERROR # This option can be hot-reloaded by calling "kill -HUP $pid" or "systemctl reload ntfy". # # Be aware that DEBUG (and particularly TRACE) can be VERY CHATTY. Only turn them on for # debugging purposes, or your disk will fill up quickly. # log-level: INFO