0
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 12 Oct 2023
0 points (NaN% liked)
Self-Hosted Main
504 readers
1 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
For Example
- Service: Dropbox - Alternative: Nextcloud
- Service: Google Reader - Alternative: Tiny Tiny RSS
- Service: Blogger - Alternative: WordPress
We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.
Useful Lists
- Awesome-Selfhosted List of Software
- Awesome-Sysadmin List of Software
founded 1 year ago
MODERATORS
For sure set the authentication inside NTFY itself. In terms of protecting NTFY with Authelia that is what I did to allow iOS app to receive notifications and being able to see the messages in the app.
Add below in Authelia configuration.yml
- domain: 'ntfy.example.com'
resources:
- '^/yourtopic/json\?poll=1&'
methods:
- GET
policy: bypass
change domain to your NTFY hostname and 'yourtopic' to your topic name.
I have a default config that protects everything else and bypass only this one so if you try to access your NTFY URL in the browser it will ask you to authenticate, but the iOS app will be able to do get the message from your NTFY server bypassing Authelia. Obviously, the topic itself requires built-in NTFY authentication so no one without the credentials cannot get the messages and no one can push new messages as well.
Not sure how it would work with Android but you can protect your NTFY instance with Authelia and then see in nginx logs what URIs Android app is trying to reach and figure out what is required to get it work. Hope that helps a bit ;)
So do you add 'ntfy.example.com' in your one/two_factor policies? And then a separate 'ntfy.example.com' with the resource regex for bypass policy?
For example:
I think it is the other way around. In the config file you first add more specific policy, and then the more general one. Because the first policy that the request matches will apply and next rules will not apply. Please refer to the docs, everything is there. There is also a specific section for rule matching.
https://www.authelia.com/configuration/security/access-control/