server.yml 8.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203
  1. # ntfy server config file
  2. #
  3. # Please refer to the documentation at https://ntfy.sh/docs/config/ for details.
  4. # All options also support underscores (_) instead of dashes (-) to comply with the YAML spec.
  5. # Public facing base URL of the service (e.g. https://ntfy.sh or https://ntfy.example.com)
  6. #
  7. # This setting is required for any of the following features:
  8. # - attachments (to return a download URL)
  9. # - e-mail sending (for the topic URL in the email footer)
  10. # - iOS push notifications for self-hosted servers (to calculate the Firebase poll_request topic)
  11. # - Matrix Push Gateway (to validate that the pushkey is correct)
  12. #
  13. # base-url:
  14. # Listen address for the HTTP & HTTPS web server. If "listen-https" is set, you must also
  15. # set "key-file" and "cert-file". Format: [<ip>]:<port>, e.g. "1.2.3.4:8080".
  16. #
  17. # To listen on all interfaces, you may omit the IP address, e.g. ":443".
  18. # To disable HTTP, set "listen-http" to "-".
  19. #
  20. # listen-http: ":80"
  21. # listen-https:
  22. # Listen on a Unix socket, e.g. /var/lib/ntfy/ntfy.sock
  23. # This can be useful to avoid port issues on local systems, and to simplify permissions.
  24. #
  25. # listen-unix: <socket-path>
  26. # listen-unix-mode: <linux permissions, e.g. 0700>
  27. # Path to the private key & cert file for the HTTPS web server. Not used if "listen-https" is not set.
  28. #
  29. # key-file: <filename>
  30. # cert-file: <filename>
  31. # If set, also publish messages to a Firebase Cloud Messaging (FCM) topic for your app.
  32. # This is optional and only required to save battery when using the Android app.
  33. #
  34. # firebase-key-file: <filename>
  35. # If "cache-file" is set, messages are cached in a local SQLite database instead of only in-memory.
  36. # This allows for service restarts without losing messages in support of the since= parameter.
  37. #
  38. # The "cache-duration" parameter defines the duration for which messages will be buffered
  39. # before they are deleted. This is required to support the "since=..." and "poll=1" parameter.
  40. # To disable the cache entirely (on-disk/in-memory), set "cache-duration" to 0.
  41. # The cache file is created automatically, provided that the correct permissions are set.
  42. #
  43. # The "cache-startup-queries" parameter allows you to run commands when the database is initialized,
  44. # e.g. to enable WAL mode (see https://phiresky.github.io/blog/2020/sqlite-performance-tuning/)).
  45. # Example:
  46. # cache-startup-queries: |
  47. # pragma journal_mode = WAL;
  48. # pragma synchronous = normal;
  49. # pragma temp_store = memory;
  50. #
  51. # Debian/RPM package users:
  52. # Use /var/cache/ntfy/cache.db as cache file to avoid permission issues. The package
  53. # creates this folder for you.
  54. #
  55. # Check your permissions:
  56. # If you are running ntfy with systemd, make sure this cache file is owned by the
  57. # ntfy user and group by running: chown ntfy.ntfy <filename>.
  58. #
  59. # cache-file: <filename>
  60. # cache-duration: "12h"
  61. # cache-startup-queries:
  62. # If set, access to the ntfy server and API can be controlled on a granular level using
  63. # the 'ntfy user' and 'ntfy access' commands. See the --help pages for details, or check the docs.
  64. #
  65. # - auth-file is the SQLite user/access database; it is created automatically if it doesn't already exist
  66. # - auth-default-access defines the default/fallback access if no access control entry is found; it can be
  67. # set to "read-write" (default), "read-only", "write-only" or "deny-all".
  68. #
  69. # Debian/RPM package users:
  70. # Use /var/lib/ntfy/user.db as user database to avoid permission issues. The package
  71. # creates this folder for you.
  72. #
  73. # Check your permissions:
  74. # If you are running ntfy with systemd, make sure this user database file is owned by the
  75. # ntfy user and group by running: chown ntfy.ntfy <filename>.
  76. #
  77. # auth-file: <filename>
  78. # auth-default-access: "read-write"
  79. # If set, the X-Forwarded-For header is used to determine the visitor IP address
  80. # instead of the remote address of the connection.
  81. #
  82. # WARNING: If you are behind a proxy, you must set this, otherwise all visitors are rate limited
  83. # as if they are one.
  84. #
  85. # behind-proxy: false
  86. # If enabled, clients can attach files to notifications as attachments. Minimum settings to enable attachments
  87. # are "attachment-cache-dir" and "base-url".
  88. #
  89. # - attachment-cache-dir is the cache directory for attached files
  90. # - attachment-total-size-limit is the limit of the on-disk attachment cache directory (total size)
  91. # - attachment-file-size-limit is the per-file attachment size limit (e.g. 300k, 2M, 100M)
  92. # - attachment-expiry-duration is the duration after which uploaded attachments will be deleted (e.g. 3h, 20h)
  93. #
  94. # attachment-cache-dir:
  95. # attachment-total-size-limit: "5G"
  96. # attachment-file-size-limit: "15M"
  97. # attachment-expiry-duration: "3h"
  98. # If enabled, allow outgoing e-mail notifications via the 'X-Email' header. If this header is set,
  99. # messages will additionally be sent out as e-mail using an external SMTP server. As of today, only
  100. # SMTP servers with plain text auth and STARTLS are supported. Please also refer to the rate limiting settings
  101. # below (visitor-email-limit-burst & visitor-email-limit-burst).
  102. #
  103. # - smtp-sender-addr is the hostname:port of the SMTP server
  104. # - smtp-sender-user/smtp-sender-pass are the username and password of the SMTP user
  105. # - smtp-sender-from is the e-mail address of the sender
  106. #
  107. # smtp-sender-addr:
  108. # smtp-sender-user:
  109. # smtp-sender-pass:
  110. # smtp-sender-from:
  111. # If enabled, ntfy will launch a lightweight SMTP server for incoming messages. Once configured, users can send
  112. # emails to a topic e-mail address to publish messages to a topic.
  113. #
  114. # - smtp-server-listen defines the IP address and port the SMTP server will listen on, e.g. :25 or 1.2.3.4:25
  115. # - smtp-server-domain is the e-mail domain, e.g. ntfy.sh
  116. # - smtp-server-addr-prefix is an optional prefix for the e-mail addresses to prevent spam. If set to "ntfy-",
  117. # for instance, only e-mails to ntfy-$topic@ntfy.sh will be accepted. If this is not set, all emails to
  118. # $topic@ntfy.sh will be accepted (which may obviously be a spam problem).
  119. #
  120. # smtp-server-listen:
  121. # smtp-server-domain:
  122. # smtp-server-addr-prefix:
  123. # Interval in which keepalive messages are sent to the client. This is to prevent
  124. # intermediaries closing the connection for inactivity.
  125. #
  126. # Note that the Android app has a hardcoded timeout at 77s, so it should be less than that.
  127. #
  128. # keepalive-interval: "45s"
  129. # Interval in which the manager prunes old messages, deletes topics
  130. # and prints the stats.
  131. #
  132. # manager-interval: "1m"
  133. # Defines if the root route (/) is pointing to the landing page (as on ntfy.sh) or the
  134. # web app. If you self-host, you don't want to change this.
  135. # Can be "app" (default), "home" or "disable" to disable the web app entirely.
  136. #
  137. # web-root: app
  138. # Server URL of a Firebase/APNS-connected ntfy server (likely "https://ntfy.sh").
  139. #
  140. # iOS users:
  141. # If you use the iOS ntfy app, you MUST configure this to receive timely notifications. You'll like want this:
  142. # upstream-base-url: "https://ntfy.sh"
  143. #
  144. # If set, all incoming messages will publish a "poll_request" message to the configured upstream server, containing
  145. # the message ID of the original message, instructing the iOS app to poll this server for the actual message contents.
  146. # This is to prevent the upstream server and Firebase/APNS from being able to read the message.
  147. #
  148. # upstream-base-url:
  149. # Rate limiting: Total number of topics before the server rejects new topics.
  150. #
  151. # global-topic-limit: 15000
  152. # Rate limiting: Number of subscriptions per visitor (IP address)
  153. #
  154. # visitor-subscription-limit: 30
  155. # Rate limiting: Allowed GET/PUT/POST requests per second, per visitor:
  156. # - visitor-request-limit-burst is the initial bucket of requests each visitor has
  157. # - visitor-request-limit-replenish is the rate at which the bucket is refilled
  158. # - visitor-request-limit-exempt-hosts is a comma-separated list of hostnames and IPs to be
  159. # exempt from request rate limiting; hostnames are resolved at the time the server is started
  160. #
  161. # visitor-request-limit-burst: 60
  162. # visitor-request-limit-replenish: "5s"
  163. # visitor-request-limit-exempt-hosts: ""
  164. # Rate limiting: Allowed emails per visitor:
  165. # - visitor-email-limit-burst is the initial bucket of emails each visitor has
  166. # - visitor-email-limit-replenish is the rate at which the bucket is refilled
  167. #
  168. # visitor-email-limit-burst: 16
  169. # visitor-email-limit-replenish: "1h"
  170. # Rate limiting: Attachment size and bandwidth limits per visitor:
  171. # - visitor-attachment-total-size-limit is the total storage limit used for attachments per visitor
  172. # - visitor-attachment-daily-bandwidth-limit is the total daily attachment download/upload traffic limit per visitor
  173. #
  174. # visitor-attachment-total-size-limit: "100M"
  175. # visitor-attachment-daily-bandwidth-limit: "500M"
  176. # Log level, can be TRACE, DEBUG, INFO, WARN or ERROR
  177. # This option can be hot-reloaded by calling "kill -HUP $pid" or "systemctl reload ntfy".
  178. #
  179. # Be aware that DEBUG (and particularly TRACE) can be VERY CHATTY. Only turn them on for
  180. # debugging purposes, or your disk will fill up quickly.
  181. #
  182. # log-level: INFO