ntfy icon indicating copy to clipboard operation
ntfy copied to clipboard

Published 20 hours ago verified publisher icon binwiederhier

Build for FreeBSD / OpenBSD

Open binwiederhier opened this issue 2 years ago • 3 comments

binwiederhier avatar Mar 13 '22 14:03 binwiederhier

Haha! I just rolled in here looking for this. Universe, what are the odds?! Let me know if you need any help setting this up or testing. Excited to get a pre-built binary.

For what it's worth, just doing a go install heckel.io/ntfy@latest on FreeBSD 13.0 results in:

go/pkg/mod/heckel.io/[email protected]/server/server.go:85:13: pattern docs: no matching files found

I'm not go expert, but I'm working my way through the cause at the moment.

powellc avatar Mar 14 '22 02:03 powellc

Yeah go install doesn't work because the docs and web UI need to be built. Join the discord and we can chat tmr or so

binwiederhier avatar Mar 14 '22 02:03 binwiederhier

Zaraki commented with these instructions on Discord:

ntfy on OpenBSD

Packages

pkg_add go git sqlite3

Building

git clone https://github.com/binwiederhier/ntfy.git
cd ntfy
mkdir -p dist/ntfy_openbsd_amd64 server/docs server/site
touch server/docs/index.html
touch server/site/app.html
CGO_ENABLED=1 go build -o dist/ntfy_openbsd_amd64/ntfy -tags sqlite_omit_load_extension,osusergo,netgo -ldflags "-linkmode=external -extldflags=-static -s -w -X main.version=$(git describe --tag) -X main.commit=$(git rev-parse --short HEAD) -X main.date=$(date +%s)"

Installing

For the UID pick one below 1000 not used by any other port.

mv dist/ntfy_openbsd_amd64/ntfy /usr/local/bin
chown root:bin /usr/local/bin/ntfy
useradd -c 'ntfy server' -d /var/empty -s /sbin/nologin -u 999 _ntfy
mkdir /etc/ntfy /var/cache/ntfy /var/db/ntfy /var/www/ntfy
chmod 750 /var/cache/ntfy /var/cache/ntfy/attachments /var/db/ntfy
chown _ntfy /var/cache/ntfy /var/db/ntfy /var/www/ntfy
chgrp www /var/www/ntfy

Contents of /etc/rc.d/ntfy (+x):

#!/bin/ksh
daemon="/usr/local/bin/ntfy serve"
daemon_user="_ntfy"
daemon_logger="daemon.info"

. /etc/rc.d/rc.subr

rc_bg="YES"
rc_cmd $1

nginx configuration excerpt:

http {
	# ...

	# https://nginx.org/en/docs/http/websocket.html
	map $http_upgrade $connection_upgrade {
		default upgrade;
		'' close;
	}

	# ...

	server {

		# ...

		location /ntfy/ {
			proxy_pass http://unix:/ntfy/ntfy.socket:/;
			proxy_http_version 1.1;

			proxy_buffering off;
			proxy_request_buffering off;
			proxy_redirect off;

			proxy_set_header Host $http_host;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection $connection_upgrade;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

			proxy_connect_timeout 3m;
			proxy_send_timeout 3m;
			proxy_read_timeout 3m;

			client_max_body_size 20m;
		}
	}
}

Contents of /etc/ntfy/server.yml:

base-url: "https://example.com/ntfy/"

listen-http: "-"
listen-unix: "/var/www/ntfy/ntfy.socket"

cache-file: "/var/cache/ntfy/cache.db"

auth-file: "/var/db/ntfy/user.db"
auth-default-access: "deny-all"

behind-proxy: true

attachment-cache-dir: "/var/cache/ntfy/attachments"

Then:

rcctl enable ntfy
rcctl start ntfy

Improvements

It should be possible to specify the file mode of the Unix socket: Right around here, it should either temporarily change process umask around socket creation, or chmod the socket afterwards. Otherwise I need to manually chmod it to 770 after service has started (so nginx can connect, but nobody else).

Some tiny things that would make it easier to run as a daemon:

  • It should have a command-line flag / configuration entry to daemonize on startup (would avoid the need for rc_bg)
  • It should have the ability to send all logging to syslog by itself instead of stdout/stderr (would avoid the need for daemon_logger)

binwiederhier avatar Apr 09 '22 15:04 binwiederhier