ntfy
ntfy copied to clipboard
binwiederhier
Matrix gateway fails when mapping ntfy to subpath/subdirectory on a reverse proxy
I tried mapping ntfy to a subpath on my reverse proxy.
I set base-url: https://server.domain.com/ntfy
I had to configure the reverse proxy to remove the /ntfy path prefix when forwarding requests to the ntfy server.
With these two steps, it mostly works. I can send notifications from the command line, and they are received on my Android phone.
I originally had a trailing slash on the base-url, and that broke UP registration. Removing the slash fixed things.
I also mapped https://server.domain.com/_matrix/push/v1/notify to the ntfy server.
The bug is that the Matrix gateway fails in this configuration. Here's a snip from the trace log:
2022/09/11 03:39:55 DEBUG 2602:61:782f:b000:6a09:24e6:2be8:c498 HTTP GET /evilsam,upuVvjZYI6ddt1/ws?since=1662864357 WebSocket connection opened
2022/09/11 03:40:16 DEBUG 2602:61:782f:b000:6a09:24e6:2be8:c498 HTTP POST /_matrix/push/v1/notify Dispatching request
2022/09/11 03:40:16 TRACE 2602:61:782f:b000:6a09:24e6:2be8:c498 HTTP POST /_matrix/push/v1/notify Entire request (headers and body):
POST /_matrix/push/v1/notify HTTP/1.1
Content-Length: 163
User-Agent: SchildiChat/1.4.34.sc58 (Linux; U; Android 13; Pixel 6a Build/TP1A.220624.021.A; Flavour FDroid; MatrixAndroidSdk2 1.4.34)
Content-Type: application/json; charset=UTF-8
Accept-Encoding: gzip
Connection: close
X-Forwarded-For: 2602:61:782f:b000:6a09:24e6:2be8:c498
{"notification":{"event_id":"$THIS_IS_A_FAKE_EVENT_ID","devices":[{"app_id":"de.spiritcroc.riotx","pushkey":"https://server.domain.com/ntfy/upuVvjZYI6ddt1?up=1"}]}}
2022/09/11 03:40:16 DEBUG 2602:61:782f:b000:6a09:24e6:2be8:c498/ntfy/fimtgdGNTxBb Received message: event=message, body=163 byte(s), delayed=false, firebase=false, cache=true, up=true, email=
2022/09/11 03:40:16 TRACE 2602:61:782f:b000:6a09:24e6:2be8:c498/ntfy/fimtgdGNTxBb Message body: {
"id": "fimtgdGNTxBb",
"time": 1662867616,
"event": "message",
"topic": "ntfy",
"message": "{\"notification\":{\"event_id\":\"$THIS_IS_A_FAKE_EVENT_ID\",\"devices\":[{\"app_id\":\"de.spiritcroc.riotx\",\"pushkey\":\"https://server.domain.com/ntfy/upuVvjZYI6ddt1?up=1\"}]}}"
}
2022/09/11 03:40:16 TRACE 2602:61:782f:b000:6a09:24e6:2be8:c498/ntfy/fimtgdGNTxBb No stream or WebSocket subscribers, not forwarding
The topic most certainly is not ntfy, but it's pulling that out of the pushkey. Should it be cutting the base-url from the beginning of the pushkey before looking for a topic? This issue is similar to #256, but relates to the backend, not the web UI.
Running ntfy on a sub path is not supported. There have been attempts to make it work but it proved tricky or hacky. So as of today you need a subdomain.
I made this work with a simple patch. I don't know enough about Go to make a PR for this: some details might not be optimal or just working for me.
The point is that the received url is before the reverse proxy. The request is not actually send, but handled as if the application received it directly, which is after the reverse proxy. To make it work, it has to do the same rewrites a the reverse proxy would have done. Because the hostname seems to be ignored, I here replace the baseurl with `http://127.0.0.1"
diff --git a/server/server_matrix.go b/server/server_matrix.go
index c25a1b59..4f6f46b8 100644
--- a/server/server_matrix.go
+++ b/server/server_matrix.go
@@ -127,7 +127,8 @@ func newRequestFromMatrixJSON(r *http.Request, baseURL string, messageLimit int)
if !strings.HasPrefix(pushKey, baseURL+"/") {
return nil, &errMatrixPushkeyRejected{rejectedPushKey: pushKey, configuredBaseURL: baseURL}
}
- newRequest, err := http.NewRequest(http.MethodPost, pushKey, io.NopCloser(bytes.NewReader(body.PeekedBytes)))
+ pushKeyProxy := "http://127.0.0.1" + strings.TrimPrefix(pushKey, baseURL); // Url after reverse proxy
+ newRequest, err := http.NewRequest(http.MethodPost, pushKeyProxy, io.NopCloser(bytes.NewReader(body.PeekedBytes)))
if err != nil {
return nil, err
}
