Add UnifiedPush settings in documentation
-
Hello.
I suggest to add an entry to the ntfy docs to explain how to make UnifiedPush work. Basically, one needs to apply this lines to the
app/data/config/server.yml:auth-access: - "everyone:up*:write-only"c.f. https://docs.ntfy.sh/config/#example-unifiedpush
It could also be a setting applied by default.
-
@mononym thanks! But I think this is something for upstream docs since it's not Cloudron specific . The cloudron docs are only for packaging specific stuff (https://docs.cloudron.io/packages/ntfy/#custom-config).
@joseph said in Add UnifiedPush settings in documentation:
The cloudron docs are only for packaging specific stuff (https://docs.cloudron.io/packages/ntfy/#custom-config ).
IMHO that is neither true, nor should it be: plenty of the docs contain useful tips on how to do things with apps, and that is a very good and useful thing for Cloudron users.
I agree with @mononym that this info should be added to the docs (although I also agree it should prob just be added to the package too).
-
-
Maybe I am missing something but isn't that rule giving anon access to channels starting with 'up' . Why should this be in default Cloudron package? If it was important, the default install of ntfy should come with this from upstream.
@joseph said in Add UnifiedPush settings in documentation:
Maybe I am missing something but isn't that rule giving anon access to channels starting with 'up'
from the upstream docs linked above:
The topic names used by UnifiedPush all start with the up* prefix.
@joseph said in Add UnifiedPush settings in documentation:
Why should this be in default Cloudron package?
I could be missing something and I'm not even using the app, but just because I'd guess most people would want UnifiedPush stuff on in an app that's all about getting notified about stuff.
-
Maybe I am missing something but isn't that rule giving anon access to channels starting with 'up' . Why should this be in default Cloudron package? If it was important, the default install of ntfy should come with this from upstream.
@joseph said in Add UnifiedPush settings in documentation:
Maybe I am missing something but isn't that rule giving anon access to channels starting with 'up' .
I had the same concern but in the end it made sense. It is a write only access which certain application servers need to have. Ex. I set up Element to use UnifiedPush with the ntfy app on my device. The test all worked except "Test Push loop back". No idea what that does but it did work once I configured
"everyone:up*:write-only"like the suggested settings.When choosing ntfy as UnifiedPush the app created some random string (i.e. the ntfy topic) and it starts with
up. In the end, it is difficult to guess the topic name as it is random and as long you're not subscribed to that topic, you won't see the messages as well. Basically, write-only access is not enough to use the nfty server like a public instance as credentials are necessary to read the topic. So I think not really a concern here.I guess there's more about this on: https://unifiedpush.org
-
@joseph said in Add UnifiedPush settings in documentation:
Maybe I am missing something but isn't that rule giving anon access to channels starting with 'up'
from the upstream docs linked above:
The topic names used by UnifiedPush all start with the up* prefix.
@joseph said in Add UnifiedPush settings in documentation:
Why should this be in default Cloudron package?
I could be missing something and I'm not even using the app, but just because I'd guess most people would want UnifiedPush stuff on in an app that's all about getting notified about stuff.
@jdaviescoates said in Add UnifiedPush settings in documentation:
I could be missing something and I'm not even using the app, but just because I'd guess most people would want UnifiedPush stuff on in an app that's all about getting notified about stuff.
Unifiedpush is not used to send you notifications from Ntfy, but unifiedpush is a system that can use your ntfy server to relay notifications from apps through it, instead of using Google infrastructure for these. The list of supported software can be found at https://unifiedpush.org/users/apps/, but at least when testing this with NeoChat I not only needed give write access to
up_*, but also read access.@mononym said in Add UnifiedPush settings in documentation:
When choosing ntfy as UnifiedPush the app created some random string (i.e. the ntfy topic) and it starts with up. In the end, it is difficult to guess the topic name as it is random and as long you're not subscribed to that topic, you won't see the messages as well. Basically, write-only access is not enough to use the nfty server like a public instance as credentials are necessary to read the topic.
What I personally find difficult with Unifiedpush is giving the whole world the ability to send data (text and files) to your server. There are too many bad actors on the internet for this to be a good idea.
