Access Control

By default, the ntfy server is open for everyone, meaning everyone can read and write to any topic (this is how ntfy.sh is configured). To restrict access to your own server, you can optionally configure authentication and authorization.

ntfy's auth is implemented with a simple SQLite-based backend. It implements two roles (user and admin) and per-topic read and write permissions using an access control list (ACL). Access control entries can be applied to users as well as the special everyone user (*), which represents anonymous API access.

To set up auth, simply configure the following two options:

auth-file is the user/access database; it is created automatically if it doesn't already exist; suggested location /var/lib/ntfy/user.db (easiest if deb/rpm package is used)
auth-default-access defines the default/fallback access if no access control entry is found; it can be set to read-write (default), read-only, write-only or deny-all.

Once configured, you can use the ntfy user command to add or modify users, and the ntfy access command lets you modify the access control list for specific users and topic patterns. Both of these commands directly edit the auth database (as defined in auth-file), so they only work on the server, and only if the user accessing them has the right permissions.

Installation with repository

Basic Configuration

Web Push

Access Control

Users and roles

Access control list (ACL)

Access Tokens

Behind a proxy (TLS, etc.)

TLS/SSL

nginx/Apache2/caddy

Access Control

No Comments