You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -45,43 +46,49 @@ The setup required consists of three steps
45
46
- Configuring the nextcloud app
46
47
47
48
> __For Nextcloud Snap users:__\
48
-
The snap team made a wiki page how to install Client Push in Nextcloud snap. See [their Wiki page](https://github.com/nextcloud-snap/nextcloud-snap/wiki/Configure-HPB-client-push-for-Nextcloud-snap)!
49
+
> The snap team made a wiki page how to install Client Push in Nextcloud snap.
50
+
>
51
+
See [their Wiki page](https://github.com/nextcloud-snap/nextcloud-snap/wiki/Configure-HPB-client-push-for-Nextcloud-snap)!
49
52
50
53
### Push server
51
54
52
-
The push server should be setup to run as a background daemon, the recommended way is by setting it up as a system service in the init system.
53
-
If you're not using systemd then any init or process management system that runs the push server binary with the described environment variables will work.
55
+
The push server should be setup to run as a background daemon, the recommended way is by setting it up as a system
56
+
service in the init system.
57
+
If you're not using systemd then any init or process management system that runs the push server binary with the
58
+
described environment variables will work.
54
59
55
60
#### systemd
56
61
57
-
58
-
For systemd based setups, you can create a systemd service by creating a file named `/etc/systemd/system/notify_push.service` with the following
62
+
For systemd based setups, you can create a systemd service by creating a file named
63
+
`/etc/systemd/system/notify_push.service` with the following
# requires the push server to have been build with the systemd feature (enabled by default)
71
-
Type=notify
72
-
User=www-data
73
-
Restart=always
74
-
RestartSec=60
76
+
Type = notify
77
+
User = www-data
78
+
Restart = always
79
+
RestartSec = 60
75
80
76
81
[Install]
77
82
WantedBy = multi-user.target
78
83
```
79
84
80
-
If the push server has not been compiled with the optional systemd feature (enabled by default) the `Type=notify` line has to be removed.
85
+
If the push server has not been compiled with the optional systemd feature (enabled by default) the `Type=notify` line
86
+
has to be removed.
81
87
82
88
#### OpenRC
83
89
84
-
For OpenRC based setups, you can create an OpenRC service by creating a file named `/etc/init.d/notify_push` with the following content.
90
+
For OpenRC based setups, you can create an OpenRC service by creating a file named `/etc/init.d/notify_push` with the
91
+
following content.
85
92
86
93
```sh
87
94
#!/sbin/openrc-run
@@ -108,37 +115,65 @@ start_pre() {
108
115
109
116
Adjust the paths, ports and user as needed.
110
117
111
-
112
118
#### Configuration
113
119
114
-
The push server can be configured either by loading the config from the nextcloud `config.php` or by setting all options through environment variables.
120
+
The push server can be configured either by loading the config from the nextcloud `config.php` or by setting all options
121
+
through environment variables.
115
122
116
123
Re-using the configuration from nextcloud is the recommended way, as it ensures that the configuration remains in sync.
117
124
118
-
If using the `config.php` isn't possible, you can configure the push server by setting the following environment variables:
125
+
If using the `config.php` isn't possible, you can configure the push server by setting the following environment
126
+
variables:
119
127
120
128
-`DATABASE_URL` connection url for the Nextcloud database, e.g. `postgres://user:password@db_host/db_name`
121
129
-`DATABASE_PREFIX` database prefix configured in Nextcloud, e.g. `oc_`
122
130
-`REDIS_URL` connection url for redis, e.g. `redis://redis_host`
123
131
-`NEXTCLOUD_URL` url for the nextcloud instance, e.g. `https://cloud.example.com`
124
132
125
-
Or you can specify the options as command line arguments, see `notify_push --help` for information about the command line arguments.
133
+
Or you can specify the options as command line arguments, see `notify_push --help` for information about the command
134
+
line arguments.
126
135
127
-
If a config option is set in multiple sources, the values from the command line argument overwrite values from the environment
136
+
If a config option is set in multiple sources, the values from the command line argument overwrite values from the
137
+
environment
128
138
which in turns overwrites the values from the `config.php`.
129
139
130
-
The port the server listens to can only be configured through the environment variable `PORT`, or `--port` argument and defaults to 7867.
131
-
Alternatively you can configure the server to listen on a unix socket by setting the `SOCKET_PATH` environment variable or `--socket-path` argument.
140
+
The port the server listens to can only be configured through the environment variable `PORT`, or `--port` argument and
141
+
defaults to 7867.
142
+
Alternatively you can configure the server to listen on a unix socket by setting the `SOCKET_PATH` environment variable
143
+
or `--socket-path` argument.
132
144
133
-
Note that Nextcloud load all files matching `*.config.php` in the config directory in additional to the main config file.
145
+
Note that Nextcloud loads all files matching `*.config.php` in the config directory in additional to the main config
146
+
file.
134
147
You can enable this same behavior by passing the `--glob-config` option.
135
148
149
+
#####
150
+
151
+
<details>
152
+
<summary>Connecting to redis over TLS
153
+
</summary>
154
+
155
+
You can connect to redis over TLS by specifying `rediss://` as the redis url.
156
+
157
+
The client certificate and key can be set with the `--redis-tls-cert` and `--redis-tls-key` arguments (or the
158
+
`REDIS_TLS_CERT` and `REDIS_TLS_KEY` environment variables).
159
+
The certificate authority for validating the server certificate can be set with the `--redis-tls-ca` argument (or the
160
+
`REDIS_TLS_CA` environment variable).
161
+
162
+
Additionally, you can disable validating the hostname of the server certificate with
163
+
`--redis-tls-dont-validate-hostname` or disable all certificate validation altogether with `--redis-tls-insecure` (or
164
+
the `REDIS_TLS_DONT_VALIDATE_HOSTNAME` and `REDIS_TLS_INSECURE` environment variables respectively).
165
+
166
+
</details>
167
+
136
168
#### TLS Configuration
137
169
138
-
The push server can be configured to serve over TLS. This is mostly intended for securing the traffic between the push server
139
-
and the reverse proxy if they are running on different hosts, running without a reverse proxy (or load balancer) is not recommended.
170
+
The push server can be configured to serve over TLS. This is mostly intended for securing the traffic between the push
171
+
server
172
+
and the reverse proxy if they are running on different hosts, running without a reverse proxy (or load balancer) is not
173
+
recommended.
140
174
141
-
TLS can be enabled by setting the `--tls-cert` and `--tls-key` arguments (or the `TLS_CERT` and `TLS_KEY` environment variables).
175
+
TLS can be enabled by setting the `--tls-cert` and `--tls-key` arguments (or the `TLS_CERT` and `TLS_KEY` environment
176
+
variables).
142
177
143
178
#### Starting the service
144
179
@@ -150,58 +185,58 @@ Once the systemd service file is set up with the correct configuration you can s
150
185
and enable it to automatically start on boot using
151
186
152
187
- systemd: `sudo systemctl enable notify_push`
153
-
- OpenRc: `sudo rc-update add notify_push`
154
-
188
+
- OpenRc: `sudo rc-update add notify_push`
155
189
156
190
Every time this app receives an update you should restart the systemd service using
157
191
158
192
- systemd: `sudo systemctl restart notify_push`
159
193
- OpenRc: `sudo rc-service notify_push restart`
160
194
161
-
162
195
<details>
163
196
<summary>Alternatively, you can do this automatically via systemctl by creating the following systemd service and path (click to expand)</summary>
164
197
165
198
First create a oneshot service to trigger the daemon restart
166
199
167
200
`/etc/systemd/system/notify_push-watcher.service`
201
+
168
202
```ini
169
203
[Unit]
170
-
Description=Restart Push daemon for Nextcloud clients when it receives updates
It is **strongly** recommended to set up the push service behind a reverse proxy, this both removes the need to open
215
-
a new port to the internet and handles the TLS encryption of the connection to prevent sending credentials in plain text.
250
+
a new port to the internet and handles the TLS encryption of the connection to prevent sending credentials in plain
251
+
text.
216
252
217
253
You can probably use the same webserver that you're already using for your nextcloud.
218
254
@@ -299,16 +335,19 @@ Alternatively you can set the log level of the push server in the `LOG` environm
299
335
300
336
### Metrics
301
337
302
-
The push server can expose some basic metrics about the number of connected clients and the traffic flowing through the server
338
+
The push server can expose some basic metrics about the number of connected clients and the traffic flowing through the
339
+
server
303
340
by setting the `METRICS_PORT` environment variable.
304
341
305
342
Once set the metrics are available in a prometheus compatible format at `/metrics` on the configured port.
306
343
307
-
Additionally you can manually check the metrics by running the `occ notify_push:metrics` command, this will function even if you haven't setup `METRICS_PORT`.
344
+
Additionally you can manually check the metrics by running the `occ notify_push:metrics` command, this will function
345
+
even if you haven't setup `METRICS_PORT`.
308
346
309
347
### Self-signed certificates
310
348
311
-
If your nextcloud is using a self-signed certificate then you either need to set the `NEXTCLOUD_URL` to a non-https, local url,
349
+
If your nextcloud is using a self-signed certificate then you either need to set the `NEXTCLOUD_URL` to a non-https,
350
+
local url,
312
351
or disable certificate verification by setting `ALLOW_SELF_SIGNED=true`.
313
352
314
353
## Troubleshooting
@@ -320,11 +359,13 @@ already be fixed or additional diagnostics might have been added.
320
359
321
360
- Ensure you haven't added a duplicate `trusted_proxies` list to your `config.php`.
322
361
- If you're modified your `forwarded_for_headers` config, ensure that `HTTP_X_FORWARDED_FOR` is included.
323
-
- If your nextcloud hostname resolves do a dynamic ip you can try setting the `NEXTCLOUD_URL` to the internal ip of the server.
324
-
325
-
Alternatively, editing the `/etc/hosts` file to point your nextcloud domain to the internal ip can work in some setups.
326
-
- If you're running your setup in docker and your containers are linked, you should be able to use the name of the nextcloud container as hostname in the `NEXTCLOUD_URL`
362
+
- If your nextcloud hostname resolves do a dynamic ip you can try setting the `NEXTCLOUD_URL` to the internal ip of the
363
+
server.
327
364
365
+
Alternatively, editing the `/etc/hosts` file to point your nextcloud domain to the internal ip can work in some
366
+
setups.
367
+
- If you're running your setup in docker and your containers are linked, you should be able to use the name of the
368
+
nextcloud container as hostname in the `NEXTCLOUD_URL`
328
369
329
370
## Developing
330
371
@@ -340,4 +381,5 @@ the [current release](https://github.com/nextcloud/notify_push/releases/latest)
0 commit comments