Has anyone tried to configure authelia or authentik with a local nfty server, do you know any way to protect the web interface?

  • GregPL151@alien.topB
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    For sure set the authentication inside NTFY itself. In terms of protecting NTFY with Authelia that is what I did to allow iOS app to receive notifications and being able to see the messages in the app.

    Add below in Authelia configuration.yml

    - domain: ‘ntfy.example.com

    resources:

    - ‘^/yourtopic/json\?poll=1&’

    methods:

    - GET

    policy: bypass

    change domain to your NTFY hostname and ‘yourtopic’ to your topic name.

    I have a default config that protects everything else and bypass only this one so if you try to access your NTFY URL in the browser it will ask you to authenticate, but the iOS app will be able to do get the message from your NTFY server bypassing Authelia. Obviously, the topic itself requires built-in NTFY authentication so no one without the credentials cannot get the messages and no one can push new messages as well.

    Not sure how it would work with Android but you can protect your NTFY instance with Authelia and then see in nginx logs what URIs Android app is trying to reach and figure out what is required to get it work. Hope that helps a bit ;)

    • nicnic2001@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      So do you add ‘ntfy.example.com’ in your one/two_factor policies? And then a separate ‘ntfy.example.com’ with the resource regex for bypass policy?

      For example:

          - domain:
            - ntfy.example.com
            policy: two_factor
            subject:
            - ["group:admins"]
          
          - domain:
            - ntfy.example.com
            methods:
            - GET
            resources: '^/test([/?].*)?$'
            policy: bypass