What type of hardware are you using: Other(?) What YunoHost version are you running: 12.0.15 stable What app is this about: ntfy 2.11.0~ynh3
Describe your issue
Since the recent update of ntfy to the newest version (now 2.11.0~ynh3), I am no longer able to receive UnifiedPush notifications for Molly through ntfy.
I want to link it with Molly (a FOSS Android fork of the messaging app Signal) so I can receive push notifications when messages arrive. This requires using Mollysocket.
I have installed Mollysocket and have edited its config file (/var/www/mollysocket/prod.toml) so that its allowed_endpoints points to my ntfy server’s URL (with a trailing / at the end), following the developer’s instructions.
In the ntfy Android app I have also set my ntfy server’s URL as the default (with no trailing slash, otherwise it creates topics with a double slash in the middle).
In Molly’s settings, it says that UnifiedPush is set up OK, but in Mollysocket’s logs an error message appears, saying ‘403 forbidden’ for my ntfy push server.
I have checked both Mollysocket’s and ntfy’s permissions and they are both accessible to Visitors. Are there additional steps I need to take?
Share relevant logs or error messages
From /var/log/mollysocket/mollysocket.log
[2025-05-05T16:17:10Z WARN mollysocket::server::web] Cound not ping the connection (uuid= [redacted] ): HTTP status client error (403 Forbidden) for url (https://ntfy.domain.tld/upZEkWjQOHRMH5?up=1)
ntfy’s docs state that the stock app’s default setting is to allow users (and apps that use ntfy) to make topics with read-write permissions by default (in auth-default-access found in /var/www/ntfy/server.yml).
Opening /var/www/ntfy/server.yml reveals that 2.11.0~ynh3 ntfy’s auth-default-access setting for user (and app) permissions is deny-all by default, meaning apps cannot create new topics themselves.
Changing this to the stock ntfy default of read-write allows notifications to appear in Molly when the ‘send test notification’ button is pressed.
Whether this is advisable or not, I don’t know. I presume the YNH-ntfy’s default was set to deny-all for a reason…?
I guess if you set it to read-write, anyone who can access your server’s IP can use your ntfy instance, like the default ntfy.sh. I’m trying to use ntfy for the Android apps I installed with F-droid, and I tried setting it to write-only, which (I think) means anyone can publish, but I have to put my password on the Android client in order to subscribe. It seems to be working, but I wonder if it would be possible to give tokens to the publishing servers instead, so my server doesn’t have to be open for all.
I’ve just tried setting it to write-only and putting my server’s domain, my Yunohost admin’s username and password into the ntfy Android app. I then restarted the ntfy service on my server. When putting my credentials in, the app noticed the channel that’s already set up for Mollysocket to use, but the channel now only says ‘reconnecting…’ and never actually connects.
I’m getting the impression that using read-write is the only option for now.
