Christian Wellsntfy (Push Notifications via HTTP) on Rocky Linux 9
ntfy is a lightweight, open-source push notification service over HTTP that lets you send real-time notifications to phones, desktops, and scripts using simple HTTP requests. Instead of relying on third-party push providers, ntfy enables you to self-host your own notification infrastructure, giving you full control over topics, authentication, message retention, and data privacy.
Sending a notification can be as simple as a single curl command, which makes ntfy ideal for server monitoring alerts, CI/CD pipelines, cron jobs, webhooks, IoT devices, and DevOps automation.
Running ntfy on Rocky Linux 9, a RHEL-compatible enterprise Linux distribution, provides long-term stability, predictable updates, and strong security defaults. Combined with Nginx and HTTPS, Rocky Linux 9 offers a production-grade foundation for a secure, reliable notification service.
Architecture Overview
| Layer | Component | Role |
|---|---|---|
| OS | Rocky Linux 9 | Enterprise-grade, RHEL-compatible Linux base |
| Application | ntfy server (Go binary) | Push notification server |
| Protocol | HTTP / WebSockets | Publishing and real-time delivery |
| Reverse Proxy | Nginx | HTTPS termination, routing, rate limiting |
| TLS | Let’s Encrypt / PKI | Encrypted client connections |
| Clients | Mobile, Desktop, CLI, Web | Subscribe to topics and receive messages |
ntfy is distributed as a single static Go binary, which makes it extremely fast, resource-efficient, and easy to operate.
Why Use ntfy?
- Push notifications via simple HTTP calls
- Fully self-hosted — no external push providers
- Very lightweight — minimal CPU and memory usage
- Cross-platform clients — Android, iOS, desktop, web, CLI
- Topic-based publish/subscribe model
- Supports WebSockets, streaming, and polling
- Authentication & access control — public or private topics
- Perfect for automation and monitoring workflows
ntfy is designed for users who want reliable notifications without unnecessary complexity.
ntfy vs Other Notification Solutions
| Feature / Capability | ntfy | Pushover | Firebase | Gotify |
|---|---|---|---|---|
| Hosting | Self-hosted | Cloud only | Cloud only | Self-hosted |
| Protocol | HTTP / WebSocket | API | SDK-based | HTTP |
| Privacy | Full control | Cloud-based | Cloud-based | Full control |
| Setup complexity | Very low | Low | High | Medium |
| Clients | Mobile, desktop, CLI | Mobile | Mobile | Mobile / web |
| Cost | Free, open-source | Paid | Free / Paid | Free |
ntfy stands out for its simplicity, flexibility, and DevOps-friendly design.
Security & Best Practices on Rocky Linux 9
- Run ntfy behind Nginx with HTTPS enabled.
- Bind ntfy to 127.0.0.1 and expose only Nginx publicly.
- Use TLS certificates (Let’s Encrypt recommended).
- Enable authentication and access control for private topics.
- Store credentials and tokens securely in config files or environment variables.
- Enable SELinux enforcing mode and configure policies accordingly.
- Configure firewalld to allow only ports 80 and 443.
- Add rate limiting in Nginx to prevent abuse.
- Keep Rocky Linux and ntfy updated regularly.
- Manage ntfy with systemd for automatic restarts and startup on boot.
Typical Use Cases
- Server monitoring alerts (CPU, disk, memory, downtime)
- CI/CD pipeline notifications
- Cron job success/failure alerts
- Home-lab and self-hosted service monitoring
- IoT device status notifications
- Webhook-driven automation
- Personal push notifications without cloud services
Deploying ntfy on Rocky Linux 9 with SSL gives you a fast, secure, and fully self-hosted push notification system — ideal for automation, monitoring, and real-time alerts, all without relying on third-party providers.
Step 1: Set Up a Server Instance on Shape.Host
Before installing ntfy, you need a VPS to host it.
Log in to your Shape.Host account at https://shape.host.
From the dashboard, click Create and choose Instance.
Select a data center location that best fits your target audience.
Choose a VPS plan with at least:
2 CPU cores
2–4 GB RAM
20 GB SSD storage
Select Rocky Linux 9 (64-bit) as the operating system.
Finalize the creation and wait for the instance to be deployed.
Copy the public IP address of the server.
This server will run Docker, ntfy, and Nginx, secured with HTTPS.
Step 2: Connect to Your Rocky Linux 9 Server
Linux / macOS
ssh root@YOUR_SERVER_IP
Windows
Use PowerShell, Windows Terminal, or PuTTY:
ssh root@YOUR_SERVER_IP
Once connected, you should be logged in as root.
Step 3: Install ntfy Using Docker Compose
3.1 Update the System
dnf update
Updates all system packages to the latest available versions.
3.2 Install Required Dependencies
dnf install ca-certificates curl gnupg2 dnf-utils
Installs tools required to add and verify external repositories.
3.3 Add Docker Repository
dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
Adds the official Docker repository compatible with Rocky Linux 9.
dnf makecache
Refreshes the package metadata cache.
3.4 Install Docker and Docker Compose
dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
Installs Docker Engine and Docker Compose plugin.
systemctl enable docker
Enables Docker to start automatically at boot.
systemctl start docker
Starts the Docker service.
docker --version
Verifies Docker installation.
docker compose version
Verifies Docker Compose availability.
3.5 Create ntfy Project Structure
mkdir -p /opt/ntfy
cd /opt/ntfy
nano docker-compose.yml
Paste the following content:
services:
ntfy:
image: binwiederhier/ntfy:latest
container_name: ntfy
restart: unless-stopped
ports:
- "127.0.0.1:2586:80"
volumes:
- /opt/ntfy/cache:/var/cache/ntfy
- /opt/ntfy/config:/etc/ntfy
command: serve
This configuration ensures ntfy only listens locally and is safely exposed via Nginx.
3.6 Create Cache and Config Directories
mkdir -p /opt/ntfy/cache
mkdir -p /opt/ntfy/config
3.7 Configure ntfy Server
nano /opt/ntfy/config/server.yml
Paste:
base-url: https://ntfy.example.com
listen-http: ":80"
cache-file: /var/cache/ntfy/cache.db
behind-proxy: true
auth-default-access: deny
auth-file: /etc/ntfy/auth.db
attachment-cache-dir: /var/cache/ntfy/attachments
attachment-total-size-limit: 5G
attachment-file-size-limit: 50M
This configuration:
- Enables reverse proxy support
- Secures ntfy by default
- Allows controlled attachment uploads
3.8 Start ntfy
docker compose pull
Downloads the latest ntfy image.
docker compose up -d
Starts the ntfy container in detached mode.
docker compose ps
Verifies that the container is running.
Step 4: Configure Nginx Reverse Proxy
4.1 Install and Enable Nginx
dnf install nginx
systemctl enable nginx
systemctl start nginx
systemctl status nginx
4.2 Create Nginx Configuration for ntfy
nano /etc/nginx/conf.d/ntfy.conf
Paste:
server {
listen 80;
server_name ntfy.example.com;
client_max_body_size 100M;
location / {
proxy_pass http://127.0.0.1:2586;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
4.3 Reload Nginx
nginx -t
systemctl reload nginx
Step 5: Enable SSL with Let’s Encrypt
5.1 Install Certbot
dnf install epel-release
dnf install certbot python3-certbot-nginx
5.2 Obtain SSL Certificate
certbot --nginx -d rockylinux-tutorials.shape.host
Replace with your own domain, for example:
yourdomain.com
Certbot will automatically configure HTTPS and set up certificate renewal.
You installed ntfy on Rocky Linux 9 using Docker Compose, secured it with Nginx, and enabled SSL with Let’s Encrypt. This setup is reliable, secure, and ideal for real-world production use cases such as monitoring and alerting.
https://shape.host/ For hosting ntfy and other self-hosted services with excellent performance and scalability, Shape.Host Linx SSD VPS provides a robust infrastructure tailored for modern applications.
