From 7a9128997f20eab1be5f1278ceb3ebb43bce6610 Mon Sep 17 00:00:00 2001 From: tastytea Date: Fri, 10 Sep 2021 14:49:42 +0200 Subject: [PATCH] New post: UnifiedPush. --- ...iedPush-with-Matrix-support-in-Gentoo.adoc | 191 ++++++++++++++++++ 1 file changed, 191 insertions(+) create mode 100644 content/posts/Set-up-UnifiedPush-with-Matrix-support-in-Gentoo.adoc diff --git a/content/posts/Set-up-UnifiedPush-with-Matrix-support-in-Gentoo.adoc b/content/posts/Set-up-UnifiedPush-with-Matrix-support-in-Gentoo.adoc new file mode 100644 index 0000000..149cff8 --- /dev/null +++ b/content/posts/Set-up-UnifiedPush-with-Matrix-support-in-Gentoo.adoc @@ -0,0 +1,191 @@ +--- +title: "Set up UnifiedPush with Matrix support in Gentoo" +slug: "set-up-unifiedpush-with-Matrix-support-in-gentoo" +description: null +date: 2021-09-10T14:49:16+02:00 +type: posts +draft: false +tags: +- UnifiedPush +- nginx +- Matrix +- Gentoo +toc: true +--- + +:url-unifiedpush: https://unifiedpush.org/ +:url-repo-tastytea: https://schlomp.space/tastytea/overlay +:url-server: https://github.com/gotify/server +:url-server-install: https://gotify.net/docs/install +:url-nginx-lua: https://github.com/openresty/lua-nginx-module +:url-lua-cjson: https://www.kyne.com.au/~mark/software/lua-cjson.php +:url-server-config: https://raw.githubusercontent.com/gotify/server/master/config.example.yml +:url-nginx: https://gotify.net/docs/nginx +:url-nginx-up: https://unifiedpush.org/users/distributors/gotify/#nginx +:url-nginx-matrix: https://gitlab.com/famedly/fluffychat/-/tree/main#matrix-specific-re-write-proxy +:url-fdroid: https://f-droid.org/packages/com.github.gotify.up/ +:url-android: https://github.com/UnifiedPush/gotify-android + +I did set up UnifiedPush because I wanted push notifications in FluffyChat +without talking to Google. This was a bit more difficult than I imagined, so I'm +writing it down here. I will go into Gentoo specifics but a lot of this article +should be useful for other Linux distributions and operating systems as well. + +link:{url-unifiedpush}[UnifiedPush] works like this: You have a server and a +notification-application on your phone. The notification-application connects to +the server and receives push notifications from it. Other applications talk with +the notification-application and get the notifications. At least that is how I +understand it. + +== Install and configure the link:{url-server}[server] + +You can install www-apps/gotify-server-bin from +link:{url-repo-tastytea}[::tastytea] or link:{url-server-install}[download the +binary or use docker]. + +.Install the Gotify server in Gentoo +[source,shell] +-------------------------------------------------------------------------------- +sudo eselect repository enable tastytea +sudo emaint sync -r tastytea +echo -e "www-apps/gotify-server-bin\n acct-user/gotify\n acct-group/gotify" \ + | sudo tee /etc/portage/package.accept_keywords/gotify +sudo emerge -a www-apps/gotify-server-bin +-------------------------------------------------------------------------------- + +Put `config.yml` into `/etc/gotify/` and edit it. I will assume that you changed +`listenaddr` to `[::1]` and `port` to `7777`. An example `config.yml` is in +`/usr/share/doc/gotify-server-bin-*/config.example.yml.bz2` and in +link:{url-server-config}[the upstream repository]. Now start the server. + +.Start the Gotify server in Gentoo and make it automatically start at boot +[source,shell] +-------------------------------------------------------------------------------- +sudo rc-service gotify-server-bin start +sudo rc-update add gotify-server-bin +-------------------------------------------------------------------------------- + +[NOTE] +If you do not use the OpenRC init script or docker, be aware that the Gotify +server creates and uses a directory called `data/` in its current path. + +== Configure nginx + +You will need the link:{url-nginx-lua}[lua module] for nginx and +link:{url-lua-cjson}[lua-cjson]. I will not cover TLS certificates here, there +are many good guides about that already. + +.Reinstall nginx with lua support and install lua-cjson in Gentoo +[source,shell] +-------------------------------------------------------------------------------- +echo "www-servers/nginx NGINX_MODULES: http_lua" | sudo tee /etc/portage/package.use/gotify +echo "dev-lua/lua-cjson" | sudo tee -a /etc/portage/package.accept_keywords/gotify +sudo emerge -a1 www-servers/nginx +sudo emerge -a dev-lua/lua-cjson +sudo rc-service nginx restart +-------------------------------------------------------------------------------- + +You may have to tell nginx its lua module where to find lua-cjson. In my case I +had to add `lua_package_cpath "/usr/share/lua/5.1/?.so;;";` above the `server` +block. The `;;` means that the previous value of `lua_package_cpath` should be +appended. + +Copy the link:{url-nginx}[configuration example], edit `server_name`, change +`listen 80;` to `listen [::]:443 ssl;` and `listen 443 ssl;` and change +`proxy_pass` to `http://[::1]:7777`. You don't need the `upstream` bit. + +Copy the link:{url-nginx-up}[configuration example for UnifiedPush] into your +`server` block and change `proxy_pass` to `http://[::1]:7777/message`. + +Copy the link:{url-nginx-matrix}[configuration example for Matrix] into your +`server` block and change `relay.example.tld` to your `server_name`. + +.Your nginx configuration should look similar to this +[source,nginx] +-------------------------------------------------------------------------------- +lua_package_cpath "/usr/share/lua/5.1/?.so;;"; + +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name push.example.org; + + # access_log /var/log/nginx/push.example.org_log main; + error_log /var/log/nginx/push.example.org_log warn; + + ssl_certificate /var/lib/dehydrated/certs/push.example.org/fullchain.pem; + ssl_certificate_key /var/lib/dehydrated/certs/push.example.org/privkey.pem; + + location / { + proxy_pass http://[::1]:7777; + proxy_http_version 1.1; + + # Ensuring it can use websockets + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto http; + proxy_redirect http:// $scheme://; + + # The proxy must preserve the host because gotify verifies the host with the origin + # for WebSocket connections + proxy_set_header Host $http_host; + + # These sets the timeout so that the websocket can stay alive + proxy_connect_timeout 1m; + proxy_send_timeout 1m; + proxy_read_timeout 1m; + } + + location /UP { + access_by_lua_block{ + local json=require("cjson") + ngx.req.read_body() + local req = ngx.req.get_body_data() + local newreq = { ["message"] = req } + local body = json.encode(newreq) + ngx.req.set_body_data(body) + } + + proxy_set_header Content-Type application/json; + proxy_pass http://[::1]:7777/message; + proxy_set_header Host $host; + } + + location /_matrix/push/v1/notify { + set $target ''; + if ($request_method = GET ) { + return 200 '{"gateway":"matrix","unifiedpush":{"gateway":"matrix"}}'; + } + access_by_lua_block { + local cjson = require("cjson") + ngx.req.read_body() + local body = ngx.req.get_body_data() + local parsedBody = cjson.decode(body) + local accepted = "https://push.example.org/" + ngx.var.target = parsedBody["notification"]["devices"][1]["pushkey"] + ngx.req.set_body_data(body) + if(string.sub(ngx.var.target,1,string.len(accepted))~=accepted) then ngx.var.target="http://0.0.0.0/" + end + } + proxy_set_header Content-Type application/json; + proxy_set_header Host $host; + proxy_pass $target; + } +} +-------------------------------------------------------------------------------- + +Reload nginx and change the admin password in the web interface. + +== Use UnifiedPush + +Log into your Gotify server and add a new user. Install the +link:{url-fdroid}[Android application]. Make sure you install “Gotify-UP” and +_not “Gotify”_. Open Gotify-UP and register with your server. Applications +supporting UnifiedPush should now register themselves on your server and show up +in the “Apps” tab. You may have to restart the application first. Have a look at +the readme of the link:{url-android}[upstream repository] for help with +disabling battery optimization and constant foreground notification. + +// LocalWords: UnifiedPush Gotify readme