Now that we have secured ntfy in our homelab, we can go one step further and add an SSL certificate for all communication to it as well. This will add another level of security and make it so that the username and password we set up won’t be sent in plain text for anyone to see. Let’s get started.
Step 1: SSL In Nginx
For this to work, we will need to have nginx installed on a VM, as per the previous article where we installed nginx on our vm. We also need to have certbot installed on our VM as per the instructions. Again, log in to the VM as per normal and evelate to a super user with the command:
sudo suTo see a lost of available websites, run the command:
certbot --nginxSelect the URL that we want to run SSL on. To do this, select and press the corresponding number of the address we want to secure and press enter. Once certbot installs the SSL certificate, we can access our ntfy instance again. This time, that annoying message we used to see:
will now be gone. We will now be able to subscribe inside our browser as well.
From here, we will need to add the username and password again. Yes, we did this previously, bu the credentials are stored in the browser, and it is URL specific. Previosuly when we stored it, it was stored under http://techdecode.tplinkdns.com, but now that we are running https, the address changed to https://techdecode.tplinkdns.com. This means we will need to add the username and password again, as well as subscribe. We can then also send a test message and get it on our phone. Well, almost, we still need to also update our phone.
You will also need to re-add the username and password on your phone, as previously it was also stored as http. Then we need to unsubscribe from the topic and resubscribe. A good ide would also be to change the default server to also be https, as this will make future subscriptions easier.
Conclusion
Yes, that was quick, easy and painless. But now we have really secured our ntfy service and also the communication with it. This makes it a LOT more secure and easier to work with. There are other ways of securing it as well, but we are not going down that rabbit hole (yet!). First, let’s actually get a use for ntfy and start monitoring our services properly. Look our for the next instalment where we are going to get Uptime Kuma monitoring services up and running.