Richard Applegate

Tag: ntfy

  • Ntfy: Watchtower, How to set it up with portainer?

    Well, it’s easy, let get this start,

    Example:

    Watchtower Docker-compose

    version: "3"
services:
  watchtower:
    image: containrrr/watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - stack.env
      
    WATCHTOWER_SCHEDULE=* 22 * * *
WATCHTOWER_NOTIFICATIONS=shoutrrr
WATCHTOWER_NOTIFICATION_SKIP_TITLE=True
WATCHTOWER_NOTIFICATION_URL=ntfy://ntfy.sh/my_watchtower_topic?title=WatchtowerUpdates

    Then the second file is a stack.env, make sure it is a same path.

    WATCHTOWER_SCHDULE: cron job I choose at night, so I can work on the server without being outrage services.

    WATCHTOWER_NOTIFICATIONS: We use Shoutrrr

    WATCHTOWER_NOTIFICATION_SKIP_TITLE: True (I leave it as default)

    WATCHTOWER_NOTIFICATION_URL: ntfy://ntfy.sh/my_watchtower_topic?title=WatchtowerUpdates

    After you run, you should get a notification from your ntfy app or your ntfy browser.

  • Ntfy: push notification for services.

    I am using Ntfy for my SSH alert and watchtower update. It is pretty cool to have this feature, so I can know who is accessing my server without my authorization. And know my docker needs to be updated as well.

    SSH Alert Example

    Command this to open code, 

    nano /etc/pam.d/sshd

    Please add this code to the bottom of the page.

    session optional pam_exec.so /usr/local/bin/ntfy-ssh-login.sh

    You should create a script file called /usr/local/bin/ntfy-ssh-login.sh

    nano /usr/local/bin/ntfy-ssh-login.sh

    Here code, make sure you change the server URL and username and password for nginx auth.

    #!/bin/bash
# This is a PAM script hook that shows how to notify you when
# somebody logs into your server. Place at /usr/local/bin/ntfy-ssh-login.sh (with chmod +x!).

TOPIC_URL=yourntfydomain
NGINXUSER=yourusername
NGINXPASSWORD=yourpassword

if [ "${PAM_TYPE}" = "open_session" ]; then
  curl -u ${NGINXUSER}:${NGINXPASSWORD} -H tags:warning -H prio:high -d "SSH login to $(hostname): ${PAM_USER} from ${PAM_RHOST}" "${TOPIC_URL}"
fi

    Then Now you save Ctrl +x then yes

    Make sure you have chmod permissions. Here is the command.

    chmod +x /usr/local/bin/ntfy-ssh-login.sh

    Go try logging into another terminal and see if it notifications you, then try logging in again and see if it notifications you. 🙂

    It works well. It shows the username and IP address, so the IT team can protect the account if they don’t have permission to access our server.