Cannot get Notify_Push to work with reverse proxy

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can.

The Basics

• Nextcloud Server version (e.g., 29.x.x):
  • Nextcloud Hub 25 Autumn (32.0.1)
• Operating system and version (e.g., Ubuntu 24.04):
  • Ubuntu 25.04
• Web server and version (e.g, Apache 2.4.25):
  • Apache/2.4.63
• Reverse proxy and version _(e.g. nginx 1.27.2)
  • replace me
• PHP version (e.g, 8.3):
  • 8.4
• Is this the first time you’ve seen this error? (Yes / No):
  • Yes
• When did this problem seem to first start?
  • Update to Nextcloud 32.0.1
• Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
  • Bare Metal / Proxmox Helper Script
• Are you using CloudfIare, mod_security, or similar? (Yes / No)
  • No

Summary of the issue you are facing:

I updated nextcloud this morning and now a warning came up that wants me to install the notify_push app. So I tried to do this, without luck so far.

I have now read countless other posts but could not find a solution yet. I tried to set it up like mentioned in the documentation, but the reverse proxy does not seem to work.

My setup: Nextcloud is running in an LCX on a Proxmox Host. There it is setup with DDNS and a public IPV6 address whichs works good so far.

Now I tried to install the notify_push app and configure the reverse proxy but it just does not work.

Config entries

/var/www/nextcloud/config/config.php

root@nextcloud:~# cat /var/www/nextcloud/config/config.php 
<?php
$CONFIG = array (
  'instanceid' => 'xxx',
  'passwordsalt' => '(truncated)',
  'secret' => '(truncated)',
  'trusted_domains' => 
  array (
    0 => '192.168.10.3',
    1 => 'xxx.dynv6.net',
  ),
  'datadirectory' => '/var/www/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '32.0.1.2',
  'overwrite.cli.url' => 'https://xxx.dynv6.net',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'admin',
  'dbpassword' => '(truncated)',
  'installed' => true,
  'maintenance' => false,
  'maintenance_window_start' => 1,
  'opcache.interned_strings_buffer' => 32,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => 'localhost',
    'port' => 6379,
  ),
  'mail_from_address' => 'xxx',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'xxx',
  'mail_smtphost' => 'xxx',
  'mail_smtpport' => '587',
  'trashbin_retention_obligation' => 'auto, 30',
  'theme' => '',
  'loglevel' => 2,
  'mail_smtpauth' => true,
  'mail_smtpname' => 'xxx',
  'mail_smtppassword' => 'xxx',
  'forbidden_filename_basenames' => 
  array (
    0 => 'con',
    1 => 'prn',
    2 => 'aux',
    3 => 'nul',
    4 => 'com0',
    5 => 'com1',
    6 => 'com2',
    7 => 'com3',
    8 => 'com4',
    9 => 'com5',
    10 => 'com6',
    11 => 'com7',
    12 => 'com8',
    13 => 'com9',
    14 => 'com¹',
    15 => 'com²',
    16 => 'com³',
    17 => 'lpt0',
    18 => 'lpt1',
    19 => 'lpt2',
    20 => 'lpt3',
    21 => 'lpt4',
    22 => 'lpt5',
    23 => 'lpt6',
    24 => 'lpt7',
    25 => 'lpt8',
    26 => 'lpt9',
    27 => 'lpt¹',
    28 => 'lpt²',
    29 => 'lpt³',
  ),
  'forbidden_filename_characters' => 
  array (
    0 => '<',
    1 => '>',
    2 => ':',
    3 => '"',
    4 => '|',
    5 => '?',
    6 => '*',
    7 => '\\',
    8 => '/',
  ),
  'forbidden_filename_extensions' => 
  array (
    0 => ' ',
    1 => '.',
    2 => '.filepart',
    3 => '.part',
  ),
  'config_preset' => 2,
  'trusted_proxies' => 
  array (
    0 => '127.0.0.1',
    1 => '::1',
  ),
  'push' => 'https://xxx.dynv6.net/push',
  'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR', 'HTTP_X_REAL_IP'),
);

/etc/apache2/sites-available/nextcloud.conf

root@nextcloud:~# cat /etc/apache2/sites-available/nextcloud.conf
<VirtualHost *:80>
    ServerName xxx.dynv6.net

    Redirect permanent / https://xxx.dynv6.net/
</VirtualHost>

<VirtualHost *:443>
    ServerName hackelcloud.dynv6.net

    DocumentRoot /var/www/nextcloud

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/xxx.dynv6.net/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/xxx.dynv6.net/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    <Directory /var/www/nextcloud/>
        Require all granted
        AllowOverride All
        Options FollowSymLinks MultiViews

        <IfModule mod_dav.c>
            Dav off
        </IfModule>
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/nextcloud_ssl_error.log
    CustomLog ${APACHE_LOG_DIR}/nextcloud_ssl_access.log combined

    <IfModule mod_headers.c>
      Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
      
      # Header für echte Client-IP
      #RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
      #RequestHeader set X-Forwarded-Port expr=%{SERVER_PORT}
      #RequestHeader set X-Real-IP expr=%{REMOTE_ADDR}
      #RequestHeader set X-Forwarded-For expr=%{REMOTE_ADDR}
    </IfModule>

    # Notify Push reverse proxy
    ProxyPass /push/ws ws://127.0.0.1:7867/ws
    ProxyPass /push/ http://127.0.0.1:7867/
    ProxyPassReverse /push/ http://127.0.0.1:7867/   
</VirtualHost>

I tried adding the X-Forward-For header with no luck. I also tried changing the Nextcloud URL to localhost. The setup tool always gives me this message:

test output: ✓ redis is configured
             🗴 using unencrypted http for push server is strongly discouraged
             🗴 push server URL is set to localhost, the push server will not be reachable from other machines
             ✓ push server is receiving redis messages
             ✓ push server can load mount info from database
             🗴 push server can't connect to the Nextcloud server
             
  See the steps in the README for manual setup instructions: https://github.com/nextcloud/notify_push

The deamon is running but shows no connections to any client.

root@nextcloud:~# sudo -u www-data php /var/www/nextcloud/occ notify_push:metrics
Active connection count: 0
Active user count: 0
Total connection count: 0
Total database query count: 4
Events received: 11
Messages sent: 0
Messages sent (file): 0
Messages sent (notification): 0
Messages sent (activity): 0
Messages sent (custom): 0

I cannot just add my server IP to the trusted domains since this IP changes via DDNS, at least that is my understanding of it.

Any help would is highly appreciated since I am out of ideas what I have to change in order to get this to work.

FYI: This is not an AIO installation per your provided config (incidentally if it was, notify_push is already pre-configured in an AIO based deployment).

I updated nextcloud this morning and now a warning came up that wants me to install the notify_push app. So I tried to do this, without luck so far.

What warning are you referring to specifically? I don’t know of any warnings in any of the clients specific to notify_push. It’s not required.

What URL did you provide when running setup - e.g.

occ notify_push:setup https://cloud.example.com/push

The output of the test run suggests you specified http://localhost/push.

Hello,

first of all thank you for the quick reply.

You are right, I have mistaken the AIO install with an Proxmox helper install script which I actually used, sorry.

So no high performance backend and no notify_push was installed in my setup and after the update to Nextcloud Hub 25 there was the warning in the admin panel of Nextcloud itself that I should install notify_push. The warning was not in a client app.

I used this command for the test:
sudo -u www-data php /var/www/nextcloud/occ notify_push:setup https://xxx.dynv6.net/push

Using http://localhost/push gives me the same result.

So I used the DNS name of my server + /push, because I saw this in another post.

Okay I see where you got this from: the Talk app.

With Talk, there was a (relatively recent) setup check added that warns if the notify_push app is not installed. This is because not having it may lead to slightly delayed Talk notifications, since they’ll only be received during periodic polling (rather than semi-instantly). AFAIK only impacts the desktop Talk client, but not mobile.

(There are also some other reasons to use notify_push, such as if you’re using the Desktop file sync app.)

Are you using either Talk or the Desktop sync app?

Maybe you should consider actually using AIO instead of the Proxmox helper scripts (and I recommend doing so in a VM instead of an LXC).

Two main reasons for that:

1. AIO is maintained by @szaimen, which alone makes it worth using.
2. AIO is the official appliance, and more importantly, everything you would normally need is already configured out of the box, including Notify Push, the Talk High-Performance Backend, and more.
3. Not every warning is an actual issue, but Notify Push is genuinely useful, not only for instant Talk notifications but also to reduce server load since, otherwise, clients have to keep polling the server. So, you’ll save system resources this way and might even be able to afford running it in a VM instead of an LXC, which I highly recommend.

Okay, that was three points.

I have the talk app installed but currently I am not really using it. Desktop sync I do use on all my devices (desktop PC, laptop, android phone).

I understand why using the AIO docker container would be the fastest way to set Nextcloud up.

Since I want to understand how the things work my preferred way is to continue using the already partially working LXC setup, i mean… It worked out quite well so far, until I decided to install notify_push Maybe if this is a dead end for me then I can switch to AIO later on…

That being said, maybe someone has a hint on what is wrong with my setup? I will try now to figure this out by myself a bit more, if I have updated then I will post them here.

Finally, after hours of trial and error notify_push is working now

Here are the main issues I had:

1. I had a port 80 virtualhost that did a redirect to 443 → This must only happen for external IPs, not for localhost (127.0.0.1) since the notify_push service connects locally via localhost to nextcloud.

<VirtualHost *:80>
ServerName xxx.dynv6.net

RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]

</VirtualHost>

2. The NEXTCLOUD_URL set in the systemd service must point to localhost, so I added “172.0.0.1 xxx.dynv6.net” in my /etc/hosts and used the DNS-Url in the service config.
   Also I used these configs in the nextcloud config in /var/www/nextcloud/config/nextcloud.conf

‘overwriteprotocol’ => ‘https’,
‘overwritehost’ => ‘xxx.dynv6.net’,

This overwrites the automatic detection as mentioned here: Reverse proxy — Nextcloud latest Administration Manual latest documentation

3. In my port 443 virtualhost I needed to add the forwarding for the X-Forwarded Headers, otherwise the self-test will fail.

<IfModule mod_headers.c>
      Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"

  # Pass real client ip
  RequestHeader set X-Forwarded-Proto "https"
  RequestHeader append X-Forwarded-For "%{REMOTE_ADDR}s"
</IfModule>

The notify_push:self-test utility now passes all tests and I can see my connected clients and sent messages with the :metrics command. Also in my Windows Explorer files are popping up and are being removed immediately when I add or remove a file in the web ui

I think these were all the missing steps.

Maybe this helps someone else trying to setup Nextcloud in an LXC with a reverse proxy and notify_push. Next is the high performance backend I guess

Can you please exactly explain, how you did the setup? I have the Same Problem you discribed. I cant get it to work. Im trying for Hours…

My Reverse Proxy is zoraxy.

Nothing Helped.

Please can you discribe me what you did?

Thanks

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.