High Performance Backend for Files and Reverse Proxy on seperate Server

Update:
i modified the /etc/systemd/system/notify_push.service as follows

[Unit]
Description = Push daemon for Nextcloud clients

[Service]
Environment = PORT=7867 DATABASE_URL=postgres://user:password@127.0.0.1/NC-DB?sslmode=disable DATABASE_PREFIX=oc_ REDIS_URL=unix:/var/run/redis/redis.sock NEXTCLOUD_URL=https://MY-NC-FQDN>
ExecStart = /var/www/nextcloud/apps/notify_push/bin/x86_64/notify_push
#/var/www/nextcloud/config/config.php
User=www-data

[Install]
WantedBy = multi-user.target

after a systemctl daemon-reload and systemctl restart notify_push i get now

notify_push.service - Push daemon for Nextcloud clients
Loaded: loaded (/etc/systemd/system/notify_push.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2021-04-10 13:21:00 CEST; 5min ago
Main PID: 53646 (notify_push)
Tasks: 3 (limit: 19110)
Memory: 1.2M
CGroup: /system.slice/notify_push.service
└─53646 /var/www/nextcloud/apps/notify_push/bin/x86_64/notify_push

Apr 10 13:26:28 cloud notify_push[53646]: Failed to setup redis subscription: Failed to subscribe to redis pubsub: NOAUTH: Authentication required.
Apr 10 13:26:28 cloud notify_push[53646]: [2021-04-10 13:26:28.510291 +02:00] WARN [notify_push] src/lib.rs:348: Redis server disconnected, reconnecting in 1s
Apr 10 13:26:29 cloud notify_push[53646]: Failed to setup redis subscription: Failed to subscribe to redis pubsub: NOAUTH: Authentication required.
Apr 10 13:26:29 cloud notify_push[53646]: [2021-04-10 13:26:29.511622 +02:00] WARN [notify_push] src/lib.rs:348: Redis server disconnected, reconnecting in 1s
Apr 10 13:26:30 cloud notify_push[53646]: Failed to setup redis subscription: Failed to subscribe to redis pubsub: NOAUTH: Authentication required.
Apr 10 13:26:30 cloud notify_push[53646]: [2021-04-10 13:26:30.512031 +02:00] WARN [notify_push] src/lib.rs:348: Redis server disconnected, reconnecting in 1s
Apr 10 13:26:31 cloud notify_push[53646]: Failed to setup redis subscription: Failed to subscribe to redis pubsub: NOAUTH: Authentication required.
Apr 10 13:26:31 cloud notify_push[53646]: [2021-04-10 13:26:31.513458 +02:00] WARN [notify_push] src/lib.rs:348: Redis server disconnected, reconnecting in 1s
Apr 10 13:26:32 cloud notify_push[53646]: Failed to setup redis subscription: Failed to subscribe to redis pubsub: NOAUTH: Authentication required.
Apr 10 13:26:32 cloud notify_push[53646]: [2021-04-10 13:26:32.514049 +02:00] WARN [notify_push] src/lib.rs:348: Redis server disconnected, reconnecting in 1s

I checked my redis.conf file and still had the requirepass Option enabled.
After commenting out this option and systemctl restart redis-server

i changed my nextcloud/config/config.php for redis as well.

Now i get the following after command systemctl restart notify_push

notify_push.service - Push daemon for Nextcloud clients
     Loaded: loaded (/etc/systemd/system/notify_push.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2021-04-10 13:42:51 CEST; 4s ago
   Main PID: 57699 (notify_push)
      Tasks: 4 (limit: 19110)
     Memory: 1.4M
     CGroup: /system.slice/notify_push.service
             └─57699 /var/www/nextcloud/apps/notify_push/bin/x86_64/notify_push /var/www/nextcloud/config/config.php

Apr 10 13:42:51 cloud systemd[1]: Started Push daemon for Nextcloud clients.

But still after sudo -u www-data php occ notify_push:self-test

i get

🗴 no push server configured

Is there an option in the config.php that i have to set?

With help from Whissi on github i got my notify-push working with nginx server on the NC-Server and nginx server on a different reverse proxy in front of the NC.

Steps i reproduced

1. set REDIS_URL to socket instead of http://…
2. set ?sslmode=disable behind DATABASE_URL
3. make push_notify start not before all other services are up and running
   insert → After=nginx.service php8.0-fpm.service postgresql.service redis.service

My actual /etc/systemd/system/notify_push.service is

[Unit]
Description = Push daemon for Nextcloud clients
After=nginx.service php8.0-fpm.service postgresql.service redis.service

[Service]
Environment = PORT=7867 DATABASE_URL=postgres://USERNAME:PASSWORD@127.0.0.1/cloud?sslmode=disable DATABASE_PREFIX=oc_ REDIS_URL=unix:/var/run/redis/redis.sock NEXTCLOUD_URL=https://my.domain 
ExecStart = /var/www/nextcloud/apps/notify_push/bin/x86_64/notify_push /var/www/nextcloud/config/config.php
    User=www-data

[Install]
WantedBy = multi-user.target

On my NC-Server i added the following to my /etc/nginx/conf.d/nextcloud.conf

location /push/ {
    proxy_pass http://127.0.0.1:7867/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

And what is more important (comes from the tip)

In /etc/nginx/nginx.conf that contains my http block i entered

http {

 map $http_upgrade $connection_upgrade {
     default upgrade;
     ''      close;
      }

On my reverse proxy i hat a /etc/nginx/conf.d/cloud.conf (vhost for my NC Server) i added

 location /push/ {
         proxy_pass      http://$upstream;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "Upgrade";
         proxy_set_header Host                   $host;
         proxy_set_header X-Forwarded-Host       $host;
         proxy_set_header X-Forwarded-Proto      $scheme;
         proxy_set_header X-Real-IP              $remote_addr;
         proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
         }

$upstream points to my LOCAL-NC-SERVER-IP

With that php occ notify-push:self-test gives back

✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
✓ push server is a trusted proxy
✓ push server is running the same version as the app

Thanks to all and i hope this summary can help any other with two nginx servers (NC and Reverse Proxy)

Link to github: Add this behind an Nginx Reverse Proxy (different server)? · Issue #63 · nextcloud/notify_push · GitHub

Link to help pages: WebSocket proxying

I know this is a very old thread, but it seems it remains a bit challenging to get this app configured. Thanks @chrissi55 for your summary, that was really helpful I think you have one typo though: the reverse proxy should not point to port 7876 of the NC server, right? So it should be: proxy_pass http://$upstream; (and NOT proxy_pass http://$upstream:7876;). At least that is what made it work for me. This makes sense to me in my setup since the web server on the NC instance is only listening on port 80, and there it is forwarded to 127.0.0.1:7867 on which notify_push is listening. I’ve tested it with both Apache and nxinx as the webserver on the NC instance (with nginx as the reverse proxy).

Yes thanks, i’ve tried the Reverse Proxy settings without giving the port number and it worked for me either.

Strange that in my case both versions are doing their job?! Re-entering the port number to the nginx conf file for the cloud (inclusive /push/ ) gives no errors back.

But you’re right → reverse proxy config without the :7867 is more simple, so i 've changed my explanation above.

Just in case that would be helpful to anyone, here’s how a systemd unit file looks like in case you are connecting to a MariaDB socket instead. How to do this is hidden on the README page: expand the “Snap configuration” section.

[Unit]
Description = Push daemon for Nextcloud clients
After=httpd.service php-fpm.service mysql.service redis.service

[Service]
Environment=DATABASE_URL=mysql://DBUSER:DBPASS@localhost/nextcloud?socket=/run/mysqld/mysqld.sock
Environment=REDIS_URL=redis+unix:///run/redis/redis.sock
Environment=PORT=7867 BIND=127.0.0.1 DATABASE_PREFIX=oc_
Environment=NEXTCLOUD_URL=https://mynextcloud.myserver.com
ExecStart = /usr/share/webapps/nextcloud/apps/notify_push/bin/x86_64/notify_push /etc/webapps/nextcloud/config/config.php
User = nextcloud

[Install]
WantedBy = multi-user.target

Note the slightly different User, ExecStart and After since I am running on another distro (Arch Linux), adjust as needed.

When running Apache on the NC server side the configuration (under /etc/httpd/conf/httpd.conf or alternatively in a /etc/httpd/conf/extra/httpd-vhosts-nextcloud.conf alike file if you include it in the main configuration file) is slightly different compared to nginx:

<VirtualHost *:80>
    ServerName mynextcloud.mylan
    # all your other settings
    # ...
    ProxyPass /push/ws ws://127.0.0.1:7867/ws
    ProxyPass /push/ http://127.0.0.1:7867/
    ProxyPassReverse /push/ http://127.0.0.1:7867/
</VirtualHost>