Thatâs basically the issue, you need to setup notify_push
I have notify_push working on server already and mobile clients successfully get notifications.
As wrote here, notify_push has nothing to do with mobile clients.
I donât get whatâs your current issue is then, when notify_push works correctly?
Hey @Vasilij_Lebedinskij have you verified that HPB client push is actually working?
Verify notify_push metrics using occ commands
View client push metrics:
occ notify_push:metrics
example output
Active connection count: 1
Active user count: 1
Total connection count: 10
Total database query count: 2
Events received: 12
Messages sent: 0
Messages sent (file): 0
Messages sent (notification): 0
Messages sent (activity): 0
Messages sent (custom): 0
Notify push self test
testing notify push functionality:
occ notify_push:self-test
result should be something like:
â redis is configured
â push server is receiving redis messages
â push server can load mount info from database
â push server can connect to the Nextcloud server
â push server is a trusted proxy
â push server is running the same version as the app
Notify push logging and debugging
Debug option for notify_push
occ notify_push:log debug
and
sudo journalctl -eu notify_push
I know youâre not using the snap, but this wiki might explain what is required: Configure HPB client push for Nextcloud snap ¡ nextcloud-snap/nextcloud-snap Wiki. Obviously youâll need to adapt this to meet your instance requirements.
When I try to run setup and specify my reverse proxy address I get some errors
sudo -u www-data php occ notify_push:setup https://*reverse_proxy_fqdn*/push
â redis is configured
â push server is receiving redis messages
â push server can load mount info from database
â push server can connect to the Nextcloud server
đ´ push server is not a trusted proxy by Nextcloud or another proxy in the chain.
Nextcloud resolved the following client address for the test request: "10.166.66.3" instead of the expected "1.2.3.4" test value.
The following trusted proxies are currently configured: "10.166.66.1", "127.0.0.1", "::1", "192.168.1.43", "1.2.3.4", "192.168.1.22", "10.166.66.3"
The following x-forwarded-for header was received by Nextcloud: "1.2.3.4"
from the following remote: 10.166.66.3
â All proxies in the chain appear to be trusted by Nextcloud
If you're having issues getting the trusted proxy setup working, you can try bypassing any existing reverse proxy
in your setup by setting the `NEXTCLOUD_URL` environment variable to point directly to the internal Nextcloud webserver url
(You will still need the ip address of the push server added as trusted proxy)
well done 
so now you know where your issue comes from â your trusted proxy setup is the issue !
its all right there in the error message and all the steps are explained in the snap wiki or on the developers GitHub.
see
Troubleshooting
- Ensure you configured
overwrite.cli.urlif required. Otherwise you may not be able to continue the setup. - Ensure you added
127.0.0.1totrusted_proxiesin config.php:
'trusted_proxies' =>
array (
0 => '127.0.0.1',
),
I have 127.0.0.1 in trusted proxy already! I have standalone setup not docker or snap so does it use environment variables in my case?
and did you try the suggested?
how is your host FQDN configured?
FQDN for Nextcloud instance, vm or container behind reverse proxy with termination
Setting FQDN (Fully Qualified Domain Name) is best practice and is optional on self-hosted Nextcloud instances running on vm or container behind reverse proxy with termination and may improve site response.
- Discover hostname:
- issue command
hostnamectl
or
hostname
- Set or change hostname:
- issue command
hostnamectl set-hostname NEW-HOSTNAME
- Set FQDN on instance behind reverse proxy with termination:
- edit
/etc/hostsin vm or container using your favourite editor as root$ sudo nano /etc/hostsand add second line replacing<your.reverse.proxy.ip> <your.domain.xyz>and<hostname>with your own domain name and hostname:
- edit
127.0.0.1 localhost
<your.reverse.proxy.ip> <your.domain.xyz> <hostname>
## The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
youâre not using the snap, but the configuration is similar:
Hosts & FQDN configuration
FQDN is configured on reverse proxy VDS and it communicates with nextcloud instance within Wireguard tunnel. WG address of VDS reverse proxy is configured in /etc/hosts of NC instance.
so youâre instance is not exposed publicly and you have no valid certificate⌠is that correct?
that is what I had explicitly asked in the thread: Nextcloud Talk desktop apps show push not available - #10 by scubamuc
long story short:
- if yes â youâre on your own, turn the knobs
- if no â follow the recommendations, correctly configure trusted proxies, read the instructions and you should be fine
Yes NC instance is not exposed. Certificate is on reverse proxy.
Is it necessary to use public certificates on NC instance behind reverse proxy?
- If your reverse proxy is terminating, you should have valid certificates⌠but VDS is unknown to me
- self signed certs will cause issues as desktop apps will be expecting a valid signed certificate
your issue is most probably caused by VDS and WG not passing through valid certificates â thatâs beyond my scope
my VDS is simple Debian with nginx and WG.
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
if ($scheme = "http") {
return 301 https://$host$request_uri;
}
if ($http_x_forwarded_proto = "http") {
return 301 https://$host$request_uri;
}
listen 443 ssl http2; # for nginx versions below v1.25.1
proxy_buffering off;
proxy_request_buffering off;
client_max_body_size 0;
client_body_buffer_size 512k;
proxy_read_timeout 86400s;
server_name *fqdn*;
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/webfinger {
return 301 $scheme://$host/index.php/.well-known/webfinger;
}
location /.well-known/nodeinfo {
return 301 $scheme://$host/index.php/.well-known/nodeinfo;
}
location / {
proxy_cookie_path / /;
proxy_set_header Cookie $http_cookie;
proxy_hide_header Upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header Early-Data $ssl_early_data;
proxy_pass http://10.166.66.3$request_uri;
# Websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location /push/ {
proxy_pass http://10.166.66.3:7867/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
ssl_certificate /etc/letsencrypt/live/*fqdn*/fullchain.pem; # managed by certbot on host machine
ssl_certificate_key /etc/letsencrypt/live/*fqdn*/privkey.pem; # managed by certbot on host machine
ssl_dhparam /etc/dhparam;
ssl_early_data on;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve x25519:x448:secp521r1:secp384r1:secp256r1;
ssl_prefer_server_ciphers on;
ssl_conf_command Options PrioritizeChaCha;
ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256;
}
I think the problem is in headers manipulations on nginxâŚ