Problem with notify_push and dyndns (dynamic IP)

ℹ️ Support
,
1
Support intro

Sorry to hear you’re facing problems. :slightly_frowning_face:

The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.

If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.

Getting help

In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.

Before clicking submit: Please check if your query is already addressed via the following resources:

(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).

Intro / Why am I here?

First of all, thank you very much for your help.

The following warning message was displayed in the Administration settings / Overview under Security & Setup warnings: “Client-Push is not installed. This may cause performance issues when using desktop clients”
This prompted me to install and activate notify_push.
The most annoying and as yet unsolved problem is the configuration of “trusted_proxies.” IP addresses must be entered there, which is somewhat difficult with dynamic IPs.

Questions

  • Without the IP address in config.php, you get an error message:
    occ notify_push:self-test
    =>
...
If you're having issues getting the trusted proxy setup working, you can try bypassing any existing reverse proxy
in your setup by setting the `NEXTCLOUD_URL` environment variable to point directly to the internal Nextcloud webserver url
(You will still need the ip address of the push server added as trusted proxy)

Again: You will still need the ip address of the push server added as trusted proxy

My questions:

  1. Who do you have to ask to enable notify_push to work via DynDNS? Or does it already do that and I haven’t found any information about it?

  2. Does the following addition to config.php make sense? Why?
    ‘forwarded_for_headers’ => [‘HTTP_X_FORWARDED_FOR’],

  3. notify_push does not work as expected, even though:
    occ notify_push:self-test
    =>
    ✓ redis is configured
    ✓ push server is receiving redis messages
    ✓ push server can load mount info from database
    ✓ push server can connect to the Nextcloud server
    ✓ push server is a trusted proxy
    ✓ push server is running the same version as the app

    But my test: Open Nextcloud in two browsers, create a file in one → no change in the second tab
    But in the Firefox developer tools, you can see messages about the service arriving in the Network → WS tab.
    How can I check whether notify_push is working as it should?

  4. If you enter the currently valid IP address in config.php and call /index.php/settings/admin/overview from the same network, you get the following message in the Administration settings / Overview under Security & Setup warnings:
    *”The configuration of the reverse proxy header is incorrect, or you are accessing Nextcloud via a trusted proxy. Otherwise, this poses a security risk and may allow an attacker to spoof their IP address so that it is visible to Nextcloud.” (Message translated into English)
    *
    I guess that’s okay. Am I right?

The Basics

  • Nextcloud Server version (e.g., 29.x.x):
    • 32.0.1
  • Operating system and version (e.g., Ubuntu 24.04):
    • Arch Linux
  • Web server and version (e.g, Apache 2.4.25):
    • Apache 2.4.65
  • Reverse proxy and version _(e.g. nginx 1.27.2)
    • Apache mod_proxy
  • PHP version (e.g, 8.3):
    • 8.2.29
  • Is this the first time you’ve seen this error? (Yes / No):
    • Yes
  • When did this problem seem to first start?
    • with installation and configuration
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • Arch Packages
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • replace me

Summary of the issue you are facing:

The notify_push app does not work with DynDNS.

Steps to replicate it (hint: details matter!):

What I had to do on Arch Linux to install notify_push:
(If redis (valkey) or other components are missing, you naturally have more work to do, but much of it is well described in the Arch wiki.)

pacman -S nextcloud-app-notify_push
systemctl edit nextcloud-app-notify_push.service
=>

[Unit]
After = valkey.service mariadb.service php-fpm-1egacy.service httpd.service

[Service]
Environment = NEXTCLOUD_URL=https://<my-dyndns-address>/

sudo systemctl enable --now nextcloud-app-notify_push.service

edit /etc/httpd/conf/extra/nextcloud.conf
=>

<VirtualHost *:443>
	...
    # Tested with and without RequestHeader
    RequestHeader set "X-Forwarded-Proto"expr=%{REQUEST_SCHEME}
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass /push/ws/ ws://127.0.0.1:7867/ws/
    ProxyPass /push/ ws://127.0.0.1:7867/
    ProxyPassReverse /push/ ws://127.0.0.1:7867/
	...
</VirtualHost>

systemctl restart httpd.service
occ app:enable notify_push
occ notify_push:setup (=> error messages)
occ maintenance:mode --on
edit /etc/webapps/nextcloud/config/config.php
=>

  'trusted_proxies' =>
  array (
    0 => '<my-dynamic-ip>',
	1 => '127.0.0.1',
    2 => '::1',
  ),

occ maintenance:mode --off
occ notify_push:setup

Log entries

If log entries are needed to solve my problem, please let me know.