Self-Hosted Real Time Push Notification Server for Android and LineageOS (Open Source)

BACK

As already described in other posts in the blog, it is possible to set up mobile devices under Android or LineageOS to reduce sendind data to third parties at a maximum. By doing without the official or FOSS Google Apps (gapps), there is a restriction in the area of push notifications.

You have to know that mobile devices send push notifications from apps through the Google or Apple servers. This results in massive meta data in the large data silos, even if good apps only send “wake-up messages”.

In order not to pass on data to third parties, extensive precautions have already been taken in the other article (Ensure security and privacy on your Android Tablet or Smartphone with LineageOS).

Now a self-hosted push notification server was missing and after a long search the decision was made on Gotify. Thanks to the push server, which can be expanded with plugins, Matrix push notifications can be sent as well as push notifications via wget, PHP, and other tools and programming languages. This also makes it possible to take Nagios Real Time Monitoring to a new level.

Many templates for sending messages can be found here: https://gotify.net/docs/more-pushmsg .

The Gotify server is programmed in Go and thus runs on many operating systems. The project also provides a Docker image. I myself prefer bare install and virtualize with Proxmox.

In addition, it was a prerequisite that the push server did not run as root and without a reversed proxy in conjunction with SQLite. This means that with a static binary and the database in the subfolder, the entire server can be operated as a non-privileged user.

The setup is done on a FreeBSD 12.2 server

• Install Go as usual
• Go must be in the PATH

As root or sudo

• pkg install yarn

to install yarn and node. After that

• git clone https://github.com/gotify/server.git && cd server
• export GO111MODULE = on
• make download-tools
• go get -d
• cd ui
• yarn
• cd ..
• (cd ui && yarn build)
• go run hack / packr / packr.go
• export LD_FLAGS = “- w -s -X main.Version = $ (git describe –tags | cut -c 2-) -X main.BuildDate = $ (date” +% F-% T “) -X main .Commit = $ (git rev-parse –verify HEAD) -X main.Mode = prod “;
• go build -ldflags = “$ LD_FLAGS” -o gotify-server

Copy the binary into the home directory of the executing user.

Create ./config.yaml

• Sample: https://raw.githubusercontent.com/gotify/server/master/config.example.yml

Special Settings

In our case, the standard ports were set to high ports, so that the Gotify server can be started without root permissions. I have created my own local CA and with it the certificates.

Many details about your own CA can be found here:

• https://digitalbooks24.com/de/product/my-own-certificate-authority-epub/

Brief information on adding your own CA (public cert is ca.crt) as a trustworthy issuer instance

openssl x509 -noout -hash -in ca.crt > ca.crt.hash
ln -s ca.crt `cat ca.crt.hash`.0
echo "copy ca.crt and` cat ca.crt.hash`.0 to / etc / ssl / certs "

Testing

openssl s_client -connect gotify.server.tld: PORTNUMBER | grep -i -e verify

Start and test script

This script is best to run every 5 minutes in the crontab with the respective user. Requires etc/Runs/nagios /plugins/check_tcp, which can be found in the Nagios plugins.

!/bin/sh
RUNAS=gotify
MAILTO=root
MAIL=/usr/bin/mail
GETUSERNAME=`/usr/bin/whoami`

if [ "${GETUSERNAME}" != "${RUNAS}" ]; then
echo "####################################################"
echo "ERROR: This script must be run as ${RUNAS}, exiting"
echo "TIP : use su -m ${RUNAS} -c command"
echo "####################################################"
echo "ERROR: This script must be run as ${RUNAS}, exiting" | \
${MAIL} -s "ERROR: MATRIXBOT start exited with error on `hostname`" ${MAILTO}
exit 1
fi

if (! /etc/Runs/nagios/plugins/check_tcp -p 4080 -H 127.0.0.1 2>&1 >/dev/null); then
echo "Service MATRIXGOTIFY not running"
echo "Service MATRIXGOTIFY not running" | mail -s "`hostname` Service MATRIXGOTIFY not running RESTARTET" root
cd /home/gotify && \
/home/gotify/gotify-server &
fi

Test Gotify Server

To do this, log in to the web interface or, ideally, install the app on the mobile device.

#!/bin/sh
token="ACepUABC5Vornq."
subject="wget"
message="Test Message to Mobile via WGET"
priority=5
PORTNUMBER=443 # Set your non standard port here, if used!
wget --no-check-certificate "https://localhost:$PORTNUMBER/message?token=$token" --post-data "title=$subject&message=$message&priority=$priority" -O /dev/null

Then the message should appear on the web and in the app.

Now the matrix plugin for Gotify can be compiled

• git clone https://gitlab.com/Sorunome/matrix-gotify
• cd matrix-gotify
• make download-tools
• go build -mod = readonly -a -installsuffix cgo -ldflags “$ LD_FLAGS” -buildmode = plugin -o build / matrix-gotify.so

Copy the build / matrix-gotify.so into the plugin folder on the Gotify server.

To operate matrix push notifications, we have to set up a pusher for the user on the Matrix Synapse server.

Template

Register pushers

/usr/local/bin/curl -H ‚Authorization: Bearer ACCESS_TOKEN‘ -H ‚Content-Type: application/json‘ -X POST -d ‚{„lang“: „en“,“kind“: „http“,“app_display_name“: „Gotify“,“device_display_name“: „Gotify“,“pushkey“: „SECRET-SET-IN-WEB-IF-PLUGIN“,“app_id“: „de.sorunome.gotify“,“data“: {„url“: „https://SERVER.TLD:PORTNUMBER/plugin/2/custom/FROM_LINK_IN_PLUGIN/hook“,“format“: „full_event“}}‘ https://MATRIX_SERVER_TLD/_matrix/client/r0/pushers/set

Delete pushers

/usr/local/bin/curl -H ‚Authorization: Bearer ACCESS_TOKEN‘ -H ‚Content-Type: application/json‘ -X POST -d ‚{„lang“: „en“,“kind“: „null“,“app_display_name“: „Gotify“,“device_display_name“: „Gotify“,“pushkey“: „SECRET-SET-IN-WEB-IF-PLUGIN“,“app_id“: „de.sorunome.gotify“,“data“: {„url“: „https://SERVER.TLD:PORTNUMBER/plugin/2/custom/FROM_LINK_IN_PLUGIN/hook“,“format“: „full_event“}}‘ https://MATRIX_SERVER_TLD/_matrix/client/r0/pushers/set

List pushers

/usr/local/bin/curl -H ‚Authorization: Bearer ACCESS_TOKEN‘ -X GET https://MATRIX_SERVER_TLD/_matrix/client/r0/pushers

If you have your own CA, each server, Gotify and Matrix involved must have their own CA set up in OpenSSL.

With the installation, a self-hosted push server is now available, which encrypts, without sending data to third parties, enables push notifications under Android and LineageOS. Apple prohibits web socket connections, so there is no APP for IOS. With Android and LineageOS, however, there is extensive market coverage, especially for smart users who are very interested in privacy.

Enterprise Support and Setup

• https://cts-solutions.at We also work as Level 2 and Level 3 remote support!

Links to the article

• https://github.com/gotify/
• https://gotify.net/docs/more-pushmsg
• https://gitlab.com/Sorunome/matrix-gotify
• https://f-droid.org/de/packages/com.github.gotify/

Go Programming Language

• https://golang.io

Matrix Doc

-https://matrix.org/docs/spec/client_server/latest#post-matrix-client-r0-pushers-set

• https://matrix.org/docs/spec/client_server/latest#def-pushers

Sample Payload

• https://matrix.org/docs/spec/client_server/latest#post-matrix-client-r0-pushers-set

E-books

• https://digitalbooks24.com/de/product/my-own-certificate-authority-epub/

EURAFRI Matrix Group Chat

We look forward to active participation in the EURAFRI project and ask you to also visit the EURAFRI reception in the matrix.

https://matrix.to/#/#eurafri-reception:matrix.ctseuro.com

Your EURAFRI TEAM

Author: Karl M. Joch

BACK