Gotify¶
Self-hosted push-notification server at
notify.448.global. Where alerts from monitoring, watchtower, n8n, and other systems land so a human can see them.
| Field | Value |
|---|---|
| Public URL | https://notify.448.global |
| Audience | engineers / ops (via mobile / desktop clients) |
| Criticality | medium — alerts depend on it |
| Maturity | [INFO NEEDED] |
| Owner | [INFO NEEDED] |
| Last reviewed | 2026-05-05 |
1. At a glance¶
Gotify is a small server that takes incoming alerts and pushes them to subscribed mobile / desktop clients. It's how engineers find out something needs attention. If Gotify is down, alerts disappear silently — you don't know there's a problem because the notification never arrived.
2. Business purpose¶
- Centralize push notifications from internal systems.
- Free, self-hosted alternative to Pushover / PagerDuty for non-critical alerts.
3. Audience¶
Engineering staff with the Gotify mobile/desktop client.
4. Hosting & cloud infrastructure¶
Infrastructure map¶
| Item | Value | Notes |
|---|---|---|
| Public hostname | notify.448.global | |
| Public IP(s) | [INFO NEEDED] |
|
| Open ports | 443 [CONFIRM] |
|
| TLS cert | [INFO NEEDED] |
mandatory for push to work |
| Reverse proxy | [INFO NEEDED] |
|
| Container image / version | gotify/server:[INFO NEEDED] |
|
| Host server name | [INFO NEEDED] |
|
| Database | SQLite (default) [CONFIRM] |
Credentials in Vault¶
| Secret type | Vault path / link | Last rotated |
|---|---|---|
| Gotify admin login | [INFO NEEDED] |
|
| Application API tokens (one per source: Beszel, Watchtower, n8n, etc.) | [INFO NEEDED] |
5. Technology behind it¶
- Type: off-the-shelf
- Product: Gotify (open-source, gotify.net)
- Stack: Go + SQLite
6. Data it handles¶
- Alert message content (may include hostnames, error messages — moderately sensitive).
- API tokens for each source app.
- Subscriber device tokens.
7. External dependencies¶
- Source apps that POST messages (Beszel, Watchtower, n8n, custom scripts).
- Subscriber clients on mobile/desktop.
8. Authentication & access¶
- End-user (subscriber) login: Gotify local user accounts
[CONFIRM] - Push auth: per-application API tokens.
- MFA?
[INFO NEEDED]
9. Maturity assessment¶
[INFO NEEDED]
10. Known risks & vulnerabilities¶
[CONFIRM]Silent failure mode — if Gotify is down or tokens are revoked, sources fail to deliver and humans don't notice. Heartbeat / dead-man's-switch alerts mitigate this.[INFO NEEDED]Public push endpoint — anyone with an API token can send notifications; tokens leaked in CI logs become a spam source.[INFO NEEDED]Single delivery channel — if Gotify is the only alert path, an estate-wide outage may take Gotify with it.[INFO NEEDED]No tested fallback — when Gotify fails, where do alerts go?
11. Impact if it goes down¶
Alerts stop arriving. Operations fly blind until a human notices.
12. Owner & on-call¶
[INFO NEEDED]
13. References & links¶
- Public URL: https://notify.448.global
- Vendor docs: https://gotify.net/docs/
- Common sources: Beszel, Watchtower, n8n
- Domain: see domains.md