Production-ready Gotify on Fly.io with Caddy reverse proxy, Overmind process manager, and automated Restic backups to Cloudflare R2.
| Component | Description |
|---|---|
| Gotify | Self-hosted push notification server |
| Caddy | Reverse proxy with security headers and IP forwarding |
| Overmind | Process manager for robust service orchestration |
| Supercronic | Cron daemon for automated tasks |
| Restic | Encrypted incremental backups to S3/R2 |
| msmtp | Email notifications for system alerts |
┌─────────────────────────────────────────────────────────┐
│ Fly.io Edge │
└───────────────────────────┬─────────────────────────────┘
│ :443
┌───────────────────────────▼─────────────────────────────┐
│ Caddy │
│ (TLS termination, headers) │
└───────────────────────────┬─────────────────────────────┘
│ :8080
┌───────────────────────────▼─────────────────────────────┐
│ Gotify │
│ (Push notifications) │
└─────────────────────────────────────────────────────────┘
│
│ Hourly backup
▼
┌─────────────────────────────────────────────────────────┐
│ Restic → Cloudflare R2 │
│ (7 daily, 4 weekly, 3 monthly, 3 yearly) │
└─────────────────────────────────────────────────────────┘
# Login to Fly.io
fly auth login
# Create application
fly apps create gotify
# Import secrets from .env
cat .env | fly secrets import
# Create storage volume
fly volumes create app_data --region hkg --size 1# Domain configuration (Multiple domains: "a.com b.com")
fly secrets set CADDY_DOMAINS="gotify.example.com"
# Restic / S3 backup settings
fly secrets set RESTIC_PASSWORD="your-secure-password"
fly secrets set RESTIC_REPOSITORY="s3:your-account-id.r2.cloudflarestorage.com/gotify"
fly secrets set AWS_ACCESS_KEY_ID="your-r2-id"
fly secrets set AWS_SECRET_ACCESS_KEY="your-r2-key"
# SMTP notification settings
fly secrets set SMTP_HOST="smtp.gmail.com"
fly secrets set SMTP_PORT="587"
fly secrets set SMTP_FROM="[email protected]"
fly secrets set SMTP_TO="[email protected]"
fly secrets set SMTP_USERNAME="[email protected]"
fly secrets set SMTP_PASSWORD="app-specific-password"fly deployfly status # Check application status
fly logs # View real-time logs
fly ssh console # Access container shell
fly apps restart # Restart all instances/restic.sh backup # Run manual backup
/restic.sh snapshots # List all snapshots
/restic.sh restore <id> # Restore from specific snapshot
/restic.sh test # Test email notificationscat /var/log/restic/*.log # Check backup logs
tail -f /var/log/msmtp.log # Monitor email logsThe Caddy configuration automatically applies the following security posture:
- HSTS:
Strict-Transport-Security(1 year) - Clickjacking:
X-Frame-Options DENY - MIME Sniffing:
X-Content-Type-Options nosniff - XSS Protection:
X-XSS-Protection 1; mode=block - Privacy:
Referrer-Policy strict-origin-when-cross-origin - Indexing:
X-Robots-Tag noindex, nofollow
Distributed under the MIT License.
🚀 Optimized for Fly.io by WeBees