-
Notifications
You must be signed in to change notification settings - Fork 0
Run Rocket.Chat behind a SSL Reverse Proxy
Note: You must use the outside https address for the value at ROOT_URL in Section 3 above. This includes the "https://" and leave off the port number. So instead of ROOT_URL=http://localhost:3000 use something like https://your_hostname.com
Note: These instructions were written for Ubuntu. For Amazon Linux, the conf file for the proxy goes in /etc/nginx/conf.d/ and needs to have a discrete name ending in .conf and Nginx is installed using yum -y install nginx.
Run this as root:
apt-get install nginxAdd your private key to /etc/nginx/certificate.key
Lock down permissions: chmod 400 /etc/nginx/certificate.key
Add your certificate to /etc/nginx/certificate.crt
Edit /etc/nginx/sites-enabled/default or if you use nginx from docker /etc/nginx/conf.d/default.conf and be sure to use your actual hostname in lieu of the sample hostname "your_hostname.com" below.
# Upstreams
upstream backend {
server 127.0.0.1:3000;
}
# HTTPS Server
server {
listen 443;
server_name your_hostname.com;
error_log /var/log/nginx/rocketchat.access.log;
ssl on;
ssl_certificate /etc/nginx/certificate.crt;
ssl_certificate_key /etc/nginx/certificate.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
location / {
proxy_pass http://your_hostname.com:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
Restart Nginx: service nginx restart
Note: You must use the outside https address for the value at ROOT_URL in Section 3 above. This includes the "https://" and leave off the port number. So instead of ROOT_URL=http://localhost:3000 use something like https://your_hostname.com
Run this as root:
apt-get update
apt-get install apache2
a2enmod proxy_http
a2enmod proxy
a2enmod ssl
a2enmod proxy_wstunnelAdd your private key to /etc/ssl/private/chat.domain.com.key
Lock down permissions: chmod 400 /etc/ssl/private/chat.domain.com.key
Add your certificate to /etc/ssl/certs/chat.domain.com.crt
Add your intermediate to /etc/ssl/certs/intermediate.ca.pem
Edit /etc/apache2/sites-enabled/rocketchat.conf and be sure to use your actual hostname in lieu of the sample hostname "your_hostname.com" below.
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName chat.domain.com
ProxyPreserveHost On
ErrorLog /var/log/chat.domain.com_error.log
TransferLog /var/log/chat.domain.com_access.log
LogLevel info
SSLEngine On
SSLCertificateFile /etc/ssl/certs/chat.domain.com.crt
SSLCertificateKeyFile /etc/ssl/private/chat.domain.com.key
SSLCertificateChainFile /etc/ssl/certs/intermediate.ca.pem
<Location />
Order allow,deny
Allow from all
ProxyPass http://localhost:3000/
ProxyPassReverse http://localhost:3000/
</Location>
</VirtualHost>
Restart Apache: service apache2 restart
- Mobile app for iPhones, iPads, iPod Touch
- Firefox OS native app
- Using Face to face video conference (aka webrtc)
- Remote Video Monitoring
- LDAP Authentication
- Creating the First Admin
- How to Build Rocket.Chat for Android
- Build the Android Cordova Web App and connect to your own Rocket.Chat Server