Installing Rocket.Chat on Ubuntu Xenial 16.04 via Snap with an NGINX reverse proxy

Please note that Rocket.Chat Snaps now come with Caddy to deal with the reverse proxy and free SSL certificate’s via Let’s Encrypt – so you may wish to refer to my newer post here. NGINX won’t have websockets configured if you use this guide – which are required if you intend to use the mobile Rocket.Chat apps.

This is a simple tutorial to get Rocket.Chat running on a Ubuntu Xenial 16.04 server (You’ll likely be perfectly fine to run through the same process on a different Ubuntu version such as 18.04 if you’d prefer) In this case we’re installing this on a fresh server and we’ll be installing Rocket.Chat as a Snap and using NGINX as a reverse proxy, as well as setting up an SSL certificate via Let’s Encrypt. With this you’ll be able to get Rocket.Chat up and running within ~10 minutes, from there you can go on and make further server configuration changes for security and so on, as well as configure Rocket.Chat in more depth – which won’t be covered within the scope of this tutorial.


Let’s first start with some updates.

sudo apt-get upgrade
sudo apt-get update


Basic UFW setup

Let’s setup a basic firewall using UFW. First install UFW if it’s not installed –

sudo apt-get install ufw


Setup the default access rules –

sudo ufw default deny incoming
sudo ufw default allow outgoing


Setup the firewall rules that we’ll want –

sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp


Enable the firewall –

sudo ufw enable


You can check the status of ufw with –

sudo ufw status


If you add or remove rules you should reload ufw with –

sudo ufw reload


If you need to disable ufw you can do so with –

sudo ufw disable


Install Fail2Ban

sudo apt-get install fail2ban


Install Rocket.Chat as a Snap

Install Snap if it’s not already installed –

sudo apt-get install snapd


Install Rocket.Chat –

sudo snap install rocketchat-server


At this point the Rocket.Chat service will have automatically started, you can check if it’s running with –

sudo service snap.rocketchat-server.rocketchat-server status


Install and configure NGINX to use as a reverse proxy + SSL setup

Install NGINX –

sudo apt install nginx
sudo systemctl start nginx
sudo systemctl enable nginx


Remove the default NGINX site –

sudo rm /etc/nginx/sites-enabled/default


Create the NGINX config for Rocket.Chat

sudo vim /etc/nginx/sites-available/rocketchat.conf


Once inside vim, you should have the following (edit “yourserver.com” to be your actual domain that you’re going to use for this server) –

server {
     listen 80;
 
     server_name yourserver.com; 

     location / {
     proxy_pass http://localhost:3000/; 
     }
 }


Enable the new configuration by creating a link to it from /etc/nginx/sites-available/ –

sudo ln -s /etc/nginx/sites-available/rocketchat.conf /etc/nginx/sites-enabled/


Test the configuration –

sudo nginx -t


Assuming no errors are reported, reload the NGINX config with –

sudo nginx -s reload


SSL Setup using Let’s Encrypt + Certbot

Install Certbot and run it –

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
sudo certbot --nginx


Follow the prompts on screen and you should be issued a valid Let’s Encrypt SSL certificate. Make sure you do choose to force a HTTPS redirect when prompted.

Certbot will automatically deal with SSL certificate renewal, a cron will automatically be created under /etc/cron.d/certbot. You can test the renewal process as a dry run via –

sudo certbot renew --dry-run


Certbot will have updated the NGINX configuration, test that the config is valid with –

sudo certbot renew --dry-run


Assuming no errors are reported, reload the NGINX config with –

sudo nginx -s reload


Onto Rocket.Chat itself!

At this point you’ll have a working Rocket.Chat installation running. You can browse to https://yourserver.com and you should be presented with the Setup Wizard screen to create the first user whom will by the Admin by default.

Once logged in, you should get a pop-up stating something along the lines of – The setting Site URL is configured to http://localhost and you are accessing from https://yourserver.com - Do you want to change to https://yourserver.com ? – You’ll want to click YES.

At this stage you’ll want to setup Rocket.Chat itself, so please refer to their documentation here – https://rocket.chat/docs


~Extra~

You can install a Discord style dark theme using this here! https://github.com/0x0049/Rocket.Chat.Dark