Please note that Rocket.Chat Snaps now come with Caddy to deal with the reverse proxy and free SSL certificate’s via Let’s Encrypt – so you may wish to refer to my newer post here. NGINX won’t have websockets configured if you use this guide – which are required if you intend to use the mobile Rocket.Chat apps.
This is a simple tutorial to get Rocket.Chat running on a Ubuntu Xenial 16.04 server (You’ll likely be perfectly fine to run through the same process on a different Ubuntu version such as 18.04 if you’d prefer) In this case we’re installing this on a fresh server and we’ll be installing Rocket.Chat as a Snap and using NGINX as a reverse proxy, as well as setting up an SSL certificate via Let’s Encrypt. With this you’ll be able to get Rocket.Chat up and running within ~10 minutes, from there you can go on and make further server configuration changes for security and so on, as well as configure Rocket.Chat in more depth – which won’t be covered within the scope of this tutorial.
Let’s first start with some updates.
sudo apt-get upgrade
sudo apt-get update
Basic UFW setup
Let’s setup a basic firewall using UFW. First install UFW if it’s not installed –
sudo apt-get install ufw
Setup the default access rules –
sudo ufw default deny incomingsudo ufw default allow outgoing
Setup the firewall rules that we’ll want –
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
Enable the firewall –
sudo ufw enable
You can check the status of ufw with –
sudo ufw status
If you add or remove rules you should reload ufw with –
sudo ufw reload
If you need to disable ufw you can do so with –
sudo ufw disable
Install Fail2Ban
sudo apt-get install fail2ban
Install Rocket.Chat as a Snap
Install Snap if it’s not already installed –
sudo apt-get install snapd
Install Rocket.Chat –
sudo snap install rocketchat-server
At this point the Rocket.Chat service will have automatically started, you can check if it’s running with –
sudo service snap.rocketchat-server.rocketchat-server status
Install and configure NGINX to use as a reverse proxy + SSL setup
Install NGINX –
sudo apt install nginx
sudo systemctl start nginx
sudo systemctl enable nginx
Remove the default NGINX site –
sudo rm /etc/nginx/sites-enabled/default
Create the NGINX config for Rocket.Chat
sudo vim /etc/nginx/sites-available/rocketchat.conf
Once inside vim, you should have the following (edit “yourserver.com” to be your actual domain that you’re going to use for this server) –
server {
listen 80;
server_name yourserver.com;
location / {
proxy_pass http://localhost:3000/;
}
}
Enable the new configuration by creating a link to it from /etc/nginx/sites-available/ –
sudo ln -s /etc/nginx/sites-available/rocketchat.conf /etc/nginx/sites-enabled/
Test the configuration –
sudo nginx -t
Assuming no errors are reported, reload the NGINX config with –
sudo nginx -s reload
SSL Setup using Let’s Encrypt + Certbot
Install Certbot and run it –
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
sudo certbot --nginx
Follow the prompts on screen and you should be issued a valid Let’s Encrypt SSL certificate. Make sure you do choose to force a HTTPS redirect when prompted.
Certbot will automatically deal with SSL certificate renewal, a cron will automatically be created under /etc/cron.d/certbot. You can test the renewal process as a dry run via –
sudo certbot renew --dry-run
Certbot will have updated the NGINX configuration, test that the config is valid with –
sudo certbot renew --dry-run
Assuming no errors are reported, reload the NGINX config with –
sudo nginx -s reload
Onto Rocket.Chat itself!
At this point you’ll have a working Rocket.Chat installation running. You can browse to https://yourserver.com and you should be presented with the Setup Wizard screen to create the first user whom will by the Admin by default.
Once logged in, you should get a pop-up stating something along the lines of – The setting Site URL is configured to http://localhost and you are accessing from https://yourserver.com - Do you want to change to https://yourserver.com ? – You’ll want to click YES.
At this stage you’ll want to setup Rocket.Chat itself, so please refer to their documentation here – https://rocket.chat/docs
~Extra~
You can install a Discord style dark theme using this here! https://github.com/0x0049/Rocket.Chat.Dark