Installing Rocket.Chat on Ubuntu Xenial 16.04 via Snap with an NGINX reverse proxy
Please note that Rocket.Chat Snaps now come with Caddy to deal with the reverse proxy and free SSL certificate's via Let's Encrypt - so you may wish to refer to my newer post here. NGINX won't have websockets configured if you use this guide - which are required if you intend to use the mobile Rocket.Chat apps.
This is a simple tutorial to get Rocket.Chat running on a Ubuntu Xenial 16.04 server (You'll likely be perfectly fine to run through the same process on a different Ubuntu version such as 18.04 if you'd prefer) In this case we're installing this on a fresh server and we'll be installing Rocket.Chat as a Snap and using NGINX as a reverse proxy, as well as setting up an SSL certificate via Let's Encrypt. With this you'll be able to get Rocket.Chat up and running within ~10 minutes, from there you can go on and make further server configuration changes for security and so on, as well as configure Rocket.Chat in more depth - which won't be covered within the scope of this tutorial.
Let's first start with some updates.
apt-get updateapt-get upgrade
Basic UFW setup
Let's setup a basic firewall using UFW. First install UFW if it's not installed -
apt-get install ufw
Setup the default access rules -
ufw default deny incoming
ufw default allow outgoing
Setup the firewall rules that we'll want -
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
Enable the firewall -
ufw enable
You can check the status of ufw with -
ufw status
If you add or remove rules you should reload ufw with -
ufw reload
If you need to disable ufw you can do so with -
ufw disable
Install Fail2Ban
apt-get install fail2ban
Install Rocket.Chat as a Snap
Install Snap if it's not already installed -
apt-get install snapd
Install Rocket.Chat -
snap install rocketchat-server
At this point the Rocket.Chat service will have automatically started, you can check if it's running with -
service snap.rocketchat-server.rocketchat-server status
Install and configure NGINX to use as a reverse proxy + SSL setup
Install NGINX -
apt install nginxsystemctl start nginxsystemctl enable nginx
Remove the default NGINX site -
rm /etc/nginx/sites-enabled/default
Create the NGINX config for Rocket.Chat
vim /etc/nginx/sites-available/rocketchat.conf
Once inside vim, you should have the following (edit "yourserver.com" to be your actual domain that you're going to use for this server) -
server {
listen 80;
server_name yourserver.com;
location / {
proxy_pass http://localhost:3000/;
}
}
Enable the new configuration by creating a link to it from /etc/nginx/sites-available/ -
ln -s /etc/nginx/sites-available/rocketchat.conf /etc/nginx/sites-enabled/
Test the configuration -
nginx -t
Assuming no errors are reported, reload the NGINX config with -
nginx -s reload
SSL Setup using Let's Encrypt + Certbot
Install Certbot and run it -
apt-get install software-properties-common
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-nginx
certbot --nginx
Follow the prompts on screen and you should be issued a valid Let's Encrypt SSL certificate. Make sure you do choose to force a HTTPS redirect when prompted.
Certbot will automatically deal with SSL certificate renewal, a cron will automatically be created under /etc/cron.d/certbot. You can test the renewal process as a dry run via -
certbot renew --dry-run
Certbot will have updated the NGINX configuration, test that the config is valid with -
certbot renew --dry-run
Assuming no errors are reported, reload the NGINX config with -
nginx -s reload
Onto Rocket.Chat itself!
At this point you'll have a working Rocket.Chat installation running. You can browse to https://yourserver.com and you should be presented with the Setup Wizard screen to create the first user whom will by the Admin by default.
Once logged in, you should get a pop-up stating something along the lines of - The setting Site URL is configured to http://localhost and you are accessing from https://yourserver.com - Do you want to change to https://yourserver.com ?
- You'll want to click YES
.
At this stage you'll want to setup Rocket.Chat itself, so please refer to their documentation here - https://rocket.chat/docs
~Extra~
You can install a Discord style dark theme using this here! https://github.com/0x0049/Rocket.Chat.Dark