Installing Rocket.Chat on Ubuntu Xenial 16.04 via Snap with an NGINX reverse proxy

Please note that Rocket.Chat Snaps now come with Caddy to deal with the reverse proxy and free SSL certificate's via Let's Encrypt - so you may wish to refer to my newer post here. NGINX won't have websockets configured if you use this guide - which are required if you intend to use the mobile Rocket.Chat apps.

This is a simple tutorial to get Rocket.Chat running on a Ubuntu Xenial 16.04 server (You'll likely be perfectly fine to run through the same process on a different Ubuntu version such as 18.04 if you'd prefer) In this case we're installing this on a fresh server and we'll be installing Rocket.Chat as a Snap and using NGINX as a reverse proxy, as well as setting up an SSL certificate via Let's Encrypt. With this you'll be able to get Rocket.Chat up and running within ~10 minutes, from there you can go on and make further server configuration changes for security and so on, as well as configure Rocket.Chat in more depth - which won't be covered within the scope of this tutorial.

Let's first start with some updates.

apt-get updateapt-get upgrade

Basic UFW setup

Let's setup a basic firewall using UFW. First install UFW if it's not installed -

apt-get install ufw

Setup the default access rules -

ufw default deny incoming

ufw default allow outgoing

Setup the firewall rules that we'll want -

ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp

Enable the firewall -

ufw enable

You can check the status of ufw with -

ufw status

If you add or remove rules you should reload ufw with -

ufw reload

If you need to disable ufw you can do so with -

ufw disable

Install Fail2Ban

apt-get install fail2ban

Install Rocket.Chat as a Snap

Install Snap if it's not already installed -

apt-get install snapd

Install Rocket.Chat -

snap install rocketchat-server

At this point the Rocket.Chat service will have automatically started, you can check if it's running with -

service snap.rocketchat-server.rocketchat-server status

Install and configure NGINX to use as a reverse proxy + SSL setup

Install NGINX -

apt install nginxsystemctl start nginxsystemctl enable nginx

Remove the default NGINX site -

rm /etc/nginx/sites-enabled/default

Create the NGINX config for Rocket.Chat

vim /etc/nginx/sites-available/rocketchat.conf

Once inside vim, you should have the following (edit "yourserver.com" to be your actual domain that you're going to use for this server) -

server {
     listen 80;
 
     server_name yourserver.com; 

     location / {
     proxy_pass http://localhost:3000/; 
     }
 }

Enable the new configuration by creating a link to it from /etc/nginx/sites-available/ -

ln -s /etc/nginx/sites-available/rocketchat.conf /etc/nginx/sites-enabled/

Test the configuration -

nginx -t

Assuming no errors are reported, reload the NGINX config with -

nginx -s reload

SSL Setup using Let's Encrypt + Certbot

Install Certbot and run it -

apt-get install software-properties-common
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-nginx
certbot --nginx

Follow the prompts on screen and you should be issued a valid Let's Encrypt SSL certificate. Make sure you do choose to force a HTTPS redirect when prompted.

Certbot will automatically deal with SSL certificate renewal, a cron will automatically be created under /etc/cron.d/certbot. You can test the renewal process as a dry run via -

certbot renew --dry-run

Certbot will have updated the NGINX configuration, test that the config is valid with -

certbot renew --dry-run

Assuming no errors are reported, reload the NGINX config with -

nginx -s reload

Onto Rocket.Chat itself!

At this point you'll have a working Rocket.Chat installation running. You can browse to https://yourserver.com and you should be presented with the Setup Wizard screen to create the first user whom will by the Admin by default.

Once logged in, you should get a pop-up stating something along the lines of - The setting Site URL is configured to http://localhost and you are accessing from https://yourserver.com - Do you want to change to https://yourserver.com ? - You'll want to click YES.

At this stage you'll want to setup Rocket.Chat itself, so please refer to their documentation here - https://rocket.chat/docs

~Extra~

You can install a Discord style dark theme using this here! https://github.com/0x0049/Rocket.Chat.Dark

 

This article was updated on October 3, 2021