Let’s encrypt SSL to install Rocket.Chat on Ubuntu 20.04 LTS
You can download this article in PDF format via the link below to support us.
Download the guide in PDF formatturn off
Rocket.Chat is an open source self-hosted chat platform that can replace Slack. It has many features you would like to have in a self-hosted environment, such as video conferencing, group chat, and integration with other platforms.
In this guide, we will discuss how to install Rocket.Chat server on Ubuntu 20.04 LTS using Let’s Encrypt.
We will use the following for installation:
- Ubuntu 20.04 LTS server
- Node.js
- MongoDB
- Nginx web server
- Let’s encrypt the SSL certificate
- Domain name – In this example, we use chat.hirebestengineers.com
Step 1-Update the Ubuntu system
Update your Ubuntu 20.04 system
sudo apt-get -y update
Step 2-Install the required package dependencies
Add MongoDB GPG signing key:
wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
Add MongoDB repository
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
Configure Node.js to be installed via the Ubuntu package manager:
sudo apt-get -y update && sudo apt-get install -y curl && curl -sL https://deb.nodesource.com/setup_12.x | sudo bash -
Install Node.js, MongoDB, build tools and graphicsmagick:
sudo apt-get install -y build-essential mongodb-org nodejs graphicsmagick
Installing a node version that is different from the installed base version will cause conflicts with Rocket.Chat in Ubuntu 20.04. You can only install the same version as the basic version, or create a symbolic link to the basic version. To check the installed version:
$ node --version
Install inheritance and n.
sudo npm install -g inherits n
Create a symbolic link for the node binary to
sudo ln -s /usr/bin/node /usr/local/bin/node
Step 3-Install Rocket.Chat on Ubuntu 20.04
Download the latest version of Rocket.Chat with the following content
curl -L https://releases.rocket.chat/latest/download -o /tmp/rocket.chat.tgz
Unzip the downloaded file to /tmp
folder
tar -xzf /tmp/rocket.chat.tgz -C /tmp
Install Rocket.Chat into a directory of your choice.In this guide, we will install it on /opt
table of Contents
cd /tmp/bundle/programs/server && npm install
sudo mv /tmp/bundle /opt/Rocket.Chat
Step 4-Create Rocketchat system user
Create a rocket chat user and assign ownership to the Rocket.Chat folder.
sudo useradd -M rocketchat && sudo usermod -L rocketchat
sudo chown -R rocketchat:rocketchat /opt/Rocket.Chat
After creating users, you can continue to create services.
Step 5-Create Rocket.Chat Service
Create Rocket.Chat service unit file.
cat << EOF |sudo tee /etc/systemd/system/rocketchat.service
[Unit]
Description=The Rocket.Chat server
After=network.target remote-fs.target nss-lookup.target nginx.target mongod.target
[Service]
ExecStart=/usr/local/bin/node /opt/Rocket.Chat/main.js
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=rocketchat
User=rocketchat
Environment=MONGO_URL=mongodb://localhost:27017/rocketchat?replicaSet=rs01 MONGO_OPLOG_URL=mongodb://localhost:27017/local?replicaSet=rs01 ROOT_URL=http://localhost:3000/ PORT=3000
[Install]
WantedBy=multi-user.target
EOF
Configure the storage engine and replication for MongoDB, and then start the MongoDB service.
sudo sed -i "s/^# engine:/ engine: mmapv1/" /etc/mongod.conf
sudo sed -i "s/^#replication:/replication:n replSetName: rs01/" /etc/mongod.conf
Start and enable MongoDB service
sudo systemctl enable mongod && sudo systemctl start mongod
test:
mongo --eval "printjson(rs.initiate())"
Start Rocket.Chat service:
sudo systemctl enable rocketchat && sudo systemctl start rocketchat
Check if the service is running:
$ systemctl status rocketchat
● rocketchat.service - The Rocket.Chat server
Loaded: loaded (/lib/systemd/system/rocketchat.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-11-27 10:05:54 UTC; 31s ago
Main PID: 28294 (node)
Tasks: 11 (limit: 19076)
Memory: 559.7M
CGroup: /system.slice/rocketchat.service
└─28294 /usr/local/bin/node /opt/Rocket.Chat/main.js
Nov 27 10:06:20 chat rocketchat[28294]: ➔ | MongoDB Version: 4.0.21 |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ | MongoDB Engine: mmapv1 |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ | Platform: linux |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ | Process Port: 3000 |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ | Site URL: http://0.0.0.0:3000/ |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ | ReplicaSet OpLog: Enabled |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ | Commit Hash: b471caf9c9 |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ | Commit Branch: HEAD |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ | |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ +---------------------------------------------------+
Step 6-Configure Nginx reverse proxy
Configure Nginx to act as a reverse proxy. We will also set “Let’s Encrypt” in the same configuration file
Install Nginx web server:
sudo apt install nginx
Before setting up SSL, please use the following configuration for reverse proxy settings.
sudo nano /etc/nginx/conf.d/rocketchat.conf
The file will have content similar to the following:
upstream rocket_backend {
server 127.0.0.1:3000;
}
server {
listen 80;
server_name chat.hirebestengineers.com;
access_log /var/log/nginx/rocketchat-access.log;
error_log /var/log/nginx/rocketchat-error.log;
location / {
proxy_pass http://rocket_backend/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
where:
- rocket.example.com Will be replaced with domain name
Check whether the Nginx configuration is correct.
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Restart and enable Nginx service
sudo systemctl restart nginx
sudo systemctl enable nginx
Step 7-Set up Let’s Encrypt SSL
Download and set up “Encrypted SSL Certificate”
sudo apt install certbot python3-certbot-nginx
Then run certbot to get the SSL certificate
$ certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: chat.hirebestengineers.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for chat.hirebestengineers.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/chat.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/chat.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled
https://chat.hirebestengineers.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=chat.hirebestengineers.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/chat.hirebestengineers.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/chat.hirebestengineers.com/privkey.pem
Your cert will expire on 2021-02-26. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
The final Nginx configuration after SSL should look like this:
upstream rocket_backend {
server 127.0.0.1:3000;
}
server {
server_name chat.hirebestengineers.com;
access_log /var/log/nginx/rocketchat-access.log;
error_log /var/log/nginx/rocketchat-error.log;
location / {
proxy_pass http://rocket_backend/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/chat.hirebestengineers.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/chat.hirebestengineers.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = chat.hirebestengineers.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name chat.hirebestengineers.com;
return 404; # managed by Certbot
}
Check whether the Nginx configuration is correct.
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Restart and enable the Nginx service:
sudo systemctl restart nginx
It should now be possible to access the chat server via FQDN and using https.
Configure the server using the installation wizard
After successfully configuring the server, you can now access the site using the administrator credentials you created in the previous step.
We have successfully installed Rocket.Chat on the Ubuntu 20.04 server and configured it.
You can now view other related articles below:
How to install Rocket.Chat server on Debian/Ubuntu
Install Chatwoot on Ubuntu using “Let’s Encrypt SSL”
You can download this article in PDF format via the link below to support us.
Download the guide in PDF formatturn off