Can't access rocket.chat behind nginx reverse proxy and router

Description

Manually installed rocket.chat on my Ubuntu server, can access it from the lan via lanip:3000, but can only see a blank page with some errors when accessing from the outside with nginx revese proxy.

Server Setup Information

  • Version of Rocket.Chat Server: 6.1.0
  • Operating System: Ubuntu 22.04 LTS
  • Deployment Method: tar
  • Number of Running Instances: 1
  • DB Replicaset Oplog:
  • NodeJS Version: 14.21.2
  • MongoDB Version: 6.0.5
  • Proxy: nginx
  • Firewalls involved: ufw

Any additional Information

Basically I installed rocket.chat according to the manual installation guide on the docs.rocket.chat and it works fine from the lan and outside via port 3000.
Ports 80, 443, 3000 are forwarded (on my router) and opened (on my firewall)
Tried with disabled firewall and with my server in DMZ
Installed Let’s encrypt’s certs for SSL
These are errors I get in the browser

GET https://example. com/f660fb91da9002848abf89c631e8c9a9f1362941.css?meteor_css_resource=true
[HTTP/1.1 404 Not Found 290ms]

GET https://example. com/scripts.js?887a5339b2625a8970658c4f5f9bd94f1067ab7a
[HTTP/1.1 404 Not Found 275ms]

Loading failed for the <script> with source “https://example. com/scripts.js?887a5339b2625a8970658c4f5f9bd94f1067ab7a”. example. com:26:1
GET https://example. com/meteor_runtime_config.js?hash=003adf4b826aadae0a28d3cb9a3cb2c3c4e437ce
[HTTP/1.1 404 Not Found 44ms]

GET https://example. com/4c80395bd0440e6e0d576d9c7d6ccf299ee10c6e.js?meteor_js_resource=true
[HTTP/1.1 404 Not Found 40ms]

Loading failed for the <script> with source “https://example. com/meteor_runtime_config.js?hash=003adf4b826aadae0a28d3cb9a3cb2c3c4e437ce”. example. com:462:1
Loading failed for the <script> with source “https://example. com/4c80395bd0440e6e0d576d9c7d6ccf299ee10c6e.js?meteor_js_resource=true”. example. com:464:1

My /etc/nginx/sites-enabled/default configuration (ssl_protocols are defined in the nginx.conf, so this string is not included here)
Also I tried both http://backend and http://backend/

# Upstreams
upstream backend {
    server 127.0.0.1:3000;
}

server {
        root /var/www/html;

        server_name example. com;

        location / {
        try_files $uri $uri/ =404;
        proxy_pass http://backend;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Nginx-Proxy true;

        proxy_redirect off;

        }
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example. com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example. com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    client_max_body_size 200M;
    error_log /var/log/nginx/rocketchat.access.log;
}

server {
    if ($host = example. com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80 default_server;
        listen [::]:80 default_server;

        server_name example. com;
    return 404; # managed by Certbot


}

I also tried different ROOT_URL in rocketchat.service (localhost:3000, globalip:3000, example. com:3000), it didn’t change anything

example .com isn’t a valid domain name. at least remove the whitespace. Also as you probably aren’t the owner of the domain (example.com) you’d have to provide custom domain resolution on the system you were making your connection attempts via “the browser”. This means you will have to edit /etc/hosts and add 127.0.0.1 example.com replacing 127.0.0.1 with your lanip

Generally speaking, as long as you get a response from the RC server via lanip:3000 but can’t get your reverse proxy setup to work, this isn’t a RocketChat issue.

“example .com” is indeed not a valid domain name, I replaced the actual domain name with it. If you ever visit this website, you’ll see this text there:
"This domain is for use in illustrative examples in documents. You may use this domain in literature without prior coordination or asking for permission."

I understand that it’s not a RocketChat issue (since it obviously working via port 3000) but I wanted to ask community, maybe someone had similar problem before or have some ideas.

Actually, this question should be closed now, because I deleted RocketChat and installed Element in the same day and forgot that I made a post here

This is a working configuration from one of our servers:

location ~ ^/.* {
                proxy_pass http://0.0.0.0:3010;
                proxy_set_header Host              $host;
                proxy_set_header X-Real-IP         $remote_addr;
                proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;

                proxy_set_header X-Nginx-Proxy true;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_http_version 1.1;
        }

Not that much different from yours. But some differences nevertheless. Maybe it can help.