Can't access RocketChat locally with https

Community Support
1

Description

Hello !
I’ve launched RC on my machine using docker compose. Here is the file for configuration :

volumes:
  mongodb_data: { driver: local }

services:
  rocketchat:
    image: registry.rocket.chat/rocketchat/rocket.chat:${RELEASE:-latest}
    restart: always
    labels:
      traefik.enable: "true"
      traefik.http.routers.rocketchat.rule: Host(`${DOMAIN:-}`)
      traefik.http.routers.rocketchat.tls: "true"
      traefik.http.routers.rocketchat.entrypoints: https
      traefik.http.routers.rocketchat.tls.certresolver: le
    environment:
      MONGO_URL: "${MONGO_URL:-\
        mongodb://${MONGODB_ADVERTISED_HOSTNAME:-mongodb}:${MONGODB_INITIAL_PRIMARY_PORT_NUMBER:-27017}/\
        ${MONGODB_DATABASE:-rocketchat}?replicaSet=${MONGODB_REPLICA_SET_NAME:-rs0}}"
      MONGO_OPLOG_URL: "${MONGO_OPLOG_URL:\
        -mongodb://${MONGODB_ADVERTISED_HOSTNAME:-mongodb}:${MONGODB_INITIAL_PRIMARY_PORT_NUMBER:-27017}/\
        local?replicaSet=${MONGODB_REPLICA_SET_NAME:-rs0}}"
      ROOT_URL: https://mydomaine.com
      PORT: ${PORT:-3000}
      DEPLOY_METHOD: docker
      DEPLOY_PLATFORM: ${DEPLOY_PLATFORM:-}
      REG_TOKEN: ${REG_TOKEN:-}
    depends_on:
      - mongodb
    expose:
      - ${PORT:-3000}
    ports:
      - "${BIND_IP:-0.0.0.0}:${HOST_PORT:-3000}:${PORT:-3000}"

  mongodb:
    image: docker.io/bitnami/mongodb:${MONGODB_VERSION:-5.0}
    restart: always
    volumes:
      - mongodb_data:/bitnami/mongodb
    environment:
      MONGODB_REPLICA_SET_MODE: primary
      MONGODB_REPLICA_SET_NAME: ${MONGODB_REPLICA_SET_NAME:-rs0}
      MONGODB_PORT_NUMBER: ${MONGODB_PORT_NUMBER:-27017}
      MONGODB_INITIAL_PRIMARY_HOST: ${MONGODB_INITIAL_PRIMARY_HOST:-mongodb}
      MONGODB_INITIAL_PRIMARY_PORT_NUMBER: ${MONGODB_INITIAL_PRIMARY_PORT_NUMBER:-27017}
      MONGODB_ADVERTISED_HOSTNAME: ${MONGODB_ADVERTISED_HOSTNAME:-mongodb}
      MONGODB_ENABLE_JOURNAL: ${MONGODB_ENABLE_JOURNAL:-true}
      ALLOW_EMPTY_PASSWORD: ${ALLOW_EMPTY_PASSWORD:-yes}

The only thing I changed is “ROOT_URL” with mydomain.com . I actually have a valid certificate for my real domain. I can access RC via http://localhost:3000 and it’s working fine. In order to access RC via https, I’ve configured a nginx rp with this configuration :

upstream rocketchat
    {
        server 127.0.0.1:3000;
    }
server 
{
    listen      80;
    server_name mydomain.com;
    return 301 https://$host$request_uri;
}

server 
{
    listen      443 ssl;
    server_name mydomain.com;
    fastcgi_param HTTPS on;
    client_max_body_size 200M;
    include configs/networks/ssl.conf;

    location / 
    {
        proxy_pass  http://rocketchat;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Nginx-Proxy true;

        proxy_redirect off;
    }
}

I’ve also changed the file /etc/host/ in order to redirect all the requests from mydomain .com to 127.0.0.1.

When trying to access https:/ /mydomain.com, I have 502 Bad Gateway error. Do you have any idea where this comes from ?
Thank you

Server Setup Information

  • Version of Rocket.Chat Server: 6.5.3
  • Operating System: Ubuntu
  • Deployment Method: docker compose
  • Number of Running Instances: 1
  • Proxy: nginx
2

traefik might be interfering with your nginx.

3

Hello, thanks for your answer.

I used the docker compose configuration from this link : Docker.Official.Image/compose.yml at master · RocketChat/Docker.Official.Image · GitHub

But anyway, I suppressed all the lines related to traefik and relaunch RC and it still doesn’t work

4

might be missing some nginx ssl configs. add this to your nginx.conf

ssl on;
ssl_certificate /etc/nginx/ssl/certName.crt;
ssl_certificate_key /etc/nginx/ssl/certName.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;