Enabling HTTPS with rocket.chat docker on Synology


#1

I have successfully installed rocket.chat on my Synology NAS, but I am having trouble getting HTTPS to work with it. My setup is as follows:
Synology DS918+ running DSM 6.2-23739 Update 2.
Latest Docker application from the Synology Package Center, version 17.05.0-0379.
Mongodb image version 3.4.5
Rocket.chat image version 0.68.5.

Being a complete newb to stuff like this I followed the instructions I found here:


Which worked fine, so I can now access rocket.chat by going to “my.synologydomain.me:3000” (obviously its made up, but you get the idea). Everything is all good, but HTTPS does not work.
I have a lets encrypt https certificate installed through the NAS’s OS and that is working, and all the official Synology apps can be accessed with HTTPS. But everything related to docker is being an issue, and I just can’t find anything about it.
Is it docker? Is it how I setup the image? Is it some configuration in rocket.chat?


#2

What webserver Synology uses?

You need to add proxy config to Synology webserver, for example Nginx/Apache/Caddy etc.
Examples are similar like at Wekan wiki:


#3

Thank you for your reply. I managed to get it working finally. Your contribution made me give this a final push :slight_smile:

To anyone who stumble here looking for a solution:
If you have a DDNS domain like me (for example: “myprivatenas.synology.me”) here is what you do:
1: Log into DSM as a administrator
2: Go to Control panel -> Application portal -> Reverse proxy
3: Click “Create”
4: in “Description” give the the setting a name. In “source” select “HTTPS” in protocol, and now the important bit, in “Hostname” write the url you want to access it with, but as a subdomain to the DDNS domain you aleady have so it could be “rocketchat.myprivatenas.synology.me”. Port 443. In “Destination” select “HTTPS” in protocol “localhost” in Hostname and “3000” in port.
5: Click “ok”.
6: Go to “Control panel” -> “Security” -> “Certificate”.
7: Create a new lets encrypt certificate but for the new subdomain you wrote in the reverse proxy.
8: When the certificate is created, highlight it, and click “Configure” in the top of the window
9: Now it should show a list of the various applications hosted on the NAS, including the new reverse proxy entry we just created.
10: next to the new reverse proxy entry we made, select the new certificate in the dropdown next to it and click “Ok”.
And thats it. Now it should be possible to access https://rocketchat.myprivatenas.synology.me with a proper lets encrypt certificate! (ofcoure rocketchat.myprivatenas.synology.me is just made up, but you should get the idea).


#4

Ok I have just unmarked my previous post as the solution because I can connect to the server from the rocket.chat iOS app. It just says “Ooops! Could not connect to this server!”.
Time for debugging…

Edit:
It works with the windows desktop app. Need to test android version If I can. Had trouble with the ios version before but that with a self-signed cert. Now it is a proper cert so it SHOULD work.


#5

You need to also check that your rocketchat url is correct when you login to rocketchat with webbrowser, at “3 dots” / Administration / General / Site URL, it should be with https:

https://rocketchat.myprivatenas.synology.me/


#6

That is in order, both the docker environment variable and the settings in rocket.chat.

UPDATE:
Confirmed that the android app can connect without issue. I have had trouble with iOS version before, and it’s troublesome that it is still causing issues even with a proper certificate.


#7

Just replying to my own post one final time. I have marked the post containing the correct answer as solution. I managed to get it working on iOS finally. The problem was the Synology reverse proxy could not handle websockets properly which is a requirement for the iOS app.
The solution was that time and luck was on my side, because incidentally a new DSM version for Synology was just released (version 6.2.1-23824). With it was new options and extensions for the built in reverse proxy. So to anyone who come across this post do the following:
1: Make sure your NAS is running at least DSM version 6.2.1-23824.
2: Go the the reverse proxy settings you have made (look at the earlier posts in this thread), highlight it and click “Edit”.
3: Click the tab “Custom Header”
4: Click the down arrow in the “Create” button".
5: A dropdown will appear with “Websocket”, click it.
6: Two new custom headers will appear automatically, now click “Ok”.
And that’s it!