Hey, newbie here. I've got a basic question about snap installations of rocket chat


#1

Hi. I’m a newbie to rocket chat and to backend stuff in general. I’m a designer learning to code. I’ve recently turned my old desktop into a personal Linux cloud server using NextCloud, and I have a simple docker based Only Office installation too that is integrated into the system. I even set up my own wikimedia instance!. So I thought I’d try installing Rocket Chat.

I found the installation with the snap version amazingly easy! Astounding!

But… I’m not quite sure where to go from here? How do I make this localhost:3000 operation accessible from outside my local network? I’ve got a domain name and DNS and I already have set up subdomains for my wiki, and cloud stuff. But… I don’t know what the next step is. I’ve fished around a bit, searching, but I’m not quite sure where to start.

My cloud and wiki are running off an nginx server. I found an article talking about setting up a reverse proxy (I’ve heard that a good bit before but I don’t really understand it) nginx thingy? I see an article on setting up Let’s Encrypt. I’ve done that plenty of times with my cloud and wiki. Got certbot etc already installed. But where do I point the DNS to? With the wiki and the cloud thing I set that up in my nginx config files. The Only Office stuff is a docker container and it was all automatically set up using an ansible script I got from a NextCloud dev, and it’s accessed and integrated through an app integration on my NextCloud instance. But the rocket chat I’m accessing is … where? exactly? I’ve never done much with snap other than occasionally install one. (Speaking of which, where is this snap physically stored on my HDD? My rootfs is kind of low on space so I’d prefer to shuffle it over to a separate drive. Or at least get a handle on how I could do that if I so chose. )

A lot of this is new for me. I’ve never worked with Mongo either.

EDIT: OH RIGHT! I have to set up the stuff in my sites enabled folder on my nginx thing so that when I point to my public IP it knows which server to route it to.

Which is just setting up the reverse proxy, which I found the info for here: https://rocket.chat/docs/installation/manual-installation/configuring-ssl-reverse-proxy/

That info would be good to be on the auto ssl page also. LIke a link to that article.

Why is it called reverse proxy anyway? That’s what confuses me so much. That term doesn’t seem very intuitive to me, and I’m sure there’s a good reason for it, I just don’t know it.

EDITEDIT: Okay… not out of the woods yet. I pointed my DNS and subdomain to my public IP, I set up the reverse proxy for my nginx server. I restarted it. I set up caddy to handle my SSL stuff, and. restarted it, checked the status of it, looks good, and… I go to my website subdomain I set up: howdy.jackalope.tech and it does not work.

It tells me that I need to add a security cert exception and if I do, it loads a NextCloud page telling me I’m trying to access from an unauthorized domain name (which makes sense because I have nextcloud as my default proxy and I have it configured to only work with localhost or it’s specific subdomain. If you want to check for yourself, I’ve set the rocket chat subdomain as:

howdy.jackalope.tech

Anybody know what’s up with it? Ideas?


#2

Okay I think I figured out part of the problem. So I have files for my wiki, cloud, and rocket chat servers in the sites available folder (with symlinks to them in the sites-enabled folder) but I also have mediawiki.conf and nextcloud.conf files in the nginx/conf.d folder… so I think I need a rocketchat.conf file too… but I don’t know what I’m supposed to put in there?

The nextcloud.conf file is very different than the cloud.jackalope.tech tile in my sites-enabled folder. And the same is true of the wiki files too. And the wiki file is in conf.d is very different from the nextcloud.conf file. And the reverse proxy tutorial found here: https://rocket.chat/docs/installation/manual-installation/configuring-ssl-reverse-proxy/ Shows a file that looks most like the files in the sites enabled folder. Though from the wording in that tutorial it sounds like the conf.d files are for one kind of set up while the site enabled files are for another and I shouldn’t be using them both?

I’m tempted to just take the mediawiki.conf file and copy paste it and fill in the relevant information for the rocketchat.conf but there’s a lot of info in there that I don’t know what to replace it with. Like what is the root for the rocket chat. It’s a snap server, while the wiki and nextcloud folders are just under my www-data folder. And I can’t insert the lcation of the certbot certs because they haven’t been made yet right? That’s what caddy is supposed to do?


#3

I have my sites hosted inside docker containers, using easyengine.io, so naturally ports 80 and 443 are taken. I installed rocket chat via snap and had to use a different port. What I did to make it work with SSL is use CloudFlare and self signed cert via Caddy, no Lets Encrypt needed.

https://chat.example.com:8443
tls self_signed
proxy / localhost:3000 {
  websocket
  transparent
}

CloudFlare allows a handful of HTTPS ports, other than 443.

Caddy: https://rocket.chat/docs/installation/manual-installation/ubuntu/snaps/autossl/
CloudFlare: https://support.cloudflare.com/hc/en-us/articles/200169156-Which-ports-will-Cloudflare-work-with-


#4

I don’t think currently that’s my biggest problem. SSL isn’t really the issue yet. I have full access to 80 and 443, and if I have to forgo Caddy and run certbot myself that’s not big deal. The real issue right now is I’m not even getting https://howdy.jackalope.tech properly routed to the server yet.

If you click that link you’ll get an ssl error, but if you accept the security exception you’ll see that nginx server is routing the user to Nextcloud (which is my default) and not routing it to rocket chat as it should. I think I followed the instructions of the site enabled files correctly, but apparently not.


#5

Try the Caddy route. Also you won’t be able to connect to the rocket chat desktop/mobile apps without SSL.


#6

Will do. But any ideas on what I should do about the DNS and NGINX reverse proxy not being redirected properly?


#7

Not sure, it’s probably not being properly proxied.


#8

@aslan.french ok if you already have nginx in the mix then nix caddy completely.

If you use caddy + nginx you’re going to end up with a double proxy in front of Rocket.Chat and that’s going to lead to all kinds of trouble. Easiest way to nix caddy is delete the Caddyfile.

Then from nginx take a look at adding something like:

https://rocket.chat/docs/installation/manual-installation/configuring-ssl-reverse-proxy/#running-behind-a-nginx-ssl-reverse-proxy

Handle your ssl just like you do with your other sites. The important part is to copy the proxy section of the nginx config in the example there.

If nginx is on the same server leave it proxying to 127.0.0.1:3000; and all should be good.


#9

Hi, Aaron,

Thanks for responding. I think I have already set up the nginx reverse server proxy though. I mentioned that in my post.

I’ll go ahead and remove caddy though.

The issue I’m having is that I’m not sure where I’m supposed to set it up. The instructions say conf.d for docker, or sites-enabled for regular set up but I have both conf.d and sties-enabled files for my wiki and nextcloud servers. I tried setting up the sites-enabled file and it didn’t work. I also don’t see any instructions for how things are supposed to look in the conf.d files.

Also, when I went on the open community chat server and asked for some help, someone told me that I needed to set up a virtual host. I have a vague memory of doing so for my wiki and nextcloud servers, but upon looking up virtual hosts, I see that just refers to the files in my sites-enabled folder. What’s the difference between a virtual host and a reverse server proxy?


#10

A virtual host is what nginx uses to identify how to handle a domains traffic.

So basically with the config file you dropped into sites-available you are saying. “Hey… if you get chat.mydomain.com… proxy traffic through to 127.0.0.1:3000”

The big thing is after you add a file into sites-enabled you need to actually cause nginx to reload.

Typically after I make modifications I run: nginx -t this will test and make sure your files are valid.

Then you need to restart or reload nginx. sudo systemctl restart nginx or your OS’s equivalent.


#11

Yes of course. I restarted nginx multiple times.

I’ve actually decided to uninstall the snap package and just follow a more traditional rocket chat nginx install since that seems like it will be more straightforward and better documented for my current set up.

Also you explained what the virtual host was, but what exactly is the difference between that and the reverse proxy? Is it the same thing?


#12

I would not want to disturb any of the ongoing research and exchange you’ve had with the previous users answering this one but i’ll just pop a bit and share my setup because it is very very similar to what you want to achieve : Nginx Reverse Proxy + Nextcloud + RocketChat + LetsEncrypt for SSL with Docker

What helped me to make it work was this : the docker-compose-letsencrypt-nginx-proxy-companion

This guy has a corresponding config for Nextcloud here and i shared my config for RocketChat here (in french but still, i embedded the RocketChat docker-compose file at the end)

If you want to explore this path, i’ll gladly help you find a working solution.

(just a precision about virtual host for general knowledge : it’s not a principle specific to nginx)


#13

Thank you! That’s super helpful. I don’t have my nextcloud installation in a docker container, but I’m saving this for the future as next time I help a friend install nextcloud I’ll probably use this.


#14

A virtual host entry is an entry for telling nginx how to treat and direct the traffic.

Slightly lengther explaination

So you have nginx/apache2/caddy/traefik or any other number of solutions they listen for web traffic.

They have many different functionalities. They rely on you to tell them what to do with traffic for your domain. This is done using what some of these call virtual hosts. Others just call it the config.

In this config you can tell it to act as a reverse proxy and proxy traffic through to something like Rocket.Chat. In Nextcloud case you would be telling it to interface with a php parser and likely tell it the directory.

Also in this config you would set ssl certificates to use when accepting traffic, redirects from http -> https etc… etc…

Can maybe think of it as defining a road and the rules and traffic laws associated with that road.

Definitely something useful to get familiar with :slight_smile:


#15

Ah thank you, that’s very helpful. So basically a virtual host is the config file and the reverse proxy is the specific paradigm that the virtual host configuration might be utilizing to direct that traffic, correct?


#16

Precisely! Hopefully that helps! :slightly_smiling_face: