Is there best practice to Rocket.Chat (Docker) installed in DMZ (Firewall)

Community Support
1

Description

Good afternoon Sirs,

I am new to the rocket.chat world, I am setting up a docker-based server in a DMZ to homologate integrations such as social media and communication tools (Telegram, WhatsApp, Instagram, facebook, etc.). I’m having some difficulties related to documentation, I can’t find material related to this kind of topology, nor material related to firewall like port-usage, or best practices for DMZ.

If there is material and for lack of experience in browsing the wiki documentation of rocket.chat I have not seen, put the link for me, or if you have done something like this and want to share the best practices implemented will be grateful.

Topology example:

rocket_chat_dmz
rocket_chat_dmz875×320 7.95 KB

Does anybody know the client server flow communications?

Server Setup Information

  • Version of Rocket.Chat Server: 3.11
  • Operating System: debian
  • Deployment Method: docker
  • Number of Running Instances: 1
  • DB Replicaset Oplog: NA
  • NodeJS Version: NA
  • MongoDB Version: NA
  • Proxy: no
  • Firewalls involved: Yes
2

Hi! Sorry for the late response!

Welcome to our forums :slight_smile:

As we discussed previously, this will vary depending on the deployment scenario you have.

When it comes to port usage, for example, on a regular Rocket.Chat deployment you will have a proxy server in front of it, that will handle ports 80 and 443, forwarding/proxying the requests to Rocket.Chat internally.

So usually you will have a reverse-proxy in front of it all, and when a domain like chat.company.com arrives, the reverse-proxy will route this request back and forth to Rocket.Chat.

it’s important to use HTTPS/SSL with your deployment/domain, in order to use features like connecting from mobile, telegram integration, and others. Here we a have a nice documentation about it:

3

Hi @dudanogueira ,

Do you know if there are any limitations for NAT?
In this scenario that I shared, if I configure a NAT on firewall, is there a problem or limitation for future integrations that I will make with social media and communication via API webhook?

4

As long as you have a working HTTPS domain, everything should work.

Telegram, Mobile App and possibly other integrations wil require a SSL/HTTPS domain to connect to.

So this will work fine:
https://chat.mycompany.com

Not having ssl/https will prevent you from using some features.