Good afternoon Sirs,
I am new to the rocket.chat world, I am setting up a docker-based server in a DMZ to homologate integrations such as social media and communication tools (Telegram, WhatsApp, Instagram, facebook, etc.). I’m having some difficulties related to documentation, I can’t find material related to this kind of topology, nor material related to firewall like port-usage, or best practices for DMZ.
If there is material and for lack of experience in browsing the wiki documentation of rocket.chat I have not seen, put the link for me, or if you have done something like this and want to share the best practices implemented will be grateful.
Does anybody know the client server flow communications?
Server Setup Information
- Version of Rocket.Chat Server: 3.11
- Operating System: debian
- Deployment Method: docker
- Number of Running Instances: 1
- DB Replicaset Oplog: NA
- NodeJS Version: NA
- MongoDB Version: NA
- Proxy: no
- Firewalls involved: Yes
Hi! Sorry for the late response!
Welcome to our forums
As we discussed previously, this will vary depending on the deployment scenario you have.
When it comes to port usage, for example, on a regular Rocket.Chat deployment you will have a proxy server in front of it, that will handle ports 80 and 443, forwarding/proxying the requests to Rocket.Chat internally.
So usually you will have a reverse-proxy in front of it all, and when a domain like chat.company.com arrives, the reverse-proxy will route this request back and forth to Rocket.Chat.
it’s important to use HTTPS/SSL with your deployment/domain, in order to use features like connecting from mobile, telegram integration, and others. Here we a have a nice documentation about it:
Hi @dudanogueira ,
Do you know if there are any limitations for NAT?
In this scenario that I shared, if I configure a NAT on firewall, is there a problem or limitation for future integrations that I will make with social media and communication via API webhook?
As long as you have a working HTTPS domain, everything should work.
Telegram, Mobile App and possibly other integrations wil require a SSL/HTTPS domain to connect to.
So this will work fine:
Not having ssl/https will prevent you from using some features.