Message was grey and need refresh page to appear


Hello, I’ve an issue with message in my fresh instance.

I can hear the sound of message but don’t see them. To see the message I need to refresh page.

Server Setup Information

  • Version of Rocket.Chat Server: 5.0.4
  • Operating System: Debian 11
  • Deployment Method: Tar
  • Number of Running Instances: 1
  • DB Replicaset Oplog:
  • NodeJS Version: 14.20.0
  • MongoDB Version: 5.0.11 / wiredTiger (oplog Activé)
  • Proxy: nginx
  • Firewalls involved: No FW

Any additional Information

I have a first Nginx reverseproxy with this conf :

upstream backend {
   server IP_Of_RocketChat_Server:3000;
   keepalive 32;

server {
    if ($host = {
        return 301 https://$host$request_uri;
    } # managed by Certbot

  #listen 80 default_server;
  return 301 https://$server_name$request_uri;

server {
   listen 443 ssl http2;

   http2_push_preload on; # Enable HTTP/2 Server Push

   # Enable TLS versions (TLSv1.3 is required upcoming HTTP/3 QUIC).
   ssl_protocols TLSv1.2 TLSv1.3;

   # Enable TLSv1.3's 0-RTT. Use $ssl_early_data when reverse proxying to
   # prevent replay attacks.
   # @see:
   ssl_early_data on;

   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:SSL:50m;
   # HSTS (ngx_http_headers_module is required) (15768000 seconds = six months)
   add_header Strict-Transport-Security max-age=15768000;
   # OCSP Stapling ---
   # fetch OCSP records from URL in ssl_certificate and cache them
   ssl_stapling on;
   ssl_stapling_verify on;

   add_header X-Early-Data $tls1_3_early_data;

location / {
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       client_max_body_size 50M;
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       client_body_timeout 60;
       send_timeout 300;
       lingering_timeout 5;
       proxy_connect_timeout 90;
       proxy_send_timeout 300;
       proxy_read_timeout 90s;
       proxy_http_version 1.1;
       proxy_pass http://backend;


    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot

# This block is useful for debugging TLS v1.3. Please feel free to remove this
# and use the `$ssl_early_data` variable exposed by NGINX directly should you
# wish to do so.
map $ssl_early_data $tls1_3_early_data {
  "~." $ssl_early_data;
  default "";

And this is the nginx conf on my rocketchat server :

upstream rocket_backend {

server {
    listen 80;
    access_log /var/log/nginx/rocketchat-access.log;
    error_log /var/log/nginx/rocketchat-error.log;

    location / {
        proxy_pass http://rocket_backend/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;

        proxy_redirect off;

Thank for reply :slight_smile:

Hi! Welcome to our community :slight_smile:

We have a comprehensive reverse proxy section in our docs here:

Please, make your settings match those.

Also, can you reproduce this error on a clean, fresh, docker install, accessing it locally?

Let me know if this helps.

Which nginx need this conf ?
The first ? Or the Nginx in the rocketchat ?

This is a fresh install from TAR.
I don’t wanna use Docker, sorry

I have changed my NGINX first reverseproxy with the conf like you said, but nothing change :confused:

You should only have one NGINX… rocketchat will listen at port 3000 and your nginx will proxy request there.

have you tried hard reloading it? Is there any outstanding logs in the browser console?

It’s not very simple for my case…
In fact I have many web server behind same public IP and I need a fisrt reverseproxy behind other web server and rocketchat :confused:

Oh… I hear you, hehehe. In theory… this should not be a problem. But… you know.

The browser console errors may give us a hint. do you see any? or at the network tab, any faulty connection?

Also, do you see this kind of error when acessing Rocket.Chat directly? Like, bypassing all those nginx on the way?

When I access to rocket with internal IP of server nothing change

Firefox can’t establish a connection to the server at wss:// de2a0a98a668e5a193ce98f6f7dfcb36e7148079.js:1311:22863

The connection to wss:// was interrupted while the page was loading.

Well… as you have two nginx on the way, they are probably not being able to pass the http2/websocket all the way down/between each other

Wait… so accessing RCHAT directly to where it’s installed, you still can’t use it?

Yes :sweat_smile: I think it was normal

You know the way where is the websocket in the rocketchat folder ?

To do something like that :

location /wsapp/ {
    proxy_pass http://wsbackend;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $host;

Hi @dudanogueira ,

No idea of folder/subfolder of wsocket ?

Oh, wait.

Check this out:

You should not use rocketchat under a subpath :thinking:

This will cause some unexpected behaviors.

Unfortunatly, I’m already on right solution.
I’m in this configuration :

May be my question was not very clear…
Do you know in the rocketchat fodler on server, where is the path of websocket ?

You mean where are files with the code?

the url will live here, this is where clients will connect to it.

If you are taking about the source code, I don’t see this as being relevant to that issue. This most certainly a problem with the two NGINX you have.

Also, have you tried disabling TLS 1.3? I have seen also some issues when this was on.

I can try to force tu use 1.2.

I can’t imagine no one have an infra. like mine :sweat_smile:

No chnages after force TLS 1.2 :frowning: