Multiple URL with Reverse Proxy (nginx)

Community Support
1

Description

Server Setup Information

  • Version of Rocket.Chat Server: 3.14.1
  • Operating System: Windows
  • Deployment Method: tar
  • Number of Running Instances: 2
  • DB Replicaset Oplog: +
  • NodeJS Version: v12.18.4
  • MongoDB Version: 4.4
  • Proxy: nginx
  • Firewalls involved: -

Any additional Information

Hi! We use Rocket.Chat with nginx and multple Site_URL links for internet and intranet.

Quotes not working correctly (empty message) on an external site that is configured via nginx.

There are several branches on this topic in the git and still not a single solution.

Any help?

2

Hi.

First thing is to upgrade to AT LEAST the latest 3.14.x please. See the please notes.

As far as I am aware that isn’t a supported option? Why don’t you use one name/url only?

Can you give us a bit more information on how this is set up please?

Also can you give us some references?

3

For external url, we use constraints for:
Admin console, some attachmetns, etc.

It is also necessary to reduce traffic and our security system is designed in such a way that it is necessary to use several urls.

Because before nginx, there is another traffic control system.

I upgraded to version 3.14.5 today - it didn’t help.

site_url - we have specified the internal address (of the domain network) rocket.insideDomain. com and qotes are working correctly

The external address rocket.outsideDomain. com is specified - when using quotes (an empty message is quoted)

upstream_backend {

192.168.1.15:3000
192.168.1.15:3001

server {
listen 80 port;
server_name rocket.insideDomain .com
return htt ps: // $ server_name $ request_uri;
}

geo $ outside_user {
# Some Geolocation settings are defined here
}

server {
listen 80 port;
server_name rocket.outsideDomain .com
return htt ps: // $ server_name $ request_uri;
}

It seems that something similar is being discussed here: the need to use different urls for the internal and external network.

https:// github. com/RocketChat/Rocket.Chat/issues/6899

Please see the attachment:

[Album] imgur.com

An empty message is quoted :frowning:

4

Hi there!

As you stated, the site_url is configured to the internal IP/Address. and you also access Rocket Chat from an external IP/Domain.

The problem might be that, when sending audio or images, Rocketchat client will look for site_url/uploads/imagem.png or something like that. And this site_url is unavailable for external users.

I have this kind of scenario here, and what I do is to create an internal zone, and point to the internal proxy.

So site_url is http://chat.mycompany.com, and for internal users, will also use this address, but I created an internal zone at our dns, that will redirect chat.mycompany.com to the internal ip.

With that, the user will always use http://chat.mycompany.com and everything works as expected.

Hope I have helped you somehow!

Happy Rocking!

1 Like
5

Hi!

Thanks, thats great opportunity, but with the help of nginx we use the restriction on downloading files and the security department will not be able to confirm such an implementation to us :’(

Any another help?

6

This will not affect nginx configurations and your configured restrictions.

It will only affect how your internal dns resolves to http://chat.mycompany.com

If your security department doesn’t allow tampering with internal DNS, you still have the option to change it at the computer level (like in Linux’s /etc/hosts on each computer). But depending on the scale of you scenario, this is probably counter-productive.

2 Likes