Rcoket.Chat from snap with nginx reverse proxy with Lets Encrypt - WebSocket issue (Android)

Community Support
1

Description

I have successfully installed Rocket.Chat on Raspbian Buster from snap.
Installed corebot to get the Lets Encrypt certificates and installed nginx to create the reverse proxy.

The whole setup is perfectly working, users logging in, but Android users. They can’t log in, the server address refuses to connect. Found out on this forum it is due to a websocket. Others like web browsers or iPhones all work as expected

But I cant figure out how to configure the nginx to keep the websocket working for Android clients.

Please, whoever made this work, be so kind and provide a working confidence file example. Thanks

Server Setup Information

  • Version of Rocket.Chat Server: 1.0.3
  • Operating System: Raspbian Buster 4.19.97-v7l+
  • Deployment Method: snap
  • Number of Running Instances: 1
  • DB Replicaset Oplog: Enabled
  • NodeJS Version: v8.11.4
  • MongoDB Version: 3.2.15
  • Proxy: nginx
  • Firewalls involved: no, directly exposed to a internet fixed ip address

Any additional Information

This is my configuration of nginx:

/etc/nginx/sites-enable/@default

Upstreams

upstream backend {
server 127.0.0.1:3000;
}

HTTPS Server

server {
listen 443;
server_name chat.ourdomain.mobi;

# You can increase the limit if your need to.
client_max_body_size 200M;

error_log /var/log/nginx/rocketchat.access.log;

ssl on;
ssl_certificate /etc/nginx/certificate.crt;
ssl_certificate_key /etc/nginx/certificate.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE

location / {
    proxy_pass http://backend/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forward-Proto http;
    proxy_set_header X-Nginx-Proxy true;

    proxy_redirect off;
}

}

the etc/nginx/nginx.conf is standard:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/.conf;
include /etc/nginx/sites-enabled/*;
}

the error log does not show any errors :frowning:

2

Hi everyone. I have tried to install apache2 as a reverse proxy to replace the nginx as I red that the Apache does handle websocket correctly.
Unfortunately Android devices still have issues connecting.

My rocket chat.conf looks like this:

Listen 443

<VirtualHost *:443>
ServerAdmin it@mydomain.eu
ServerName chat.mydomain.eu

LogLevel info
ErrorLog /var/log/chat.mydomain.eu_error.log
TransferLog /var/log/chat.mydomain.eu_access.log

SSLEngine On
SSLCertificateFile /etc/ssl/certs/chat.mydomain.eu.crt
SSLCertificateKeyFile /etc/ssl/private/chat.mydomain.eu.key

<Location />
    Require all granted
</Location>

RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*)           ws://localhost:3000/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*)           http://localhost:3000/$1 [P,L]

ProxyPassReverse /          http://localhost:3000/