Rocket cloud fails authentication after Nginx installed

Description

I installed the rocket.chat server, using snaps, several times quite successfully, including authentication with the rocket.chat cloud. But it was only after configuring Nginx to use a commercial SSL that the ability to authorize the server’s access to the Rocket.Chat cloud broke.

All clients fail to authenticate, but when the web client fails, it comes back with this error:
http://localhost/admin/cloud/oauth-callback?code=ebTB9hM7QdPoxYEk0Z4B&state=YPNi2XchenqXcuKge

The server status had the following errort:
Jan 13 14:44:31 rocketchat rocketchat-server.rocketchat-server[1527]: Failed to get AccessToken from Rocket.Chat Cloud. Error: oauth_invalid_cli>
Jan 13 14:44:31 rocketchat rocketchat-server.rocketchat-server[1527]: Server has been unregistered from cloud

Any advice appreciated. First time installing rocket.chat, so it’s possible that I’ve made a stupid mistake, particularly in the nginx config file.

Server Setup Information

  • Version of Rocket.Chat Server: 3.9.3
  • Operating System: Ubuntu 20.04
  • Deployment Method: snap
  • Number of Running Instances: 1
  • DB Replicaset Oplog:
  • NodeJS Version: 12.18.4
  • MongoDB Version: 3.6.14
  • Proxy: nginx
  • Firewalls involved: none

Any additional Information

Nginx /etc/nginx/conf.d/rocketchat.conf

upstream rocket_backend {
server 127.0.0.1:3000;
}

server {
server_name rocketchat.example.ca;
access_log /var/log/nginx/rocketchat-access.log;
error_log /var/log/nginx/rocketchat-error.log;

location / {
    proxy_pass http://rocket_backend/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forward-Proto http;
    proxy_set_header X-Nginx-Proxy true;

    proxy_redirect off;
}

listen 443 ssl;
ssl_certificate /etc/ssl/fullchain.pem;
ssl_certificate_key /etc/ssl/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

}

#server {
# if ($host = rocketchat.example.ca) {
# return 301 https://$host$request_uri;
# }

#listen 80;
# server_name rocketchat.example.ca;
# rewrite ^ https://$server_name$request_uri? permanent;
# return 404; 

#}

Fixed it. I needed to change the URL from http://localhost to https://example.com

The problem was that HTTP calls were not being redirected to HTTPS.