Rocket cloud fails authentication after Nginx installed

GreenCanuck · January 13, 2021, 8:38pm

Description

I installed the rocket.chat server, using snaps, several times quite successfully, including authentication with the rocket.chat cloud. But it was only after configuring Nginx to use a commercial SSL that the ability to authorize the server’s access to the Rocket.Chat cloud broke.

All clients fail to authenticate, but when the web client fails, it comes back with this error:
http://localhost/admin/cloud/oauth-callback?code=ebTB9hM7QdPoxYEk0Z4B&state=YPNi2XchenqXcuKge

The server status had the following errort:
Jan 13 14:44:31 rocketchat rocketchat-server.rocketchat-server[1527]: Failed to get AccessToken from Rocket.Chat Cloud. Error: oauth_invalid_cli>
Jan 13 14:44:31 rocketchat rocketchat-server.rocketchat-server[1527]: Server has been unregistered from cloud

Any advice appreciated. First time installing rocket.chat, so it’s possible that I’ve made a stupid mistake, particularly in the nginx config file.

Server Setup Information

Version of Rocket.Chat Server: 3.9.3
Operating System: Ubuntu 20.04
Deployment Method: snap
Number of Running Instances: 1
DB Replicaset Oplog:
NodeJS Version: 12.18.4
MongoDB Version: 3.6.14
Proxy: nginx
Firewalls involved: none

Any additional Information

Nginx /etc/nginx/conf.d/rocketchat.conf

upstream rocket_backend {
server 127.0.0.1:3000;
}

server {
server_name rocketchat.example.ca;
access_log /var/log/nginx/rocketchat-access.log;
error_log /var/log/nginx/rocketchat-error.log;

location / {
    proxy_pass http://rocket_backend/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forward-Proto http;
    proxy_set_header X-Nginx-Proxy true;

    proxy_redirect off;
}

listen 443 ssl;
ssl_certificate /etc/ssl/fullchain.pem;
ssl_certificate_key /etc/ssl/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

}

#server {
# if ($host = rocketchat.example.ca) {
# return 301 https://$host$request_uri;
# }

#listen 80;
# server_name rocketchat.example.ca;
# rewrite ^ https://$server_name$request_uri? permanent;
# return 404;

#}

GreenCanuck · January 13, 2021, 9:28pm

Fixed it. I needed to change the URL from http://localhost to https://example.com

The problem was that HTTP calls were not being redirected to HTTPS.

Topic		Replies	Views
Failed to authenticate with Rocket.chat cloud Community Support	5	2086	July 24, 2020
Failed to connect Cloud to Rocket Chat Server Community Support cloud	0	1079	March 23, 2021
Keycloak Integration with RocketChat OAuth Handshake Failure Community Support	5	1278	March 31, 2023
RocketChat and Keycloak uri error in Rocket chat log Community Support	7	3839	February 19, 2021
HELP! Setting up oauth with keycloack Community Support	26	4617	October 19, 2023

[Rocket.Chat v7.0: Join the webinar] Roadmap Reveal: on-prem AI, VoIP, and more! Save your seat ->

Rocket cloud fails authentication after Nginx installed

Description

Server Setup Information

Any additional Information

Related Topics