RocketChat: Reverse proxy on other host

Description

I would like to host RocketChat on one server and my apache proxy on another (same local network). How to make the websocket work?
I tried to modify the apache configuration but it doesn’t work. Is there an option to allow the websocket other than 127.0.0.1?
Here is my configuration that I tried:

<VirtualHost *:80>
        Servername example

        RewriteEngine On
        RewriteCond %{HTTP:Upgrade} =websocket [NC]
        RewriteRule /(.*)           ws://192.168.1.XX:3000/$1 [P,L]
        RewriteCond %{HTTP:Upgrade} !=websocket [NC]
        RewriteRule /(.*)           http://192.168.1.XX:3000/$1 [P,L]

        ProxyPreserveHost       On
        # exclude /.well-known/acme-challenge/ for let's encrypt renew
        ProxyPass /.well-known/acme-challenge/ !
        ProxyPass               /       http://192.168.1.XX:3000/
        ProxyPassReverse        /       http://192.168.1.XX:3000/

        ErrorLog        /var/log/apache2/error.log
        CustomLog       /var/log/apache2/access.log combined

</VirtualHost>

Server Setup Information

  • Version of Rocket.Chat Server: 2.1.1 stable
  • Operating System: Ubuntu 18.04.3 LTS"
  • Deployment Method: snap
  • Proxy: apache

Any additional Information

firefox_5DNpkSSOyK

Translate: “Firefox cannot establish a connection with the server at the address wss://website/websocket”

I also tried to do a double reverse proxy:
main reverse proxy -> reverse apache proxy (on the same server as the snap version) -> to the local RocketChat server

I think it is because you are trying to run this via http/80 but it really all want to be on https/443

Hence “wss”.

Apache should redirect all 80 -> 443 and then reverse 443 -> rocket:3000

See this:
https://rocket.chat/docs/installation/manual-installation/configuring-ssl-reverse-proxy/

I just tried to switch to https but I got the same result.

Isn’t there a setting in RocketChat to allow the websocket on a specific ip?

I think RocketChat only allows 127.0.0.1 to connect but I’m not sure.

Servername example
    SSLEngine on
    SSLCertificateFile               /usr/local/etc/tls/example/fullchain.pem
    SSLCertificateKeyFile            /usr/local/etc/tls/example/privkey.pem

    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /(.*)           ws://192.168.1.173:3000/$1 [P,L]
    RewriteCond %{HTTP:Upgrade} !=websocket [NC]
    RewriteRule /(.*)           http://192.168.1.173:3000/$1 [P,L]

    ProxyPreserveHost       On
    # exclude /.well-known/acme-challenge/ for let's encrypt renew
    ProxyPass /.well-known/acme-challenge/ !
    ProxyPass               /       http://192.168.1.173:3000/
    ProxyPassReverse        /       http://192.168.1.173:3000/

    ErrorLog        /var/log/apache2/example-https-error.log
    CustomLog       /var/log/apache2/example-https-access.log combined

I forgot to enable apache module “proxy_wstunnel”, problem is solve.