RocketChat with Suffix in ROOT_URL working except for /api/ecdh_proxy/initEncryptedSession

Description

Server Setup Information

  • Version of Rocket.Chat Server: 3.15.1
  • Operating System: Docker image
  • Deployment Method:
  • Number of Running Instances: 1
  • DB Replicaset Oplog: BYPASS_OPLOG_VALIDATION=true
  • NodeJS Version: 13.14.0
  • MongoDB Version: 4.0.25
  • Proxy:
  • Firewalls involved:

Any additional Information

I have an environment variable ROOT_URL configured as http://localhost:3000/rocketchat

It seems the RC client isn’t realizing that those api calls should be made to /rocketchat/api/…

Is there anything I can do to fix this?

Hi,

so tell us a bit more about your setup please?

What is in your yml file?

You have server on one machine and trying to connect from a client on another machine?

Did you setup a web proxy?

You might need to change the root URL to the proper name of the server, not localhost.

Hey there,

I’m currently testing on my local environment.

This is my current docker-compose.yml file:

version: '2'

services:
  rocketchat:
    image: rocketchat/rocket.chat:latest
    restart: unless-stopped
    volumes:
      - ./uploads:/app/uploads
    environment:
      - PORT=3000
      - ROOT_URL=http://localhost:3000/rocketchat
      - MONGO_URL=mongodb://mongo:27017/rocketchat
    #   - MONGO_OPLOG_URL=mongodb://mongo:27017/local
      - MAIL_URL=smtp://smtp.email
      - BYPASS_OPLOG_VALIDATION=true
#       - HTTP_PROXY=http://proxy.domain.com
#       - HTTPS_PROXY=http://proxy.domain.com
    depends_on:
      - mongo
    ports:
      - 3000:3000
    labels:
      - "traefik.backend=rocketchat"
      - "traefik.frontend.rule=Host: rocketchat.jollof.io"

  mongo:
    image: mongo:4.0
    restart: unless-stopped
    volumes:
     - ./data/db:/data/db
     #- ./data/dump:/dump
    # command: mongod --smallfiles --oplogSize 128 --replSet rs0
    labels:
      - "traefik.enable=false"

To test can you try it without the subdomain so JUST

http://localhost:3000

There was an issue with subdomains that should have been patched in 3.15.1 but there may still be other things there.

I suggest also get in the habit of never using ‘latest’ like this:

image: rocketchat/rocket.chat:latest

Use say:

image: rocketchat/rocket.chat:3.16.0

Saves any unpleasant surprises with upgrades!

I would also change it to 3.16.x which is released.

Also why this?? It is definitely not recommended.

 - BYPASS_OPLOG_VALIDATION=true

Ahhh. I just had a search and found these:

  • Option BYPASS_OPLOG_VALIDATION not working (#17143)

Upgrade to 3.16.x should help.

Unfortunately, upgrading to 3.16.0 did not work for me

Hmmm.

Just saw this:

Now, the interesting point is that we were going to drop subdir support, and we have decided to continue it.

3.15.1 fixed some subdir issues. This may be one that has been missed.

Can you check that issue please?

Hey John,

I’ve checked that issue you linked and can see no resolution for it

Ahhh - I just twigged this was yours:

I think you might want to set your root URL to your domain and make sure it resolves correctly. It could be a local private domain, or a public one, but it must resolve correctly.

Note: You must use the outside https address for the value at ROOT_URL in [[Section 3|Deploy-Rocket.Chat-without-docker#3-download-rocketchat]] above. This includes the https:// and leave off the port number. So instead of ROOT_URL=http://localhost:3000 use something like https://your_hostname.com

And how to modify that:

It seems I’m having the same issue and I’m not sure how to resolve it.
I’m using rocketchat 3.16.3 on a URL suffix:
https://mydomain.com/chat I have set my ROOT_URL to https://mydomain.com/chat
Everything works fine except for /api/ecdh_proxy/initEncryptedSession
Here is a short excerpt from the console:

Navigated to https://mydomain.com/chat/_oauth/keycloak?state=eyJsb2dpblN0eWxlIjoicmVkaXJlY3QiLCJjcmVkZW50aWFsVG9rZW4iOiJXN3dkN3l1OFF6M01QS0I4a2dhOVhubmlFYmFlWWFuZGVRTDFFMXRuQU1RIiwiaXNDb3Jkb3ZhIjpmYWxzZSwicmVkaXJlY3RVcmwiOiJodHRwOi8vdGVzdHNlcnZlci9jaGF0L2hvbWUifQ%3D%3D&session_state=7e946e53-9804-44c8-8c49-6e382e7eb167&code=9871a27d-2fc1-4fed-b000-bb5a4a8dbd45.7e946e53-9804-44c8-8c49-6e382e7eb167.58d8e5fc-9929-11eb-9c54-eff7529901fc
Navigated to https://mydomain.com/chat/home
VM322:1 POST https://mydomain.com/api/ecdh_proxy/initEncryptedSession 404 (Not Found)
VM322:1 XHR finished loading: POST "https://mydomain.com/chat/api/v1/method.callAnon/login".
VM322:1 XHR finished loading: GET "https://mydomain.com/chat/sockjs/info?cb=x7n57s6sfe".
VM322:1 XHR finished loading: POST "https://mydomain.com/chat/api/v1/method.callAnon/license%3AisEnterprise".
VM322:1 Fetch failed loading: POST "https://mydomain.com/api/ecdh_proxy/initEncryptedSession".
VM322:1 XHR finished loading: POST "https://mydomain.com/chat/api/v1/method.callAnon/public-settings%3Aget".
VM322:1 XHR finished loading: GET "https://mydomain.com/chat/_timesync".

As you can see it loads all requests from the correct URL except for api/ecdh_proxy/initEncryptedSession. It looks for that one in the root.
This issue only started once I added a custom keycloak OAuth provider.

@stefan.badenhorst I ended up using RC without the suffix on localhost where the problem was occuring.

However for my dev environment, we’re using k8s and actually got RC to work with the suffix… let me share the redacted k8s values.yml files with you for your perusal. Hopefully they’ll help.

# Default values for temp.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

replicas: 1
projectName: rocketchat
namespace: dev

image:
  repository: docker.io/library/rocket.chat
  tag: 3.16.2
  pullPolicy: IfNotPresent

secret:
  name: rocketchat-secrets
  data:
    MONGO_SERVER_CONNECT_STR: mongodb://mongo-svc/chat

configmap:
  name: rocketchat-config
  data:
    ROOT_URL: <our-api-domain>/rc
    MONGO_URL: mongodb://mongo-svc/chat
    MONGO_OPLOG_URL: mongodb://mongo-svc/local?replSet=rs0
    MONGO_OPTIONS: '{ "serverSelectionTimeoutMS": 30000 }'
    PORT: 3000

service:
  name: rocketchat-svc
  targetPort: 3000
  port: 3000
  imapPort: 993
  imapTargetPort: 993

ingress:  
  name: rocketchat-ing
  enabled: true
  annotations:
    kubernetes.io/ingress.class: nginx-dev
    nginx.ingress.kubernetes.io/proxy-body-size: 50m
  path: /rc/?(.*)
  hosts:
    - <our-api-domain-without-https://-prefix>

As per this please note that we had fixed some issues but noted there were more which are being worked on during the current sprint.

We will try and get these released as soon as we can so you don’t have to do so many ugly workarounds!

This post refers: