RocketChat with Suffix in ROOT_URL working except for /api/ecdh_proxy/initEncryptedSession


Server Setup Information

  • Version of Rocket.Chat Server: 3.15.1
  • Operating System: Docker image
  • Deployment Method:
  • Number of Running Instances: 1
  • DB Replicaset Oplog: BYPASS_OPLOG_VALIDATION=true
  • NodeJS Version: 13.14.0
  • MongoDB Version: 4.0.25
  • Proxy:
  • Firewalls involved:

Any additional Information

I have an environment variable ROOT_URL configured as http://localhost:3000/rocketchat

It seems the RC client isn’t realizing that those api calls should be made to /rocketchat/api/…

Is there anything I can do to fix this?


so tell us a bit more about your setup please?

What is in your yml file?

You have server on one machine and trying to connect from a client on another machine?

Did you setup a web proxy?

You might need to change the root URL to the proper name of the server, not localhost.

Hey there,

I’m currently testing on my local environment.

This is my current docker-compose.yml file:

version: '2'

    image: rocketchat/
    restart: unless-stopped
      - ./uploads:/app/uploads
      - PORT=3000
      - ROOT_URL=http://localhost:3000/rocketchat
      - MONGO_URL=mongodb://mongo:27017/rocketchat
    #   - MONGO_OPLOG_URL=mongodb://mongo:27017/local
      - MAIL_URL=smtp://
#       - HTTP_PROXY=
#       - HTTPS_PROXY=
      - mongo
      - 3000:3000
      - "traefik.backend=rocketchat"
      - "traefik.frontend.rule=Host:"

    image: mongo:4.0
    restart: unless-stopped
     - ./data/db:/data/db
     #- ./data/dump:/dump
    # command: mongod --smallfiles --oplogSize 128 --replSet rs0
      - "traefik.enable=false"

To test can you try it without the subdomain so JUST


There was an issue with subdomains that should have been patched in 3.15.1 but there may still be other things there.

I suggest also get in the habit of never using ‘latest’ like this:

image: rocketchat/

Use say:

image: rocketchat/

Saves any unpleasant surprises with upgrades!

I would also change it to 3.16.x which is released.

Also why this?? It is definitely not recommended.


Ahhh. I just had a search and found these:

  • Option BYPASS_OPLOG_VALIDATION not working (#17143)

Upgrade to 3.16.x should help.

Unfortunately, upgrading to 3.16.0 did not work for me


Just saw this:

Now, the interesting point is that we were going to drop subdir support, and we have decided to continue it.

3.15.1 fixed some subdir issues. This may be one that has been missed.

Can you check that issue please?

Hey John,

I’ve checked that issue you linked and can see no resolution for it

Ahhh - I just twigged this was yours:

I think you might want to set your root URL to your domain and make sure it resolves correctly. It could be a local private domain, or a public one, but it must resolve correctly.

Note: You must use the outside https address for the value at ROOT_URL in [[Section 3|Deploy-Rocket.Chat-without-docker#3-download-rocketchat]] above. This includes the https:// and leave off the port number. So instead of ROOT_URL=http://localhost:3000 use something like

And how to modify that:

It seems I’m having the same issue and I’m not sure how to resolve it.
I’m using rocketchat 3.16.3 on a URL suffix: I have set my ROOT_URL to
Everything works fine except for /api/ecdh_proxy/initEncryptedSession
Here is a short excerpt from the console:

Navigated to
Navigated to
VM322:1 POST 404 (Not Found)
VM322:1 XHR finished loading: POST "".
VM322:1 XHR finished loading: GET "".
VM322:1 XHR finished loading: POST "".
VM322:1 Fetch failed loading: POST "".
VM322:1 XHR finished loading: POST "".
VM322:1 XHR finished loading: GET "".

As you can see it loads all requests from the correct URL except for api/ecdh_proxy/initEncryptedSession. It looks for that one in the root.
This issue only started once I added a custom keycloak OAuth provider.

@stefan.badenhorst I ended up using RC without the suffix on localhost where the problem was occuring.

However for my dev environment, we’re using k8s and actually got RC to work with the suffix… let me share the redacted k8s values.yml files with you for your perusal. Hopefully they’ll help.

# Default values for temp.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

replicas: 1
projectName: rocketchat
namespace: dev

  tag: 3.16.2
  pullPolicy: IfNotPresent

  name: rocketchat-secrets
    MONGO_SERVER_CONNECT_STR: mongodb://mongo-svc/chat

  name: rocketchat-config
    ROOT_URL: <our-api-domain>/rc
    MONGO_URL: mongodb://mongo-svc/chat
    MONGO_OPLOG_URL: mongodb://mongo-svc/local?replSet=rs0
    MONGO_OPTIONS: '{ "serverSelectionTimeoutMS": 30000 }'
    PORT: 3000

  name: rocketchat-svc
  targetPort: 3000
  port: 3000
  imapPort: 993
  imapTargetPort: 993

  name: rocketchat-ing
  enabled: true
  annotations: nginx-dev 50m
  path: /rc/?(.*)
    - <our-api-domain-without-https://-prefix>

As per this please note that we had fixed some issues but noted there were more which are being worked on during the current sprint.

We will try and get these released as soon as we can so you don’t have to do so many ugly workarounds!

This post refers: