Description
I am trying to run HTTPS using certificates from my local network CA so I can connect mobile devices to my chat server. As this is running on an internal network I need everything to resolve properly on the local corporate network, even though the server can get to the open Internet. While I do own the domain I am using, it does not resolve to any address other than the domain naming host if RocketChat attempts to resolve the name externally not using the local DNS.
I have followed the instructions for setting up HTTPS with local certificates, but have been unable to get this to properly function. So I have two basic questions:
- How does RocketChat/Caddy perform name resolution so I can validate that it is pointing to the proper location.
- How should this be configured, if what I have done is incorrect, to enable use of a local certificate authority?
Below follows a summary of the installation.
Thanks,
CAS
I installed RocketChat on a new Ubuntu 18.04 LTS system using the snap
sudo snap install rocketchat-server
Then I enabled caddy as follows:
sudo snap set rocketchat-server caddy-url=https://cn-chat.mydomain.com
sudo snap set rocketchat-server caddy=enable
sudo snap run rocketchat-server.initcaddy
After this I edited the Caddy File:
/var/snap/rocketchat-server/current/Caddyfile to point to my certificates so it now looks like the following:
https://cn-chat.corkynan.com
tls /etc/ssl/cn-chat.mydomain.com.chain.pem /etc/ssl/cn-chat.mydomain.com.key.pem
proxy / cn-chat.mydomain.com:3000 {
websocket
transparent
}
The root CA for these certificates is installed on all systems on my local network.
When I run the commands:
sudo snap set rocketchat-server caddy=enable
~$ sudo snap set rocketchat-server https=enable
I get the following error message
error: cannot perform the following tasks:
- Run configure hook of “rocketchat-server” snap (run hook “configure”: Error: Your public IP doesn’t match the one resolved for caddy-url, disabling https …)
The ip address delivered by DNS on my local network is xxx.xxx.1.29
on the server I have updated the /etc/hosts file so that local name resolution returns the same address, with no change in results
Server Setup Information
Rocket.Chat
| Version | 2.4.11 |
|---|---|
| Apps Engine Version | 1.11.2 |
| Database Migration | 170 |
| Database Migration Date | April 17, 2020 4:01 PM |
| Installed at | April 17, 2020 12:28 PM |
| Uptime | 3 hours, 52 minutes, 1 seconds |
| Deployment ID | NtEnC8JhCvmRxgSuA |
| PID | 19501 |
| Running Instances | 1 |
| OpLog | Enabled |
Commit
| Hash | 8bc295e01ef53075a625cb781e61946568fc7689 |
|---|---|
| Date | Wed Feb 26 17:36:45 2020 -0300 |
| Branch | HEAD |
| Tag | 2.4.11 |
| Author | Diego Sampaio |
| Subject | Bump version to 2.4.11 |
Runtime Environment
| OS Type | Linux |
|---|---|
| OS Platform | linux |
| OS Arch | x64 |
| OS Release | 4.15.0-96-generic |
| Node Version | v8.17.0 |
| Mongo Version | 3.6.14 |
| Mongo Storage Engine | wiredTiger |
| OS Uptime | 7 hours, 49 minutes, 32 seconds |
| OS Load Average | 0.01, 0.04, 0.02 |
| OS Total Memory | 7.79 GB |
| OS Free Memory | 5.28 GB |
| OS CPU Count | 1 |
Build Environment
| OS Platform | linux |
|---|---|
| OS Arch | x64 |
| OS Release | 4.19.76-linuxkit |
| Node Version | v8.17.0 |
| Date | February 27, 2020 5:12 AM |
- Version of Rocket.Chat Server:
- Operating System:
- Deployment Method:
- Number of Running Instances:
- DB Replicaset Oplog:
- NodeJS Version:
- MongoDB Version:
- Proxy:
- Firewalls involved: