SSL/Reverse Proxy Issues... maybe? (Not ROOT_URL Problem)

koalabooze · April 16, 2019, 10:11pm

Hello everyone, and thank you in advance for your assistance. Rocketchat is a great project and I’m grateful to all the contributors out there! Since I am pretty deaf and dumb when it comes to this project, I am seeking the smarts of people in the know.

My problem, simply put, is that I cannot reach my rocketchat any other way than visiting:

http: // mydomain. com:3000

I cannot access it via https. I cannot access it without the port number affixed at the back. I cannot get it to run through https at all.

When I browse to: https: //mydomain .com

I get a “Welcome to Nginx” screen.

I’m running Rocketchat on Centos 7. I have letsencrypt certs installed, and I’ve checked that SSL is correctly implemented at an SSL checking website (she gets an A+)
I set up an NGINX reverse proxy after setting up certificates. I’m not certain it works (I’m assuming it doesn’t because it isn’t sending traffic where it is supposed to go, based on the nginx entries).

My ROOT_URL param is: https:// mydomain. com

My /etc/nginx/conf.d/mydomain.com.conf looks pretty much exactly like this (but, of course, with my domain where “example.com” should be):

    upstream rocketchat_backend {
      server 127.0.0.1:3000;
    }

    server {
        listen 80;
        server_name example.com www.example.com;

        include snippets/letsencrypt.conf;
        return 301 https://example.com$request_uri;
    }

    server {
        listen 443 ssl http2;
        server_name www.example.com;

        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
        include snippets/ssl.conf;

        return 301 https://example.com$request_uri;
    }

    server {
        listen 443 ssl http2;
        server_name example.com;

        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
        include snippets/ssl.conf;
        include snippets/letsencrypt.conf;

        access_log /var/log/nginx/example.com-access.log;
        error_log /var/log/nginx/example.com-error.log;

        location / {
            proxy_pass http://rocketchat_backend/;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $http_host;

            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forward-Proto http;
            proxy_set_header X-Nginx-Proxy true;

            proxy_redirect off;
        }
    }
    ```

I would deeply appreciate assistance here. :D

reetp · April 25, 2019, 2:58pm

OK - here are my basic nginx files. This is ALL there is to it. I have no other files at all. Just these two in the conf.d directory.

letsencrypt.conf

server {
  listen              1.2.3.4:80;
  server_name         example.com chat.example.com;
  location '/.well-known/acme-challenge' {
  default_type "text/plain";
   # My root is different but it matters not
    root       /tmp/letsencrypt-auto;
  }
  location / {
    return              301 https://$server_name$request_uri;
  }
}

rocketchat.conf

upstream backend {
    server 127.0.0.1:3000;
}
server {
    listen 1.2.3.4:443;
    server_name example.com chat.example.com;
    client_max_body_size 200M;
    error_log /var/log/nginx/rocketchat.access.log;
    ssl on;
    ssl_certificate /etc/dehydrated/certs/example.com/fullchain.pem;
    ssl_certificate_key /etc/dehydrated/certs/example.com/privkey.pem;
    # Mine ran fine without ssl_trusted but it seems to work
    ssl_trusted_certificate /etc/dehydrated/certs/example.com/chain.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
    location / {
        proxy_pass http://backend/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;
        proxy_redirect off;
    }
}

Pretty well as is from the documentation.

Only thing I should do is redirect/rewrite example.com to chat.example.com or block it entirely as occasionally you access it by mistake and the server wants to rename itself.

Beyond that this is a very basic setup and could be developed, but it should get you going.

Topic		Replies	Views
Old Root URL still works after reverse proxy setup Community Support rocketchat-apps	2	623	December 17, 2021
Integration of SSL (apologies for basic question) Community Support	0	636	November 8, 2019
Nginx reverse proxy help with nginx.conf file thx! Community Support	9	5219	October 5, 2018
White screen when accessed via NGINX reverse proxy Community Support	3	4547	January 2, 2019
Uploads over SSL stuck at 0% using nginx reverse proxy, works fine with HTTP Community Support	2	3121	October 3, 2019

[Rocket.Chat v7.0: Join the webinar] Roadmap Reveal: on-prem AI, VoIP, and more! Save your seat ->

SSL/Reverse Proxy Issues... maybe? (Not ROOT_URL Problem)

Related topics