SSL/Reverse Proxy Issues... maybe? (Not ROOT_URL Problem)

#1

Hello everyone, and thank you in advance for your assistance. Rocketchat is a great project and I’m grateful to all the contributors out there! Since I am pretty deaf and dumb when it comes to this project, I am seeking the smarts of people in the know.

My problem, simply put, is that I cannot reach my rocketchat any other way than visiting:

http: // mydomain. com:3000

I cannot access it via https. I cannot access it without the port number affixed at the back. I cannot get it to run through https at all.

When I browse to: https: //mydomain .com

I get a “Welcome to Nginx” screen.

I’m running Rocketchat on Centos 7. I have letsencrypt certs installed, and I’ve checked that SSL is correctly implemented at an SSL checking website (she gets an A+)
I set up an NGINX reverse proxy after setting up certificates. I’m not certain it works (I’m assuming it doesn’t because it isn’t sending traffic where it is supposed to go, based on the nginx entries).

My ROOT_URL param is: https:// mydomain. com

My /etc/nginx/conf.d/mydomain.com.conf looks pretty much exactly like this (but, of course, with my domain where “example.com” should be):

    upstream rocketchat_backend {
      server 127.0.0.1:3000;
    }

    server {
        listen 80;
        server_name example.com www.example.com;

        include snippets/letsencrypt.conf;
        return 301 https://example.com$request_uri;
    }

    server {
        listen 443 ssl http2;
        server_name www.example.com;

        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
        include snippets/ssl.conf;

        return 301 https://example.com$request_uri;
    }

    server {
        listen 443 ssl http2;
        server_name example.com;

        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
        include snippets/ssl.conf;
        include snippets/letsencrypt.conf;

        access_log /var/log/nginx/example.com-access.log;
        error_log /var/log/nginx/example.com-error.log;

        location / {
            proxy_pass http://rocketchat_backend/;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $http_host;

            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forward-Proto http;
            proxy_set_header X-Nginx-Proxy true;

            proxy_redirect off;
        }
    }
    ```

I would deeply appreciate assistance here. :D
0 Likes