Rocket.Chat is an open-source messaging app built with Meteor. It supports video conferencing, file sharing, voice messages, has a fully-featured API, and more. Rocket.Chat is great for those who prefer to have full control over their communications.
In this tutorial, we will be installing and configuring Rocket.Chat on a fresh Ubuntu server as well as setting up a reverse proxy via Nginx to boost security and make accessing Rocket.Chat much easier. Once we’re finished, you’ll have a functional instance of Rocket.Chat accessible from virtually anywhere.
To follow this tutorial, you will need:
In this section, we’ll be installing some of Rocket.Chat’s dependencies such as MongoDB and NodeJS.
Let’s start with getting MongoDB up and running. First, we need to add a keyserver so we can access the packages.
Then we need to set the repo to use.
Now, update the package lists.
Now that that’s done, we can go ahead and install npm
, mongodb-org
, curl
and graphicsmagick
, which are all dependencies of Rocket.Chat:
We need to install a package using NPM to allow us to change the node version:
Use that package to change the node version to 0.10.40
.
Next, we’ll install Rocket.Chat itself and do a little bit of configuration.
To start off, download the latest stable version of Rocket.Chat using curl
.
Expand the archive we just downloaded using the tar
command.
This expands the entire archive into a directory named bundle
. Let’s move the contents of the bundle
directory into something easier to remember.
Change into the directory where we’ll install Rocket.Chat using NPM.
Install Rocket.Chat.
Move back into the parent Rocket.Chat
directory.
We need to set up some environmental variables to help Rocket.Chat keep track of things like URLs, ports, and more.
First, set the ROOT_URL
variable to your domain name. This must be in the form of a URL.
Set MongoDB’s URL under the MONGO_URL
variable.
Set the PORT
variable to 3000
.
Now you can run Rocket.Chat using the following command:
If there aren’t any errors, it works! For now, though, stop Rocket.Chat using CTRL+C
. Now that Rocket.Chat is installed, we need to set up Nginx to proxy all of its traffic using a reverse proxy, making accessing Rocket.Chat easier and encrypting all of your communications with your SSL certificate.
To start off, install Nginx.
Move your certificate’s private key to /etc/nginx/certificate.key
.
For example, if you created a Let’s Encrypt certificate, you would use sudo cp /etc/letsencrypt/live/your_domain_name/privkey.pem /etc/nginx/certificate.key
.
Modify the key’s permissions so unauthorized thieves can’t gain access.
Copy the certificate itself to /etc/nginx/certificate.crt
.
If you created a Let’s Encrypt certificate, the command would be similar to sudo cp /etc/letsencrypt/live/your_domain_name/cert.pem /etc/nginx/certificate.crt
.
We’re going to be creating an entirely new configuration for Rocket.Chat, so you can delete the default to make it a little easier.
If you need that file back for any reason in the future, it is still available at /etc/nginx/sites-available/default
Create a new /etc/nginx/sites-enabled/default
with nano
or your favorite text editor.
First, we’ll add an upstream
block:
# Upstreams
upstream backend {
server 127.0.0.1:3000;
}
Underneath that, let’s create a server
block. The first part tells Nginx which port to listen for connections on, in this case :443
. It also let’s it know what our hostname is. Don’t forget to replace example.com
with your domain name.
server {
listen 443;
server_name example.com;
Under that, we tell Nginx where to store Rocket.Chat’s access logs, and point it to the SSL certificate and key we placed in /etc/nginx/certificate.key
and /etc/nginx/certificate.crt
respectively.
error_log /var/log/nginx/rocketchat.access.log;
ssl on;
ssl_certificate /etc/nginx/certificate.crt;
ssl_certificate_key /etc/nginx/certificate.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
And now we finish the configuration off with a location
block:
location / {
proxy_pass http://example.com:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
Here’s the full file for reference:
server {
listen 443;
server_name example.com;
error_log /var/log/nginx/rocketchat.access.log;
ssl on;
ssl_certificate /etc/nginx/certificate.crt;
ssl_certificate_key /etc/nginx/certificate.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
location / {
proxy_pass http://example.com:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
Save and exit the file. Finally, restart Nginx to finish the job.
Check if Nginx is running.
If you see the following message, Nginx is up and running:
* nginx is running
If you see an error message, check the logs at /var/log/nginx/rocketchat.access.log
and /var/log/nginx/access.log
or the error logs at /var/log/nginx/error.log
. You can also run nginx -t
to verify your Nginx configuration file, which is where most errors show up.
Make sure you’re still in the Rocket.Chat
folder.
Then run the following command to start Rocket.Chat back up again.
Rocket.Chat should now be live at https://example.com
. You can verify this by visiting that address in your favorite browser.
In the next section, we’ll configure Rocket.Chat to automatically run at boot using a node module called forever-service
.
forever-service
automatically generates init scripts for node apps such as Rocket.Chat. To start off, we need to install forever
itself, which forever-service
depends on.
Then, install forever-service
.
Create a service using forever-service
:
-s
flag followed by main.js
tells forever-service our script is named main.js
, not app.js
, which is default.-e
flag followed by "ROOT_URL=https://example.com/ MONGO_URL=mongodb://localhost:27017/rocketchat PORT=3000"
passes our environmental variables to forever-service.rocketchat
tells forever-service what to name the service.For more detailed information on forever-service’s syntax, run forever-service --help
.
Now we can start Rocket.Chat. This will initialize the rocketchat
service created by forever-service
.
Rocket.Chat should now be live at the URL you set in Step 2. Make sure you’re using HTTPS here.
Rocket.Chat should be is ready to go. In the next section, we’ll add our first admin user to Rocket.Chat and take a tour around the interface.
Visit the URL we set Rocket.Chat up on earlier. You should see something like this:
Click on Register a new account, then enter the user information for your first admin.
Click Submit, and then choose a username for your new user:
After clicking Use this username, you will be taken to the homepage:
That’s all! You’ll see on the right, a #general channel has already been created for you. If you click on it, you’ll be taken to the chatroom. Feel free to play around a bit.
Now let’s take a tour of the interface. First, let’s go ahead and make a new channel by clicking the tiny plus button next to Channels:
Name it anything you’d like:
Now click Save, and you’ll be brought to your new channel.
To access the Administration interface, click the tiny arrow next to your username. It will pull down a menu:
Click on Administration. It will bring up a second menu:
Using this menu, we can configure and manage every aspect of our Rocket.Chat installation. In the Users section, we can manage the permissions of individual users, and even invite new ones. We can also add more features to our installation using the Integrations view.
Congratulations! You now have your very own chat solution for you and your team: Rocket.Chat, running on an Ubuntu 14.04 server. It is set to launch automatically at boot using forever-service
and is fully equipped with SSL using an Nginx reverse proxy. You may now want to add more members, create more channels, or maybe check out the Integrations section of the Administration menu. Have fun!
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Awesome work! Very complete, congratulations! :)
Thanks for the great tutorial.
I think I made a small mistake and I no longer can access the webUI. I am getting
I think the mistake I made was to enable SSL or Force SSL in the administration section. Is there a way to fix this?
In order to resolve chain issues with Letsencrypt , I would suggest changing the following line from
TO
sudo cat /etc/letsencrypt/live/your_domain_name/cert.pem /etc/letsencrypt/live/your_domain_name/chain.pem > /etc/nginx/certificate.crt
This comment has been deleted
What would be the method to accomplish this same setup using Apache instead of Nginx?
Hi,
I am the Founder and CEO of Rocket.Chat
I’d like to have our app added to your DigitalOcean’s One-Click Applications, what should we do?
Cheers,
Gabriel Engel
Thanks for this tutorial. You can even add giffy integration with the plugins :)
Excellent tutorial. I had it up and running from a new droplet inside an hour.
This comment has been deleted
Hi!
Can you help me? Where can i find this?
Move your certificate’s private key to
/etc/nginx/certificate.key
: