Here's how you can configure HTTPS access for RocketChat.
Just tons of info. These steps worked with my server implementation, so they might help you!
This was tested in UBUNTU 18.04 server using RocketChat 0.70.4
This document is how to use NGINX SSL reverse proxy
You'll need to have a server that the name can be resolved like "rocketchat.company.com"
You'll need to be able request a certificate from a cert authority
Login to Ubunut CLI then install NGINX with the following command:
sudo apt-get install nginx
Request a key via OPENSSL
This is a bit of a chore from the CLI, so I used this page (hope it works still)
https://www.digicert.com/easy-csr/openssl.htm
https://www.digicert.com/easy-csr/openssl.htm
to help me generate the SSL certificate request syntax (highlighted in blue) which I paste into my CLI
openssl req -new -newkey rsa:2048 -nodes -out rocketchat.csr -keyout rocketchat.key -subj "/C=US/ST=California/L=Oakland/O=Company/CN=rocketchat"
The system will generate two files. One is your private .key, the other one is the .CSR or "request" key that you would submit to your certificate authority.
Once you get your public key back, perform these functions:
The private key that is generated, put it into
/etc/nginx/certificate.key
make it harder to change by assigning permission 400
chmod 400 /etc/nginx/certificate.key
Now copy your certificate provided to you by your authority to
/etc/nginx/certificate.crt
Now edit the file
/etc/nginx/sites-enabled/default
Delete everything in there and paste in the following below.
Change "server_name servername.domainname.com;" to the host name of your server.
Delete everything in there and paste in the following below.
Change "server_name servername.domainname.com;" to the host name of your server.
Example using my configs would be: "server_name rocketchat.company.com;"
# Upstreams upstream backend { server 127.0.0.1:3000; } # HTTPS Server server { listen 443; server_name servername.domainname.com; error_log /var/log/nginx/rocketchat.access.log; ssl on; ssl_certificate /etc/nginx/certificate.crt; ssl_certificate_key /etc/nginx/certificate.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE location / { proxy_pass http://backend/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; proxy_set_header X-Forward-Proto http; proxy_set_header X-Nginx-Proxy true; proxy_redirect off; } }
Save your changes
Now startup NGINX:
sudo service nginx restart
If it works, the prompt should come back with no errors.
If it does show errors or if you are curious, type in the following to get status information
If it does show errors or if you are curious, type in the following to get status information
systemctl status nginx.service
You should now be able to connect via HTTPS
https://ServerName
No comments:
Post a Comment
Feel free to leave a comment! If you have any information that you think should be included, please do so here and I'll get it added in.