rocketchat Setup
In this tutorial we're going to setup a rocketchat instance in a debian 10+ VM:
In this tutorial we're going to setup a rocketchat instance in a debian 10+ VM:
First let's install the required dependencies:
root@rocketchat:~# apt update -y ; apt upgrade -y ; apt install curl vim dirmngr gnupg gnupg2 sudo socat -y
root@rocketchat:~# wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add -
root@rocketchat:~# echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list
root@rocketchat:~# apt -y update && sudo apt-get install -y curl && curl -sL https://deb.nodesource.com/setup_12.x | sudo bash -
root@rocketchat:~# apt install -y build-essential mongodb-org nodejs fontconfig graphicsmagick
root@rocketchat:~# sudo npm install -g inherits n && sudo n 12.18.4
Next, install rocketchat:
root@rocketchat:~# curl -L https://releases.rocket.chat/latest/download -o /tmp/rocket.chat.tgz
root@rocketchat:~# tar -xzf /tmp/rocket.chat.tgz -C /tmp
root@rocketchat:~# cd /tmp/bundle/programs/server && npm install
root@rocketchat:/tmp/bundle/programs/server# sudo mv /tmp/bundle /opt/Rocket.Chat
Then configure the Rocketchat service:
root@rocketchat:/tmp/bundle/programs/server# vim /lib/systemd/system/rocketchat.service
root@rocketchat:/tmp/bundle/programs/server# cat /lib/systemd/system/rocketchat.service
[Unit]
Description= Rocketchat server
[Service]
ExecStart=/usr/local/bin/node /opt/Rocket.Chat/main.js
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=rocketchat
User=rocketchat
Environment= MONGO_URL=mongodb://localhost:27017/rocketchat?replicaSet=rs01 MONGO_OPLOG_URL=mongodb://localhost:27017/local?replicaSet=rs01 ROOT_URL=http://10.0.0.106:3000/ PORT=3000
[Install]
WantedBy=multi-user.target
change the ROOT_URL with your hostname that will access the instance from the internet
root@rocketchat:/tmp/bundle/programs/server# vim /lib/systemd/system/rocketchat.service
root@rocketchat:/tmp/bundle/programs/server# sudo sed -i "s/^# engine:/ engine: wiredTiger/" /etc/mongod.conf
root@rocketchat:/tmp/bundle/programs/server# sudo sed -i "s/^#replication:/replication:\n replSetName: rs01/" /etc/mongod.conf
root@rocketchat:/tmp/bundle/programs/server# sudo systemctl enable mongod && sudo systemctl start mongod
Created symlink /etc/systemd/system/multi-user.target.wants/mongod.service -> /lib/systemd/system/mongod.service.
root@rocketchat:/tmp/bundle/programs/server# mongo --eval "printjson(rs.initiate())"
MongoDB shell version v5.0.3
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("8cdf65c2-6a64-49f5-99f9-8e5e7b8cee22") }
MongoDB server version: 5.0.3
{
"info2" : "no configuration specified. Using a default configuration for the set",
"me" : "127.0.0.1:27017",
"ok" : 1,
"$clusterTime" : {
"clusterTime" : Timestamp(1636394619, 1),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
},
"operationTime" : Timestamp(1636394619, 1)
}
root@rocketchat:/tmp/bundle/programs/server# sudo systemctl enable rocketchat && sudo systemctl start rocketchat
Created symlink /etc/systemd/system/multi-user.target.wants/rocketchat.service -> /lib/systemd/system/rocketchat.service.
Now that's done let's check if our rocketchat instance works as intended:
Looks like it works as intended!
Now let's setup rocketchat as a reverse proxy:
root@rocketchat:~# apt update -y ; apt upgrade -y ; apt install nginx -y
root@rocketchat:~# vim /etc/nginx/sites-available/rocketchat.conf
root@rocketchat:~# cat /etc/nginx/sites-available/rocketchat.conf
upstream backend {
server 127.0.0.1:3000;
}
server {
listen 80;
server_name your_rocketchat_domain_name;
access_log /var/log/nginx/rocket.chat.access.log;
error_log /var/log/nginx/rocket.chat.error.log;
location / {
proxy_pass http://backend/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
root@rocketchat:~# ln -s /etc/nginx/sites-available/rocketchat.conf /etc/nginx/sites-enabled/
root@rocketchat:~# rm /etc/nginx/sites-*/default
root@rocketchat:~# nginx -s reload
So now we can check if rocketchat loads properly on the local ip on port 80:
Now let's do it with https:
root@rocketchat:~# wget -O - https://get.acme.sh | sh
root@rocketchat:~# source ~/.bashrc
root@rocketchat:~# systemctl stop nginx
root@rocketchat:~# acme.sh --issue --standalone -d chat.void.yt -k 4096
root@rocketchat:~# vim /etc/nginx/sites-available/rocketchat.conf
root@rocketchat:~# cat /etc/nginx/sites-available/rocketchat.conf
upstream backend {
server 10.0.0.106:3000;
}
server {
listen 80;
listen [::]:80;
server_name chat.void.yt;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name chat.void.yt;
ssl_certificate /root/.acme.sh/chat.void.yt/fullchain.cer;
ssl_trusted_certificate /root/.acme.sh/chat.void.yt/chat.void.yt.cer;
ssl_certificate_key /root/.acme.sh/chat.void.yt/chat.void.yt.key;
access_log /var/log/nginx/rocket.chat.access.log;
error_log /var/log/nginx/rocket.chat.error.log;
location / {
proxy_pass http://backend/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
root@rocketchat:~# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@rocketchat:~# systemctl start nginx
In my current infrastructure i have the need for a separate VM:
root@rocketchat:~# cat /lib/systemd/system/rocketchat.service
[Unit]
Description= Rocketchat server
[Service]
ExecStart=/usr/local/bin/node /opt/Rocket.Chat/main.js
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=rocketchat
User=rocketchat
Environment= MONGO_URL=mongodb://127.0.0.1:27017/rocketchat?replicaSet=rs01 MONGO_OPLOG_URL=mongodb://127.0.0.1:27017/local?replicaSet=rs01 ROOT_URL=http://10.0.0.106:3000/ PORT=3000
[Install]
WantedBy=multi-user.target
root@rocketchat:~# vim /etc/nginx/sites-available/rocketchat.conf
root@rocketchat:~# cat /etc/nginx/sites-available/rocketchat.conf
upstream backend {
server 10.0.0.106:3000;
}
server {
listen 80;
listen [::]:80;
access_log /var/log/nginx/rocket.chat.access.log;
error_log /var/log/nginx/rocket.chat.error.log;
location / {
proxy_pass http://backend/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
and on the main nginx node:
root@home:/etc/nginx/sites-available# vim chat.void.yt.conf
root@home:/etc/nginx/sites-available# cat chat.void.yt.conf
upstream chatbackend {
server 10.0.0.106;
}
server {
listen 80;
listen [::]:80;
server_name chat.void.yt;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name chat.void.yt;
ssl_certificate /root/.acme.sh/chat.void.yt/fullchain.cer;
ssl_trusted_certificate /root/.acme.sh/chat.void.yt/chat.void.yt.cer;
ssl_certificate_key /root/.acme.sh/chat.void.yt/chat.void.yt.key;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_ecdh_curve auto;
ssl_stapling on;
ssl_stapling_verify on;
resolver 80.67.188.188 80.67.169.40 valid=300s;
resolver_timeout 10s;
#add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting
#add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking
#add_header X-Content-Type-Options nosniff; #MIME-type sniffing
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_pass http://chatbackend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
Now don't forget to update the site URL:
And there you go!
Now since the rocketchat main developer is lacking a considerable amount of braincells, we need to add the ability to switch to darkmode using css and js from this repository:
And there you go! Now we have dark theme on our rocketchat instance:
Some Address 67120,
Duttlenheim, France.
This cute theme was created to showcase your work in a simple way. Use it wisely.
