Skip to content

About RocketChat

The RocketChat solution is free, unlimited and open source.

He provide an alternative at HipChat, Slack, RiotIM,...

Installation

Before to start, we update our system to the last version.

apt update && apt full-upgrade

The dependencies who will must be installed in the next steps :

  • mongodb
  • nodejs
  • curl
  • graphicsmagick

Install MongoDB & tools for NodeJS

Install the latest stable version.

apt install -y mongodb build-essential python-dev libssl-dev gcc g++ make

Install NodeJS, GraphicsMagick & npm

Rocket.Chat 0.60 and higher needs version 8.9.3 LTS of Node.js to work. So first add the NodeSource Debian binary distributions repository.

sudo curl -sL https://deb.nodesource.com/setup_8.x | bash - #It's current branch at this time !

Install Node, npm, etc..

sudo apt install nodejs curl graphicsmagick -y
sudo npm install -g n
sudo n 8.9.3

Install the rocketchat binary

We will download the binary, uncompress it and we install it at the end.

cd /opt
curl -L https://releases.rocket.chat/latest/download -o rocketchat.tgz
tar zxvf rocketchat.tgz
mv bundle RocketChat
cd RocketChat/programs/server
npm install

Create our RocketChat Service

We want gitea to automatically start with the system startup.

In first I create the rocketchat service by typing touch /etc/systemd/system/rocketchat.service.

And you can copy/paste the example beneath.

[Unit]
Description=RocketChat Server
After=network.target remote-fs.target nss-lookup.target mongod.target nginx.target  # Remove or Replace nginx with your proxy

[Service]
ExecStart=/usr/local/bin/node /opt/Rocket.Chat/main.js    # Specify the location of node and location of main.js
Restart=always     # If set to always, the service will be restarted regardless of whether it exited cleanly or not, got terminated abnormally by a signal, or hit a timeout.
RestartSec=10       # Restart service after 10 seconds if node service crashes
StandardOutput=syslog                     # Output to syslog
StandardError=syslog                   # Output to syslog
SyslogIdentifier=nodejs-example
#User=<alternate user>
#Group=<alternate group>
Environment=NODE_ENV=production PORT=3000 ROOT_URL=https://www.example.com MONGO_URL=mongodb://localhost:27017/rocketchat

[Install]
WantedBy=multi-user.target

In my case I have configured as beneath.

[Unit]
Description= RocketChat Server
After=network.target remote-fs.target nss-lookup.target mongod.target

[Service]
ExecStart=/usr/local/bin/node /opt/RocketChat/main.js
Restart=always
RestartSec=10
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=nodejs-example
Environment=NODE_ENV=production PORT=3000 ROOT_URL=https://your.domain.com MONGO_URL=mongodb://localhost:27017/rocketchat

[Install]
WantedBy=multi-user.target

If you want rocketchat to listen on a particular IP you can use BIND environment variable.

Environment=NODE_ENV=production PORT=3000 BIND_IP=127.0.0.1 ROOT_URL=https://your.domain.com MONGO_URL=mongodb://localhost:27017/rocketchat

With adding of BIND_IP= we avoid to have our RocketChat instance reachable by https://your.domain.com and in same time by http://your.domain.com:3000. We enforce HTTPS and use only this protocol to communicate.

Start rocketchat.services

In first you must start the mongodb service (gitea need it to works fine) and after mongodb is running you can start your gitea services.

sudo systemctl start mongod.service
sudo systemctl enable rocketchat.service && systemctl start rocketchat.service

Normally you can reach your RocketChat instance by http://your.domain.com:3000.

Set up SSL

About SSL & Rocket Chat

Rocket Chat is a middle tier application server, by itself id does not handle SSL. For this reason we use a Reverse Proxy supported by Rocket Chat like Nginx/Onyx/Apache or Caddy. For our case I choose to use "Nginx" for reverse.

Install SSL + Proxy

RocketChat does not integrate a web server and proxy function. To get them you must use an other solution like caddy/nginx/squid/... In our case we chose nginx to do the job.

Install HTTP server

sudo apt install nginx

Move your SSL certificates create beforehand (If you have not created them yet or do not know how to do it => Certificate SSL)

sudo chmod 400 /etc/letsencrypt/live/your.domain.com/privkey.pem

Set up Nginx

We edit /etc/nginx/sites-enabled/your.domain.com to activate SSL and the Proxy pass.

# Upstreams
upstream backend {
    server 127.0.0.1:3000;
}
# HTTP Server
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
    return 301 https://$server_name$request_uri;
}

# HTTPS Server
server {
    listen 443 ssl http2;
    server_name $HOST;

    error_log /var/log/nginx/rocketchat.access.log;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/$HOST/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/$HOST/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/$HOST/chain.pem;
    ssl_protocols TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_dhparam /etc/nginx/dhparam.pem;
    ssl_session_timeout 10m;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 1.1.1.1 1.0.0.1;
    resolver_timeout 5s;
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";

    location / {
        proxy_pass http://backend/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;

        proxy_redirect off;
    }
}

Save and test your synthax by typing nginx -t and restart the service by typing systemctl restart nginx.services.

Now you can access to your rocket chat at https://your.domain.com instead of https://your.domain.com/.

And finaly we modify /etc/systemd/system/rocketchat.service to change the automatical startup of RocketChat and add nginx at the list of services needed to start.

We add the service =>

After=network.target remote-fs.target nss-lookup.target mongod.target nginx.target

Now, you have perfect server to communicate with your team/friends/community/...

If you want more features like video-conference/screen sharing/... you must install Jitsi.

Video Support by Jitsi

About Jitsi

Jitsi is a powerful, open-source, community-driven video conferencing platform that securely connects users across browsers and devices.

Install as videobridge for RocketChat

Warning

During the installation, the installer will show display a popup where you can type an "hostname". Take care at this step. You must create an dedicated domain name for your jitsi instance like "meet.domain.name".

When the domain is created you can add the Jitsi repository to the sources list.

wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -

In second time, we create a sources.list.d files.

sudo sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list"

And finally we install it

sudo apt update && sudo apt install jitsi-meet -y

To finish to configure it you must go on your RocketChat Admin Panel under "Video Conference".

JitsiConfig

On domain you can type jitsi.pipperzel.tld and for URL PREFIX you can set at your convenience.

Success

Now your RocketChat have the possibility to launch the video conferences with screen sharing !