Running behind an Apache SSL Reverse Proxy
Note: You must use the outside https address for the value at ROOT_URL in [[Section 3 |
Deploy-Rocket.Chat-without-docker#3-download-rocketchat]] above. This includes the https:// and leave off the port number. So instead of ROOT_URL=http://localhost:3000 use something like https://your_hostname.com |
Run this as root:
apt-get update
apt-get install apache2
a2enmod proxy_http
a2enmod proxy
a2enmod ssl
a2enmod proxy_wstunnel
a2enmod rewrite
Add your private key to /etc/ssl/private/chat.domain.com.key
Lock down permissions: chmod 400 /etc/ssl/private/chat.domain.com.key
Add your certificate to /etc/ssl/certs/chat.domain.com.crt
Add your intermediate to /etc/ssl/certs/intermediate.ca.pem
Edit /etc/apache2/sites-enabled/rocketchat.conf and be sure to use your actual hostname in lieu of the sample hostname “your_hostname.com” below.
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName chat.domain.com
ErrorLog /var/log/chat.domain.com_error.log
TransferLog /var/log/chat.domain.com_access.log
LogLevel info
SSLEngine On
SSLCertificateFile /etc/ssl/certs/chat.domain.com.crt
SSLCertificateKeyFile /etc/ssl/private/chat.domain.com.key
SSLCertificateChainFile /etc/ssl/certs/intermediate.ca.pem
<Location />
Order allow,deny
Allow from all
</Location>
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:3000/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://localhost:3000/$1 [P,L]
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
Restart Apache: service apache2 restart