João Victor Risso

Writes About Stuff Server Setup on Reverse Proxy with SSL

Rocket.Chat is web chat server, with client for a wide range of platforms, including Android and iOS. It allows individuals, communities and companies to build and maintain their own chat platforms, without relying on third-party services.

The highlight features of Rocket.Chat are:

  • Videoconferences
  • Voice messages
  • Native and mobile applications
  • Filesharing
  • Preview of links from popular sites (e.g. Facebook, Youtube)


Minimum hardware requirements to run a Rocket.Chat server are:

  • CPU: single core, with a clock of at least 2 GHz
  • Memory: 1 GB
  • Storage: 30 GB


Before installing the Rocket.Chat server, we need to install the following softwares:

  • MongoDB
  • Node.js, whose version must be at least 4.5.0
  • Nginx

For this tutorial, it is assumed that you also have root acces to the machine.

In the next sections, the instructions to install each of these softwares in Debian 8 will be presented.

Installing MongoDB

First, we will install MongoDB. We must import the public key used by the package management system:

apt-key adv --keyserver hkp:// --recv 0C49F3730359A14518585931BC711F9BA15703C6

And then add the MongoDB repository to our package sources list:

echo "deb jessie/mongodb-org/3.4 main" | tee /etc/apt/sources.list.d/mongodb-org-3.4.list

Update the local package lists:

apt-get update

And install MongoDB:

apt-get install --yes mongodb-org

Now, let's start the MongoDB service:

systemctl start mongod.service

Installing Node.js

We will now install npm and packages to compile Node.js packages:

apt-get install --yes npm build-essential

Then, we will use the n package, to install the minimum required version of Node.js to run Rocket.Chat, which is the version 4.5:

npm install -g n
n 4.5  # Installs the appropriate version of Node.js

Installing Nginx

Finally, we must install Nginx, using the following command:

apt-get install -y nginx

Rocket.Chat Server Setup

After installing the prerequisites, we proceed to install the Rocket.Chat server. In this section, we'll cover how to setup our Rocket.Chat server in a secure manner, using a non-login user along with a systemd service to manage the basic operations such as starting and stopping the server.

Download Rocket.Chat's stable release from the official distribution:

wget -O
tar zxvf

This will expand everything into the bundle directory, and then we'll move it to its own directory within the /opt directory and start the installation process:

mv bundle/ /opt/
cd /opt/  # Enter the server directory
npm install  # Install server dependencies
cd ../..  # Go back to's root directory

Then, we'll configure some of the server's parameters and start it:

export ROOT_URL=http://your-host-name-here:3000/
export MONGO_URL=mongodb://localhost:27017/rocketchat
export PORT=3000
/usr/local/bin/node /opt/

You should adjust the ROOT_URL variable with your IP address or hostname. You can also change the PORT variable, so the server will start on another port, other than 3000.

If everything goes well, you will see something like the following output:

➔ +---------------------------------------------------+
➔ |                   SERVER RUNNING                  |
➔ +---------------------------------------------------+
➔ |                                                   |
➔ |  Rocket.Chat Version: 0.56.0                      |
➔ |       NodeJS Version: 4.5.0 - x64                 |
➔ |             Platform: linux                       |
➔ |         Process Port: 3000                        |
➔ |             Site URL: http://your-ip-addr:3000/   |
➔ |     ReplicaSet OpLog: Disabled                    |
➔ |          Commit Hash: 3018807507                  |
➔ |        Commit Branch: HEAD                        |
➔ |                                                   |
➔ +---------------------------------------------------+

Non-login user

We will add a non-login user and a group rocketchat to run the Rocket.Chat server process:

useradd -M rocketchat
usermod -L rocketchat

The first command creates a rocketchat user without a home directory, and the second locks any logins to that account. A rocketchat group is also added when the user is created.

Rocket.Chat Service

Now, we'll create a service to ease the basic management of the server, such as starting, stopping and restarting the server. It can also start the server automatically once the server boots, and run the server using the rocketchat user.

Create the service in the /etc/systemd/system/rocketchat.service file to automate Rocket.Chat management:

Description=Rocket.Chat Server
Requires=After=mongod.service       # Requires the mongod service to run first

ExecStart=/usr/local/bin/node /opt/
WorkingDirectory=/opt/  # Set to directory
# Restart service after 10 seconds if node service crashes
# Output to syslog
User=rocketchat  # Run the process using the rocketchat user
Environment=ROOT_URL=http://your-hostname-here.ipadress:3000/ MONGO_URL=mongodb://localhost:27017/rocketchat PORT=3000


Customize the Environment variable of the service to suit your environment, specifically adjust the ROOT_URL to your IP address or hostname.

Then, enable the service so that it can start when the server boots, and then start it:

systemctl enable rocketchat.service
systemctl start rocketchat.service

Check if it is running properly using the following command:

systemctl status rocketchat.service

Configuring Nginx Reverse Proxy

In this section of the tutorial, it is assumed that you already have a SSL certificate in place. If you don't have a SSL certificate, there is a tutorial in the DigitalOcean community to help you setup your Let's Encrypt certificate.

Add the following lines to your Nginx configuration, in the /etc/nginx/sites-enabled/default file:

# Upstreams
upstream backend {

# HTTPS Server
server {
    listen 443;

    error_log /var/log/nginx/rocketchat.access.log;

    ssl on;
    ssl_certificate /etc/nginx/certificate.crt;
    ssl_certificate_key /etc/nginx/certificate.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE

    location / {
        proxy_pass http://backend/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;

        proxy_redirect off;

You should adjust the server_name, ssl_certificate and ssl_certificate_key variables to your IP address or domain, path of SSL certificate and certificate key, respectively.

Port 3000 can be blocked for external connections, and we can access our Rocket.Chat instance through Nginx:


Using and Configuring Rocket.Chat

In your first login, you will have to create an account, on the Register a new account link. The first account, will be assigned as the administrator of the Rocket.Chat server. The login and registration pages are shown in the two figures below.

Rocket.Chat login page

In the registration, you just have to supply your e-mail, name and password, as shown below:

Rocket.Chat register page

When you first login, you should see a page that looks like the following figure:

Rocket.Chat first login

After your first login, you will be able to access the administrator panel by clicking on your user name, and then clicking on the Administration link. The administration panel is shown in figure below:

Rocket.Chat administrator panel


In this tutorial, you have learned how to setup your own Rocket.Chat server in secure way, and also setting it up behind an Nginx reverse proxy. Rocket.Chat is a great web server chat solution to build and run your own communication channels, and it supports a wide range of clients.