How To Setup Rocket Chat SSL Configuration Using Letsencrypt For Nginx5 min read

by Admin · Published July 20, 2019 · Updated May 23, 2020

When install Rocket chat so must be install ssl using free or purchase. Now I have to show you can using Let’Encrypt fully free ssl service. This certificate default valid date 3 month. But I setup auto renewal process on my server. If your server is local so must be using NAT system for forward port.

★ How To Install Zabbix 5.0 On Centos 7

★ How To Install Zabbix Server On Ubuntu 18.04

NAT PORT 443 (LAN) ➺ 443 (WAN) << Parmenent
NAT PORT 80 (LAN) ➺ 80 (WAN) << Only for before install ssl

My Public IP address : 45.251.231.171
My Local IP address : 10.66.30.10

Step #01: Must be your server update & upgrade then install nginx web server.

root@Rocket-Chat:~# apt-get update
root@Rocket-Chat:~# apt-get install software-properties-common python-software-properties
root@Rocket-Chat:~# apt-get install nginx
root@Rocket-Chat:~# systemctl status nginx.service

Before install ssl so must be disable 80 port from your server.

root@Rocket-Chat:~# netstat -pan | grep ":80"
root@Rocket-Chat:~# pkill -f nginx
root@Rocket-Chat:~# systemctl start nginx.service
root@Rocket-Chat:~# systemctl status nginx.service

Step #02: Now install let’sencrypt and certbot and configure nginx web server.

root@Rocket-Chat:~# add-apt-repository ppa:certbot/certbot
root@Rocket-Chat:~# apt-get update
root@Rocket-Chat:~# apt-get install letsencrypt
root@Rocket-Chat:~# wget https://dl.eff.org/certbot-auto -P /usr/local/bin
root@Rocket-Chat:~# chmod a+x /usr/local/bin/certbot-auto
root@Rocket-Chat:~# export DOMAIN="chat.technologyrss.com"
root@Rocket-Chat:~# export EMAIL_ALERT="[email protected]"

Step #03: Install free SSL from let’sencrypt for nginx server.

root@Rocket-Chat:~# /usr/local/bin/certbot-auto certonly --standalone -d $DOMAIN  --preferred-challenges http --agree-tos -n -m  $EMAIL_ALERT --keep-until-expiring

Backup old nginx web config file and edit for using ssl.

root@Rocket-Chat:~# cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.back
root@Rocket-Chat:~# vi /etc/nginx/sites-available/default

Step #04: Drop previous all lines and insert below all lines. And change your domain name for ssl config.

# Upstream definition
upstream backend {
    server 127.0.0.1:3000;
}
# http to https redirection
server {
  listen 80;
  server_name chat.technologyrss.com;
  rewrite ^ https://$server_name$request_uri? permanent;
}
# HTTPS Server
server {
    listen 443;
    server_name chat.technologyrss.com;
    error_log /var/log/nginx/rocket-chat.access.log;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/chat.technologyrss.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/chat.technologyrss.com/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
    location / {
        proxy_pass http://backend/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;
        proxy_redirect off;
    }
}

Step #05: Restart nginx web server and run renew command.

root@Rocket-Chat:~# nginx -t
root@Rocket-Chat:~# service nginx restart
root@Rocket-Chat:~# certbot-auto renew

If see any error so please goto YouTube channel and see more details. Please subscribe my channel for more update.

Author
Recent Posts

Admin

I am system administrator as Windows and Linux platform. I have 4 years skilled from the professional period. I have to configure Linux based system such as an Asterisk VOIP system, Network monitoring tools (ZABBIX), Virtualization (XEN Server), Cloud computing (Apache CloudStack) etc. Now share my professional skill each interested person.
Thanks to all.

We really appreciate for your support for buying me a coffee.

It takes us a while to compose and upload new content, as they have to be checked to see if Properly works. We appreciate you if you help me for one cup of coffee to keep us awake and always deliver good quality content.

No contribution is small of an amount. We are grateful for any amount you support us with. Thank you!

2 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Lucas

August 20, 2021 1:17 am

Hello,

I am from Brazil..

I have a doubt regarding the DNS.

Is this IP that you place external to the cloudfire site your external IP of your network?

and when configuring the mikrotik you include it again pointing to your local server?

Author

Reply to Lucas

August 24, 2021 3:47 pm

1. Yes external ip to point cloudflare dns.
2. and using MikroTik for port forwarding to my external ip for local server ip.
Thanks.

wpDiscuz

How To Setup Rocket Chat SSL Configuration Using Letsencrypt For Nginx5 min read

You may also like...

★★★★★

How To Install FreePBX Server On Ubuntu 14.04

Recent Comments

How To Setup Rocket Chat SSL Configuration Using Letsencrypt For Nginx5 min read

★ How To Install Zabbix 5.0 On Centos 7

★ How To Install Zabbix Server On Ubuntu 18.04

Step #01: Must be your server update & upgrade then install nginx web server.

Step #02: Now install let’sencrypt and certbot and configure nginx web server.

Step #03: Install free SSL from let’sencrypt for nginx server.

Step #04: Drop previous all lines and insert below all lines. And change your domain name for ssl config.

Step #05: Restart nginx web server and run renew command.

We really appreciate for your support for buying me a coffee.

You may also like...

How To Install OsTicket On Ubuntu 16.04

How To Upgrade Zabbix Server 4.0 To 5.0 Ubuntu 18.04

Monitor mysql Service In My Zabbix Server

★★★★★

How To Install FreePBX Server On Ubuntu 14.04

Recent Comments