Admin

5 years ago

How To Setup Rocket Chat SSL Configuration Using Letsencrypt For Nginx

When install Rocket chat so must be install ssl using free or purchase. Now I have to show you can using Let’Encrypt fully free ssl service. This certificate default valid date 3 month. But I setup auto renewal process on my server. If your server is local so must be using NAT system for forward port.

★ How To Install Zabbix 5.0 On Centos 7

★ How To Install Zabbix Server On Ubuntu 18.04

NAT PORT 443 (LAN) ➺ 443 (WAN) << Parmenent
NAT PORT 80 (LAN) ➺ 80 (WAN) << Only for before install ssl

My Public IP address : 45.251.231.171
My Local IP address : 10.66.30.10

Step #01: Must be your server update & upgrade then install nginx web server.

root@Rocket-Chat:~# apt-get update
root@Rocket-Chat:~# apt-get install software-properties-common python-software-properties
root@Rocket-Chat:~# apt-get install nginx
root@Rocket-Chat:~# systemctl status nginx.service

Before install ssl so must be disable 80 port from your server.

root@Rocket-Chat:~# netstat -pan | grep ":80"
root@Rocket-Chat:~# pkill -f nginx
root@Rocket-Chat:~# systemctl start nginx.service
root@Rocket-Chat:~# systemctl status nginx.service

Step #02: Now install let’sencrypt and certbot and configure nginx web server.

root@Rocket-Chat:~# add-apt-repository ppa:certbot/certbot
root@Rocket-Chat:~# apt-get update
root@Rocket-Chat:~# apt-get install letsencrypt
root@Rocket-Chat:~# wget https://dl.eff.org/certbot-auto -P /usr/local/bin
root@Rocket-Chat:~# chmod a+x /usr/local/bin/certbot-auto
root@Rocket-Chat:~# export DOMAIN="chat.technologyrss.com"
root@Rocket-Chat:~# export EMAIL_ALERT="admin@technologyrss.com"

Step #03: Install free SSL from let’sencrypt for nginx server.

root@Rocket-Chat:~# /usr/local/bin/certbot-auto certonly --standalone -d $DOMAIN  --preferred-challenges http --agree-tos -n -m  $EMAIL_ALERT --keep-until-expiring

Backup old nginx web config file and edit for using ssl.

root@Rocket-Chat:~# cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.back
root@Rocket-Chat:~# vi /etc/nginx/sites-available/default

Step #04: Drop previous all lines and insert below all lines. And change your domain name for ssl config.

# Upstream definition
upstream backend {
    server 127.0.0.1:3000;
}
# http to https redirection
server {
  listen 80;
  server_name chat.technologyrss.com;
  rewrite ^ https://$server_name$request_uri? permanent;
}
# HTTPS Server
server {
    listen 443;
    server_name chat.technologyrss.com;
    error_log /var/log/nginx/rocket-chat.access.log;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/chat.technologyrss.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/chat.technologyrss.com/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
    location / {
        proxy_pass http://backend/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;
        proxy_redirect off;
    }
}

Step #05: Restart nginx web server and run renew command.

root@Rocket-Chat:~# nginx -t
root@Rocket-Chat:~# service nginx restart
root@Rocket-Chat:~# certbot-auto renew

If see any error so please goto YouTube channel and see more details. Please subscribe my channel for more update.

Author
Recent Posts

Admin

I am system administrator as Windows and Linux platform. I have 4 years skilled from the professional period. I have to configure Linux based system such as an Asterisk VOIP system, Network monitoring tools (ZABBIX), Virtualization (XEN Server), Cloud computing (Apache CloudStack) etc. Now share my professional skill each interested person.
Thanks to all.

Latest posts by Admin (see all)

How To Install Zabbix Server 6.4 On AlmaLinux 8 Server - August 9, 2024
How To Clear RAM Memory Cache Buffer Linux Server - February 29, 2024
How To Install Apache Cloud Stack Management Server 4.17 On Ubuntu 22.04 - February 1, 2024

0 0 votes

Article Rating

Windows Could Not Start The Apache Tomcat on Local Computer »

« How To Install Rocket Chat Server On Ubuntu 19.04

Tags: apiCentOschatchat groupscodingdb techdeveloperdevsdiscourse forumdiscourse forum installdiscourse forum tutorialdiscourse fourm communitydiscourse secure forumescenic content enginefree selfhosted chat servergenerating a ssl cert usig certbotgerolocationget a free ssl certificatehow to install an ssl certificatehow to install mongodb on ubuntuhow to install rocketchat easilyhow to install rocketchat full 2019how to install ssl on nginxhow to install tls on nginxhow to setup discord serverhow to setup your discord server professionallyhow to use discord in hindihttphttpsinstalling rocket chat on ubuntuinstalling sslipfinderkeithlamplet's encryptLinuxmessengernginxnon-discord gaming chatOpenSourcerocket chatrocketchatself-hosted chatself-hosted gaming chatsetup discoursesetup discourse on ubuntusnapsslssl certificatesssl on nginxtlstls on nginxUbuntu

Admin: I am system administrator as Windows and Linux platform. I have 4 years skilled from the professional period. I have to configure Linux based system such as an Asterisk VOIP system, Network monitoring tools (ZABBIX), Virtualization (XEN Server), Cloud computing (Apache CloudStack) etc. Now share my professional skill each interested person. Thanks to all.

View Comments (2)

Lucas says:

August 20, 2021 at 1:17 am

Hello,

I am from Brazil..

I have a doubt regarding the DNS.

Is this IP that you place external to the cloudfire site your external IP of your network?

and when configuring the mikrotik you include it again pointing to your local server?
- Admin says:
  
  August 24, 2021 at 3:47 pm
  
  1. Yes external ip to point cloudflare dns.
  2. and using MikroTik for port forwarding to my external ip for local server ip.
  Thanks.