Deploy with CentOS

The recommended deployment methods are Docker, AWS, and Kubernetes.

This document guides you through the process of deploying a Rocket.Chat workspace on CentOS.

Depending on the version of Rocket.Chat you want to install, check the releases to see the supported engine versions for MongoDB and NodeJs, and install as recommended.

  • Install Node.js: Download Node.js for Linux systems using the package manager.

  • Install Deno: Only Deno versions >=1.37.1 and <2.0.0 are supported. Follow the Deno installation guide to install the correct version.

    For example, to install the 1.38.5 version with Shell, use the following command:

    curl -fsSL https://deno.land/install.sh | sh -s v1.38.5
    Shell

    Make sure you export the Deno path according to your installation, for instance:

    export DENO_INSTALL="/home/ec2-user/.deno"
export PATH="$DENO_INSTALL/bin:$PATH"
    Shell

  • Install MongoDB: Refer to the MongoDB documentation on installing MongoDB on CentOS.

    When deploying MongoDB, it is crucial to secure MongoDB instances and close all MongoDB ports from public access. Unsecured instances can lead to significant security vulnerabilities. Your vigilance in these practices is essential for maintaining the integrity and safety of your systems.

  1. Once MongoDB is installed, you must enable replication and specify the name of the replica set. To do this, enter the command below:

    sudo sed -i "s/^#replication:/replication:\n  replSetName: rs01/" /etc/mongod.conf
    Bash

    In this case, we named the replica set as rs01. The MongoDB replica set is mandatory for Rocket.Chat > 1.0.0.

  2. Open the MongoDB configuration file (/etc/mongod.conf) by running:

    sudo nano /etc/mongod.conf
    Bash

    The MongoDB configuration file should look something like this:

    # mongod.conf

# Where and how to store data.
storage:
  dbPath: /var/lib/mongodb
  journal:
    enabled: true

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

# network interfaces
net:
  port: 27017
  bindIp: <bind-ip> # Replace with your IP address


# how the process runs
processManagement:
  timeZoneInfo: /usr/share/zoneinfo

# Replication settings
replication:
  replSetName: rs01
    YAML

    Refer to the MongoDB configuration documentation for additional details.

  3. Enable and start MongoDB with the following command:

    sudo systemctl enable --now mongod  
sudo systemctl restart mongod
    Bash

  4. Next, initialize the replica set:

    mongosh --eval "printjson(rs.initiate())"
    Bash

  5. To ensure that MongoDB is running successfully, enter the following command:

    sudo systemctl status mongod
    Bash

  1. Start by installing the required dependency packages:

    sudo dnf install epel-release
sudo dnf install GraphicsMagick
sudo yum groupinstall "Development Tools"
    Bash

  1. Check the Rocket.Chat releases to deploy the version you need. For stability and compatibility, we recommend downloading a specific version. For example, to download version 6.13.0, run this command:

    curl -L https://releases.rocket.chat/6.13.0/download -o /tmp/rocket.chat.tgz
    Bash

    Alternatively, if you prefer to download the latest version, you can use the following command (note that using latest is not recommended for production purposes):

    curl -L https://releases.rocket.chat/latest/download -o /tmp/rocket.chat.tgz
    Bash

  2. Extract the Rocket.Chat server files using the following command:

    tar -xzf /tmp/rocket.chat.tgz -C /tmp
    Bash

    This command extracts the contents of the downloaded rocket.chat.tgz compressed tar archive located in the /tmp directory and places the extracted files into the same /tmp directory.

  3. Next, run the following command to change the current directory and install the necessary production dependencies.

    cd /tmp/bundle/programs/server && npm install
    Bash

    When executing npm install, it is recommended to operate using a non-root account. Alternatively, you can utilize the npm install --unsafe-perm command. This approach eliminates the necessity for building libc or upgrading the host system.

  4. Move the extracted files to the /opt directory:

    sudo mv /tmp/bundle /opt/Rocket.Chat
    Bash

    This guide uses the /opt directory. However, you can choose your preferred directory.

  1. Add the Rocket.Chat user and set the proper permissions on the Rocket.Chat folder:

    sudo useradd -M rocketchat && sudo usermod -L rocketchat
    Bash
    sudo chown -R rocketchat:rocketchat /opt/Rocket.Chat
    Bash

  1. We need the NodeJS binary path to create the Rocket.Chat service file. Depending on how you install NodeJS, the binary path may be different. Save the path to a variable as follows:

    NODE_PATH=$(which node)
    Bash

  1. Now create a barebone service file, which the system will use to start your Rocket.Chat daemon/process. Create the Rocket.Chat service file as follows:

    cat << EOF |sudo tee -a /lib/systemd/system/rocketchat.service
[Unit]
Description=The Rocket.Chat server
After=network.target remote-fs.target nss-lookup.target nginx.service mongod.service
[Service]
ExecStart=$NODE_PATH /opt/Rocket.Chat/main.js
StandardOutput=journal
StandardError=journal
SyslogIdentifier=rocketchat
User=rocketchat
[Install]
WantedBy=multi-user.target
EOF
    Bash

    You may need to replace User=rocketchat with your current user (e.g., User=ubuntu) if Rocket.Chat or any pre-requisite software is running under a different user on your system.

    Alternatively, if you don’t want to use the NODE_PATH variable in the service file, save the path to the variable, and then print it to find the path as follows:

    NODE_PATH=$(which node)
echo NODE_PATH=$(which node)
    Bash

    Now replace the ExecStart variable in the service file with the path you see in your terminal, for example :

    ExecStart=/usr/bin/node /opt/Rocket.Chat/main.js
    Bash

    If you use nvm to manage Node.js versions, update the ExecStart variable as follows:

    ExecStart=/bin/bash -c 'source /home/<user>/.nvm/nvm.sh && /home/<user>/.nvm/versions/node/<node_version>/bin/node /opt/Rocket.Chat/main.js'
    Bash

    Be sure to replace <user> and <node_version> with your actual system user and installed Node.js version.

Running the Rocket.Chat daemon requires passing some environment variables. See Rocket.Chat environment variables for more details.

  1. Update the Rocket.Chat file by running:

    sudo systemctl edit rocketchat
    Bash

  1. Update the file with the following information according to your configuration and save it:

    [Service]
Environment=ROOT_URL=http://localhost:3000
Environment=PORT=3000
Environment=MONGO_URL=mongodb://localhost:27017/rocketchat?replicaSet=rs01
Environment=MONGO_OPLOG_URL=mongodb://localhost:27017/local?replicaSet=rs01
    YAML

Additional steps for installing 6.10 release

If you’re installing version 6.10, run these additional commands:

mkdir -p /home/rocketchat/.cache

cd PATH_TO_ROCKETCHAT_INSTALLATION/programs/server/npm/node_modules/@rocket.chat/apps-engine

export DENO_DIR=/home/rocketchat/.cache/deno

npm install --production # if "npm" does not work, try using "yarn"

npm run postinstall # if you are facing errors here, skip this command

chown -R rocketchat:rocketchat /home/rocketchat
Bash

  1. Now start the Rocket.Chat service using the following command:

    sudo systemctl enable --now rocketchat
    Bash

  1. Check the status of the Rocket.Chat process with this command:

    sudo systemctl status rocketchat
    Bash

    If you edit your Rocket.Chat configuration file, make sure to reload the daemon and restart the Rocket.Chat process by running the following commands:

    sudo systemctl daemon-reload
sudo systemctl restart rocketchat
    Bash

To access your Rocket.Chat workspace, open a web browser, and navigate to the specified root URL (http://your-host-name.com:3000). Follow the configuration prompts to configure your workspace. During the configuration steps, your workspace and email are registered to the Rocket.Chat Cloud portal. You can manage your workspace and subscriptions from the cloud portal.

Great! You’ve successfully created your Rocket.Chat workspace and logged in. Next, check out the following documents to get started:

  • User Guides: Learn the basics of your Rocket.Chat account, the types of rooms, and how to communicate with your workspace users.

  • Workspace Administration: Administrators and owners can set and manage various configurations.

  • Marketplace: Explore the available apps to enhance your workspace.

You can also apply the following additional configuration to your Rocket.Chat setup for enhanced security and performance:

For your workspace’s security, your domain should be accessible only via HTTPS. While there are various ways to set up a reverse proxy, this section provides a walkthrough on using Nginx or Traefik.

Prerequisite

You must set up a DNS record for your domain before configuring Nginx with Let's Encrypt. This domain must have A or AAAA records pointing to the IP address where Nginx is running

Using Nginx

  1. Install Nginx

    sudo yum update
sudo yum install nginx
    Bash

  2. Create a new Nginx configuration file:

    sudo nano /etc/nginx/conf.d/rocketchat.conf
    Bash

    Add the following configuration, replacing your_domain.com with your actual domain:

    server {
    listen 80;
    server_name your_domain.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Nginx-Proxy true;
        proxy_redirect off;
    }
}
    nginx

  3. Enable the necessary SELinux boolean to allow Nginx to connect to your backend:

    sudo setsebool -P httpd_can_network_connect 1
    Bash

    Test and restart Nginx:

    sudo nginx -t
sudo systemctl restart nginx
    Bash

    This proxies requests from port 80 to Rocket.Chat running on localhost:3000.

  4. Enable SSL with Let's Encrypt and Certbot by installing the Certbot and the Nginx plugin:

    sudo yum update
sudo yum install certbot python3-certbot-nginx
    Bash

    Run Certbot to obtain and configure the SSL certificate:

    sudo certbot --nginx -d your_domain.com -d www.your_domain.com
    Bash

    Ensure your_domain.com  is set correctly in your Nginx config.

    Follow the prompts to provide an email, agree to terms, and enable HTTPS redirection. Certbot will automatically configure SSL and set up renewal.

  5. After completion, verify HTTPS by visiting https://your_domain.com.

Prerequisite

You must set up a DNS record for your domain before configuring Traefik with Let's Encrypt. This domain must have A or AAAA records pointing to the IP address where Traefik is running.

Using Traefik

  1. Install Traefik:

    sudo curl -L https://github.com/traefik/traefik/releases/download/v2.9.6/traefik_v2.9.6_linux_amd64.tar.gz -o traefik.tar.gz
sudo tar -zxvf traefik.tar.gz
sudo mv traefik /usr/local/bin/
    Bash

  2. Create a Traefik configuration file:

    sudo mkdir -p /etc/traefik
sudo nano /etc/traefik/traefik.toml
    Bash

    Add the following:

    [entryPoints]
  [entryPoints.web]
    address = ":80"
  [entryPoints.websecure]
    address = ":443"

[certificatesResolvers.letsencrypt.acme]
  email = "your_email@your_domain.com"
  storage = "/etc/traefik/acme.json"
  [certificatesResolvers.letsencrypt.acme.tlsChallenge]

[providers.file]
  directory = "/etc/traefik/dynamic_conf"

[api]
  dashboard = true
    Ini

    Replace your_email@your_domain.com with your email address.

  3. Create a dynamic configuration file for Rocket.Chat:

    sudo mkdir -p /etc/traefik/dynamic_conf
sudo nano /etc/traefik/dynamic_conf/rocketchat.toml
    Bash

    Add the below:

    [http.routers]
  [http.routers.rocketchat]
    rule = "Host(`your_domain.com`)"
    service = "rocketchat"
    entryPoints = ["websecure"]
    [http.routers.rocketchat.tls]
      certResolver = "letsencrypt"

[http.services]
  [http.services.rocketchat.loadBalancer]
    [[http.services.rocketchat.loadBalancer.servers]]
      url = "http://your_ip:3000"
    Ini

    Make sure your_domain.com and http://your_ip:3000 point to the appropriate domain and IP address respectively.

  4. Create a systemd service file for Traefik:

    sudo nano /etc/systemd/system/traefik.service
    Bash

    Add:

    [Unit]
Description=Traefik
Documentation=https://doc.traefik.io/traefik/
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
ExecStart=/usr/local/bin/traefik --configfile=/etc/traefik/traefik.toml
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
    Ini

  5. Enable the necessary SELinux boolean for Traefik:

    sudo yum install -y container-selinux
sudo yum update container-selinux
sudo setsebool -P container_manage_cgroup 1
    Bash

  6. Start and enable Traefik:

    sudo systemctl daemon-reload
sudo systemctl enable --now traefik
    Bash

  7. Open your Rocket.Chat systemd service file to set the correct ROOT_URL:

    sudo systemctl edit rocketchat
    Bash

    Update the Environment variable::

    Environment=ROOT_URL=https://your_domain.com
    Bash

  8. Restart Rocket.Chat:

    sudo systemctl daemon-reload
sudo systemctl restart rocketchat
    Bash

    Make sure ports 80 and 443 are open:

    sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
    Bash

Now, you can access your Rocket.Chat workspace securely via HTTPS using https://your_domain.com.

If you're not using a reverse proxy and have a firewall enabled, you may need to allow traffic on port 3000. For more details, refer to the firewall rule documentation.

Here are other additional configuration options to consider when optimizing your Rocket.Chat server:

This section provides a guide to monitoring your deployments' health and quickly diagnosing any issues.

  • Check the latest Rocket.Chat logs:

    sudo journalctl -u rocketchat --no-pager --lines=50
    Bash

  • View logs in real-time:

    sudo journalctl -u rocketchat -f
    Bash

  • Check Rocket.Chat status:

    sudo systemctl status rocketchat
    Bash

  • Check MongoDB logs:

    sudo journalctl -u mongod --no-pager --lines=50
    Bash

  • View logs in real-time:

    sudo journalctl -u mongod -f
    Bash

  • Check MongoDB status:

    sudo systemctl status mongod
    Bash

  • Connect to MongoDB and verify the replica set:

    mongosh --eval "rs.status()"
    Bash

  • If a service is failing and you need system-wide logs:

    sudo journalctl -xe
    Bash

  • For logs of a specific time range (e.g., last 30 minutes):

    sudo journalctl --since "30 minutes ago"
    Bash

  • Check error logs:

    Bash

  • Check access logs:

    sudo tail -n 50 /var/log/nginx/access.log
    Bash

  • Monitor logs in real-time:

    sudo tail -f /var/log/nginx/error.log
    Bash

  • Check if Nginx is running:

    sudo systemctl status nginx
    Bash

  • Test the Nginx configuration:

    sudo nginx -t
    Bash

  • If there are configuration issues, restart Nginx after fixing them:

    sudo systemctl restart nginx
    Bash

  • Check Traefik logs with:

    sudo journalctl -u traefik --no-pager --lines=50
    Bash

  • View logs in real-time:

    sudo journalctl -u traefik -f
    Bash

  • Check Traefik’s status:

    sudo systemctl status traefik
    Bash

It’s important to keep your workspaces updated to enjoy the benefits of new features and fixes.

Follow these steps to update your workspace version:

  1. Stop the Rocket.Chat service with this command:

    sudo systemctl stop rocketchat
    Bash

  1. Remove the installation folder, usually in /opt:

    sudo rm -rf /opt/Rocket.Chat
    Bash

  2. Ensure you have the supported node and MongoDB versions by checking the releases.

  3. Download the version of Rocket.Chat that you need:

    curl -L https://releases.rocket.chat/7.0.0/download -o /tmp/rocket.chat.tgz
    Bash

    Using latest instead of the version number is not recommended.

  4. Extract the Rocket.Chat server files using the following command:

    tar -xzf /tmp/rocket.chat.tgz -C /tmp
    Bash

  1. Next, run the following command to change the current directory and install the necessary production dependencies:

    cd /tmp/bundle/programs/server && npm install
    Bash

  1. Move the extracted files to the /opt directory:

    sudo mv /tmp/bundle /opt/Rocket.Chat
    Bash

  1. Start the Rocket.Chat service:

    sudo systemctl start rocketchat
    Bash

    Check the status of the Rocket.Chat process with this command:

    sudo systemctl status rocketchat
    Bash

If you have any questions or issues when updating Rocket.Chat, refer to the Updating Rocket.Chat FAQ. For information on supported MongoDB versions, see the MongoDB version support document.