Deploy with AWS
    • Dark
      Light
    • PDF

    Deploy with AWS

    • Dark
      Light
    • PDF

    Article summary

    By leveraging Amazon Web Services (AWS) to deploy Rocket.Chat on an EC2 instance, organizations can unlock a host of benefits, from scalability and reliability to cost-effectiveness and simplified management.

    Prerequisites

    • The minimum requirement to run Rocket.Chat successfully is 2Gb 2 cores.

    • You need an active AWS account to proceed with the deployment.

    For deployments approaching 1000 concurrent users and above, deploy with Kubernetes is recommended.

    Deploying Rocket.Chat on an EC2 instance

    In this guide, you'll learn how to:

    • Host Rocket.Chat on an EC2 instance with a domain name.

    • Secure your Rocket.Chat server with a free SSL certificate from Let's Encrypt.

    • Deploy the workspace using Docker on the EC2 instance.

    Launch an EC2 instance

    To create a new EC2 instance, follow these steps:

    1. Log into your AWS console, and open the EC2 Service.

    2. From the sidebar, click Instances. Then, click Launch Instances to set up a new EC2 instance.

    3. Set the instance name and select at least Ubuntu Server 18.04 LTS with 64-bit (x86) architecture as the OS image.

    4. Select an instance type of your choice according to the Cores recommendation above. For example, t3.large.

    5. Choose an existing key pair or create a new one for SSH connections.

    6. Allow SSH, HTTP, and HTTPS traffic in the security group configuration.

    7. Adjust the instance details, storage size, and other configurations, or keep the defaults.

    8. Proceed to Summary to review your instance configurations.

    9. Then, click Launch Instance.

    Allocate an Elastic IP (optional)

    Unlike instance addresses which can change upon restart, Elastic IPs are static. They remain consistent throughout the instance lifecycle and can be easily reattached to different instances, making them ideal for scenarios where you need to move your instance or change configurations.

    Follow these steps to allocate an elastic IP to an instance:

    1. From the EC2 service dashboard, click Elastic IPs.

    2. Click Allocate Elastic IP address.

    3. Select Amazon's pool of IPv4 addresses, and click Allocate.

    4. Click and open the newly created IP address and select Associate Elastic IP address.

    5. Select your instance and click Associate.

    6. In the details below, copy the Public DNS. You will need it to configure the DNS. The format looks like this: ec2-18-XXX-XXX-XXX.eu-central-1.compute.amazonaws.com

    Allocating an elastic IP address to your instance is optional. You can proceed with using the Public IPv4 address of your instance for configuring your DNS.

    Configure DNS with AWS Route 53

    Route 53 allows you to manage all domain names and DNS records in one place. This simplifies administration and allows you to create various record types (A records, CNAME records, etc.) to direct your domain names to resources. To configure, open the Route 53 service dashboard and navigate to Hosted Zones.

    If you already have a hosted zone, follow these steps:

    1. Select the hosted zone.

    2. Click Create Record.

    3. Add a subdomain in the form of the record name.

    4. Select the record type “A,” which points to an IP address. In this case, the IP address refers to the Public IPv4 address from the created instance in earlier steps.

    5. Click Create Records to create a new record within the hosted zone.

    Take note of the subdomain created here, as you will need it later.

    If you do not have a hosted zone, follow these steps instead:

    1. Click Create Hosted Zone.

    2. Enter your domain name and select Public Hosted Zone as the type. Click the Create hosted zone button.

    3. Select your newly created zone and click Create Record Set.

    4. Enter www as a subdomain (if desired), select Type CNAME, enter the Public DNS name you copied from the elastic IP to the value field, and click Create.

    Get an SSL certificate from Let's Encrypt

    Use Let's Encrypt to get a free & open-source SSL certificate by following these steps:

    1. Connect to your instance:

    ssh -i <path_to_key_file.pem> ubuntu@<public_ip_address>

    If your DNS has resolved, you can replace the IP address with your domain name.

    1. Install certbot using apt:

    sudo apt update
    sudo apt install certbot
    1. Obtain a certificate from Let's Encrypt by running this command (a second or more domains are optional):

    sudo certbot certonly --standalone --email <[email protected]> -d <domain.com> -d <subdomain.domain.com>

    Alternatively, you can follow the Deploy with Docker Compose guide and enable HTTPS using Let's Encrypt and Traefik.

    Restrict access using security groups (optional)

    Adjust the security groups again if you want to restrict traffic to your AWS instance. Make sure you allow TCP/22 from your current location for the SSH connection, as well as TCP/443 from the location you wish to use to access from.

    Configure Nginx web server with TLS/SSL

    Rocket.Chat is usually set to run on port 3000 by default. However, you can make it more accessible to your users by using Nginx as a reverse proxy. This will link your domain name to the Rocket.Chat server running on that port. By doing this, your users can access your workspace through your domain name instead of directly using the port in the URL. Follow these steps:

    1. Install Nginx web server:

     sudo apt-get install nginx
    1. Backup the default config file for reference:

     cd /etc/nginx/sites-available
     sudo mv default default.reference
    1. Create a new site configuration for Rocket.Chat:

     sudo nano /etc/nginx/sites-available/default
    1. Paste the following in the new file:

     server {
         listen 443 ssl;
    
         server_name <ABC.DOMAIN.COM>; //replace <ABC.DOMAIN.COM> with your domain name
    
         ssl_certificate /etc/letsencrypt/live/<ABC.DOMAIN.COM>/fullchain.pem; //replace <ABC.DOMAIN.COM> with your domain name
         ssl_certificate_key /etc/letsencrypt/live/<ABC.DOMAIN.COM>/privkey.pem; //replace <ABC.DOMAIN.COM> with your domain name
         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
         ssl_prefer_server_ciphers on;
         ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    
         root /usr/share/nginx/html;
         index index.html index.htm;
    
         # Make site accessible from http://localhost/
         server_name localhost;
    
         location / {
             proxy_pass http://localhost:3000/;
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection "upgrade";
             proxy_set_header Host $http_host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto http;
             proxy_set_header X-Nginx-Proxy true;
             proxy_redirect off;
         }
     }
    
     server {
         listen 80;
    
         server_name <ABC.DOMAIN.COM>; //replace <ABC.DOMAIN.COM> with your domain name
    
         return 301 https://$host$request_uri;
     }

    Ensure to update ABC.DOMAIN.COM with your domain name. Update it in the path to your key files as well.

    1. Test the Nginx configuration to make sure there are no syntax errors

    sudo nginx -t
    1. If the syntax test is successful, restart Nginx:

    sudo systemctl restart nginx

    Open a web browser and enter your domain name to confirm it is running correctly. A 502 Bad Gateway page is expected since the Rocket.Chat backend is not yet running. Ensure the SSL connection works appropriately by clicking the lock icon next to the address bar. Confirm the connection is valid and secure using HTTPS.

    Install Rocket.Chat

    Now that your EC2 instance and domain are ready, SSH into your instance and follow our deploy with Docker & Docker Compose guide to set up your Rocket.Chat workspace. Once your workspace is running, log in to your site at https://ABC.DOMAIN.COM.The first user to log in will be the workspace administrator.


    Was this article helpful?

    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence