Quick Start
Guides
Rocket.Chat SaaS
Resources
AWS
Deploying Rocket.Chat on Amazon Web Services
This guide covers the following:
- 1.Hosting Rocket.Chat on an Amazon EC2 instance
- 2.Hosting a domain name with Amazon Route 53
- 3.
Launch an EC2 Instance
Log into AWS Console, open the EC2 Service, click on Instances in the left sidebar and click on Launch Instance to set up a new EC2 instance. you can now follow the steps given below:
- 1.In the first step search for Ubuntu Server 18.04 LTS" with "64-bit (x86) architecture and click on Select.
- 2.Select an instance type of your choice and click Next.
- 3.Adjust the instance details as needed or keep the defaults. Proceed with Next.
- 4.Adjust the storage size and configuration as needed and click on Next.
- 5.Make sure to add a tag called Name and assign a value.
- 6.Allow SSH, HTTP and HTTPS in the security group configuration, proceed with Review and Launch.
- 7.Review your instance configuration and confirm with Launch.
- 8.Choose an existing key pair or create a new one and click on Launch Instance.
Allocate an Elastic IP
- 1.Click on Allocate New Address.
- 2.Select Amazon's pool of IPv4 addresses and click on Allocate.
- 3.Click on the newly created IP address and select Associate Elastic IP address.
- 4.Select your instance and click Associate.
- 5.In the details below, copy the Public DNS. You will need it in the DNS step.(It should be in a format like this:
ec2-18-197-161-168.eu-central-1.compute.amazonaws.com)
Configure DNS w/ AWS Route 53
Open the Route 53 service dashboard:
- Create a new hosted zone by clicking on Create Hosted Zone.
- Enter your domain name and select "Public Hosted Zone" as type, then click on "Create"
- Select your newly created zone and click on "Create Record Set"
- Enter "www" as subdomain (if desired), select Type "CNAME", enter the Public DNS name from the above step to the value field and click "Create"
Get an SSL Certificate from Let's Encrypt
We use Let's Encrypt to get a free & open-source SSL certificate:
- 1.SSH to your instance:1ssh -i <path_to_key_file.pem> [email protected]<public_ip_address>Copied!Note: You may replace with domain name if your DNS has resolved.
- 2.Install
certbotusingapt:1sudo apt update2sudo apt install certbotCopied! - 3.Obtain certificate from Let's Encrypt:1sudo certbot certonly --standalone --email <[email protected]> -d <domain.com> -d <subdomain.domain.com>Copied!​
Note: Second (or more) domain is optional.
Optional Step: Restrict access using security groups
If you would like to restrict traffic to your instance on AWS, you may now adjust the security groups again. Make sure you allow "TCP/22" from your current location for the SSH connection, as well as "TCP/443" from the location you wish to use to access from.
Configure Nginx Web Server with TLS/SSL
- 1.Install Nginx web server:1sudo apt-get install nginxCopied!
- 2.Backup the default config file for reference:1cd /etc/nginx/sites-available2sudo mv default default.referenceCopied!
- 3.Create a new site configuration for Rocket.Chat:1sudo nano /etc/nginx/sites-available/defaultCopied!1server {2listen 443 ssl;3​4server_name <ABC.DOMAIN.COM>;5​6ssl_certificate /etc/letsencrypt/live/<ABC.DOMAIN.COM>/fullchain.pem;7ssl_certificate_key /etc/letsencrypt/live/<ABC.DOMAIN.COM>/privkey.pem;8ssl_protocols TLSv1 TLSv1.1 TLSv1.2;9ssl_prefer_server_ciphers on;10ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';11​12root /usr/share/nginx/html;13index index.html index.htm;14​15# Make site accessible from http://localhost/16server_name localhost;17​18location / {19proxy_pass http://localhost:3000/;20proxy_http_version 1.1;21proxy_set_header Upgrade $http_upgrade;22proxy_set_header Connection "upgrade";23proxy_set_header Host $http_host;24proxy_set_header X-Real-IP $remote_addr;25proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;26proxy_set_header X-Forwarded-Proto http;27proxy_set_header X-Nginx-Proxy true;28proxy_redirect off;29}30}31​32server {33listen 80;34​35server_name <ABC.DOMAIN.COM>;36​37return 301 https://$host$request_uri;38}Copied!Make sure to replace
ABC.DOMAIN.COMwith your domain (it appears 4 times). Make sure to update it in the path to your key files as well: - 4.Test the Nginx configuration to make sure there are no syntax errors:1sudo nginx -tCopied!
- 5.If the syntax test went successful, restart Nginx:1sudo systemctl restart nginxCopied!
Confirm that it is running properly by opening a web browser and going to your domain name. You will get a page stating "502 Bad Gateway". This is expected, since the Rocket.Chat backend is not yet running. Make sure the SSL connection is working properly by clicking the lock icon next to the address bar, make sure it's valid and issued by "Let's Encrypt Authority X3".
Install Docker & Docker Compose
- Install Docker (and any dependencies)
1
sudo apt-get update
2
sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
3
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
4
sudo apt-key fingerprint 0EBFCD88
5
# confirm the fingerprint matches "9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88"
6
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
7
sudo apt-get update
8
sudo apt-get install docker-ce docker-ce-cli containerd.io
Copied!
- Install
docker-compose:
1
sudo curl -L "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
2
sudo chmod +x /usr/local/bin/docker-compose
Copied!
Set up Docker Containers
- Create local directories.
1
sudo mkdir -p /opt/docker/rocket.chat/data/runtime/db
2
sudo mkdir -p /opt/docker/rocket.chat/data/dump
Copied!
- Create the
docker-compose.ymlfile, again make sure to replaceABC.DOMAIN.COMwith your actual domain name:
1
sudo nano /opt/docker/rocket.chat/docker-compose.yml
Copied!
1
version: '2'
2
​
3
services:
4
rocketchat:
5
image: rocket.chat:latest
6
command: >
7
bash -c
8
"for i in `seq 1 30`; do
9
node main.js &&
10
s=$? && break || s=$?;
11
echo \"Tried $i times. Waiting 5 secs...\";
12
sleep 5;
13
done; (exit $s)"
14
restart: unless-stopped
15
volumes:
16
- ./uploads:/app/uploads
17
environment:
18
- PORT=3000
19
- ROOT_URL=https://<ABC.DOMAIN.COM>
20
- MONGO_URL=mongodb://mongo:27017/rocketchat
21
- MONGO_OPLOG_URL=mongodb://mongo:27017/local
22
depends_on:
23
- mongo
24
ports:
25
- 3000:3000
26
​
27
mongo:
28
image: mongo:4.0
29
restart: unless-stopped
30
command: mongod --oplogSize 128 --replSet rs0 --storageEngine=wiredTiger
31
volumes:
32
- ./data/runtime/db:/data/db
33
- ./data/dump:/dump
34
​
35
# this container's job is just to run the command to initialize the replica set.
36
# it will run the command and remove himself (it will not stay running)
37
mongo-init-replica:
38
image: mongo:4.0
39
command: >
40
bash -c
41
"for i in `seq 1 30`; do
42
mongo mongo/rocketchat --eval \"
43
rs.initiate({
44
_id: 'rs0',
45
members: [ { _id: 0, host: 'localhost:27017' } ]})\" &&
46
s=$? && break || s=$?;
47
echo \"Tried $i times. Waiting 5 secs...\";
48
sleep 5;
49
done; (exit $s)"
50
depends_on:
51
- mongo
Copied!
- Start containers:
1
cd /opt/docker/rocket.chat
2
sudo docker-compose up -d
Copied!
- Wait a bit for the replica set to be initialized for MongoDB (about 30-60 seconds) and confirm Rocket.Chat is running properly:
1
sudo docker-compose logs -f rocketchat
Copied!
Use it
Login to your site at
https://ABC.DOMAIN.COM.Note: the first user to log in will be an administrator user.
Last modified 4d ago