OpenSUSE Leap 42.2
Install and Run Rocket.Chat on OpenSUSE Leap 42.2
Note: This is a community supported installation method. You can discuss about this in the forum thread.
Last updated 2017-08-26
Node.js version: 8.9.3
Rocket.Chat version: 0.60.0
These are barebones instructions for how to set up a Rocket.Chat server on OpenSUSE Leap 42.2 using nginx as a reverse proxy. These will help you set up a system you can experiment with. THEY ARE NOT INTENDED FOR SETUP OF A PRODUCTION SYSTEM! They are oriented on using a VM from AWS, but should work for any Leap 42.2 system.

Overview

You will install and configure:
  1. 1.
    Node.js
  2. 2.
    MongoDB
  3. 3.
    Let's Encrypt SSL certificates
  4. 4.
    nginx
  5. 5.
    Rocket.Chat and its dependencies
To do this, you will:
  1. 1.
    Acquire a VM to install on
  2. 2.
    Install all the packages you'll need
  3. 3.
    Start and configure MongoDB
  4. 4.
    Install Let's Encrypt SSL certificates
  5. 5.
    Configure and start nginx
  6. 6.
    Install and start Rocket.Chat
Things you'll need to do afterwards on your own, especially if you want a production-worthy system:
  • Create a systemctl script to restart Rocket.Chat if the server is rebooted
  • Configure email on the server (so Rocket can request account validation)
  • Secure the server (e.g. get rid of the default user on a VM, etc.)
  • Monitor the server so you can respond if it goes down
    • Rocket.Chat availability
    • MongoDB availability
    • nginx availability
  • Configure MongoDB for production use
    • Use an XFS volume
    • Use persistent (e.g. non-local) storage if you're using a VM
    • Configure replica sets
    • Consider setting /sys/kernel/mm/transparent_hugepage/enabled to "never" as recommended by Mongo at startup
  • Set up periodic updates for the system

Acquire a VM with OpenSUSE Leap 42.2

I like to use AWS spot instances as a very cheap way to experiment with things. I find I can usually get an m3.medium (1 vCPU, 3.75GB RAM) for ~$0.01/hour, or ~$7/month if run continuously. Pick the right region and you'll rarely if ever be shut down.
There's a spot_instance.json below that I generally use to set up an instance. I already have a few security groups to lock down all but the ports I need, an IAMS profile to allow just the privileges I want, and an SSH keypair generated; I'm not going to tackle those here, so if you want to do this, you probably should do some quick research and set those up yourself.
I also use the AWS CLI, so it's preconfigured for my favorite region, credentials, etc. If you don't have that set up, you'll want to.
When you've got those set, getting an instance is really straightforward:
1
aws ec2 request-spot-instances --cli-input-json file://spot_instance.json
Copied!
Note: if you get an error saying that you must subscribe to the AMI before using it, copy the URL in the error message and open it in a browser. The "subscription" costs $0.00/hour, so it's just a formality.

Configure the Box

The default user in the Leap 42.2 image is ec2-user. You'll ssh into the box using that user, and immediately become root.
2
> sudo su -
Copied!

Update and Install Packages using zypper

  1. 1.
    Add the repo for MongoDB
  2. 2.
    Refresh metadata for all repos
  3. 3.
    Update all the packages on the box
  4. 4.
    Install the new packages we need
1
zypper addrepo http://download.opensuse.org/repositories/server:database/openSUSE_Leap_42.2/server:database.repo
2
zypper refresh
3
zypper -n update
4
zypper -n install mongodb nodejs4 npm4 nginx GraphicsMagick gcc-c++
Copied!

Start and Configure MongoDB

  1. 1.
    Enable and start MongoDB
  2. 2.
    Create the admin user
  3. 3.
    Create the DB and user for Rocket.Chat
In a shell:
1
systemctl enable mongodb
2
systemctl start mongodb
Copied!
Now start a MongoDB shell and add the admin user:
1
> mongo
2
use admin
3
4
db.createUser({
5
user: "root",
6
pwd: "fl!bb3rtyJ!bb3tt",
7
roles: [ "root" ]
8
})
9
10
exit
Copied!
Now re-open a MongoDB shell as your admin user and create the Rocket.Chat db and admin user. You'll use these later to tell Rocket how to access its DB.
Note: Don't use : or @ in this user's password or you'll need to URL escape them later. It's easier to avoid those characters.
1
> mongo --authenticationDatabase admin -u root -p
2
3
use rocketchat
4
5
db.createUser({
6
user: "rocket",
7
pwd: "4rgl3b4rgl3",
8
roles: [ "readWrite", "dbAdmin" ]
9
})
10
11
exit
Copied!

Install Let's Encrypt SSL Certificates

This is so crazy easy. Remember when this was hard, and when it cost $20-$200 per year? Please consider using one of the donation links given afterwards as a way to support continued development of CertBot.
Replace YOUR.SERVER.NAME below with the hostname your server will be accessed from, e.g. chat.example.com, and replace [email protected] with your email address, e.g. [email protected]
1
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
2
cd /opt/letsencrypt && ./letsencrypt-auto certonly --standalone --email [email protected] -d YOUR.SERVER.NAME
Copied!

Configure and Start nginx

  1. 1.
    Set up a more modern site config management scheme
  2. 2.
    Set the base nginx config
  3. 3.
    Add the config needed for Rocket.Chat
  4. 4.
    Enable and start nginx
1
cd /etc/nginx
2
mkdir sites-enabled sites-available
Copied!
Now do two things:
  1. 1.
    Replace the contents of /etc/nginx.conf with the nginx.conf below.
  2. 2.
    Copy the contents of rocket_chat.conf below to /etc/nginx/sites-available/rocket_chat.conf
Now you can enable the Rocket.Chat config, then enable and start nginx
1
cd /etc/nginx/sites-enabled
2
ln -s ../sites-available/rocket_chat.conf .
3
4
systemctl enable nginx
5
systemctl start nginx
Copied!

Install and Configure Rocket.Chat

  1. 1.
    Add a rocket user and group
  2. 2.
    Download the latest Rocket.Chat
  3. 3.
    Install all the node.js dependencies for Rocket.Chat using npm
  4. 4.
    Set the required environment variables
  5. 5.
    Start the Rocket.Chat server
Replace YOUR.SERVER.NAME below with the hostname your server will be accessed from, e.g. chat.example.com
1
groupadd -g 2000 rocket
2
useradd -g rocket -u 2000 rocket
3
4
cd /opt
5
curl -L https://releases.rocket.chat/latest/download -o rocket.chat.tgz
6
tar zxvf rocket.chat.tgz
7
mv bundle Rocket.Chat
8
chown -R rocket:rocket /opt/Rocket.Chat
9
10
su - rocket
11
cd /opt/Rocket.Chat/programs/server
12
npm install
13
cd ../..
14
15
# TODO: Make a script for this for systemctl
16
export ROOT_URL=http://YOUR.SERVER.NAME/
17
export MONGO_URL=mongodb://rocket:[email protected]:27017/rocketchat
18
export PORT=3000
19
20
node main.js
Copied!
If everything is working as planned, you'll see something like:
1
Will load cache for users
2
0 records load from users
3
Will load cache for rocketchat_room
4
0 records load from rocketchat_room
5
Will load cache for rocketchat_subscription
6
0 records load from rocketchat_subscription
7
Will load cache for rocketchat_settings
8
0 records load from rocketchat_settings
9
Updating process.env.MAIL_URL
10
Will load cache for rocketchat_permissions
11
0 records load from rocketchat_permissions
12
Will load cache for rocketchat_roles
13
0 records load from rocketchat_roles
14
LocalStore: store created at
15
LocalStore: store created at
16
Setting default file store to GridFS
17
Updating process.env.MAIL_URL
18
Using GridFS for custom sounds storage
19
Using GridFS for custom emoji storage
20
ufs: temp directory created at "/tmp/ufs"
21
➔ System ➔ startup
22
➔ +--------------------------------------------------------+
23
➔ | SERVER RUNNING |
24
➔ +--------------------------------------------------------+
25
➔ | |
26
➔ | Rocket.Chat Version: 0.60.0 |
27
➔ | NodeJS Version: 8.9.3 - x64 |
28
➔ | Platform: linux |
29
➔ | Process Port: 3000 |
30
➔ | Site URL: http://YOUR.SERVER.NAME:3000/ |
31
➔ | ReplicaSet OpLog: Disabled |
32
➔ | Commit Hash: 988103d449 |
33
➔ | Commit Branch: HEAD |
34
➔ | |
35
➔ +--------------------------------------------------------+
Copied!
... and that's Rocket.Chat all set. Direct a browser to https://YOUR.SERVER.NAME and register a yourself as new user. The first user you register will be made the server admin.

Sources

These are docs and snippets I used to figure all of this out.

Config Files

/etc/nginx.conf

This config relies on you creating /etc/nginx/sites-available and /etc/nginx/sites-enabled
1
user rocket;
2
worker_processes auto;
3
pid /run/nginx.pid;
4
5
events {
6
worker_connections 768;
7
# multi_accept on;
8
}
9
10
http {
11
12
##
13
# Basic Settings
14
##
15
16
sendfile on;
17
tcp_nopush on;
18
tcp_nodelay on;
19
keepalive_timeout 65;
20
types_hash_max_size 2048;
21
# server_tokens off;
22
23
# server_names_hash_bucket_size 64;
24
# server_name_in_redirect off;
25
26
include /etc/nginx/mime.types;
27
default_type application/octet-stream;
28
29
##
30
# SSL Settings
31
##
32
33
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
34
ssl_prefer_server_ciphers on;
35
36
##
37
# Logging Settings
38
##
39
40
access_log /var/log/nginx/access.log;
41
error_log /var/log/nginx/error.log;
42
43
##
44
# Gzip Settings
45
##
46
47
gzip on;
48
gzip_disable "msie6";
49
50
# gzip_vary on;
51
# gzip_proxied any;
52
# gzip_comp_level 6;
53
# gzip_buffers 16 8k;
54
# gzip_http_version 1.1;
55
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
56
57
##
58
# Virtual Host Configs
59
##
60
61
include /etc/nginx/conf.d/*.conf;
62
include /etc/nginx/sites-enabled/*;
63
}
64
65
66
#mail {
67
# # See sample authentication script at:
68
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
69
#
70
# # auth_http localhost/auth.php;
71
# # pop3_capabilities "TOP" "USER";
72
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
73
#
74
# server {
75
# listen localhost:110;
76
# protocol pop3;
77
# proxy on;
78
# }
79
#
80
# server {
81
# listen localhost:143;
82
# protocol imap;
83
# proxy on;
84
# }
85
#}
Copied!

/etc/nginx/sites-available/rocket_chat.conf

Replace YOUR.SERVER.NAME below with the hostname your server will be accessed from, e.g. chat.example.com
1
server {
2
listen 443 ssl;
3
server_name YOUR.SERVER.NAME;
4
ssl_certificate /etc/letsencrypt/live/YOUR.SERVER.NAME/fullchain.pem;
5
ssl_certificate_key /etc/letsencrypt/live/YOUR.SERVER.NAME/privkey.pem;
6
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
7
ssl_prefer_server_ciphers on;
8
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
9
root /usr/share/nginx/html;
10
index index.html index.htm;
11
# Make site accessible from http://localhost/
12
server_name localhost;
13
location / {
14
proxy_pass http://localhost:3000/;
15
proxy_http_version 1.1;
16
proxy_set_header Upgrade $http_upgrade;
17
proxy_set_header Connection "upgrade";
18
proxy_set_header Host $http_host;
19
proxy_set_header X-Real-IP $remote_addr;
20
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
21
proxy_set_header X-Forwarded-Proto https;
22
proxy_set_header X-Nginx-Proxy true;
23
proxy_redirect off;
24
}
25
}
26
server {
27
listen 80;
28
server_name YOUR.SERVER.NAME;
29
return 301 https://$host$request_uri;
30
}
Copied!

spot_instance.json

Replace Subnet-Id, Arn, and SecurityGroupIds content below with your own. The ImageId given is for the OpenSUSE Leap 42.2 AMI.
1
{
2
"InstanceCount": 1,
3
"SpotPrice": "0.015",
4
"LaunchSpecification":
5
{
6
"ImageId": "ami-49570529",
7
"InstanceType": "m3.medium",
8
"SubnetId": "subnet-########",
9
"KeyName": "tinyjoy",
10
"IamInstanceProfile": {
11
"Arn": "arn:aws:iam::############:instance-profile/IAMS-PROFILE-NAME"
12
},
13
"SecurityGroupIds": ["sg-########"]
14
},
15
"Type": "one-time"
16
}
Copied!