WebsiteCommunityDeveloperFree Trial
Search…
Rocket.Chat Documentation
Getting Support
Development Docs
Quick Start
Deploying Rocket.Chat
Introduction/Prerequisites
Hardware Requirements
Rapid Deployment Methods
Docker & Docker Compose
Snaps
Configuring MongoDB
Auto SSL with Snaps
Snap Backup and Restore
Snap FAQ
RocketChatCTL
Kubernetes with Helm
Cloud Deployments
Other Deployment Methods
Scaling Rocket.Chat
Accessing Your Workspace
Installing Client Apps
Upgrading Rocket.Chat
Environment Configuration
Guides
User Guides
Administration
Omnichannel
Message Auditing Panel
Message Auditing Log
Rocket.Chat Call Center
App Guides
Mobile Guides
Roles in Rocket.Chat
Security and Compliance Guides
Brand and Visual Guidelines
Enterprise Edition Trial
Rocket.Chat SaaS
Cloud Account
Resources
Frequently Asked Questions
Contributors
How can I help?
Contributor Code of Conduct
Google Summer of Code
Google Season of Docs
Github Sponsorship
Legal
Terms of Service
Master Services Agreement for Self Managed Workspaces
Master Service Agreement for Professional Services
Privacy Policy
Privacy Policy Facebook Messenger
Code of Conduct for our services
GDPR
Censorship and Harmful Content
Guidelines for Law Enforcement
Server Lookup
DMCA Policy
Powered By GitBook
Auto SSL with Snaps
We now include the option to enable Caddy in your snap. Caddy makes use of Let's Encrypt to automatically provide you SSL protection for your communications.
Starting from release 0.73 you can easily configure everything related to Caddy using snap hooks to ensure your DNS configuration is set up correctly before starting Caddy and Let's Encrypt support.

Configure everything using snap

For 4.x latest AMD64 snaps or 3.x latest ARM64 snaps
Set the SiteUrl to your domain, make sure it is prefixed with https.
1
sudo snap set rocketchat-server siteurl=https://<your domain>
Copied!
Now start Caddy and restart the snap services.
1
sudo systemctl enable --now snap.rocketchat-server.rocketchat-caddy
2
sudo snap restart rocketchat-server
Copied!
For older snaps
If you want to enable SSL and Let's Encrypt certificates you should:
  1. 1.
    Input a URL starting with HTTPS
  2. 2.
    Own the domain name you would like to use
  3. 3.
    Have the correct DNS record set up to resolve your domain name to your public IP (remember DNS records could take some time to propagate).
These next commands will check that configuration is set up correctly before starting the services:
1
sudo snap set rocketchat-server caddy-url=https://<your-domain-name>
2
sudo snap set rocketchat-server caddy=enable
3
sudo snap set rocketchat-server https=enable
4
sudo snap run rocketchat-server.initcaddy
Copied!
If no errors were found, it is safe to restart Rocket.Chat and Caddy:
1
sudo systemctl restart snap.rocketchat-server.rocketchat-server.service
2
sudo systemctl restart snap.rocketchat-server.rocketchat-caddy.service
Copied!
In case you don't want to configure SSL for your site, or want to remove SSL configuration:
1
sudo snap set rocketchat-server https=disable
2
sudo snap set rocketchat-server caddy-url=http://<your-domain-name>
3
sudo snap set rocketchat-server caddy=enable
4
sudo snap run rocketchat-server.initcaddy
Copied!
If no errors were found, it is safe to restart Rocket.Chat and Caddy:
1
sudo systemctl restart snap.rocketchat-server.rocketchat-server.service
2
sudo systemctl restart snap.rocketchat-server.rocketchat-caddy.service
Copied!

Check Caddy's logs

1
sudo snap logs -f rocketchat-server.rocketchat-caddy
Copied!

Configure Caddy yourself or use another HTTP Proxy

For 4.x latest AMD64 snaps or 3.x latest ARM64 snaps
Both caddy v2 and caddy v1 (EOL) is delivered in the snap, v2 is prioritized over v1.
If you want to configure Caddy yourself, place the Caddyfile in /var/snap/rocketchat-server/current/ directory and restart rocketchat-server.
1
sudo snap restart rocketchat-server
Copied!
If you want to use some other reverse proxy, just disable Caddy by running.
1
sudo systemctl disable snap.rocketchat-server.rocketchat-caddy
Copied!
For older versions
In case you plan to use another https proxy or you prefer other options in Caddy configuration, you can disable caddy:
1
sudo snap set rocketchat-server caddy=disable
Copied!
Then, edit the Caddyfile found at /var/snap/rocketchat-server/current/Caddyfile and write your configuration.
Replace _caddy-url_ and _port_ with your site information. For instance, let's say I have example-domain.com pointing at my server.
First, be sure that your DNS has finished resolving before attempting to enable SSL. If your DNS is not working yet, you could be instantly throttled by Let's Encrypt for up to a week. To test your DNS you can use http:
1
http://example-domain.com
2
proxy / localhost:3000 {
3
websocket
4
transparent
5
}
Copied!
and restart Caddy:
1
sudo systemctl restart snap.rocketchat-server.rocketchat-caddy
Copied!
You can check that the Caddy service started correctly by running:
1
sudo systemctl status snap.rocketchat-server.rocketchat-caddy
Copied!
Once that is tested and resolved, to get secured communications, you can remove the http://:
1
example-domain.com
2
proxy / localhost:3000 {
3
websocket
4
transparent
5
}
Copied!
Please note: using an IP address will not work for automatically enabling SSL. You must use a valid hostname (here's why).
Now you can restart the Caddy service by running:
1
sudo systemctl restart snap.rocketchat-server.rocketchat-caddy
Copied!
You can check that the Caddy service started correctly by running:
1
sudo systemctl status snap.rocketchat-server.rocketchat-caddy
Copied!
If everything went well, the site will be accessible at https://example-domain.com.

Testing with an Untrusted Self-Signed Certificate

Simply add the tls self_signed directive to your Caddyfile like so:
1
https://example-domain.com
2
tls self_signed
3
proxy / localhost:3000 {
4
websocket
5
transparent
6
}
Copied!
Remember to restart the Caddy service:
1
sudo systemctl restart snap.rocketchat-server.rocketchat-caddy
Copied!
This will enable SSL with an untrusted, self-signed certificate for testing purposes.
For details on the Caddy TLS directive, visit https://caddyserver.com/docs/tls​

Redirecting HTTP to HTTPS

Redirecting is handled automatically by caddy by omitting the http / https in front.
1
example-domain.com {
2
proxy / localhost:3000 {
3
websocket
4
transparent
5
}
6
}
Copied!
Remember to restart the Caddy service:
1
sudo systemctl restart snap.rocketchat-server.rocketchat-caddy
Copied!

Disabling SSL or Listening on Custom Ports

This configuration will listen without SSL on the default port 80:
1
http://example-domain.com {
2
proxy / localhost:3000 {
3
websocket
4
transparent
5
}
6
}
Copied!
This configuration will listen without SSL on port 8080:
1
http://example-domain.com:8080 {
2
proxy / localhost:3000 {
3
websocket
4
transparent
5
}
6
}
Copied!
This configuration will listen with SSL on port 8080:
1
https://example-domain.com:8080 {
2
proxy / localhost:3000 {
3
websocket
4
transparent
5
}
6
}
Copied!
Note that, without SSL, you can use an IP address:
1
http://192.168.1.1:8080 {
2
proxy / localhost:3000 {
3
websocket
4
transparent
5
}
6
}
Copied!
Remember to restart the Caddy service:
1
sudo systemctl restart snap.rocketchat-server.rocketchat-caddy
Copied!

Opening ports when running Rocket.Chat Server from behind router

For Caddy to be able to work from behind a router, the following ports need to be opened between the internet and the server. This is usually achieved through router software or web-interface.
  • HTTP: port 80
  • HTTPS: port 443
Previous
Configuring MongoDB
Next
Snap Backup and Restore
Last modified 5d ago
Export as PDF
Copy link
Contents
Configure everything using snap
Check Caddy's logs
Configure Caddy yourself or use another HTTP Proxy
Testing with an Untrusted Self-Signed Certificate
Redirecting HTTP to HTTPS
Disabling SSL or Listening on Custom Ports
Opening ports when running Rocket.Chat Server from behind router