AWS
Deploying Rocket.Chat on Amazon Web Services
This guide covers the following:
  1. 1.
    Hosting Rocket.Chat on an Amazon EC2 instance
  2. 2.
    Hosting a domain name with Amazon Route 53
  3. 3.
    Securing your server with a free SSL certificate from Let's Encrypt

Launch an EC2 instance

Log into AWS console, open the "EC2" service, click on "Instances" in the left sidebar and click on "Launch Instance" to setup a new EC2 instance. Now follow the steps below:
  1. 1.
    In the first step search for "Ubuntu Server 18.04 LTS" with "64-bit (x86)" architecture and click on "Select"
  2. 2.
    Select an instance type of your choice and click "Next"
  3. 3.
    Adjust the instance details as needed or keep the defaults. Proceed with "Next"
  4. 4.
    Adjust the storage size and configuration as needed and click on "Next"
  5. 5.
    Make sure to add a tag called "Name" and assign a value
  6. 6.
    Allow "SSH", "HTTP" and "HTTPS" in the security group configuration, proceed with "Review and Launch"
  7. 7.
    Review your instance configuration and confirm with "Launch"
  8. 8.
    Choose an existing key pair or create a new one and click on "Launch Instance"

Allocate an Elastic IP

Back in the "EC2" service dashboard, click on "Elastic IPs" in the left sidebar:
  1. 1.
    Click on "Allocate New Address"
  2. 2.
    Select "Amazon's pool of IPv4 addresses" and click on "Allocate"
  3. 3.
    Click on the newly created IP address and select "Associate Elastic IP address"
  4. 4.
    Select your instance and click "Associate"
  5. 5.
    In the details below, copy the "Public DNS". You will need it in the DNS step.
    (It should be in a format like this: ec2-18-197-161-168.eu-central-1.compute.amazonaws.com)

Configure DNS w/ AWS Route 53

Open the "Route 53" service dashboard:
  1. 1.
    Create a new hosted zone by clicking on "Create Hosted Zone":
  2. 2.
    Enter your domain name and select "Public Hosted Zone" as type, then click on "Create"
  3. 3.
    Select your newly created zone and click on "Create Record Set"
  4. 4.
    Enter "www" as subdomain (if desired), select Type "CNAME", enter the Public DNS name from the above step to the value field and click "Create"

Get an SSL certificate from Let's Encrypt

We will use Let's Encrypt to get a free & open-source SSL certificate:
  1. 1.
    SSH to your instance:
    1
    ssh -i <path_to_key_file.pem> [email protected]<public_ip_address>
    Copied!
    Note: You may replace with domain name if your DNS has resolved.
  2. 2.
    Install certbot using apt:
    1
    sudo apt update
    2
    sudo apt install certbot
    Copied!
  3. 3.
    Obtain certificate from Let's Encrypt:
    1
    sudo certbot certonly --standalone --email <[email protected]> -d <domain.com> -d <subdomain.domain.com>
    Copied!
    Note: Second (or more) domain is optional.
  4. 4.
    Optional step: restrict access using security groups
    If you would like to restrict traffic to your instance on AWS, you may now adjust the security groups again. Make sure you allow "TCP/22" from your current location for the SSH connection, as well as "TCP/443" from the location you wish to use to access from.

Configure Nginx web server with TLS/SSL

  1. 1.
    Install Nginx web server:
    1
    sudo apt-get install nginx
    Copied!
  2. 2.
    Backup the default config file for reference:
    1
    cd /etc/nginx/sites-available
    2
    sudo mv default default.reference
    Copied!
  3. 3.
    Create a new site configuration for Rocket.Chat:
    1
    sudo nano /etc/nginx/sites-available/default
    Copied!
    1
    server {
    2
    listen 443 ssl;
    3
    4
    server_name <ABC.DOMAIN.COM>;
    5
    6
    ssl_certificate /etc/letsencrypt/live/<ABC.DOMAIN.COM>/fullchain.pem;
    7
    ssl_certificate_key /etc/letsencrypt/live/<ABC.DOMAIN.COM>/privkey.pem;
    8
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    9
    ssl_prefer_server_ciphers on;
    10
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    11
    12
    root /usr/share/nginx/html;
    13
    index index.html index.htm;
    14
    15
    # Make site accessible from http://localhost/
    16
    server_name localhost;
    17
    18
    location / {
    19
    proxy_pass http://localhost:3000/;
    20
    proxy_http_version 1.1;
    21
    proxy_set_header Upgrade $http_upgrade;
    22
    proxy_set_header Connection "upgrade";
    23
    proxy_set_header Host $http_host;
    24
    proxy_set_header X-Real-IP $remote_addr;
    25
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    26
    proxy_set_header X-Forwarded-Proto http;
    27
    proxy_set_header X-Nginx-Proxy true;
    28
    proxy_redirect off;
    29
    }
    30
    }
    31
    32
    server {
    33
    listen 80;
    34
    35
    server_name <ABC.DOMAIN.COM>;
    36
    37
    return 301 https://$host$request_uri;
    38
    }
    Copied!
    Make sure to replace ABC.DOMAIN.COM with your domain (it appears 4 times). Make sure to update it in the path to your key files as well:
  4. 4.
    Test the Nginx configuration to make sure there are no syntax errors:
    1
    sudo nginx -t
    Copied!
  5. 5.
    If the syntax test went successful, restart Nginx:
    1
    sudo systemctl restart nginx
    Copied!
Confirm that it is running properly by opening a web browser and going to your domain name. You will get a page stating "502 Bad Gateway". This is expected, since the Rocket.Chat backend is not yet running. Make sure the SSL connection is working properly by clicking the lock icon next to the address bar, make sure it's valid and issued by "Let's Encrypt Authority X3".

Install Docker & Docker Compose

  1. 1.
    Install Docker (and any dependencies)
    1
    sudo apt-get update
    2
    sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
    3
    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
    4
    sudo apt-key fingerprint 0EBFCD88
    5
    # confirm the fingerprint matches "9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88"
    6
    sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
    7
    sudo apt-get update
    8
    sudo apt-get install docker-ce docker-ce-cli containerd.io
    Copied!
  2. 2.
    Install docker-compose:
    1
    sudo curl -L "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
    2
    sudo chmod +x /usr/local/bin/docker-compose
    Copied!

Set up Docker containers

  1. 1.
    Create local directories
    1
    sudo mkdir -p /opt/docker/rocket.chat/data/runtime/db
    2
    sudo mkdir -p /opt/docker/rocket.chat/data/dump
    Copied!
  2. 2.
    Create the docker-compose.yml file, again make sure to replace ABC.DOMAIN.COM with your actual domain name:
    1
    sudo nano /opt/docker/rocket.chat/docker-compose.yml
    Copied!
    1
    version: '2'
    2
    3
    services:
    4
    rocketchat:
    5
    image: rocket.chat:latest
    6
    command: >
    7
    bash -c
    8
    "for i in `seq 1 30`; do
    9
    node main.js &&
    10
    s=$? && break || s=$?;
    11
    echo \"Tried $i times. Waiting 5 secs...\";
    12
    sleep 5;
    13
    done; (exit $s)"
    14
    restart: unless-stopped
    15
    volumes:
    16
    - ./uploads:/app/uploads
    17
    environment:
    18
    - PORT=3000
    19
    - ROOT_URL=https://<ABC.DOMAIN.COM>
    20
    - MONGO_URL=mongodb://mongo:27017/rocketchat
    21
    - MONGO_OPLOG_URL=mongodb://mongo:27017/local
    22
    depends_on:
    23
    - mongo
    24
    ports:
    25
    - 3000:3000
    26
    27
    mongo:
    28
    image: mongo:4.0
    29
    restart: unless-stopped
    30
    command: mongod --smallfiles --oplogSize 128 --replSet rs0 --storageEngine=mmapv1
    31
    volumes:
    32
    - ./data/runtime/db:/data/db
    33
    - ./data/dump:/dump
    34
    35
    # this container's job is just to run the command to initialize the replica set.
    36
    # it will run the command and remove himself (it will not stay running)
    37
    mongo-init-replica:
    38
    image: mongo:4.0
    39
    command: >
    40
    bash -c
    41
    "for i in `seq 1 30`; do
    42
    mongo mongo/rocketchat --eval \"
    43
    rs.initiate({
    44
    _id: 'rs0',
    45
    members: [ { _id: 0, host: 'localhost:27017' } ]})\" &&
    46
    s=$? && break || s=$?;
    47
    echo \"Tried $i times. Waiting 5 secs...\";
    48
    sleep 5;
    49
    done; (exit $s)"
    50
    depends_on:
    51
    - mongo
    Copied!
  3. 3.
    Start containers:
    1
    cd /opt/docker/rocket.chat
    2
    sudo docker-compose up -d
    Copied!
  4. 4.
    Wait a bit for the replica set to be initialized for MongoDB (about 30-60 seconds) and confirm Rocket.Chat is running properly:
    1
    sudo docker-compose logs -f rocketchat
    Copied!

Use it

  1. 1.
    Login to your site at https://ABC.DOMAIN.COM
    Note: the first user to login will be an administrator user.
Last modified 1yr ago