As of December 15, 2023, Rocket.Chat has ceased support for connections from cloud services and official mobile/desktop apps to workspaces running legacy versions outside our support window. Users on unsupported legacy servers are advised to upgrade to the latest Rocket.Chat version to ensure continued access to cloud, mobile, and desktop applications. Each Rocket.Chat version is supported for six months post-release.
Deploying Rocket.Chat with Docker and Docker-compose is a straightforward and highly recommended deployment method due to its simplicity and flexibility. This guide will walk you through the essential steps, whether you're a seasoned Docker expert or new to containerization, ensuring a smooth deployment for your Rocket.Chat workspace.
In this guide, you'll learn how to:
Step 1: Install Docker and Docker Compose
This guide is intended for Linux users. If you're using macOS or Windows, follow the Docker Desktop installation instructions for macOS or Windows instead.
Ensure you have Docker and Docker Compose (Docker Compose v2 is required) installed and operational. If you don't have them installed, you can conveniently set them up in Linux environments using Docker's official helper script:
curl -L https://get.docker.com | shTo run Docker commands without using sudo, add the current user to the Docker group. If you are unsure who the user is, check the current user by running:
whoamiNow run the following command. Substitute
$USERwith the result you get from executing the above command.sudo usermod -aG docker $USER sudo rebootIf you are using a firewall, you may need to whitelist some URLs to communicate with our cloud services. See Firewall Configuration for the complete list.
Step 2: Fetch the compose file
Go to your preferred directory, create a compose.yml file, and copy the content from Rocket.Chat’s Docker official image.
Alternatively, you can use the curl command to download the compose.yml file by executing this command:
curl -L https://go.rocket.chat/i/docker-compose.yml -OStep 3: Create a .env file
To maintain a clean configuration, avoid editing the compose.yml file directly. Instead, use a .env file to define environment variables, which makes it easier to modify your deployment configuration without editing the compose.yml file.
Remember to uncomment the variables you are updating in the
.envfile.
In your project directory, create a
.envfile with the following command and paste the contents of the official .env.example file.nano .envSet the
RELEASEvariable in the.envto your desired Rocket.Chat version. See our releases page and available docker images. Keeping the default release aslatestis not recommended.If you're deploying a production workspace with a domain, update your
.envfile with the following details:ROOT_URL: Specify the intended URL for your workspace. For example,http://<your-domain>.HOST_PORT: Set this to80. Confirm that no other services are running on port80and that your firewall permits traffic on this port.Skip this step if you are deploying a test workspace on localhost.
If you plan to enable HTTPS for your workspace domain, skip setting the
HOST_PORTandROOT_URLhere and proceed to Enable HTTPS for Docker after starting the Rocket.Chat container.
If you’ve received a registration token from our Sales team or Rocket.Chat Cloud, you can use it to register your workspace automatically. To do this, add the token to the
.envfile like this:REG_TOKEN=your_token_hereAdding the registration token to the
.envfile is optional. You can also register your workspace during configuration after deployment.Once registration is complete (confirmed when server starts), the token is no longer needed. If stored in the
.envfile, it can be removed as the registration is stored in the database clould settings.
If you’re using an existing MongoDB installation, such as MongoDB Atlas as the database provider, edit the value of the
MONGO_URLvariable to your connection string in this format:MONGO_URL=mongodb://<user>:<pass>@host1:27017,host2:27017,host3:27017/<databaseName>?replicaSet=<replicaSet>&ssl=true&authSource=admin
For production use, MongoDB must be deployed separately (non-containerized) and configured as a replica set.
Step 4: Start Rocket.Chat
Save the .env file and start up the Rocket.Chat container by executing this command:
docker compose up -dThis command will:
Start a MongoDB service named
mongodb.Start a service
rocketchat, which will also wait formongodbto be ready.
MongoDB ensures continuous 24 x 7 operations and live backup, reducing the need for frequent restarts. Refer to the MongoDB documentation for proper server operation and management. Optionally, manage messages and configurations by uncommenting the volume mounts, and ensuring a data subdirectory is available for data storage and mounting.
If you encounter issues during deployment, refer to the following resources for logging and troubleshooting:
Step 5: Access your Rocket.Chat workspace
To access your workspace, visit http://localhost:3000 if you deployed a test workspace on localhost. However, if you deployed a production workspace with a domain, you can access your workspace through the specified ROOT_URL . Follow the configuration prompts to configure your workspace. During the configuration steps, your workspace and email are registered to the Rocket.Chat Cloud portal, from where you can manage your workspace and subscriptions.
Next steps
Great! You’ve successfully created your Rocket.Chat workspace with Docker and logged in. Next, check out the following documents to get started:
User Guides: Learn the basics of your Rocket.Chat account, the types of rooms, and how to communicate with your workspace users.
Workspace Administration: Administrators and owners can set and manage various configurations.
Marketplace: Explore the available apps to enhance your workspace.
Enable HTTPS for your Rocket.Chat workspace
Your domain should only be accessible via HTTPS to access your workspace securely. If your domain is not set up with HTTPS already, the following examples describe how to set it up using a reverse proxy, such as Traefik or Nginx.
We recommend using Traefik as it’s shipped with our official Docker image.
Traefik
You can secure your Rocket.Chat Docker instance with TLS/SSL certificates from Let's Encrypt. Using Traefik as a reverse proxy, the certificates are automatically generated, enabling safe access to your Rocket.Chat instance via HTTPS on your specified domain.
Before you proceed, confirm that the correct A record (optionally CNAME) is set for your domain going to your server IP.
Update the following variables in your
.envfile. If you don't have one, create a.envfile following our example.LETSENCRYPT_EMAIL: Your required email for the TLS certificates.DOMAIN: Your domain or subdomain name only. Avoid adding https:// or any trailing slashes. Confirm that this domain resolves to the server IP address.RELEASE: Your preferred Rocket.Chat release. See the releases page to know more about our releases.ROOT_URL: Set the value to " https://your-domain.com," replacing "your-domain.com" with the domain name you want to use.BIND_IP: Set to127.0.0.1
LETSENCRYPT_EMAIL= # your email, required for the tls certificates DOMAIN= # set this to your domain name or subdomain, not trailing slashes or https://, just the domain RELEASE= # set the rocketchat release ROOT_URL= # set this to https://${DOMAIN} replace ${DOMAIN} with the actual domain BIND_IP=127.0.0.1Download the Traefik template by running the following command:
curl -LO \ https://raw.githubusercontent.com/RocketChat/Docker.Official.Image/master/traefik.ymlRecreate the existing Rocket.Chat container:
docker compose up -d rocketchat --force-recreateStart traefik:
docker compose -f traefik.yml up -d
Wait for the TLS certificates to generate and Rocket.Chat to restart. Then, access your Rocket.Chat workspace securely at https://your-domain.com, using the actual domain name you configured.
Great job! You have successfully enabled HTTPs on your Rocket.Chat workspace with Traefik.
Nginx
If you prefer using Nginx as your reverse proxy, you can secure your Rocket.Chat workspace by configuring Nginx with a TLS/SSL certificate from Let's Encrypt. Follow these steps to complete the configuration:
Get an SSL certificate from Let's Encrypt
Use Let's Encrypt to get a free & open-source SSL certificate by following these steps:
Install
certbotusing using the relevant package manager for your version of Linux. For Debian-based distributions such as Debian and Ubuntu use :sudo apt update sudo apt install certbotFor RPM-based distributions such as Redhat and Centos, use:
sudo yum install yum-utils sudo yum install nginxThe installation commands may vary based on your Linux distribution and version.
Obtain a certificate from Let's Encrypt by running this command (a second or more domains are optional):
sudo certbot certonly --standalone --email <[email protected]> -d <domain.com> -d <subdomain.domain.com>
Configure Nginx web server with TLS/SSL
Rocket.Chat is usually set to run on port 3000 by default. However, you can make it more accessible to your users by using Nginx as a reverse proxy. This will link your domain name to the Rocket.Chat server running on that port. By doing this, your users can access your workspace through your domain name instead of directly using the port in the URL. Follow these steps:
Install Nginx web server:
sudo apt-get install nginxBackup the default config file for reference:
cd /etc/nginx/sites-available sudo mv default default.referenceCreate a new site configuration for Rocket.Chat:
sudo nano /etc/nginx/sites-available/defaultPaste the following in the new file:
server { listen 443 ssl; server_name <ABC.DOMAIN.COM>; #replace <ABC.DOMAIN.COM> with your domain name ssl_certificate /etc/letsencrypt/live/<ABC.DOMAIN.COM>/fullchain.pem; #replace <ABC.DOMAIN.COM> with your domain name ssl_certificate_key /etc/letsencrypt/live/<ABC.DOMAIN.COM>/privkey.pem; #replace <ABC.DOMAIN.COM> with your domain name ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; root /usr/share/nginx/html; index index.html index.htm; # Make site accessible from http://localhost/ server_name localhost; location / { proxy_pass http://localhost:3000/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto http; proxy_set_header X-Nginx-Proxy true; proxy_redirect off; } } server { listen 80; server_name <ABC.DOMAIN.COM>; #replace <ABC.DOMAIN.COM> with your domain name return 301 https://$host$request_uri; }Replace
ABC.DOMAIN.COMwith your domain name.Test the Nginx configuration to make sure there are no syntax errors:
sudo nginx -tIf the syntax test is successful, restart Nginx:
sudo systemctl restart nginxIf you have security group restrictions, allow TCP/22 from your current IP for SSH connections and TCP/443 from the IP you plan to use for access.
Open a web browser and access your Rocket.Chat workspace securely at https://your-domain.com, using the actual domain name you configured.
Great job! You have successfully enabled HTTPs on your Rocket.Chat workspace with Nginx.
Update Rocket.Chat on Docker
Before you proceed, see the general guidelines for updating Rocket.Chat.
Updating the Rocket.Chat image doesn't affect your data since it exists in the Mongo image. Before proceeding with the update, ensure that the version of your MongoDB is compatible with the intended release.
Using Docker & Docker compose, you can update your rocketchat docker image to the latest or preferred version of Rocket.Chat. To update your Rocket.Chat version,
For a specific version, modify the
RELEASEvariable in the.envfile to point to the Docker image tag of that version. Alternatively, you can edit thecompose.ymlfile to point to the desired Rocket.Chat version.Changing version in
.envIn the
.envfile, change theRELEASEvalue to your specified version.RELEASE=<desired version>Changing version in
compose.ymlIn the
compose.ymlfile, change therocketchatserviceimagevalue to point to an image in the rocketchat registry image with a tag of your desired version.services: rocketchat: image:registry.rocket.chat/rocketchat/rocket.chat:<desired version>Now, stop, remove, and restart the existing container with these commands:
docker compose stop rocketchat docker compose rm rocketchat docker compose up -d rocketchat
See the official documentation for more details on Rocket.Chat Docker images.
Set Rocket.Chat deployment environment variable on Docker
Enviroment variables are additional settings that impacts your workspace deployment and configuration. To set up an environment variable in Docker,
Open your compose.yml file:
nano compose.yamlAdd the environment variable under the
environmentsection of therocketchatservice. For example, to set theINSTANCE_IPvariable:services: rocketchat: ... environment: ... INSTANCE_IP: 172.30.12.131Tip: This is the same section where
ROOT_URL,MONGO_URL, etc is defined.Restart your Rocket.Chat container to apply the changes:
docker compose stop rocketchat docker compose rm rocketchat docker compose up -d rocketchatIf you haven't deployed your workspace yet, start it with:
docker compose up -d
For a full list of available environment variables, refer to Deployment Environment Variables.
Additional steps
Rocket.Chat Docker images
You can use any of the following Docker images according to your needs:
Official image (stable and tested): The official Docker images repository is responsible for maintaining and controlling Rocket.Chat's official stable image through Docker. It is also reviewed by the Docker committee.
docker pull registry.rocket.chat/rocketchat/rocket.chatLatest release image: This image holds the latest Rocket.Chat updates on the Docker repository. The release may be from the
developormasterbranch. You can use this to test some of the latest updates.docker pull registry.rocket.chat/rocketchat/rocket.chat:latestUsing the
latestimage tag for production deployments is not recommended.
Specific release image: You can set up your Rocket.Chat workspace with a specific release image. Select the release you need from the Docker hub tags and use it to run the following command:
docker pull registry.rocket.chat/rocketchat/rocket.chat:<release-tag>Bleeding-edge untested develop build image: This is an image maintained at Rocket.Chat's Docker repository. This update comes from the develop (untested) branch, which contains the latest updates for those who want to work with the newest features.
docker pull registry.rocket.chat/rocketchat/rocket.chat:develop
Monitoring and logging your deployment
Effective logging helps you monitor the health and status of your Rocket.Chat deployment. This section covers logging for Rocket.Chat, MongoDB, and reverse proxies like Traefik or Nginx.
Logging Rocket.Chat
To check the status and logs of your Rocket.Chat container, follow these steps:
Use any of the following commands to list containers running in your Docker environment:
docker ps # Shows currently running containers with details like ID, status, and ports docker ps -a # Lists all containers, including stopped ones docker ps -q # Displays only container IDs for a concise view docker compose ps # Lists services managed by Docker ComposeOnce you identify your Rocket.Chat container, you can inspect its logs using any of these commands:
docker compose logs -f <Service_Name> # If using Docker Compose, this follows real-time logs docker logs <Container_Name> # Displays logs for the specific Rocket.Chat container docker logs -f <Container_Name> # Shows real-time logs (follow mode) docker logs --tail 10 <Container_Name> # Displays the last 10 lines of logs
Note:
Replace
<Container_Name>and<Service_Name>with the appropriate values such asdocker compose logs -f rocketchat.Rocket.Chat logs to stdout, so there isn't a specific log file within the container. The Docker logging system captures these stdout logs, making them accessible through the docker logs command
Logging MongoDB
MongoDB is a crucial part of your Rocket.Chat deployment. Monitoring its logs can help identify database-related issues.
View MongoDB logs by running any of these commands:
docker logs -f <MongoDB_Container_Name> # View real-time logs docker logs --tail 20 <MongoDB_Container_Name> # Show the last 20 log lines docker compose logs -f mongodb # If using Docker ComposeTo inspect MongoDB’s health, run:
docker exec -it <MongoDB_Container_Name> mongosh --eval "db.runCommand({ serverStatus: 1 })"This returns detailed server status information.
Replace
<Container_Name>with the appropriate values.
Logging reverse proxy (Traefik or Nginx)
If you use a reverse proxy, checking its logs can help diagnose connectivity and SSL issues.
If Traefik is handling requests, check its logs with:
docker logs -f <Traefik_Container_Name> # Show real-time logs docker logs --tail 50 <Traefik_Container_Name> # Show the last 50 log linesIf using Nginx as a reverse proxy, logs are stored inside the container at
/var/log/nginx/. To view logs, run:docker exec -it <Nginx_Container_Name> cat /var/log/nginx/access.log # Access logs docker exec -it <Nginx_Container_Name> cat /var/log/nginx/error.log # Error logsTo continuously monitor logs in real-time, run:
docker exec -it <Nginx_Container_Name> tail -f /var/log/nginx/access.log
Docker Mongo backup and restore
To back up your MongoDB database in Docker,
Run the following command on your terminal to list out all running containers:
docker ps -aTake note of your mongo container name.
Run this command to dump the database into a binary file
db.dumpdocker exec <container_name> sh -c 'mongodump --archive' > db.dumpWhen successful, you should see
db.dumpfile in the current directory.
To restore the backup,
Run the following command:
docker exec -i <container_name> sh -c 'mongorestore --archive' < db.dumpYou can export your database dump directly to MongoDB Atlas by simply running
mongorestore --uri mongodb+srv://<user>:<password>@cluster0.w2btl.mongodb.net --archive=db.dump
Congratulations on successfully deploying Rocket.Chat using Docker! You can now effortlessly communicate with your team members in your workspace. Visit the accessing your workspace guide to configure your workspace and onboard other team members.
Encountering issues with your deployment? See the Deployment FAQ for more details on troubleshooting.