If your server is running behind a firewall, you may need to configure it to allow traffic on the ports and domains that Rocket.Chat requires. This page covers port access and the URLs that must be whitelisted for Rocket.Chat Cloud services to function correctly.
Allow traffic on port 3000
If you are using firewalld, run the following commands to allow traffic on Rocket.Chat's default port:
sudo firewall-cmd --permanent --add-port=3000/tcp
sudo systemctl reload firewalldAfter reloading the firewall configuration, Rocket.Chat can accept incoming connections on port 3000.
Whitelisting Rocket.Chat Cloud URLs
To enable integration with Rocket.Chat Cloud services, your firewall or network security configuration must allow outbound access to specific Rocket.Chat domains. The required domains depend on the services and features enabled in your workspace.
URL | Purpose |
|---|---|
| Required for workspace registration, client authentication, license synchronization, and cloud communications. |
| List and install marketplace apps. |
| Check for new Rocket.Chat versions. |
| Handles subscription management and billing operations |
| Used by Rocket.Chat servers to send mobile push notifications through Rocket.Chat Cloud. The mobile apps themselves connect only to Apple/Google push services. |
| Gateway for omnichannel apps (e.g., WhatsApp, Facebook, Instagram, Telegram). |
| Collects usage statistics. Community workspaces must allow access to this service or the workspace enters read-only mode. |
| NPS (Net Promoter Score) collector. |
Workspaces running in air-gapped or restricted network environments require a premium plan. If outbound connections to Rocket.Chat Cloud services are blocked, some features above may be unavailable.