Rocket Chat Firewall Configuration for Secure Access

If you are using a firewall, you may have to allow traffic to port 3000:

sudo firewall-cmd --permanent --add-port=3000/tcp

sudo systemctl reload firewalld

To communicate with Rocket.Chat Cloud services, and depending on the services you want to use, you need to whitelist the following URLs in your server’s firewall configuration.

URL	Purpose
`cloud.rocket.chat`	Required for workspace registration, workspace client authentication, and license sync/communications.
`marketplace.rocket.chat`	List and install marketplace apps.
`releases.rocket.chat`	Check for new Rocket.Chat versions.
`billing.rocket.chat`	Checkout and subscription tier management.
`gateway.rocket.chat`	Server → Push Gateway. Used by your server to send mobile app push notifications via Rocket.Chat Cloud. The mobile apps themselves connect only to Apple/Google push services.
`omni-gateway.rocket.chat`	Gateway for communications for omnichannel apps (e.g., WhatsApp, Facebook, Instagram, Telegram).
`collector.rocket.chat`	Collects usage statistics. Community workspaces must whitelist this, or the server will enter read-only mode. Running in air-gapped mode requires a premium license.
`nps.rocket.chat`	NPS (Net Promoter Score) collector.