Skip to content

Deployment Overview of Rocket.Chat on Server

Prerequisites and Basic Requirements

The deployment of Rocket.Chat requires a Linux server running either AlmaLinux or Ubuntu. The system must have the following components installed and configured:

  • Docker Engine
  • Docker Compose plugin
  • Root or sudo privileges to execute installation commands
  • A valid domain name configured for the server
  • Network access to clone repositories from GitHub

The application listens on an internal port defined in the environment configuration, which is proxied externally via Nginx.

File and Directory Structure

The deployment utilizes specific directories for application data, configuration files, and SSL certificates. The primary locations are:

  • {{ rocketchat_data_dir }}: The root directory for the Rocket.Chat stack, containing the cloned repository and environment files.
  • /root/nginx: The directory for the Nginx proxy and Certbot configuration files.
  • /data/nginx/user_conf.d: The directory containing custom Nginx configuration files for specific server instances.
  • /data/nginx/nginx-certbot.env: The environment file for the Nginx-Certbot service.
  • /etc/letsencrypt: The mount point for SSL certificates managed by Certbot.

Application Installation Process

The Rocket.Chat application is deployed using Docker Compose. The installation process involves cloning the official Rocket.Chat compose repository and configuring the environment variables.

The repository is cloned from https://github.com/RocketChat/rocketchat-compose.git to the designated data directory. The deployment utilizes the main branch of the repository.

An environment file named .env is generated within the data directory. This file contains the following configuration parameters:

  • RELEASE: Specifies the Rocket.Chat version.
  • MONGODB_VERSION: Specifies the MongoDB version.
  • DOMAIN: Defines the fully qualified domain name for the instance.
  • ROOT_URL: Sets the root URL for the application, including the HTTPS protocol.
  • PORT: Defines the internal port on which the application listens.

The stack is launched using two Compose files: compose.database.yml and compose.yml.

Docker Containers and Their Deployment

The deployment consists of two primary Docker stacks: the Rocket.Chat application stack and the Nginx proxy stack.

Rocket.Chat Stack

The Rocket.Chat stack is managed via Docker Compose in the {{ rocketchat_data_dir }} directory. It includes the following services defined in the Compose files:

  • The Rocket.Chat application container.
  • The MongoDB database container.

The stack is started using the command: 

docker compose -f compose.database.yml -f compose.yml up -d

Nginx Proxy Stack

The Nginx proxy stack is managed in the /root/nginx directory. It utilizes the jonasal/nginx-certbot:latest image. This stack handles SSL termination and reverse proxying.

The configuration includes: - A volume named nginx_secrets mounted to /etc/letsencrypt for SSL certificates. - A bind mount for custom user configurations at /data/nginx/user_conf.d. - The network_mode is set to host.

The stack is started using the command: 

docker compose -f compose.yml up -d

Proxy Servers

The deployment uses Nginx with Certbot for SSL certificate management and reverse proxying. The Nginx service is configured to listen on the host network.

The proxy configuration is customized per instance in the file located at /data/nginx/user_conf.d/{{ prefix }}{{ server_id }}.hostkey.in.conf. This configuration file includes a location / block that directs traffic to the internal Rocket.Chat container.

The proxy pass directive is configured as follows: 

proxy_pass http://127.0.0.1:{{ internal_port }};

SSL certificates are automatically managed by the Certbot container within the Nginx stack, using the email address [email protected] for notifications.

Access Rights and Security

The deployment enforces specific file permissions to ensure security and proper operation:

  • The .env file in the Rocket.Chat data directory is owned by root with permissions set to 0644.
  • The Nginx configuration directory /root/nginx is owned by root with permissions set to 0755.
  • The Nginx Compose file /root/nginx/compose.yml is owned by root with permissions set to 0644.

The Nginx service runs with network_mode: host, which requires careful management of firewall rules to ensure only necessary ports are exposed.

Databases

The database for Rocket.Chat is MongoDB. The version of MongoDB is defined in the .env file via the MONGODB_VERSION variable.

The database container is part of the Rocket.Chat Docker Compose stack and is defined in the compose.database.yml file. Data persistence is handled through Docker volumes managed by the Compose configuration.

Starting, Stopping, and Updating

The services are managed using Docker Compose commands.

To start or update the Rocket.Chat stack: 

cd {{ rocketchat_data_dir }}
docker compose -f compose.database.yml -f compose.yml up -d

To start or update the Nginx proxy stack: 

cd /root/nginx
docker compose -f compose.yml up -d

To stop the services, the -d flag can be replaced with down in the respective commands. Updates to the application version or configuration require modifying the .env file or the repository source and re-running the up command.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×