I have successfully installed RocketChat on a private server, running Ubuntu 16.04, Apache 2.4, but I can't get SSL to work.
Background: The example.com has existing LetsEncrypt ceritificates. example.com has a website running on it with SSL and RocketChat needs to be at https://chat.example.com. There are two Apache VirtualHosts for example.com and chat.example.com, both enabled.
Settings are as follows:
example.com.conf
<VirtualHost example.com:80>
ServerName example.com
ServerAlias www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/example
Alias /examplestaging /var/www/html/examplestaging
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/example-error.log
CustomLog ${APACHE_LOG_DIR}/example-access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com [OR]
RewriteCond %{SERVER_NAME} =www.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
example.com-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost example.com:443>
ServerName example.com
ServerAlias www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/example
Alias /examplestaging /var/www/html/examplestaging
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/example-error.log
CustomLog ${APACHE_LOG_DIR}/example-access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
</IfModule>
chat.example.com.conf
<VirtualHost *:443>
ServerName chat.example.com
ServerAdmin webmaster#localhost
UseCanonicalName on
SSLStrictSNIVHostCheck on
ErrorLog /var/log/chat.example.com_error.log
TransferLog /var/log/chat.example.com_access.log
LogLevel info
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+$
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
<Location />
Order allow,deny
Allow from all
</Location>
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:3000/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://localhost:3000/$1 [P,L]
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
<VirtualHost *:80>
ServerName chat.example.com
ServerAdmin webmaster#localhost
UseCanonicalName Off
ErrorLog /var/log/chat.example.com_error.log
TransferLog /var/log/chat.example.com_access.log
LogLevel info
<Location />
Order allow,deny
Allow from all
</Location>
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:3000/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://localhost:3000/$1 [P,L]
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
The instructions I went by are
https://rocket.chat/docs/installation/manual-installation/ubuntu/
https://rocket.chat/docs/installation/manual-installation/configuring-ssl-reverse-proxy/#running-behind-an-apache-ssl-reverse-proxy
https://asperti.com/en/bglug-slack-to-rocket-chat
All vhosts above are enabled. All apache proxy mods are enabled (according to instructions).
http://www.example.com:3000 works and I can login. I have changed the URL in the settings to https://chat.example.com.
The service file /lib/systemd/system/rocketchat.service is
[Unit]
Description=The Rocket.Chat server
After=network.target remote-fs.target nss-lookup.target nginx.target mongod.target
[Service]
ExecStart=/usr/local/bin/node /opt/Rocket.Chat/main.js
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=rocketchat
User=rocketchat
Environment=MONGO_URL=mongodb://localhost:27017/rocketchat?replicaSet=rs01 MONGO_OPLOG_URL=mongodb://localhost:27017/local?replicaSet=rs01 ROOT_URL=https://chat.example.com PORT=3000
[Install]
WantedBy=multi-user.target
Whenever I make any changes, I restart rocketchat and apache2 services.
When entering https://chat.example.com or http://chat.example.com, it instantly throws a server unavailable error, so it would seem that the reverse proxy isn't working (?). I do not have any errors in the log files for example.com-error.log, nor chat.example.com_error.log, nor error.log.
chat.example.com_error.log does include this info
[Tue Aug 13 21:25:47.062881 2019] [ssl:info] [pid 22553] AH01914: Configuring server chat.example.com:443 for SSL protocol
[Tue Aug 13 21:25:47.063611 2019] [ssl:info] [pid 22553] AH02568: Certificate and private key chat.example.com:443:0 configured from /etc/letsencrypt/live/example.com/cert.pem and /etc/letsencrypt/live/example.com/privkey.pem
What could be wrong with this setup?
Install Caddy on the server
Redirect the URLs to https://your RocketChat URL
Everything will be fine.
Did you try to generate via certbot?
sudo certbot --apache -d example.com -d chat.example.com
Related
I am trying to set a domain (example.com) that will redirect the HTTPS requests to HTTP localhost:8545
I have tried the following configuration on apache (first attempt to listen on port 8082)
<VirtualHost *:8082>
ServerName example.com
SSLProxyEngine on
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:8545
ProxyPassReverse / http://127.0.0.1:8545
ErrorLog "/var/log/apache2/proxy-error.log"
CustomLog "/var/log/apache2/proxy-access.log" common
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
The second attempt is the following on the proxy_conf-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.com
SSLProxyEngine on
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:8545
ProxyPassReverse / http://127.0.0.1:8545
ErrorLog "/var/log/apache2/proxy-error.log"
CustomLog "/var/log/apache2/proxy-access.log" common
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
But none of these seems to be working properly. What I need to achieve is to be able to access the local ganache client which runs on 0.0.0.0:8545, from mobile Metamask which requires HTTPS to connect
After a few more tries, I fixed it by disabling the redirects from 8082 and the SSLProxyEngine on 443. So the configuration is as follows:
With SSL
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.com
# SSLProxyEngine on
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:8545
ProxyPassReverse / http://127.0.0.1:8545
ErrorLog "/var/log/apache2/proxy-error.log"
CustomLog "/var/log/apache2/proxy-access.log" common
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Without SSL
<VirtualHost *:8082>
ServerName example.com
SSLProxyEngine on
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:8545
ProxyPassReverse / http://127.0.0.1:8545
ErrorLog "/var/log/apache2/proxy-error.log"
CustomLog "/var/log/apache2/proxy-access.log" common
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =example.com
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
I successfully deployed a Laravel application on Apache Ubuntu 20.04 in Digital Ocean, everything was fine until I installed CertBot software to configure HTTPS on my Apache server. After installing and setting up certbot, when i visit the homepage via HTTPS:// link, it works fine but when I tried to visit other pages via HTTPS:// link, i get the error below:
Not Found
The requested URL was not found on this server. Apache/2.4.41 (Ubuntu) Server at mysite.com Port 443
I followed the guide in this link: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-20-04
Below is my Apache Config files
mysite.com.conf
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /var/www/mysite.com/mysite-web-app/public
<Directory /var/www/mysite.com/mysite-web-app/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_dir.c>
DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
</IfModule>
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mysite.com [OR]
RewriteCond %{SERVER_NAME} =mysite.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
mysite.com-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /var/www/mysite.com/mysite-web-app/public
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mysite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mysite.com/privkey.pem
</VirtualHost>
</IfModule>
You must include this in the ssl conf as well:
<Directory /var/www/mysite.com/mysite-web-app/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<IfModule mod_dir.c>
DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
</IfModule>
Or the .htaccess won't work for https connections.
Problem
I am trying to setup a live environment with laravel websockets library behind an apache server.
The Websocket server is running on port 6001 (unreachable from outside).
The Apache VHost is configured for ws.example.com
I cannot get the Apache to proxy the wss:// requests correctly.
The request to wss://ws.example.com/request/path?protocol=7&client=js&version=5.1.1&flash=false fails.
(Error during WebSocket handshake: Invalid status line)
I think there is a problem with my vhost configuration. Am I missing something? Any advice is appreciated.
vhost configuration
<VirtualHost *:443>
ServerName ws.example.com
ServerAlias www.ws.example.com.com
DocumentRoot /srv/vhost/example.com/domains/ws.example.com/public_html
ErrorLog /var/log/virtualmin/ws.example.com_error_log
CustomLog /var/log/virtualmin/ws.example.com_access_log combined
ScriptAlias /cgi-bin/ /srv/vhost/example.com/domains/ws.example.com/cgi-bin/
DirectoryIndex index.php index.html
RewriteEngine on
ProxyRequests off
ProxyVia on
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://localhost:6001/$1 [P,L]
ProxyPass /request/path http://localhost:6001/request/path
ProxyPassReverse /request/path http://localhost:6001/request/path
SSLCertificateFile /etc/letsencrypt/path/ws.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/path/ws.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Create a subdomain for websockets. Then edit your virtualhost configs (Apache 2.4) as below. Use pusher-php-server 5.0.3
<VirtualHost *:443>
ServerAdmin admin#example.com
ServerName socket.website.com
<Proxy *>
Require all granted
Allow from all
</Proxy>
SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule .* wss://127.0.0.1:6001%{REQUEST_URI} [P]
ProxyPass / ws://127.0.0.1:6001
ProxyPassReverse / ws://127.0.0.1:6001
SSLCertificateFile /etc/letsencrypt/live/socket.website.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/socket.website.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
#max: your rewrite rules were the key, also applies when the proxy just forwards the unencrypted traffic and apache is handling ssl to the outside, replacing wss with ws then - after one day of fiddling its finally working!
edit: not enough reputation for a comment , sorry
I have done redirection in apache before but in a simple way what I do is that enable rewrite module in apache server and then add the two .conf file in /etc/apache2/sites-available mentioned below
The below file is for redirecting HTTP request received throw domain to a specific port.
<VirtualHost *:80>
ServerAdmin me#mydomain.com
ServerName test.domain.com
ProxyPreserveHost On
# setup the proxy
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / https://localhost:3235/
ProxyPassReverse / https://localhost:3235/
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{SERVER_NAME} =chat-dev.motivone.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
The below file is for redirecting HTTPS request received throw domain to a specific port.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin me#mydomain.com
ServerName test.domain.com
ProxyPreserveHost On
# setup the proxy
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / https://localhost:3235/
ProxyPassReverse / https://localhost:3235/
SSLCertificateFile /etc/letsencrypt/live/test.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/test.domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
this process just works fine when I run my server throws HTTP and change proxy to HTTP but when I run my server on https and then try to redirect it. its throw the error like
i am not sure what is wrong ay kind of help is appriciable thanks in advance
I have using apache2 for Laravel on Ubuntu 18.04. While I am using the domain name it shows the index.php page. But when I clicking the sub links or path, it shows 404 error.
I am using this tutorial for htaccess
/etc/apache2/sites-available/example.com.conf
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/my-company-website/public
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com [OR]
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
/etc/apache2/sites-available/ example.com-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/my-company-website/public
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
</IfModule>
/var/www/my-company-website/.htaccess
Options +FollowSymLinks -Indexes
RewriteEngine On
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
Try adding given Directory tags inside your VirtualHost *:80 as well as inside port VirtualHost *:433 tags as shown below:
<VirtualHost *:80>
..................
<Directory /var/www/my-company-website/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
.................
</VirtualHost>