Introduction

Rocket.Chat is an open-source messaging app built with Meteor. It supports video conferencing, file sharing, voice messages, has a fully-featured API, and more. Rocket.Chat is great for those who prefer to have full control over their communications.
In this tutorial, we will be installing and configuring Rocket.Chat on a fresh Ubuntu server as well as setting up a reverse proxy via Nginx to boost security and make accessing Rocket.Chat much easier. Once we’re finished, you’ll have a functional instance of Rocket.Chat accessible from virtually anywhere.

Prerequisites

To follow this tutorial, you will need:

One Ubuntu 14.04 server with a recommended minimum of 1 GB of RAM
Non-root user with sudo privileges (Initial Server Setup with Ubuntu 14.04 explains how to set this up.)
A fully registered domain. You can purchase one on Namecheap or get one for free on Freenom.
Make sure your domain name is configured to point to your server. Check out this tutorial if you need help.
An SSL certificate. Generate a self-signed certificate, [obtain a free one from Let’s Encrypt] (https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04), or buy one from another provider.

Step 1 — Installing Dependencies

In this section, we’ll be installing some of Rocket.Chat’s dependencies such as MongoDB and NodeJS.
Let’s start with getting MongoDB up and running. First, we need to add a keyserver so we can access the packages.

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10

Then we need to set the repo to use.

echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list

Now, update the package lists.

sudo apt-get update

Now that that’s done, we can go ahead and install npm, mongodb-org, curl and graphicsmagick, which are all dependencies of Rocket.Chat:

sudo apt-get install npm mongodb-org curl graphicsmagick

We need to install a package using NPM to allow us to change the node version:

sudo npm install -g n

Use that package to change the node version to 0.10.40.

sudo n 0.10.40

Next, we’ll install Rocket.Chat itself and do a little bit of configuration.

Step 2 — Installing Rocket.Chat

To start off, download the latest stable version of Rocket.Chat using curl.

curl -L https://rocket.chat/releases/latest/download -o rocket.chat.tgz

Expand the archive we just downloaded using the tar command.

tar zxvf rocket.chat.tgz

This expands the entire archive into a directory named bundle. Let’s move the contents of the bundle directory into something easier to remember.

mv bundle Rocket.Chat

Change into the directory where we’ll install Rocket.Chat using NPM.

cd Rocket.Chat/programs/server

Install Rocket.Chat.

npm install

Move back into the parent Rocket.Chat directory.

cd ../..

We need to set up some environmental variables to help Rocket.Chat keep track of things like URLs, ports, and more.
First, set the ROOT_URL variable to your domain name. This must be in the form of a URL.

export ROOT_URL=https://example.com/

Set MongoDB’s URL under the MONGO_URL variable.

export MONGO_URL=mongodb://localhost:27017/rocketchat

Set the PORT variable to 3000.

export PORT=3000

Now you can run Rocket.Chat using the following command:

node main.js

If there aren’t any errors, it works! For now, though, stop Rocket.Chat using CTRL+C. Now that Rocket.Chat is installed, we need to set up Nginx to proxy all of its traffic using a reverse proxy, making accessing Rocket.Chat easier and encrypting all of your communications with your SSL certificate.

Step 3 — Setting up a Reverse Proxy with Nginx

To start off, install Nginx.

sudo apt-get install -y nginx

Move your certificate’s private key to /etc/nginx/certificate.key.

sudo cp /path/to/your/key /etc/nginx/certificate.key

For example, if you created a Let’s Encrypt certificate, you would use sudo cp /etc/letsencrypt/live/your_domain_name/privkey.pem /etc/nginx/certificate.key.
Modify the key’s permissions so unauthorized thieves can’t gain access.

sudo chmod 400 /etc/nginx/certificate.key

Copy the certificate itself to /etc/nginx/certificate.crt.

sudo cp /path/to/your/cert /etc/nginx/certificate.crt

If you created a Let’s Encrypt certificate, the command would be similar to sudo cp /etc/letsencrypt/live/your_domain_name/cert.pem /etc/nginx/certificate.crt.
We’re going to be creating an entirely new configuration for Rocket.Chat, so you can delete the default to make it a little easier.

sudo rm /etc/nginx/sites-enabled/default

If you need that file back for any reason in the future, it is still available at /etc/nginx/sites-available/default
Create a new /etc/nginx/sites-enabled/default with nano or your favorite text editor.

sudo nano /etc/nginx/sites-enabled/default

First, we’ll add an upstream block:
/etc/nginx/sites-enabled/default

# Upstreams
upstream backend {
    server 127.0.0.1:3000;
}

Underneath that, let’s create a server block. The first part tells Nginx which port to listen for connections on, in this case :443. It also let’s it know what our hostname is. Don’t forget to replace example.com with your domain name.
/etc/nginx/sites-enabled/default

server {
    listen 443;
    server_name example.com;

Under that, we tell Nginx where to store Rocket.Chat’s access logs, and point it to the SSL certificate and key we placed in /etc/nginx/certificate.key and /etc/nginx/certificate.crt respectively.
/etc/nginx/sites-enabled/default

    error_log /var/log/nginx/rocketchat.access.log;

    ssl on;
    ssl_certificate /etc/nginx/certificate.crt;
    ssl_certificate_key /etc/nginx/certificate.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE

And now we finish the configuration off with a location block:

    location / {
        proxy_pass http://example.com:3000/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;

        proxy_redirect off;
    }
}

Here’s the full file for reference:
/etc/nginx/sites-enabled/default

server {
    listen 443;
    server_name example.com;
    error_log /var/log/nginx/rocketchat.access.log;

    ssl on;
    ssl_certificate /etc/nginx/certificate.crt;
    ssl_certificate_key /etc/nginx/certificate.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE

    location / {
        proxy_pass http://example.com:3000/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;

        proxy_redirect off;
    }
}

Save and exit the file. Finally, restart Nginx to finish the job.

sudo service nginx restart

Check if Nginx is running.

sudo service nginx status

If you see the following message, Nginx is up and running:

 * nginx is running

If you see an error message, check the logs at /var/log/nginx/rocketchat.access.log and /var/log/nginx/access.log or the error logs at /var/log/nginx/error.log. You can also run nginx -t to verify your Nginx configuration file, which is where most errors show up.
Make sure you’re still in the Rocket.Chat folder.

cd ~/Rocket.Chat

Then run the following command to start Rocket.Chat back up again.

node main.js

Rocket.Chat should now be live at https://example.com. You can verify this by visiting that address in your favorite browser.
In the next section, we’ll configure Rocket.Chat to automatically run at boot using a node module called forever-service.

Step 4 — Configuring Rocket.Chat as a Service

forever-service automatically generates init scripts for node apps such as Rocket.Chat. To start off, we need to install forever itself, which forever-service depends on.

sudo npm install -g forever

Then, install forever-service.

sudo npm install -g forever-service

Create a service using forever-service:

sudo forever-service install -s main.js -e "ROOT_URL=https://example.com/ MONGO_URL=mongodb://localhost:27017/rocketchat PORT=3000" rocketchat

The -s flag followed by main.js tells forever-service our script is named main.js, not app.js, which is default.
The -e flag followed by "ROOT_URL=https://example.com/ MONGO_URL=mongodb://localhost:27017/rocketchat PORT=3000" passes our environmental variables to forever-service.
Finally, rocketchat tells forever-service what to name the service.

For more detailed information on forever-service’s syntax, run forever-service --help.
Now we can start Rocket.Chat. This will initialize the rocketchat service created by forever-service.

sudo start rocketchat

Rocket.Chat should now be live at the URL you set in Step 2. Make sure you’re using HTTPS here.
Rocket.Chat should be is ready to go. In the next section, we’ll add our first admin user to Rocket.Chat and take a tour around the interface.

Step 5 — Configuring and Using Rocket.Chat

Visit the URL we set Rocket.Chat up on earlier. You should see something like this:

Click on Register a new account, then enter the user information for your first admin.

Click Submit, and then choose a username for your new user:

After clicking Use this username, you will be taken to the homepage:

That’s all! You’ll see on the right, a #general channel has already been created for you. If you click on it, you’ll be taken to the chatroom. Feel free to play around a bit.

Now let’s take a tour of the interface. First, let’s go ahead and make a new channel by clicking the tiny plus button next to Channels:

Name it anything you’d like:

Now click Save, and you’ll be brought to your new channel.
To access the Administration interface, click the tiny arrow next to your username. It will pull down a menu:

Click on Administration. It will bring up a second menu:

Using this menu, we can configure and manage every aspect of our Rocket.Chat installation. In the Users section, we can manage the permissions of individual users, and even invite new ones. We can also add more features to our installation using the Integrations view.

Conclusion

Congratulations! You now have your very own chat solution for you and your team: Rocket.Chat, running on an Ubuntu 14.04 server. It is set to launch automatically at boot using forever-service and is fully equipped with SSL using an Nginx reverse proxy. You may now want to add more members, create more channels, or maybe check out the Integrations section of the Administration menu. Have fun!