| description |
|---|
Deploying Rocket.Chat on Amazon Web Services |
{% hint style="info" %} 👉 Trouble installing or deploying Rocket.Chat? Join our Weekly Technical Helpline to get real-time help from our team! {% endhint %}
This guide covers the following:
- Hosting Rocket.Chat on an Amazon EC2 instance
- Hosting a domain name with Amazon Route 53
- Securing your server with a free SSL certificate from Let's Encrypt
{% hint style="info" %} The minimum requirement to successfully run Rocket.Chat is 2Gb 2 cores.
It is not recommended to use this method for large production. Instead, check how to deploy with helm.md {% endhint %}
To create a new EC2 instance:
- Log into your AWS Console, and open the EC2 Service
- Click on Instances in the left sidebar and then click on Launch Instances to set up a new EC2 instance.
- Set the instance name and select at least Ubuntu Server 18.04 LTS" with "64-bit (x86) architecture as the OS image
- Select an instance type of your choice according to our recommendation above
- Choose an existing key pair or create a new one for ssh connections
- Adjust the instance details as needed or keep the defaults
- Adjust the storage size and configuration as required
- Make sure to add a tag called Name and assign a value.
- Allow SSH, HTTP, and HTTPS in the security group configuration, and proceed with Review and Launch.
- Review your instance configuration and when confirmed, Launch Instance.
Back in the EC2 Service dashboard, click on Elastic IPs to get started
-
Click on Allocate Elastic IP address.
-
Select Amazon's pool of IPv4 addresses and click on Allocate.
-
After successfully creating, click and open up the newly created IP address and select Associate Elastic IP address.
-
Select your instance and click Associate.
-
In the details below, copy the Public DNS. You will need it in the DNS step.
(It should be in a format like this:
ec2-18-XXX-XXX-XXX.eu-central-1.compute.amazonaws.com)
Open the Route 53 service dashboard:
- Create a new hosted zone by clicking on Create Hosted Zone.
- Enter your domain name and select Public Hosted Zone as type, then click on Create hosted zone
- Select your newly created zone and click on Create Record Set
- Enter "www" as subdomain (if desired), select Type CNAME, enter the Public DNS name from the above step to the value field, and click "Create"
We use Let's Encrypt to get a free & open-source SSL certificate:
-
SSH to your instance:
ssh -i <path_to_key_file.pem> ubuntu@<public_ip_address>
Note: You may replace it with your domain name if your DNS has resolved.
-
Install
certbotusingapt:sudo apt update sudo apt install certbot
-
Obtain certificate from Let's Encrypt:
sudo certbot certonly --standalone --email <[email protected]> -d <domain.com> -d <subdomain.domain.com>
Note: Second (or more) domain is optional.
{% hint style="info" %} Optional Step: Restrict access using security groups
If you would like to restrict traffic to your AWS instance, you may adjust the security groups again. Make sure you allow "TCP/22" from your current location for the SSH connection, as well as "TCP/443" from the location you wish to use to access from. {% endhint %}
-
Install Nginx web server:
sudo apt-get install nginx
-
Backup the default config file for reference:
cd /etc/nginx/sites-available sudo mv default default.reference -
Create a new site configuration for Rocket.Chat:
sudo nano /etc/nginx/sites-available/default
server { listen 443 ssl; server_name <ABC.DOMAIN.COM>; ssl_certificate /etc/letsencrypt/live/<ABC.DOMAIN.COM>/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/<ABC.DOMAIN.COM>/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; root /usr/share/nginx/html; index index.html index.htm; # Make site accessible from http://localhost/ server_name localhost; location / { proxy_pass http://localhost:3000/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto http; proxy_set_header X-Nginx-Proxy true; proxy_redirect off; } } server { listen 80; server_name <ABC.DOMAIN.COM>; return 301 https://$host$request_uri; }
Make sure to replace
ABC.DOMAIN.COMwith your domain (it appears 4 times). Make sure to update it in the path to your key files as well: -
Test the Nginx configuration to make sure there are no syntax errors:
sudo nginx -t
-
If the syntax test went successful, restart Nginx:
sudo systemctl restart nginx
Confirm that it is running properly by opening a web browser and going to your domain name. You will get a page stating "502 Bad Gateway". This is expected, since the Rocket.Chat backend is not yet running. Make sure the SSL connection is working properly by clicking the lock icon next to the address bar, make sure it's valid and issued by "Let's Encrypt Authority X3".
The process to install Rocket.Chat involves
- Installing Docker and Docker-compose (v2 is required)
- Fetching the Rocket.Chat compose file
- Configuring environmental variables and installing
Follow this guide to get Rocket.Chat installed with Docker & Docker Compose.
{% content-ref url="../../../quick-start/installing-and-updating/rapid-deployment-methods/docker-and-docker-compose/" %} docker-and-docker-compose {% endcontent-ref %}
Log in to your site at https://ABC.DOMAIN.COM.
{% hint style="info" %} Note: the first user to log in will be an administrator user. {% endhint %}