介绍

Rocket.Chat是一个中间层应用程序服务器,它本身不处理SSL。但是你可以配置NginxApacheCaddy这样的反向代理服务器来处理SSL

官方文档:传送门

Nginx SSL反向代理配置

使用实际主机名来代替下面的示例主机名"your_hostname.com"
使用实际证书路径来代替下面的示例证书路径"/etc/nginx/certificate.crt"
使用实际私钥路径来代替下面的示例私钥路径"/etc/nginx/certificate.key"
"client_max_body_size"这个参数就是影响Rocket.Chat上传文件大小的的设置成自己需要大小,同时在Rocket.Chat后台管理里面修改文件上传的大小即可生效

server {
    listen 443;
    server_name your_hostname.com;

    # You can increase the limit if your need to.
    client_max_body_size 200M;

    error_log /var/log/nginx/rocketchat.access.log;

    ssl on;
    ssl_certificate /etc/nginx/certificate.crt;
    ssl_certificate_key /etc/nginx/certificate.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE

    location / {
        proxy_pass http://127.0.0.1:3000/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;

        proxy_redirect off;
    }

重启Nginx服务:service nginx restart

Apache SSL反向代理配置

使用实际主机名来代替下面的示例主机名"your_hostname.com"
使用实际证书路径来代替下面的示例证书路径"/etc/ssl/certs/chat.domain.com.crt"
使用实际私钥路径来代替下面的示例私钥路径"/etc/ssl/private/chat.domain.com.key"

<VirtualHost *:443>
    ServerAdmin [email protected]
    ServerName chat.domain.com

    LogLevel info
    ErrorLog /var/log/chat.domain.com_error.log
    TransferLog /var/log/chat.domain.com_access.log

    SSLEngine On
    SSLCertificateFile /etc/ssl/certs/chat.domain.com.crt
    SSLCertificateKeyFile /etc/ssl/private/chat.domain.com.key

    <Location />
        Require all granted
    </Location>

    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /(.*)           ws://localhost:3000/$1 [P,L]
    RewriteCond %{HTTP:Upgrade} !=websocket [NC]
    RewriteRule /(.*)           http://localhost:3000/$1 [P,L]

    ProxyPassReverse /          http://localhost:3000/
</VirtualHost>

重启Apacheservice apache2 restart

Caddy SSL反向代理配置

使用实际主机名来代替下面的示例主机名"your_hostname.com"

your_domain.com {
        proxy / 127.0.0.1:3000 {
                header_upstream X-Forwarded-Proto {scheme}
                header_upstream X-Forwarded-For {host}
                header_upstream Host {host}
                websocket
        }
}