rocket.chat - 无法让 RocketChat 与 SSL 一起使用,我做错了什么?
问题描述
我已在运行 Ubuntu 16.04、Apache 2.4 的私有服务器上成功安装 RocketChat,但我无法让 SSL 工作。
背景:example.com 已有 LetsEncrypt 证书。example.com
有一个使用 SSL 运行的网站,RocketChat 需要在https://chat.example.com
. 和有两个 Apache 虚拟主机example.com
,chat.example.com
均已启用。
设置如下:
example.com.conf
<VirtualHost example.com:80>
ServerName example.com
ServerAlias www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/example
Alias /examplestaging /var/www/html/examplestaging
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/example-error.log
CustomLog ${APACHE_LOG_DIR}/example-access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com [OR]
RewriteCond %{SERVER_NAME} =www.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
example.com-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost example.com:443>
ServerName example.com
ServerAlias www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/example
Alias /examplestaging /var/www/html/examplestaging
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/example-error.log
CustomLog ${APACHE_LOG_DIR}/example-access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
</IfModule>
chat.example.com.conf
<VirtualHost *:443>
ServerName chat.example.com
ServerAdmin webmaster@localhost
UseCanonicalName on
SSLStrictSNIVHostCheck on
ErrorLog /var/log/chat.example.com_error.log
TransferLog /var/log/chat.example.com_access.log
LogLevel info
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+$
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
<Location />
Order allow,deny
Allow from all
</Location>
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:3000/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://localhost:3000/$1 [P,L]
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
<VirtualHost *:80>
ServerName chat.example.com
ServerAdmin webmaster@localhost
UseCanonicalName Off
ErrorLog /var/log/chat.example.com_error.log
TransferLog /var/log/chat.example.com_access.log
LogLevel info
<Location />
Order allow,deny
Allow from all
</Location>
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:3000/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://localhost:3000/$1 [P,L]
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
我的指示是
https://rocket.chat/docs/installation/manual-installation/ubuntu/
https://asperti.com/en/bglug-slack-to-rocket-chat
上述所有虚拟主机均已启用。所有 apache 代理模块都已启用(根据说明)。
http://www.example.com:3000
工作,我可以登录。我已将设置中的 URL 更改为https://chat.example.com
.
服务文件/lib/systemd/system/rocketchat.service
是
[Unit]
Description=The Rocket.Chat server
After=network.target remote-fs.target nss-lookup.target nginx.target mongod.target
[Service]
ExecStart=/usr/local/bin/node /opt/Rocket.Chat/main.js
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=rocketchat
User=rocketchat
Environment=MONGO_URL=mongodb://localhost:27017/rocketchat?replicaSet=rs01 MONGO_OPLOG_URL=mongodb://localhost:27017/local?replicaSet=rs01 ROOT_URL=https://chat.example.com PORT=3000
[Install]
WantedBy=multi-user.target
每当我进行任何更改时,我都会重新启动rocketchat
和apache2
服务。
当输入https://chat.example.com
orhttp://chat.example.com
时,它会立即抛出服务器不可用错误,因此看起来反向代理不起作用(?)。我在example.com-error.log
, nor chat.example.com_error.log
, nor的日志文件中没有任何错误error.log
。
chat.example.com_error.log
确实包含此信息
[Tue Aug 13 21:25:47.062881 2019] [ssl:info] [pid 22553] AH01914: Configuring server chat.example.com:443 for SSL protocol
[Tue Aug 13 21:25:47.063611 2019] [ssl:info] [pid 22553] AH02568: Certificate and private key chat.example.com:443:0 configured from /etc/letsencrypt/live/example.com/cert.pem and /etc/letsencrypt/live/example.com/privkey.pem
此设置可能有什么问题?
解决方案
在服务器上安装 Caddy
将 URL 重定向到
https://your RocketChat URL
一切都会好起来的。
推荐阅读
- swift - 以类似方式串行与并发阻塞主队列
- javascript - 在页面加载 5 秒后尝试显示tippy.js 时,instance.show 不是函数错误
- cassandra - 在 66 节点集群上删除具有 55TB 数据的密钥空间的建议过程是什么?
- sql - 新列 i 中的 SQL 对应 ID 另一个表
- sql-server - SQL Server 中 XQuery 的 Exist() 子句中存在多个条件
- junit - 如何为 Quarkus 编写测试 - ResponseExceptionMapper 和 ExceptionMapper
- python - 字符集之间的“大于或等于”比较如何工作
- file - Cloudera 集群可用于与集群外的系统交换文件
- python - Python plot y 轴平均标签不会显示并且日期都是人群
- django - 如何将模型表单集中的数据显示为manytomanyfield的外键作为带有通过验证的预填充数据的只读文本?