时间戳

首页 > 解决方案 > 无法让 RocketChat 与 SSL 一起使用,我做错了什么?

rocket.chat - 无法让 RocketChat 与 SSL 一起使用,我做错了什么?

问题描述

我已在运行 Ubuntu 16.04、Apache 2.4 的私有服务器上成功安装 RocketChat,但我无法让 SSL 工作。

背景:example.com 已有 LetsEncrypt 证书。example.com有一个使用 SSL 运行的网站,RocketChat 需要在https://chat.example.com. 和有两个 Apache 虚拟主机example.comchat.example.com均已启用。

设置如下:

example.com.conf

<VirtualHost example.com:80>
        ServerName example.com
        ServerAlias www.example.com
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/example

        Alias /examplestaging /var/www/html/examplestaging

        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/example-error.log
        CustomLog ${APACHE_LOG_DIR}/example-access.log combined

        RewriteEngine on
        RewriteCond %{SERVER_NAME} =example.com [OR]
        RewriteCond %{SERVER_NAME} =www.example.com
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

example.com-le-ssl.conf

<IfModule mod_ssl.c>
    <VirtualHost example.com:443>
        ServerName example.com
        ServerAlias www.example.com
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/example

        Alias /examplestaging /var/www/html/examplestaging

        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/example-error.log
        CustomLog ${APACHE_LOG_DIR}/example-access.log combined
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    </VirtualHost>
</IfModule>

chat.example.com.conf

<VirtualHost *:443>
    ServerName chat.example.com
    ServerAdmin webmaster@localhost

    UseCanonicalName on
    SSLStrictSNIVHostCheck on

    ErrorLog /var/log/chat.example.com_error.log
    TransferLog /var/log/chat.example.com_access.log
    LogLevel info

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem

    SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+$
    SSLHonorCipherOrder on
    SSLCompression off
    SSLOptions +StrictRequire

    <Location />
        Order allow,deny
        Allow from all
    </Location>

    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /(.*) ws://localhost:3000/$1 [P,L]
    RewriteCond %{HTTP:Upgrade} !=websocket [NC]
    RewriteRule /(.*) http://localhost:3000/$1 [P,L]

    ProxyPassReverse / http://localhost:3000/
</VirtualHost>

<VirtualHost *:80>
    ServerName chat.example.com
    ServerAdmin webmaster@localhost
    UseCanonicalName Off

    ErrorLog /var/log/chat.example.com_error.log
    TransferLog /var/log/chat.example.com_access.log
    LogLevel info

    <Location />
        Order allow,deny
        Allow from all
    </Location>

    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /(.*) ws://localhost:3000/$1 [P,L]
    RewriteCond %{HTTP:Upgrade} !=websocket [NC]
    RewriteRule /(.*) http://localhost:3000/$1 [P,L]

    ProxyPassReverse / http://localhost:3000/
</VirtualHost>

我的指示是

https://rocket.chat/docs/installation/manual-installation/ubuntu/

https://rocket.chat/docs/installation/manual-installation/configuring-ssl-reverse-proxy/#running-behind-an-apache-ssl-reverse-proxy

https://asperti.com/en/bglug-slack-to-rocket-chat

上述所有虚拟主机均已启用。所有 apache 代理模块都已启用(根据说明)。

http://www.example.com:3000工作,我可以登录。我已将设置中的 URL 更改为https://chat.example.com.

服务文件/lib/systemd/system/rocketchat.service

[Unit]
Description=The Rocket.Chat server
After=network.target remote-fs.target nss-lookup.target nginx.target mongod.target
[Service]
ExecStart=/usr/local/bin/node /opt/Rocket.Chat/main.js
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=rocketchat
User=rocketchat
Environment=MONGO_URL=mongodb://localhost:27017/rocketchat?replicaSet=rs01 MONGO_OPLOG_URL=mongodb://localhost:27017/local?replicaSet=rs01 ROOT_URL=https://chat.example.com PORT=3000
[Install]
WantedBy=multi-user.target

每当我进行任何更改时,我都会重新启动rocketchatapache2服务。

当输入https://chat.example.comorhttp://chat.example.com时,它会立即抛出服务器不可用错误,因此看起来反向代理不起作用(?)。我在example.com-error.log, nor chat.example.com_error.log, nor的日志文件中没有任何错误error.log

chat.example.com_error.log确实包含此信息

[Tue Aug 13 21:25:47.062881 2019] [ssl:info] [pid 22553] AH01914: Configuring server chat.example.com:443 for SSL protocol
[Tue Aug 13 21:25:47.063611 2019] [ssl:info] [pid 22553] AH02568: Certificate and private key chat.example.com:443:0 configured from /etc/letsencrypt/live/example.com/cert.pem and /etc/letsencrypt/live/example.com/privkey.pem

此设置可能有什么问题?

标签: rocket.chat

解决方案

  1. 在服务器上安装 Caddy

  2. 将 URL 重定向到https://your RocketChat URL

  3. 一切都会好起来的。

推荐阅读