Using RocketChat Docker's image behind a proxy (nginx-letsencrypt-companion)

[Julianoe]

Hi guys!

note:

• i'm running a Ubuntu Xenial install
• i managed to get RocketChat running on it's own before following these instructions
• when accessing my ip x.x.x.x:3000 i successfully get the rocketchat login screen so it's obviously the networking that grips

I'm trying to make a RocketChat instance work in parallel with other services (i plan to have rocket+nextcloud on a server) with letsencrypt-nginx-proxy-companion. I've already managed to use this tool on another project to run multiple Wordpress/mysql installs on the same server.

Here are the two files i use

docker-compose.yml for RocketChat

version: '3.3'

services:
  db:
    image: mongo
    volumes:
      - ./datatest/runtime/db:/data/db
      - ./datatest/dump:/dump
    command: mongod --smallfiles

  rocketchat:
    image: rocketchat/rocket.chat:latest
    environment:
      MONGO_URL: mongodb://db:27017/rocketchat
      ROOT_URL: http://sub.mydomain.fr
      Accounts_UseDNSDomainCheck: "true"
      MAIL_URL: smtp://contact@mymail.com
      Accounts_UseDNSDomainCheck: "false"
      VIRTUAL_HOST: sub.mydomain.fr
      LETSENCRYPT_HOST: sub.mydomain.fr
      LETSENCRYPT_EMAIL: myemail@gmail.com
    links:
      - db:db
    ports:
      - 3000:3000
    restart: always
  hubot:
    # doesnt matter for now
networks:
    default:
       external:
         name: mywebproxy

docker-compose-yml for the proxy

version: '3.3'
services:
  nginx-web:
    image: nginx
    labels:
        com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    container_name: ${NGINX_WEB}
    restart: always
    ports:
      - "${IP}:80:80"
      - "${IP}:443:443"
    volumes:
      - ${NGINX_FILES_PATH}/conf.d:/etc/nginx/conf.d
      - ${NGINX_FILES_PATH}/vhost.d:/etc/nginx/vhost.d
      - ${NGINX_FILES_PATH}/html:/usr/share/nginx/html
      - ${NGINX_FILES_PATH}/certs:/etc/nginx/certs:ro
      - ${NGINX_FILES_PATH}/htpasswd:/etc/nginx/htpasswd:ro

  nginx-gen:
    image: jwilder/docker-gen
    command: -notify-sighup ${NGINX_WEB} -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
    container_name: ${DOCKER_GEN}
    restart: always
    volumes:
      - ${NGINX_FILES_PATH}/conf.d:/etc/nginx/conf.d
      - ${NGINX_FILES_PATH}/vhost.d:/etc/nginx/vhost.d
      - ${NGINX_FILES_PATH}/html:/usr/share/nginx/html
      - ${NGINX_FILES_PATH}/certs:/etc/nginx/certs:ro
      - ${NGINX_FILES_PATH}/htpasswd:/etc/nginx/htpasswd:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro

  nginx-letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: ${LETS_ENCRYPT}
    restart: always
    volumes:
      - ${NGINX_FILES_PATH}/conf.d:/etc/nginx/conf.d
      - ${NGINX_FILES_PATH}/vhost.d:/etc/nginx/vhost.d
      - ${NGINX_FILES_PATH}/html:/usr/share/nginx/html
      - ${NGINX_FILES_PATH}/certs:/etc/nginx/certs:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      NGINX_DOCKER_GEN_CONTAINER: ${DOCKER_GEN}
      NGINX_PROXY_CONTAINER: ${NGINX_WEB}

networks:
  default:
    external:
      name:mywebproxy

Any idea? I think that could be a great thing to have a working way of doing this for everyone. It would facilitate a lot for people wanting to run RocketChat along other services (a website/a cloud) that run via Docker.

[cybergrunge]

Hi! When dealing with containers that don't use 80 or 443 port with nginx-proxy and lets-encrypt-nginx-proxy-companion, I set an additional container that serves as a reverse proxy between nginx-proxy and the non-80-port container. Not very graceful, but works seamlessly.

[gurumark]

I have the same issue with the same setup (changed my own domain to example.com). I cannot get https connection using:

docker run -d \ --name db \ --net emdnet \ --restart=unless-stopped \ mongo:3.0 --smallfiles

docker run -d \ --name rocketchat \ --net emdnet \ --restart=unless-stopped \ -e ROOT_URL=https://chat.example.com \ -e "VIRTUAL_HOST=chat.example.com" \ -e "LETSENCRYPT_HOST=chat.example.com" \ -e "LETSENCRYPT_EMAIL=admin@example.com" \ --link db \ rocket.chat

@cybergrunge Do you have a configuration that works?

[Julianoe]

In the environment variables for rocketchat container i set Accounts_UseDNSDomainCheck: "false" instead of true. @gurumark you should try to use this. Do you use the nginx-proxy-companion method?

[gurumark]

Thanks. I discovered that in other thread. It works!

[mojpg]

I've been experiencing the same issues, but with traefik as opposed to nginx-proxy to proxy into the container. I'm going to try Accounts_UseDNSDomainCheck: "false" and see if that improves the situation. Thanks!

[mabushey]

Why are you setting Accounts_UseDNSDomainCheck: ? Seems to work fine with the Jwilder proxy and lets encrypt companion.

[geekgonecrazy]

Looks like this is resolved and not a bug but more of a support type issue.

Closing