In this tutorial, we'll learn how to install Rocket.Chat on AlmaLinux 9 server.
Rocket.Chat is a dynamic, open-source team messaging platform designed for modern collaboration. It offers real-time chat, file sharing, and integrated video conferencing, all while giving organizations complete control over their data through self-hosting. Ideal for businesses that prioritize privacy and customization, Rocket.Chat serves as a robust alternative to proprietary messaging apps, empowering teams with secure, scalable communication solutions.
Below is a comprehensive, step-by-step guide that explains every aspect of setting up Rocket.Chat on an AlmaLinux 9 server. This guide covers installing all necessary software, configuring Rocket.Chat to run as a systemd service, setting up Nginx as a reverse proxy, and securing your installation with SSL via Let’s Encrypt.
Prerequisites:
- A AlmaLinux 9 installed dedicated server or KVM VPS.
- A root user or normal user with administrative privileges.
- A domain name point A record to server's IP
Install Rocket.Chat on AlmaLinux 9
1. Update Your System and Prepare for Installation
Before installing anything, it’s essential to update your system’s package lists and upgrade any outdated packages. This ensures you have the latest security patches and bug fixes.
sudo dnf update -y
2. Install Essential Dependencies
Install basic tools and utilities that will help in the installation process:
sudo dnf install -y epel-release wget curl vim git
Explanation:
- epel-release: Provides extra packages not included in the default AlmaLinux repositories.
- wget, curl: For downloading files.
- vim: A text editor used to edit configuration files.
- git: Handy if you need to pull source code or track changes.
3. Install Node.js
Rocket.Chat is built on Node.js. Depending on your Rocket.Chat version, you’ll want a Node.js release that is known to work (Recommended Node.js 22). For this tutorial, we’ll use Node.js 22. Set up the NodeSource repository and install Node.js:
curl -sL https://rpm.nodesource.com/setup_22.x | sudo bash -
sudo dnf install -y nodejs
Explanation:
- The first command downloads and runs a script that adds the NodeSource repository to your system.
- The second command installs Node.js and npm from that repository.
4. Install MongoDB
Rocket.Chat uses MongoDB as its database. Create a repository file for MongoDB and install it. For example, to install MongoDB 8.0:
Create the repo file:
sudo vim /etc/yum.repos.d/mongodb-org-8.0.repo
Paste the following content into the file:
[mongodb-org-8.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/9/mongodb-org/8.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://pgp.mongodb.com/server-8.0.asc
Save and exit the editor.
Now install MongoDB:
sudo yum install -y mongodb-org
After installation, start and enable the MongoDB service:
sudo systemctl start mongod
sudo systemctl enable mongod
Explanation:
- Creating the repo file tells AlmaLinux where to fetch MongoDB packages.
- Enabling the service ensures that MongoDB starts automatically on boot.
5. Download and Prepare Rocket.Chat
Download the latest Rocket.Chat release. The Rocket.Chat team provides a tarball that you can download directly:
curl -L https://releases.rocket.chat/latest/download -o rocket.chat.tgz
Extract the archive:
tar -xzf rocket.chat.tgz
Assuming the extraction creates a folder called bundle (the common naming for Meteor-based apps), move it to a dedicated directory:
sudo mv bundle /opt/rocket.chat
Install the server-side dependencies. Change into the server directory and run npm install:
cd /opt/rocket.chat/programs/server
sudo npm install
Explanation:
- Downloading the tarball fetches the latest version of Rocket.Chat.
- Extracting and moving the bundle to /opt/rocket.chat is a standard practice for third-party applications.
- Running npm install downloads and sets up all necessary Node.js packages.
6. Create a Dedicated Rocket.Chat User and Set Up the Service
For security, create a system user that will run Rocket.Chat:
sudo useradd -M -r -s /bin/false rocketchat
sudo chown -R rocketchat:rocketchat /opt/rocket.chat
Explanation:
- The -M flag creates the user without a home directory.
- The -r flag creates a system account, and -s /bin/false prevents login.
- Changing ownership ensures the Rocket.Chat process only has access to its own files.
Now, create a systemd service file to manage Rocket.Chat. Open a new file:
sudo vim /etc/systemd/system/rocketchat.service
Paste the following content (be sure to replace your_domain_or_IP with your actual domain or public IP):
[Unit]
Description=Rocket.Chat Server
After=network.target mongod.service
Requires=mongod.service
[Service]
ExecStart=/usr/bin/node /opt/rocket.chat/main.js
Restart=always
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=rocketchat
User=rocketchat
Group=rocketchat
Environment=MONGO_URL=mongodb://localhost:27017/rocketchat
Environment=ROOT_URL=http://your_domain_or_IP
Environment=PORT=3000
[Install]
WantedBy=multi-user.target
Save and close the file.
Reload systemd, start the Rocket.Chat service, and enable it to run on boot:
sudo systemctl daemon-reload
sudo systemctl start rocketchat
sudo systemctl enable rocketchat
Explanation:
- The service file defines how systemd manages Rocket.Chat.
- Environment variables like MONGO_URL and ROOT_URL are critical for the app’s configuration.
- Setting the service to restart always helps maintain uptime.
7. Configure Nginx as a Reverse Proxy
Nginx will sit in front of Rocket.Chat, handling client requests and managing SSL termination. First, install Nginx:
sudo dnf install -y nginx
Next, create a new Nginx server block configuration. Open a new file:
sudo vim /etc/nginx/conf.d/rocketchat.conf
Paste the following configuration (again, replace your_domain_or_IP with your actual domain):
server {
listen 80;
server_name your_domain_or_IP;
location / {
proxy_pass http://localhost:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_redirect off;
}
}
Test the Nginx configuration for syntax errors:
sudo nginx -t
If the test passes, restart Nginx:
sudo systemctl restart nginx
Explanation:
- This server block listens on port 80 and forwards all incoming requests to Rocket.Chat running on port 3000.
- The proxy headers ensure that Rocket.Chat can correctly interpret the original request’s details, such as the client’s IP address.
8. Configure Firewall
We need to configure firewall to add HTTP and HTTPS ports.
firewall-cmd --add-port={80,443}/tcp --permanent
firewall-cmd --reload
9. Secure the Connection with SSL
To encrypt communication between clients and your server, obtain an SSL certificate with Certbot (the Let’s Encrypt client).
Install Certbot and the Nginx plugin:
sudo dnf install -y certbot python3-certbot-nginx
Run Certbot to obtain and install your SSL certificate:
sudo certbot --nginx -d your_domain_or_IP
Follow the interactive prompts. You’ll have the option to force HTTPS redirection, which is recommended.
After the certificate is installed, test automatic renewal with:
sudo certbot renew --dry-run
Explanation:
- Certbot automatically configures Nginx to use your new SSL certificate, ensuring encrypted connections.
- The renewal test confirms that your certificates will automatically update before they expire.
10. Configure SELinux
Check if SELinux is enforcing by running:
getenforce
If the output is Enforcing, SELinux is active and likely causing the permission issue.
Allow Nginx to Connect Outbound:
You need to enable the SELinux boolean that allows HTTP daemons (like Nginx) to establish outbound network connections. Execute:
sudo setsebool -P httpd_can_network_connect 1
Explanation: This command modifies the SELinux policy to allow Nginx to proxy connections to other ports (like 3000, where Rocket.Chat runs).
Restart Nginx:
After changing the SELinux setting, restart Nginx to ensure it picks up the new policy:
sudo systemctl restart nginx
11. Final Verification
Open your browser and navigate to https://your_domain_or_IP. You should see the Rocket.Chat interface load securely over HTTPS. If you encounter any issues, check the following logs:
Rocket.Chat logs:
sudo journalctl -u rocketchat -f
Nginx error log:
sudo tail -f /var/log/nginx/error.log
Explanation:
- These logs help you diagnose any startup issues or configuration errors.
In this tutorial, we'll learn how to install Rocket.Chat on AlmaLinux 9 server, set up a reverse proxy with Nginx, and secured your installation with SSL. This self-hosted messaging solution gives you full control and privacy, offering a robust alternative to cloud-based services like Slack.
