无法让 RocketChat 与 SSL 一起使用,我做错了什么?

【问题标题】:Unable to get RocketChat working with SSL, what am I doing wrong?无法让 RocketChat 与 SSL 一起使用,我做错了什么?
【发布时间】:2020-09-11 12:56:45
【问题描述】:

我已在运行 Ubuntu 16.04、Apache 2.4 的私有服务器上成功安装 RocketChat,但我无法让 SSL 工作。

背景:example.com 已有 LetsEncrypt 证书。 example.com 有一个使用 SSL 运行的网站,RocketChat 需要位于 https://chat.example.comexample.comchat.example.com 有两个 Apache 虚拟主机,均已启用。

设置如下:

example.com.conf

<VirtualHost example.com:80>
        ServerName example.com
        ServerAlias www.example.com
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/example

        Alias /examplestaging /var/www/html/examplestaging

        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/example-error.log
        CustomLog ${APACHE_LOG_DIR}/example-access.log combined

        RewriteEngine on
        RewriteCond %{SERVER_NAME} =example.com [OR]
        RewriteCond %{SERVER_NAME} =www.example.com
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

example.com-le-ssl.conf 

<IfModule mod_ssl.c>
    <VirtualHost example.com:443>
        ServerName example.com
        ServerAlias www.example.com
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/example

        Alias /examplestaging /var/www/html/examplestaging

        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/example-error.log
        CustomLog ${APACHE_LOG_DIR}/example-access.log combined
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    </VirtualHost>
</IfModule>

chat.example.com.conf

<VirtualHost *:443>
    ServerName chat.example.com
    ServerAdmin webmaster@localhost

    UseCanonicalName on
    SSLStrictSNIVHostCheck on

    ErrorLog /var/log/chat.example.com_error.log
    TransferLog /var/log/chat.example.com_access.log
    LogLevel info

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem

    SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+$
    SSLHonorCipherOrder on
    SSLCompression off
    SSLOptions +StrictRequire

    <Location />
        Order allow,deny
        Allow from all
    </Location>

    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /(.*) ws://localhost:3000/$1 [P,L]
    RewriteCond %{HTTP:Upgrade} !=websocket [NC]
    RewriteRule /(.*) http://localhost:3000/$1 [P,L]

    ProxyPassReverse / http://localhost:3000/
</VirtualHost>

<VirtualHost *:80>
    ServerName chat.example.com
    ServerAdmin webmaster@localhost
    UseCanonicalName Off

    ErrorLog /var/log/chat.example.com_error.log
    TransferLog /var/log/chat.example.com_access.log
    LogLevel info

    <Location />
        Order allow,deny
        Allow from all
    </Location>

    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /(.*) ws://localhost:3000/$1 [P,L]
    RewriteCond %{HTTP:Upgrade} !=websocket [NC]
    RewriteRule /(.*) http://localhost:3000/$1 [P,L]

    ProxyPassReverse / http://localhost:3000/
</VirtualHost>

我的指示是

https://rocket.chat/docs/installation/manual-installation/ubuntu/

https://rocket.chat/docs/installation/manual-installation/configuring-ssl-reverse-proxy/#running-behind-an-apache-ssl-reverse-proxy

https://asperti.com/en/bglug-slack-to-rocket-chat

以上所有虚拟主机均已启用。所有 apache 代理模块都已启用(根据说明)。

http://www.example.com:3000 有效,我可以登录。我已将设置中的网址更改为https://chat.example.com

服务文件/lib/systemd/system/rocketchat.service

[Unit]
Description=The Rocket.Chat server
After=network.target remote-fs.target nss-lookup.target nginx.target mongod.target
[Service]
ExecStart=/usr/local/bin/node /opt/Rocket.Chat/main.js
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=rocketchat
User=rocketchat
Environment=MONGO_URL=mongodb://localhost:27017/rocketchat?replicaSet=rs01 MONGO_OPLOG_URL=mongodb://localhost:27017/local?replicaSet=rs01 ROOT_URL=https://chat.example.com PORT=3000
[Install]
WantedBy=multi-user.target

每当我进行任何更改时,我都会重新启动 rocketchatapache2 服务。

当输入https://chat.example.comhttp://chat.example.com 时,它会立即抛出服务器不可用错误,因此看起来反向代理不起作用(?)。我在 example.com-error.logchat.example.com_error.logerror.log 的日志文件中没有任何错误。

chat.example.com_error.log 确实包含此信息

[Tue Aug 13 21:25:47.062881 2019] [ssl:info] [pid 22553] AH01914: Configuring server chat.example.com:443 for SSL protocol
[Tue Aug 13 21:25:47.063611 2019] [ssl:info] [pid 22553] AH02568: Certificate and private key chat.example.com:443:0 configured from /etc/letsencrypt/live/example.com/cert.pem and /etc/letsencrypt/live/example.com/privkey.pem

此设置可能有什么问题?

【问题讨论】:

    标签: rocket.chat


    【解决方案1】:

    1. 在服务器上安装 Caddy

    2. 将 URL 重定向到 https://your RocketChat URL

    3. 一切都会好起来的。

    【讨论】:

      【解决方案2】:

      您是否尝试通过 certbot 生成?

      sudo certbot --apache -d example.com -d chat.example.com

      【讨论】:

        猜你喜欢
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2017-06-24
        • 1970-01-01
        • 2012-09-16
        • 1970-01-01
        • 1970-01-01
        • 2020-01-13
        相关资源
        最近更新 更多
        热门标签
        Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode