Running Rocket.Chat on Docker using Windows Server 2016

My company has been experimenting with Instant Messaging systems.  Slack seemed to be the "go to" solution - but if you have a lot of users, and want niceties such as SAML single sign-on, it's also very expensive.

A colleague found Rocket.Chat, which looked very similar to Slack - and best of all, being open source is basically free.

However, like a lot of open source software, there's little information on getting the system up and running using Windows Server.

Perhaps not our final solution, but we have got it to the point where it runs stably on Windows - in a Docker container - using IIS to reverse proxy requests.

Here is basically how we did it:

  • First, follow the Windows 10 installation instructions get to Docker (and Rocket.Chat) up and running - https://rocket.chat/docs/installation/manual-installation/windows-10-pro/.  This is geared around Windows 10, but works also on Windows Server (we used Windows Server 2016).
  • Docker uses Windows HyperV to run the container.  If your Windows Server installation is already a virtual machine (as ours was) you'll need to get your IT team to enable Nested Virtualisation for your virtual machine (see here)

Now we need to look at setting up IIS as a reverse proxy.  This takes external HTTPS traffic on port 443, and rewrites/proxies the request to the internal location of Rocket.Chat (http://127.0.0.1:3000).

  • Make sure the IIS role you added to the server includes Websockets support.
  • Then install ARR 3.0 (https://www.microsoft.com/en-us/download/details.aspx?id=47333) and URL Rewrite (https://www.iis.net/downloads/microsoft/url-rewrite
  • Go to the IIS control panel and set up a website with an HTTPS binding (you can get a free SSL certificate using Lets Encrypt - if you want). You need to be using HTTPS in order for the Rocket.Chat+ mobile apps to function (and because its good practice of course).
  • Now in the IIS control panel, click on the server name in hierarchy/tree and open up the Application Request Routing module.  From the menu options on the right hand panel of the window, click "Server proxy settings".
  • Enable the proxy, but not the "Reverse rewrite host in response headers" option (as I found that was problematic - as the Urls in any proxied redirect requests are rewritten).  
  • At the bottom of the window, under "Proxy Type" tick both boxes and enter "127.0.0.1:3000" in the "Reverse proxy" box.  Then in the right panel, click "Apply", and then "URL Rewrite".
  • We found a problem with compressed websocket requests not working (after much hair pulling!) this prevented the iOS Rocket.Chat+ app from connecting.  What you need to do (for now at least) is to add a server variable that disables compression of websocket data.
  • To do this click on "View server variables..." ... "Add" and then create an entry for "HTTP_SEC_WEBSOCKET_EXTENSIONS".
  • Now you can edit the rewrite rule that ARR created and under "Server Variables" add a blank entry for "HTTP_SEC_WEBSOCKET_EXTENSIONS"

You should find that this works - and you can also use the mobile apps in the Android and iOS app stores.  We got as far as getting custom SAML authentication working too, allowing our staff to sign in via our intranet website - although I note that at the time of writing, the mobile apps don't support this form of single sign-on.

We're still trialing this tool internally, and also plan to look at Mattermost - which I hear is also highly rated.

I'm a little uncomfortable with using Docker in this way on a production project, because it seems you have to start it manually by logging in to the server each time it reboots.  But we'll be investigating this too - there's always a work around.

Comments

  1. Can you share how to integrate SAML into Umbraco backoffice? Have you installed an extension for SAML?

    ReplyDelete
  2. Hello, sorry for the confusion - this blog post isn't about Umbraco. More about how I got Rocket.Chat working in a Windows Server environment. However, if you can write your own custom authentication handler (or override) the Umbraco back office, I have used this component before https://www.componentspace.com/SAMLv20.aspx This simplifies the SAML implementation within your own code (acting as a service provider or identity provider).

    ReplyDelete
  3. can you post your iis web.config file ?

    ReplyDelete
  4. i can not fix the problem ,and my other reverse www site can not work.i have to rollbak.

    ReplyDelete

Post a Comment