Step 1
Why Self-Host Rocket.Chat?
- Complete data sovereignty and privacy control
- Real-time messaging with threading and reactions
- Built-in video and audio conferencing
- Omnichannel customer engagement capabilities
- Federation with other Rocket.Chat servers
- Extensive integrations (GitHub, Jira, webhooks)
- End-to-end encryption support
- Mobile and desktop applications available
Step 2
Prerequisites
Recommended RamNode Premium VPS Plans
| Team Size | Plan | RAM | CPU | Storage |
|---|---|---|---|---|
| 1-50 users | PVPS 4GB | 4 GB | 2 vCPUs | 80 GB NVMe |
| 50-250 users | PVPS 8GB | 8 GB | 4 vCPUs | 160 GB NVMe |
| 250-1000 users | PVPS 16GB | 16 GB | 6 vCPUs | 320 GB NVMe |
| 1000+ users | PVPS 32GB | 32 GB | 8 vCPUs | 640 GB NVMe |
Note: MongoDB requires significant memory. For production use with more than 50 concurrent users, 8GB RAM or higher is strongly recommended.
Software Requirements
- Ubuntu 22.04 LTS or Debian 12
- Docker Engine 24.0+ and Docker Compose v2
- A registered domain name pointing to your VPS IP
- Root or sudo access
Step 3
Server Preparation
Update your system and install essential packages:
System Update
# Update package lists and upgrade
sudo apt update && sudo apt upgrade -y
# Install essential packages
sudo apt install -y curl wget git nano ufwConfigure the firewall:
Firewall Configuration
# Allow SSH
sudo ufw allow 22/tcp
# Allow HTTP and HTTPS
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# Enable firewall
sudo ufw enable
# Check status
sudo ufw statusConfigure system limits for MongoDB:
System Limits
# Add MongoDB limits
cat <<EOF | sudo tee -a /etc/security/limits.conf
mongodb soft nofile 64000
mongodb hard nofile 64000
mongodb soft nproc 64000
mongodb hard nproc 64000
EOFStep 4
Install Docker & Docker Compose
Install Docker using the official convenience script:
Docker Installation
# Download and run Docker install script
curl -fsSL https://get.docker.com | sudo sh
# Add your user to the docker group
sudo usermod -aG docker $USER
# Enable Docker to start on boot
sudo systemctl enable docker
sudo systemctl start docker
# Log out and back in, then verify
docker --version
docker compose versionStep 5
Deploy Rocket.Chat
Create the directory structure and Docker Compose configuration:
Create Directory Structure
# Create Rocket.Chat directory
mkdir -p ~/rocketchat
cd ~/rocketchat
# Create data directories
mkdir -p data/mongodb data/uploadsdocker-compose.yml
cat <<'EOF' > docker-compose.yml
version: '3.8'
services:
rocketchat:
image: registry.rocket.chat/rocketchat/rocket.chat:latest
container_name: rocketchat
restart: unless-stopped
environment:
- MONGO_URL=mongodb://mongodb:27017/rocketchat?replicaSet=rs0
- MONGO_OPLOG_URL=mongodb://mongodb:27017/local?replicaSet=rs0
- ROOT_URL=https://chat.yourdomain.com
- PORT=3000
- DEPLOY_METHOD=docker
- DEPLOY_PLATFORM=vps
depends_on:
- mongodb
ports:
- "3000:3000"
volumes:
- ./data/uploads:/app/uploads
networks:
- rocketchat
mongodb:
image: docker.io/bitnami/mongodb:5.0
container_name: mongodb
restart: unless-stopped
environment:
- MONGODB_REPLICA_SET_MODE=primary
- MONGODB_REPLICA_SET_NAME=rs0
- MONGODB_PORT_NUMBER=27017
- MONGODB_INITIAL_PRIMARY_HOST=mongodb
- MONGODB_INITIAL_PRIMARY_PORT_NUMBER=27017
- MONGODB_ADVERTISED_HOSTNAME=mongodb
- ALLOW_EMPTY_PASSWORD=yes
volumes:
- ./data/mongodb:/bitnami/mongodb
networks:
- rocketchat
networks:
rocketchat:
driver: bridge
EOFImportant: Replace chat.yourdomain.com with your actual domain name in the ROOT_URL environment variable.
Start Rocket.Chat
# Start the containers
docker compose up -d
# Monitor startup logs
docker compose logs -f rocketchat
# Wait for "SERVER RUNNING" message, then Ctrl+CStep 6
Configure Nginx & SSL
Install Nginx and Certbot for SSL:
Install Nginx & Certbot
# Install Nginx
sudo apt install -y nginx
# Install Certbot
sudo apt install -y certbot python3-certbot-nginxNginx Configuration
sudo nano /etc/nginx/sites-available/rocketchat
# Add the following configuration:
upstream rocketchat {
server 127.0.0.1:3000;
}
server {
listen 80;
server_name chat.yourdomain.com;
location / {
proxy_pass http://rocketchat;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
# WebSocket timeout settings
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
}
# Increase client max body size for file uploads
client_max_body_size 100M;
}Enable Site & Get SSL
# Enable the site
sudo ln -s /etc/nginx/sites-available/rocketchat /etc/nginx/sites-enabled/
# Remove default site
sudo rm /etc/nginx/sites-enabled/default
# Test configuration
sudo nginx -t
# Reload Nginx
sudo systemctl reload nginx
# Obtain SSL certificate
sudo certbot --nginx -d chat.yourdomain.com
# Verify auto-renewal
sudo certbot renew --dry-runStep 7
Initial Configuration
Access your Rocket.Chat instance at https://chat.yourdomain.com and complete the setup wizard:
1. Admin Account Setup
- Enter admin name, username, and email
- Create a strong password (12+ characters)
- This account will have full administrative access
2. Organization Information
- Enter your organization name
- Select industry type
- Choose server type (Community, Pro, or Enterprise)
3. Register Your Server (Optional)
- Registration enables push notifications for mobile apps
- Provides access to the marketplace
- Can be skipped and configured later
Step 8
Security Hardening
Apply these security configurations:
Secure MongoDB
Update docker-compose.yml to add MongoDB authentication:
MongoDB Authentication
# In docker-compose.yml, update mongodb environment:
environment:
- MONGODB_REPLICA_SET_MODE=primary
- MONGODB_REPLICA_SET_NAME=rs0
- MONGODB_PORT_NUMBER=27017
- MONGODB_INITIAL_PRIMARY_HOST=mongodb
- MONGODB_INITIAL_PRIMARY_PORT_NUMBER=27017
- MONGODB_ADVERTISED_HOSTNAME=mongodb
- MONGODB_ROOT_USER=admin
- MONGODB_ROOT_PASSWORD=your_secure_password_here
# Update rocketchat MONGO_URL:
environment:
- MONGO_URL=mongodb://admin:your_secure_password_here@mongodb:27017/rocketchat?replicaSet=rs0&authSource=admin
- MONGO_OPLOG_URL=mongodb://admin:your_secure_password_here@mongodb:27017/local?replicaSet=rs0&authSource=adminRecommended Admin Settings
Navigate to Administration → Settings:
- Accounts → Registration: Set registration to "Invite Only" or disable
- Accounts → Two Factor Authentication: Enable and enforce for all users
- General → Iframe Integration: Disable if not needed
- Message → File Upload: Configure allowed file types
- Rate Limiter: Enable API rate limiting
Additional Security Headers
# Add to Nginx server block
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# Reload Nginx
sudo nginx -t && sudo systemctl reload nginxStep 9
Maintenance & Backups
Backup Strategy
Backup Script
cat <<'EOF' > ~/rocketchat/backup.sh
#!/bin/bash
BACKUP_DIR="/backup/rocketchat"
DATE=$(date +%Y%m%d_%H%M%S)
mkdir -p $BACKUP_DIR
# Backup MongoDB
docker exec mongodb mongodump --archive=/bitnami/mongodb/backup_$DATE.archive --gzip
docker cp mongodb:/bitnami/mongodb/backup_$DATE.archive $BACKUP_DIR/
# Backup uploads
tar -czf $BACKUP_DIR/uploads_$DATE.tar.gz -C ~/rocketchat/data uploads
# Backup config
cp ~/rocketchat/docker-compose.yml $BACKUP_DIR/docker-compose_$DATE.yml
# Keep only last 7 days
find $BACKUP_DIR -type f -mtime +7 -delete
echo "Backup completed: $DATE"
EOF
chmod +x ~/rocketchat/backup.sh
# Add to crontab for daily backups
(crontab -l 2>/dev/null; echo "0 2 * * * /root/rocketchat/backup.sh") | crontab -Update Rocket.Chat
Update Process
cd ~/rocketchat
# Pull latest images
docker compose pull
# Restart with new images
docker compose up -d
# Verify update
docker compose logs -f rocketchat | head -50Monitoring
Useful Commands
# Check container status
docker compose ps
# View logs
docker compose logs -f
# Check disk usage
docker system df
# MongoDB stats
docker exec mongodb mongosh --eval "db.stats()"Step 10
Troubleshooting
Rocket.Chat won't start
# Check MongoDB replica set status
docker exec mongodb mongosh --eval "rs.status()"
# If replica set not initialized, wait 30-60 seconds
# MongoDB needs time to initialize on first start
# Force recreate containers
docker compose down && docker compose up -dWebSocket connection issues
# Ensure Nginx proxy settings are correct
# Check for WebSocket upgrade headers
# Verify with curl
curl -i -N -H "Connection: Upgrade" \
-H "Upgrade: websocket" \
-H "Host: chat.yourdomain.com" \
https://chat.yourdomain.com/sockjs/infoPerformance issues
# Check memory usage
docker stats
# Increase Node.js memory (in docker-compose.yml)
environment:
- METEOR_SETTINGS={"numberOfRules":100}
- NODE_OPTIONS=--max-old-space-size=4096Reset admin password
# Access MongoDB shell
docker exec -it mongodb mongosh rocketchat
# Reset admin password (replace with desired password hash)
db.users.update(
{ username: "admin" },
{ $set: { "services.password.bcrypt": "$2a$10$n9CM8OgInDlwpvjLKLPML.eizXIzLlRtgCh3GRLafOdR9ldAUh/KG" } }
)
# This sets password to "Password1" - change immediately after loginDeployment Complete!
Your Rocket.Chat instance is now running. Access it at your configured domain and invite your team members to start collaborating!