Plesk Onyx + Rocket.Chat + Caddy

Help
1

Hi. I’m trying to use Caddy. But my Plesk Webservers already take the http/https ports. Now, how can I use my Plesk Onyx installation + the letsencrypt cert from plesk from a subdomain automatically generated there already? I need the configuration of Caddy and Plesk Onyx Nginx vhost config file.

Or, is it possible for me to run everything on an own port? Because trying to do so gives me this error:

Oct 16 19:21:20 baby rocketchat-server.rocketchat-caddy[7297]: Activating privacy features…2017/10/16 19:21:20 [mydomain.tld] failed to get certificate: [mydomain.tld] error presenting token: Could not start HTTPS server for challenge → listen tcp :443: bind: address already in use

I’ve tried this Caddy configuration since now:

https://mydomain.tld:9000 {
  proxy / localhost:3000 {
    websocket
    transparent
  }
}

Thank you very much for any help! :slight_smile:

2

Hi @Uwe_Pfeifer,

Running two web servers with certificate management is an complicated setup I would avoid attempting without a definite requirement to do so. Plesk uses Apache, so I’d recommend simply adding a vhost to proxy the required traffic. Then you can let Plesk handle the certificate and have your backend available via standard web traffic ports.

If your intent is specifically to have Caddy publicly available on port 9000, with HTTPS, you can tell it to load the certificates already requisitioned by Plesk with the directive tls [cert] [key], where the latter two are the paths to the certificate and private key on the host file system.

https://caddyserver.com/docs/tls

3

well, the letsencrypt extension uses a new filename after each renewal afaik. that makes using the tls directive kinda useless as i would have to update that file every time.

so theres no other way?

also my Plesk uses nginx before apache.

oh ok i just re-read the post and now i noticed. so u mean using plesk/nginx instead of caddy? to where do i forward the ssl traffic then? simply to port 3000? i think that wont work. i guess i have to have running an ssl por and then forward ssl traffic to that ssl port on an ssl subdomain?

Theres also some page advising to use docker instead, but im not fmailiar with docker.

Thank you! :slight_smile:

4

hm I think i got it working. i used snap to install rocket.chat on ubuntu 16.04, then I used the following from the docs:

#manual extension docker with socket upgrade begin
location ~ ^/.* {
    proxy_pass http://0.0.0.0:3000;
    proxy_set_header Host             $host;
    proxy_set_header X-Real-IP        $remote_addr;
    proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;

    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Forward-Proto http;
    proxy_set_header X-Nginx-Proxy true;
    proxy_http_version 1.1;

    proxy_redirect off;
}

it also seems to be secured using letsencrypt so yea, thanks for the help :slight_smile:

5

I thought Plesk used Apache for vhosts, which would imply that it’s doing SSL termination?

Oh well - basically you’ve got the gist of the idea, just run your backend locally and proxy to it over HTTP. Your clients have encrypted HTTPS to your Plesk-configured server, so they’re good.

6

hm, plesk uses mail server that only allows encryption. rocket.chat in return only allows encryption with a valid cerificate. but … i dont have any valid certificate for my mail server for that domain. :frowning: cant rocket.chat send usin sendmail or something? ;D

7

Not sure, sorry. Can’t seem to find any documentation other than this, either:

https://docs.rocket.chat/administrator-guides/notifications/email/

Which isn’t too helpful :confused:

8

hm ok thank you for your help :slight_smile:

9

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.