Rocket.chat: Can't connect to custom deployed Rocket.Chat using mobile apps (iOS or Android)

I get the same problem.. also does not work with SSL proxy in front.

same here with latest versions (server and android)

Somehow mine started working, only change was to delete and reinstall the mobile app... For reference here's my nginx configuration. Yesterday I upgraded to release 0.14.0, and still all good.

listen      443 default_server ssl spdy;
spdy_headers_comp 1;
ssl_certificate      server-and-ca.pem;
ssl_certificate_key  server.key;
ssl_session_timeout  20m;
ssl_session_cache   shared:SSL:64k;
ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:ECDHE-RSA-AES128-SHA:HIGH:!RC4:!aNULL:!MD5;
ssl_prefer_server_ciphers   on;
# openssl dhparam -out /opt/nginx/conf/dhparam.pem 4096
ssl_dhparam    dhparam.pem;
add_header Strict-Transport-Security "max-age=63072000";
location / {
   proxy_pass http://127.0.0.1:3000/;
   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";
   proxy_set_header Host $http_host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forward-Proto http;
   proxy_set_header X-Nginx-Proxy true;
   proxy_redirect off;
}

Please provide versions of the Mobile Apps and Servers? Or make sure you are using the latest of both?

@amolliex @alvarow @nrunde can you provide the versions of both the apps and servers?

Whatever the latest iOS is on the AppStore, and the server started with 0.13.0, now it is 0.14.0 release. Today I will upgrade to 0.15.0. It started working on its own on 0.13.0 after I deleted the iOS app and installed again.

Today, a few times, I was prompted while using the mobile iOS app if I wanted to upgrade, and it sent me a few updates to the files. Curious what changed and if related to this issue?

@amolliex Sometimes the SSL CA Bundle is misconfigured on the server, and the missing link on the chain may be pre installed on the desktop browsers, but may be missing in other devices.

@dmkanter what server? Our demo? We upgrade the server a few times per day, and Mobile clients will prompt to upgrade too.

@engelgabriel @graywolf336
The versions are :
Rocket.Chat : 0.15.0
Android App : 2.2.3

@engelgabriel
I have no SSL error when I use my Android browser.

@amolliex did you try to remove and reinstall the mobile app?

Yes, I already try.

It's strange, but now it works with the iOS app.

What about Android?

always not

Same issue, android 5, cant connect, client says "abort: abort".

Maybe try and make sure your Android trusts the SSL CA that signed your server cert... say open it on Chrome and make sure there are no warnings.

https://www.ssllabs.com/ssltest/index.html is a pretty good service to determine that as well.

Thank you @alvarow, it was that indeed my cert. In fact in my firefox web browser you don't need the intermediate cert of your SSL CA, but in android you need all the intermediate certs. I added all the intermediate certs to my nginx config and now it works.

I checked the problem by going on rocketchat with my firefox browser on my android device.
It said that my cert was not trusted, once I modified my certs, it worked on firefox as well as on the app

Same problem here. Latest Android App installed, latest RocketChat Server behind a Nginx with a valid Let's Encrypt SSL Cert. Android Client says "error".

Maybe try and make sure your Android trusts the SSL CA that signed your server cert... say open it on Chrome and make sure there are no warnings.

https://www.ssllabs.com/ssltest/index.html is a pretty good service to determine that as well. Look specifically if you have the CA chain (all the intermediates) being sent. Also need to be make sure the Root CA from Let's Encrypt is trusted by your devices.

Hi,

SSL certificates can be considered valid in some browsers, and invalid in others, it depends on 100s of factors. So please use this tools to check your SSL configuration:

https://www.networking4all.com/en/support/tools/site+check/report/?fqdn=demo.rocket.chat
and
https://www.ssllabs.com/ssltest/analyze.html?d=demo.rocket.chat&latest

Make sure there is not "Extra Download" on the Certification Paths

If you get the message from Networking4All:

This certificate should be trusted by all major web browsers

and your apps still dont work, please reopen this issue.

PS. We had to use this https://certificatechain.io to fix our Comodo SSL certificate chain last week, it was not working on Androids only.

Cool, thanks for the input and the hints! The Client error message "error" was not so super helpful, but your suggestions pointed me into the right direction. Solved the problem. The reason was, that I defined to "force SSL" in the configuration and the RocketChat server seems not to recognize the "X-Forward-Proto" header that comes from Nginx. This resulted in a redirect loop. Interestingly this did not affect the desktop client, which worked well.

Seems like Let's Encrypt certs works just fine out of the box!

We have tried to improve the error message, but the browser don't give us much info when the SSL fails.. its like any connection error.. :(

The Force_SSL should only be used if you dont have control of your NGINX, it is much better to do the redirect at the revers proxy level.

I'm still having this issue using a wildcard cert. It works just fine in the mobile browser.

Having the same issue. Wildcard cert works. App works great on ios and desktop. Android fails with "abort abort".

@sjt003 did you follow all the instruction above?

I did. I guess the only thing for me to do is make sure intermediate certs are present with https://certificatechain.io/

@sjt003 Thank you,
I solved my issue follow your workaround,

Thought I would add something to this discussion to make it clearer for those who are new to nginx config and letsencrypt (like me). I was also having issues with the android apps not loging in. I was also having issues with chrome on android not working occasionally. All other apps worked fine.

Checking my subdomain chat.mydomain.com.au at https://www.ssllabs.com/ssltest/analyze.html as suggested above. Showed chain errors.

To fix this instead of copying /ssl_provider_dir/cert.pem > /etc/nginx/certificate.crt

I had to copy /ssl_provider_dir/fullchain.pem > /etc/nginx/certificate.crt

My command was like this..

sudo cp /etc/letsencrypt/live/mydomain.com.au/fullchain.pem /etc/nginx/certificate.crt

Hope this helps someone else

Cheers

I've just started doing some testing of a privately hosted rocket chat server.

I experienced the same issue of the Android app not connecting with the "abort abort" error message.
Uninstalling and reinstalling the app didn't resolve the issue. I could connect fine to the server from Android Chrome, Windows Desktop and Windows Desktop Chrome.

Resolved the issue by connecting to the default Demo site, which started a download of 88 files. Once I'd successfully connected to the demo site I was then able to start a connection to our private server (which iniated a download of an additional 86 files) and now Android app is functional.

(Edit: note this work around didn't ultimately resolve the issue and the server admin had to apply some certificate fixes to actually resolve the issues with android mobile app).

@InvaderZimAu this is very strange, @rodrigok any idea?

@engelgabriel no, I have no idea.

While my "work around" allowed me to briefly connect to our private server, I later experienced "time outs" where the private server initiated a connection and then hung (looping the load bar indefinitely). Our admin has since applied some fixes to the certificates (I believe, sorry I can't be more specific) and now the app is finally functioning correctly.

Hi,

I'm facing a similar problem.

Installed rocket.chat via docker following the instructions on https://rocket.chat/docs/installation/docker-containers/

rocket.chat server is running in a subdirectory behind nginx proxy with ssl and works fine in browser and desktop app.
rocket.chat iOS app connects on setup, downloads a couple of files, then fails connecting to server saying "waiting for server connection..."

rocket.chat 0.39.0
iOS App 2.4.0

SSL test on https://www.networking4all.com/en/support/tools/site+check/report/ says:
SSL Certificate correctly installed
This certificate should be trusted by all major web browsers

https://www.ssllabs.com/ssltest/analyze.html reports no chain issues

Any ideas what I'm missing here?
Thanks

Having the same issue as @rhizomatic

same issue here and we have no SSL installed. I used http:// in server address. it's stuck at downloading files...

PS: I have latest version of server and mobile app on iOS

Same issue... trying to check certificates !

I'm now having this issue after installing an SSL from Let's Encrypt. I can access via browsers, just cannot access from my Android App.

@dmkjr Can you test your certificate/host address at https://www.networking4all.com/en/support/tools/site+check and https://www.ssllabs.com/ssltest/analyze.html ?

@rodrigok I have ran both tests.

https://www.networking4all.com/en/support/tools/site+check/report/?fqdn=hanahan.work

https://www.ssllabs.com/ssltest/analyze.html?d=hanahan.work&latest

I'm not really sure what it's telling me but it's not showing 100% good.

@rodrigok More specifically, it only seems to be effecting Android devices with the android application. I can log in via IOS devices and any browser so far.

https://hanahan.work is my URL. I can give you an account for testing purposes if you desire.

ive started experiencing this as well. All of a sudden last night I can no longer connect. Will check the SSL stuff now and report back.. But has been working perfect

I can't connect using the android app either:
https://www.ssllabs.com/ssltest/analyze.html?d=chat.truerun.com

The server is behind our gateway, apache reverse proxy, SSL is from let's encrypt.

Any solution? I am also not able to login on Android App of Rocket Chat. After giving login with gmail, it stays on login screen and not moved forward.

Apparently, it's because our gateway was using apache 2.2, and apache 2.2 doesn't support reverse proxy for web sockets. So right now we use another server (that uses apache 2.4) to reverse proxy to our rocket.chat server.

@Arvi89 Thanks for reply; My organisation server is something like https://chat.company.com
So, what should i do for it to login? Thanks

I have the same issue. My rocket.chat server is running at https://chat.example.com. When connecting with the android app on Android 7, I get "Error Downloading files, please try again later".

These are the nginx access logs for reference:

103.5.132.71 - - [24/May/2017:09:26:33 +0000] "GET /api/info HTTP/1.1" 200 76 "http://localhost.local/index.html?addServer" "Mozilla/5.0 (Linux; Android 7.0; Moto G (5) Plus Build/NPN25.137-15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Crosswalk/18.48.477.13 Mobile Safari/537.36"
103.5.132.71 - - [24/May/2017:09:26:33 +0000] "GET /__cordova/manifest.json HTTP/1.1" 200 6428 "http://localhost.local/index.html?addServer" "Mozilla/5.0 (Linux; Android 7.0; Moto G (5) Plus Build/NPN25.137-15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Crosswalk/18.48.477.13 Mobile Safari/537.36"

I ran a few more checks and noticed that the server downloads files from http://chat.example.com and once done shows an nginx 301 moved permanently page.

Goodnight,
I used to have similar issues, until I change the Rocket.Chat app to Rocket.Chat +, both are in the PlayStore for Android

@lucasguerra91 Hi, I tried with the new Rocket.Chat + app as well. The only call that the app makes to the server is GET /api/info and then it reports an error There's a connection error. Please try later.

When I make the call manually through curl, this is the output:

$ curl https://chat.refermate.co/api/info
{
  "version": "0.56.0",
  "success": true
}

What am I doing wrong here?

Same here. Works on browser, iOS and Desktop. Android app is giving me "There's a connection error. Please try later.". Should I wait for an update for the app?

Yes, also with Android get error: "There's a connection error. Please try later."
We are using proxy (https://rocket.chat/docs/installation/docker-containers#5-installing-nginx-ssl-certificate) and Android Rocket Chat version 1.0.14

Same problem here with the android app.
Even when accessing directly, without reverse proxy. Firewall is disabled.

$ curl http://192.168.1.107/chat/api/info { "version": "0.56.0", "success": true }

The Android app without the "+" is working fine for me. It tends to disconnect and miss notifications from time to time, although that may be a configuration issue on my side.

Same problem with full version.
App with "+" is working fine.

cp /ssl_provider_dir/fullchain.pem /etc/nginx/certificate.crt и приложение Android заработало
спасибо Christian-OCa!!

Same problem here with Android.
Solved by adding all intermediate certs on nginx:
https://www.digicert.com/ssl-certificate-installation-nginx.htm

I am on local machine, rocket.chat + rocket.chat.cordova.

• start rocket.chat server: meteor --mobile-server=http://192.168.2.104:3000
• start ios app: cordova run ios , success, I can connect to local server
• start android app: cordova run android, success, but I cannot connect to local server.
  saying: Waiting for server connection, try again in 148 seconds...
• also I cannot connect to https://demo.rocket.chat.
  saying: Waiting for server connection, try again in 148 seconds...

What's the problem?

I had the same problem (connection error). In my case the reason was that my server required at least TLS 1.1 while RocketChat+ tries to connect with TLS 1.0.

Hi, i am having the same issue. I have a AlphaSSL Wildcard Certificate installed on Apache2 Reversproxy and a RocketChat 0.58.4 running behind the proxy.
SSL Labs says A+ and no extra Download: https://www.ssllabs.com/ssltest/analyze.html?d=chat.giesemann.gmbh
I cant connect on Android or iOS App (latest Versions: Android -> 1.0.22 (44) / iOS -> 1.6.0). Desktop App (2.9.0) working fine, also does Website on Windows, Android and iOS.
I have a second chat, with the same settings but no wildcard Cert (its a letsencrypt cert) and the iOS Mobile App connects fine, but Android wont connect to it.
I enabled TLSv1, TLSv1.1, TLSv1.2 but still no luck on any mobile App. I took a look on the second server and i have ONLY TLSv1.2 enabled, so i dont think that TLSv1.0 was the problem with @AndreKR
Could it be something with my wildcard Cert?

Hi all

I'm having the same issue with both IOS and Android.
I'm running version 0.59.2, being a Reverse-Proxy (HTTPS to HTTP)

@bmduarte in my case i had a little typo (192.168.7.x instead of 192.168.2.x for the RocketChat Server) in my proxy config, maybe you should check that too?

@Dirk23 I double checked nginx setup and it's okay.

To figure out what's going on under the hood, using fiddler (similar to wireshark) I got these results:

Rocketchat setup:
https://www.mydomain.pt/chat -> Reverse Proxy -> 192.168.200.107:3000/chat

RocketChat+ on Android:
CONNECT www.mydomain.pt.chat:443 HTTP/1.1
Host: www.mydomain.pt.chat:443
Proxy-Connection: Keep-Alive
User-Agent: okhttp/3.8.0

App doesnt connect to chat server.
It's concatenating ".chat" after the domain.

RocketChat on Android:
CONNECT www.mydomain.pt:443 HTTP/1.1
Host: www.mydomain.pt:443
Proxy-Connection: Keep-Alive
User-Agent: okhttp/3.8.0

Got a lot of 404 -> https://www.mydomain.pt/sockjs/...
while it should be https://www.mydomain.pt/chat/sockjs/...

Changed my nginx config to forward https://www.mydomain.pt/chat/sockjs/ to the internal IP+port
and it's okay now. Almost okay.
Android notifications aren't working.

It's seems RocketChat app doesn't like the "chat" path suffix.

„RocketChat+ on Android:
CONNECT www.mydomain.pt.chat:443 HTTP/1.1
Host: www.mydomain.pt.chat:443
Proxy-Connection: Keep-Alive
User-Agent: okhttp/3.8.0“

The URL www.mydomain.pt.chat seems to be wrong, doesnt it?

Totally wrong.

I suppose you Changed URL manualy for the Post here, but does it look the same on the real with .chat instead of /chat?

Hi guys,

I know this is from a few months ago now, but I wonder if anyone has had this problem from the perspective of using Windows Server IIS to reverse proxy requests to Rocket.Chat running on Docker?

Desktop (browser based) clients work fine. After some fiddling, I managed to get the Android app working fine too. But the iOS app doesn't want to play.

If I look in the IIS logs, I can see the device making a request for /api/v1/info, which is returned without any errors. It then immediately makes a request for a Url starting /websocket to which the web server is returning status code 502.

I'm using a LetsEncrypt SSL certificate, the site works in the iOS browser, and also works if I use the legacy version of Rocket.Chat (i.e. the one in the app store without the "+").

Anyone got any experience of making this work through WIndows/IIS reverse proxy?

Thanks!

Steve.

Several more months on... and we also have the same issue. We have a two-stage DMZ with Windows IIS WAP proxying to NGINX proxying to Rocket.Chat. Internally everything works fine, Windows, Mac, Android, iOS. Externally, Windows, Mac, Android work perfectly but iOS does not. We have also narrowed it down to the 'websocket' request from the iOS app but unfortunately after a month of testing, no resolution.

It seems that most, if not all, of these issues are due to incorrect proxy configurations, or possibly the app, and not actually an issue with the rocket chat server itself.

For support with these issue please open a request in the forums:
https://forums.rocket.chat

Or chat direct in #support :
https://open.rocket.chat

@rocket-cat close

Several more months on... and we also have the same issue. We have a two-stage DMZ with Windows IIS WAP proxying to NGINX proxying to Rocket.Chat. Internally everything works fine, Windows, Mac, Android, iOS. Externally, Windows, Mac, Android work perfectly but iOS does not. We have also narrowed it down to the 'websocket' request from the iOS app but unfortunately after a month of testing, no resolution.

The iOS and Android apps work for us - I wrote a blog post on configuring the IIS proxy to allow web sockets. https://umbracotips.blogspot.com/2018/02/running-rocketchat-on-docker-using.html

Edited to add: yes, with the iOS app - its compressed websocket requests that fail with the IIS reverse proxy. You have to add a header to disable them

I have the same problem, use snap to install, use Certbot to get the SSL certificate. Browser and desktop can be accessed, andriod, ios cannot (I am a Chinese, English is not good, I hope to describe this problem)