From d980823a76306b667cbcb82157e511d4d9d5897e Mon Sep 17 00:00:00 2001 From: medusa Date: Sun, 3 Aug 2025 11:07:02 -0500 Subject: [PATCH] Add tech_docs/RustDesk.md --- tech_docs/RustDesk.md | 181 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 181 insertions(+) create mode 100644 tech_docs/RustDesk.md diff --git a/tech_docs/RustDesk.md b/tech_docs/RustDesk.md new file mode 100644 index 0000000..826354b --- /dev/null +++ b/tech_docs/RustDesk.md @@ -0,0 +1,181 @@ +# **Proper RustDesk Self-Hosted Deployment Guide** + +This guide ensures a **proper, secure, and production-ready** RustDesk deployment using Docker. It includes best practices for security, performance, and reliability. + +--- + +## **1. Prerequisites** +### **Server Requirements** +- **OS**: Ubuntu 22.04/24.04 (recommended) or Debian 12 +- **CPU**: 2+ cores +- **RAM**: 4GB+ +- **Storage**: 20GB+ (SSD preferred) +- **Network**: Public IPv4 address (IPv6 optional) +- **Ports**: + - **TCP**: `21115`, `21116`, `21117`, `21118`, `21119` + - **UDP**: `21116` (for NAT traversal) + +### **Software Requirements** +- **Docker** (latest stable) +- **Docker Compose** (v2+) +- **UFW (firewall)** (recommended) + +--- + +## **2. Server Setup** +### **1. Create a Dedicated User (Security Best Practice)** +```bash +sudo adduser --disabled-password --gecos "" rustdesk +sudo usermod -aG sudo rustdesk +sudo mkdir -p /home/rustdesk/.ssh +sudo cp ~/.ssh/authorized_keys /home/rustdesk/.ssh/ +sudo chown -R rustdesk:rustdesk /home/rustdesk/.ssh +sudo chmod 700 /home/rustdesk/.ssh +sudo chmod 600 /home/rustkdesk/.ssh/authorized_keys +echo "rustdesk ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/rustdesk +sudo chmod 440 /etc/sudoers.d/rustdesk +``` + +### **2. Install Docker & Docker Compose** +```bash +# Install Docker +curl -fsSL https://get.docker.com | sh +sudo usermod -aG docker rustdesk + +# Install Docker Compose +sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose +sudo chmod +x /usr/local/bin/docker-compose +``` + +### **3. Configure Firewall (UFW)** +```bash +sudo apt install ufw -y +sudo ufw allow ssh +sudo ufw allow 21115/tcp # NAT type test +sudo ufw allow 21116/tcp # ID server (TCP) +sudo ufw allow 21116/udp # ID server (UDP, critical for NAT traversal) +sudo ufw allow 21117/tcp # Relay server +sudo ufw allow 21118/tcp # Web client (optional) +sudo ufw allow 21119/tcp # Web client (optional) +sudo ufw enable +``` + +--- + +## **3. Deploy RustDesk with Docker Compose** +### **1. Create Project Directory** +```bash +sudo mkdir -p /opt/rustdesk && cd /opt/rustdesk +``` + +### **2. Create `docker-compose.yml`** +```yaml +version: '3.8' + +services: + hbbs: + container_name: hbbs + image: rustdesk/rustdesk-server:latest + command: hbbs -r your_server_ip:21117 # Replace with your public IP + volumes: + - ./data:/root + network_mode: host + restart: unless-stopped + environment: + - RELAY_SERVERS=your_server_ip:21117 + - ENCRYPTED_ONLY=Y # Force encrypted connections (security) + + hbbr: + container_name: hbbr + image: rustdesk/rustdesk-server:latest + command: hbbr + volumes: + - ./data:/root + network_mode: host + restart: unless-stopped +``` + +### **3. Start RustDesk Services** +```bash +sudo docker-compose up -d +``` + +### **4. Verify Deployment** +```bash +sudo docker ps # Should show hbbs & hbbr running +sudo docker logs hbbs # Check for errors +``` + +--- + +## **4. Post-Installation Steps** +### **1. Retrieve the Public Key (Required for Clients)** +```bash +cat /opt/rustdesk/data/id_ed25519.pub +``` +**Save this key**—it must be entered in every RustDesk client for secure connections. + +### **2. Enable Auto-Updates (Optional but Recommended)** +```bash +sudo crontab -e +``` +Add: +```bash +0 3 * * * cd /opt/rustdesk && docker-compose pull && docker-compose up -d --force-recreate +``` +This updates RustDesk nightly. + +--- + +## **5. Client Configuration** +### **1. Download RustDesk Client** +- [Windows/macOS/Linux](https://rustdesk.com/download) +- [Android/iOS](https://rustdesk.com/download.html) + +### **2. Configure Client Settings** +1. Open RustDesk → **Settings (⚙️) → Network** +2. **Unlock advanced settings** (if prompted) +3. Configure: + - **ID Server**: `your_server_ip` + - **Relay Server**: `your_server_ip` + - **Key**: Paste `id_ed25519.pub` from earlier +4. **Save & Restart RustDesk** + +--- + +## **6. Security Hardening (Optional but Recommended)** +### **1. Enable Fail2Ban (Prevent Brute Force Attacks)** +```bash +sudo apt install fail2ban -y +sudo systemctl enable --now fail2ban +``` + +### **2. Disable Web Console (If Not Needed)** +- Remove `21118` and `21119` from `ufw` if you don’t use the web client. + +### **3. Use a Reverse Proxy (HTTPS for Web Client)** +If using the web client, set up **Nginx + Let’s Encrypt** for HTTPS. + +--- + +## **7. Troubleshooting** +| Issue | Solution | +|-------|----------| +| **Clients can't connect** | Check `ufw status`, verify ports are open | +| **High latency** | Ensure `RELAY_SERVERS` is set correctly | +| **"Unencrypted connection" warning** | Set `ENCRYPTED_ONLY=Y` in `docker-compose.yml` | +| **hbbs/hbbr crashes** | Check logs (`docker logs hbbs`) | + +--- + +## **Conclusion** +This guide ensures a **proper, secure, and production-ready** RustDesk deployment with: +✅ Dedicated non-root user +✅ Firewall hardening +✅ Encrypted-only connections (optional) +✅ Auto-updates +✅ Fail2Ban protection (optional) + +For large-scale deployments, consider **multiple relay servers** for better performance. + +**Enjoy your self-hosted RustDesk!** 🚀 \ No newline at end of file