medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add tech_docs/RustDesk.md

Browse Source
This commit is contained in:
medusa
2025-08-03 11:07:02 -05:00
parent e901698d4f
commit d980823a76
1 changed files with 181 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

181
tech_docs/RustDesk.md Normal file
View File

@@ -0,0 +1,181 @@
# **Proper RustDesk Self-Hosted Deployment Guide**
This guide ensures a **proper, secure, and production-ready** RustDesk deployment using Docker. It includes best practices for security, performance, and reliability.
---
## **1. Prerequisites**
### **Server Requirements**
- **OS**: Ubuntu 22.04/24.04 (recommended) or Debian 12
- **CPU**: 2+ cores
- **RAM**: 4GB+
- **Storage**: 20GB+ (SSD preferred)
- **Network**: Public IPv4 address (IPv6 optional)
- **Ports**:
- **TCP**: `21115`, `21116`, `21117`, `21118`, `21119`
- **UDP**: `21116` (for NAT traversal)
### **Software Requirements**
- **Docker** (latest stable)
- **Docker Compose** (v2+)
- **UFW (firewall)** (recommended)
---
## **2. Server Setup**
### **1. Create a Dedicated User (Security Best Practice)**
```bash
sudo adduser --disabled-password --gecos "" rustdesk
sudo usermod -aG sudo rustdesk
sudo mkdir -p /home/rustdesk/.ssh
sudo cp ~/.ssh/authorized_keys /home/rustdesk/.ssh/
sudo chown -R rustdesk:rustdesk /home/rustdesk/.ssh
sudo chmod 700 /home/rustdesk/.ssh
sudo chmod 600 /home/rustkdesk/.ssh/authorized_keys
echo "rustdesk ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/rustdesk
sudo chmod 440 /etc/sudoers.d/rustdesk
```
### **2. Install Docker & Docker Compose**
```bash
# Install Docker
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker rustdesk
# Install Docker Compose
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
```
### **3. Configure Firewall (UFW)**
```bash
sudo apt install ufw -y
sudo ufw allow ssh
sudo ufw allow 21115/tcp # NAT type test
sudo ufw allow 21116/tcp # ID server (TCP)
sudo ufw allow 21116/udp # ID server (UDP, critical for NAT traversal)
sudo ufw allow 21117/tcp # Relay server
sudo ufw allow 21118/tcp # Web client (optional)
sudo ufw allow 21119/tcp # Web client (optional)
sudo ufw enable
```
---
## **3. Deploy RustDesk with Docker Compose**
### **1. Create Project Directory**
```bash
sudo mkdir -p /opt/rustdesk && cd /opt/rustdesk
```
### **2. Create `docker-compose.yml`**
```yaml
version: '3.8'
services:
hbbs:
container_name: hbbs
image: rustdesk/rustdesk-server:latest
command: hbbs -r your_server_ip:21117 # Replace with your public IP
volumes:
- ./data:/root
network_mode: host
restart: unless-stopped
environment:
- RELAY_SERVERS=your_server_ip:21117
- ENCRYPTED_ONLY=Y # Force encrypted connections (security)
hbbr:
container_name: hbbr
image: rustdesk/rustdesk-server:latest
command: hbbr
volumes:
- ./data:/root
network_mode: host
restart: unless-stopped
```
### **3. Start RustDesk Services**
```bash
sudo docker-compose up -d
```
### **4. Verify Deployment**
```bash
sudo docker ps # Should show hbbs & hbbr running
sudo docker logs hbbs # Check for errors
```
---
## **4. Post-Installation Steps**
### **1. Retrieve the Public Key (Required for Clients)**
```bash
cat /opt/rustdesk/data/id_ed25519.pub
```
**Save this key**—it must be entered in every RustDesk client for secure connections.
### **2. Enable Auto-Updates (Optional but Recommended)**
```bash
sudo crontab -e
```
Add:
```bash
0 3 * * * cd /opt/rustdesk && docker-compose pull && docker-compose up -d --force-recreate
```
This updates RustDesk nightly.
---
## **5. Client Configuration**
### **1. Download RustDesk Client**
- [Windows/macOS/Linux](https://rustdesk.com/download)
- [Android/iOS](https://rustdesk.com/download.html)
### **2. Configure Client Settings**
1. Open RustDesk → **Settings (⚙️) → Network**
2. **Unlock advanced settings** (if prompted)
3. Configure:
- **ID Server**: `your_server_ip`
- **Relay Server**: `your_server_ip`
- **Key**: Paste `id_ed25519.pub` from earlier
4. **Save & Restart RustDesk**
---
## **6. Security Hardening (Optional but Recommended)**
### **1. Enable Fail2Ban (Prevent Brute Force Attacks)**
```bash
sudo apt install fail2ban -y
sudo systemctl enable --now fail2ban
```
### **2. Disable Web Console (If Not Needed)**
- Remove `21118` and `21119` from `ufw` if you dont use the web client.
### **3. Use a Reverse Proxy (HTTPS for Web Client)**
If using the web client, set up **Nginx + Lets Encrypt** for HTTPS.
---
## **7. Troubleshooting**
| Issue | Solution |
|-------|----------|
| **Clients can't connect** | Check `ufw status`, verify ports are open |
| **High latency** | Ensure `RELAY_SERVERS` is set correctly |
| **"Unencrypted connection" warning** | Set `ENCRYPTED_ONLY=Y` in `docker-compose.yml` |
| **hbbs/hbbr crashes** | Check logs (`docker logs hbbs`) |
---
## **Conclusion**
This guide ensures a **proper, secure, and production-ready** RustDesk deployment with:
✅ Dedicated non-root user
✅ Firewall hardening
✅ Encrypted-only connections (optional)
✅ Auto-updates
✅ Fail2Ban protection (optional)
For large-scale deployments, consider **multiple relay servers** for better performance.
**Enjoy your self-hosted RustDesk!** 🚀