Add tech_docs/RustDesk.md

tech_docs/RustDesk.md

@@ -0,0 +1,181 @@
+# **Proper RustDesk Self-Hosted Deployment Guide**  
+
+This guide ensures a **proper, secure, and production-ready** RustDesk deployment using Docker. It includes best practices for security, performance, and reliability.
+
+---
+
+## **1. Prerequisites**
+### **Server Requirements**
+- **OS**: Ubuntu 22.04/24.04 (recommended) or Debian 12  
+- **CPU**: 2+ cores  
+- **RAM**: 4GB+  
+- **Storage**: 20GB+ (SSD preferred)  
+- **Network**: Public IPv4 address (IPv6 optional)  
+- **Ports**:  
+  - **TCP**: `21115`, `21116`, `21117`, `21118`, `21119`  
+  - **UDP**: `21116` (for NAT traversal)  
+
+### **Software Requirements**
+- **Docker** (latest stable)  
+- **Docker Compose** (v2+)  
+- **UFW (firewall)** (recommended)  
+
+---
+
+## **2. Server Setup**
+### **1. Create a Dedicated User (Security Best Practice)**
+```bash
+sudo adduser --disabled-password --gecos "" rustdesk
+sudo usermod -aG sudo rustdesk
+sudo mkdir -p /home/rustdesk/.ssh
+sudo cp ~/.ssh/authorized_keys /home/rustdesk/.ssh/
+sudo chown -R rustdesk:rustdesk /home/rustdesk/.ssh
+sudo chmod 700 /home/rustdesk/.ssh
+sudo chmod 600 /home/rustkdesk/.ssh/authorized_keys
+echo "rustdesk ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/rustdesk
+sudo chmod 440 /etc/sudoers.d/rustdesk
+```
+
+### **2. Install Docker & Docker Compose**
+```bash
+# Install Docker
+curl -fsSL https://get.docker.com | sh
+sudo usermod -aG docker rustdesk
+
+# Install Docker Compose
+sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
+sudo chmod +x /usr/local/bin/docker-compose
+```
+
+### **3. Configure Firewall (UFW)**
+```bash
+sudo apt install ufw -y
+sudo ufw allow ssh
+sudo ufw allow 21115/tcp    # NAT type test
+sudo ufw allow 21116/tcp    # ID server (TCP)
+sudo ufw allow 21116/udp    # ID server (UDP, critical for NAT traversal)
+sudo ufw allow 21117/tcp    # Relay server
+sudo ufw allow 21118/tcp    # Web client (optional)
+sudo ufw allow 21119/tcp    # Web client (optional)
+sudo ufw enable
+```
+
+---
+
+## **3. Deploy RustDesk with Docker Compose**
+### **1. Create Project Directory**
+```bash
+sudo mkdir -p /opt/rustdesk && cd /opt/rustdesk
+```
+
+### **2. Create `docker-compose.yml`**
+```yaml
+version: '3.8'
+
+services:
+  hbbs:
+    container_name: hbbs
+    image: rustdesk/rustdesk-server:latest
+    command: hbbs -r your_server_ip:21117  # Replace with your public IP
+    volumes:
+      - ./data:/root
+    network_mode: host
+    restart: unless-stopped
+    environment:
+      - RELAY_SERVERS=your_server_ip:21117
+      - ENCRYPTED_ONLY=Y  # Force encrypted connections (security)
+  
+  hbbr:
+    container_name: hbbr
+    image: rustdesk/rustdesk-server:latest
+    command: hbbr
+    volumes:
+      - ./data:/root
+    network_mode: host
+    restart: unless-stopped
+```
+
+### **3. Start RustDesk Services**
+```bash
+sudo docker-compose up -d
+```
+
+### **4. Verify Deployment**
+```bash
+sudo docker ps  # Should show hbbs & hbbr running
+sudo docker logs hbbs  # Check for errors
+```
+
+---
+
+## **4. Post-Installation Steps**
+### **1. Retrieve the Public Key (Required for Clients)**
+```bash
+cat /opt/rustdesk/data/id_ed25519.pub
+```
+**Save this key**—it must be entered in every RustDesk client for secure connections.
+
+### **2. Enable Auto-Updates (Optional but Recommended)**
+```bash
+sudo crontab -e
+```
+Add:
+```bash
+0 3 * * * cd /opt/rustdesk && docker-compose pull && docker-compose up -d --force-recreate
+```
+This updates RustDesk nightly.
+
+---
+
+## **5. Client Configuration**
+### **1. Download RustDesk Client**
+- [Windows/macOS/Linux](https://rustdesk.com/download)  
+- [Android/iOS](https://rustdesk.com/download.html)  
+
+### **2. Configure Client Settings**
+1. Open RustDesk → **Settings (⚙️) → Network**  
+2. **Unlock advanced settings** (if prompted)  
+3. Configure:  
+   - **ID Server**: `your_server_ip`  
+   - **Relay Server**: `your_server_ip`  
+   - **Key**: Paste `id_ed25519.pub` from earlier  
+4. **Save & Restart RustDesk**  
+
+---
+
+## **6. Security Hardening (Optional but Recommended)**
+### **1. Enable Fail2Ban (Prevent Brute Force Attacks)**
+```bash
+sudo apt install fail2ban -y
+sudo systemctl enable --now fail2ban
+```
+
+### **2. Disable Web Console (If Not Needed)**
+- Remove `21118` and `21119` from `ufw` if you don’t use the web client.
+
+### **3. Use a Reverse Proxy (HTTPS for Web Client)**
+If using the web client, set up **Nginx + Let’s Encrypt** for HTTPS.
+
+---
+
+## **7. Troubleshooting**
+| Issue | Solution |
+|-------|----------|
+| **Clients can't connect** | Check `ufw status`, verify ports are open |
+| **High latency** | Ensure `RELAY_SERVERS` is set correctly |
+| **"Unencrypted connection" warning** | Set `ENCRYPTED_ONLY=Y` in `docker-compose.yml` |
+| **hbbs/hbbr crashes** | Check logs (`docker logs hbbs`) |
+
+---
+
+## **Conclusion**
+This guide ensures a **proper, secure, and production-ready** RustDesk deployment with:
+✅ Dedicated non-root user  
+✅ Firewall hardening  
+✅ Encrypted-only connections (optional)  
+✅ Auto-updates  
+✅ Fail2Ban protection (optional)  
+
+For large-scale deployments, consider **multiple relay servers** for better performance.  
+
+**Enjoy your self-hosted RustDesk!** 🚀