# **Proper RustDesk Self-Hosted Deployment Guide**  

This guide ensures a **proper, secure, and production-ready** RustDesk deployment using Docker. It includes best practices for security, performance, and reliability.

---

## **1. Prerequisites**
### **Server Requirements**
- **OS**: Ubuntu 22.04/24.04 (recommended) or Debian 12  
- **CPU**: 2+ cores  
- **RAM**: 4GB+  
- **Storage**: 20GB+ (SSD preferred)  
- **Network**: Public IPv4 address (IPv6 optional)  
- **Ports**:  
  - **TCP**: `21115`, `21116`, `21117`, `21118`, `21119`  
  - **UDP**: `21116` (for NAT traversal)  

### **Software Requirements**
- **Docker** (latest stable)  
- **Docker Compose** (v2+)  
- **UFW (firewall)** (recommended)  

---

## **2. Server Setup**
### **1. Create a Dedicated User (Security Best Practice)**
```bash
sudo adduser --disabled-password --gecos "" rustdesk
sudo usermod -aG sudo rustdesk
sudo mkdir -p /home/rustdesk/.ssh
sudo cp ~/.ssh/authorized_keys /home/rustdesk/.ssh/
sudo chown -R rustdesk:rustdesk /home/rustdesk/.ssh
sudo chmod 700 /home/rustdesk/.ssh
sudo chmod 600 /home/rustkdesk/.ssh/authorized_keys
echo "rustdesk ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/rustdesk
sudo chmod 440 /etc/sudoers.d/rustdesk
```

### **2. Install Docker & Docker Compose**
```bash
# Install Docker
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker rustdesk

# Install Docker Compose
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
```

### **3. Configure Firewall (UFW)**
```bash
sudo apt install ufw -y
sudo ufw allow ssh
sudo ufw allow 21115/tcp    # NAT type test
sudo ufw allow 21116/tcp    # ID server (TCP)
sudo ufw allow 21116/udp    # ID server (UDP, critical for NAT traversal)
sudo ufw allow 21117/tcp    # Relay server
sudo ufw allow 21118/tcp    # Web client (optional)
sudo ufw allow 21119/tcp    # Web client (optional)
sudo ufw enable
```

---

## **3. Deploy RustDesk with Docker Compose**
### **1. Create Project Directory**
```bash
sudo mkdir -p /opt/rustdesk && cd /opt/rustdesk
```

### **2. Create `docker-compose.yml`**
```yaml
version: '3.8'

services:
  hbbs:
    container_name: hbbs
    image: rustdesk/rustdesk-server:latest
    command: hbbs -r your_server_ip:21117  # Replace with your public IP
    volumes:
      - ./data:/root
    network_mode: host
    restart: unless-stopped
    environment:
      - RELAY_SERVERS=your_server_ip:21117
      - ENCRYPTED_ONLY=Y  # Force encrypted connections (security)
  
  hbbr:
    container_name: hbbr
    image: rustdesk/rustdesk-server:latest
    command: hbbr
    volumes:
      - ./data:/root
    network_mode: host
    restart: unless-stopped
```

### **3. Start RustDesk Services**
```bash
sudo docker-compose up -d
```

### **4. Verify Deployment**
```bash
sudo docker ps  # Should show hbbs & hbbr running
sudo docker logs hbbs  # Check for errors
```

---

## **4. Post-Installation Steps**
### **1. Retrieve the Public Key (Required for Clients)**
```bash
cat /opt/rustdesk/data/id_ed25519.pub
```
**Save this key**—it must be entered in every RustDesk client for secure connections.

### **2. Enable Auto-Updates (Optional but Recommended)**
```bash
sudo crontab -e
```
Add:
```bash
0 3 * * * cd /opt/rustdesk && docker-compose pull && docker-compose up -d --force-recreate
```
This updates RustDesk nightly.

---

## **5. Client Configuration**
### **1. Download RustDesk Client**
- [Windows/macOS/Linux](https://rustdesk.com/download)  
- [Android/iOS](https://rustdesk.com/download.html)  

### **2. Configure Client Settings**
1. Open RustDesk → **Settings (⚙️) → Network**  
2. **Unlock advanced settings** (if prompted)  
3. Configure:  
   - **ID Server**: `your_server_ip`  
   - **Relay Server**: `your_server_ip`  
   - **Key**: Paste `id_ed25519.pub` from earlier  
4. **Save & Restart RustDesk**  

---

## **6. Security Hardening (Optional but Recommended)**
### **1. Enable Fail2Ban (Prevent Brute Force Attacks)**
```bash
sudo apt install fail2ban -y
sudo systemctl enable --now fail2ban
```

### **2. Disable Web Console (If Not Needed)**
- Remove `21118` and `21119` from `ufw` if you don’t use the web client.

### **3. Use a Reverse Proxy (HTTPS for Web Client)**
If using the web client, set up **Nginx + Let’s Encrypt** for HTTPS.

---

## **7. Troubleshooting**
| Issue | Solution |
|-------|----------|
| **Clients can't connect** | Check `ufw status`, verify ports are open |
| **High latency** | Ensure `RELAY_SERVERS` is set correctly |
| **"Unencrypted connection" warning** | Set `ENCRYPTED_ONLY=Y` in `docker-compose.yml` |
| **hbbs/hbbr crashes** | Check logs (`docker logs hbbs`) |

---

## **Conclusion**
This guide ensures a **proper, secure, and production-ready** RustDesk deployment with:
✅ Dedicated non-root user  
✅ Firewall hardening  
✅ Encrypted-only connections (optional)  
✅ Auto-updates  
✅ Fail2Ban protection (optional)  

For large-scale deployments, consider **multiple relay servers** for better performance.  

**Enjoy your self-hosted RustDesk!** 🚀

---

Here’s a clean, OS-specific deployment guide with direct download links:

---

### **RustDesk Client Installation**  
*One-click downloads for all platforms:*

#### **Windows**  
🔗 [Download RustDesk for Windows (.exe)](https://github.com/rustdesk/rustdesk/releases/download/1.4.1/rustdesk-1.4.1-x86_64.exe)  
1. Run the `.exe` file (no admin needed).  
2. Share your **ID** and **one-time password** from the app.  

#### **macOS**  
🔗 [Download RustDesk for macOS (.dmg)](https://github.com/rustdesk/rustdesk/releases/download/1.4.1/rustdesk-1.4.1-aarch64.dmg)  
1. Open `.dmg` and drag RustDesk to `Applications`.  
2. Launch and share **ID** + **password**.  

#### **Linux (Debian/Ubuntu)**  
🔗 [Download RustDesk for Linux (.deb)](https://github.com/rustdesk/rustdesk/releases/download/1.4.1/rustdesk-1.4.1-x86_64.deb)  
```bash
sudo apt install ./rustdesk-1.4.1-x86_64.deb
rustdesk  # Launch and share credentials
```

#### **Android**  
🔗 [Google Play Store](https://play.google.com/store/apps/details?id=com.carriez.flutter_hbb)  
*(or direct APK: [Download](https://github.com/rustdesk/rustdesk/releases/download/1.4.1/rustdesk-1.4.1-aarch64.apk))*

#### **iOS**  
🔗 [App Store](https://apps.apple.com/us/app/rustdesk-remote-desktop/id6444231349)  

---

### **Post-Install Steps**  
1. **Launch RustDesk** on the target device.  
2. Share the **ID** (e.g., `123 456 789`) and **one-time password**.  
3. **Connect** from your device by entering their credentials.  

---

### **Notes**  
- No configuration needed for basic use.  
- For self-hosted servers: Set **ID/Relay Server** to your server IP in *Settings → Network*.  

**Download Page**: [rustdesk.com/download](https://rustdesk.com/download)  

--- 

Clear, concise, and platform-specific. Let me know if you'd like any adjustments!