medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
the_information_nexus/tech_docs/RustDesk.md
medusa 71cc9cc809 Update tech_docs/RustDesk.md
2025-08-03 12:37:28 -05:00

6.8 KiB
Raw Permalink Blame History

Proper RustDesk Self-Hosted Deployment Guide

This guide ensures a proper, secure, and production-ready RustDesk deployment using Docker. It includes best practices for security, performance, and reliability.

1. Prerequisites

Server Requirements

  • OS: Ubuntu 22.04/24.04 (recommended) or Debian 12
  • CPU: 2+ cores
  • RAM: 4GB+
  • Storage: 20GB+ (SSD preferred)
  • Network: Public IPv4 address (IPv6 optional)
  • Ports:
    • TCP: 21115, 21116, 21117, 21118, 21119
    • UDP: 21116 (for NAT traversal)

Software Requirements

  • Docker (latest stable)
  • Docker Compose (v2+)
  • UFW (firewall) (recommended)

2. Server Setup

1. Create a Dedicated User (Security Best Practice)

sudo adduser --disabled-password --gecos "" rustdesk
sudo usermod -aG sudo rustdesk
sudo mkdir -p /home/rustdesk/.ssh
sudo cp ~/.ssh/authorized_keys /home/rustdesk/.ssh/
sudo chown -R rustdesk:rustdesk /home/rustdesk/.ssh
sudo chmod 700 /home/rustdesk/.ssh
sudo chmod 600 /home/rustkdesk/.ssh/authorized_keys
echo "rustdesk ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/rustdesk
sudo chmod 440 /etc/sudoers.d/rustdesk

2. Install Docker & Docker Compose

# Install Docker
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker rustdesk

# Install Docker Compose
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

3. Configure Firewall (UFW)

sudo apt install ufw -y
sudo ufw allow ssh
sudo ufw allow 21115/tcp    # NAT type test
sudo ufw allow 21116/tcp    # ID server (TCP)
sudo ufw allow 21116/udp    # ID server (UDP, critical for NAT traversal)
sudo ufw allow 21117/tcp    # Relay server
sudo ufw allow 21118/tcp    # Web client (optional)
sudo ufw allow 21119/tcp    # Web client (optional)
sudo ufw enable

3. Deploy RustDesk with Docker Compose

1. Create Project Directory

sudo mkdir -p /opt/rustdesk && cd /opt/rustdesk

2. Create docker-compose.yml

version: '3.8'

services:
  hbbs:
    container_name: hbbs
    image: rustdesk/rustdesk-server:latest
    command: hbbs -r your_server_ip:21117  # Replace with your public IP
    volumes:
      - ./data:/root
    network_mode: host
    restart: unless-stopped
    environment:
      - RELAY_SERVERS=your_server_ip:21117
      - ENCRYPTED_ONLY=Y  # Force encrypted connections (security)
  
  hbbr:
    container_name: hbbr
    image: rustdesk/rustdesk-server:latest
    command: hbbr
    volumes:
      - ./data:/root
    network_mode: host
    restart: unless-stopped

3. Start RustDesk Services

sudo docker-compose up -d

4. Verify Deployment

sudo docker ps  # Should show hbbs & hbbr running
sudo docker logs hbbs  # Check for errors

4. Post-Installation Steps

1. Retrieve the Public Key (Required for Clients)

cat /opt/rustdesk/data/id_ed25519.pub

Save this key—it must be entered in every RustDesk client for secure connections.

2. Enable Auto-Updates (Optional but Recommended)

sudo crontab -e

Add:

0 3 * * * cd /opt/rustdesk && docker-compose pull && docker-compose up -d --force-recreate

This updates RustDesk nightly.

5. Client Configuration

1. Download RustDesk Client

2. Configure Client Settings

  1. Open RustDesk → Settings (⚙️) → Network
  2. Unlock advanced settings (if prompted)
  3. Configure:
    • ID Server: your_server_ip
    • Relay Server: your_server_ip
    • Key: Paste id_ed25519.pub from earlier
  4. Save & Restart RustDesk

6. Security Hardening (Optional but Recommended)

1. Enable Fail2Ban (Prevent Brute Force Attacks)

sudo apt install fail2ban -y
sudo systemctl enable --now fail2ban

2. Disable Web Console (If Not Needed)

  • Remove 21118 and 21119 from ufw if you dont use the web client.

3. Use a Reverse Proxy (HTTPS for Web Client)

If using the web client, set up Nginx + Lets Encrypt for HTTPS.

7. Troubleshooting

Issue Solution
Clients can't connect Check ufw status, verify ports are open
High latency Ensure RELAY_SERVERS is set correctly
"Unencrypted connection" warning Set ENCRYPTED_ONLY=Y in docker-compose.yml
hbbs/hbbr crashes Check logs (docker logs hbbs)

Conclusion

This guide ensures a proper, secure, and production-ready RustDesk deployment with: Dedicated non-root user
Firewall hardening
Encrypted-only connections (optional)
Auto-updates
Fail2Ban protection (optional)

For large-scale deployments, consider multiple relay servers for better performance.

Enjoy your self-hosted RustDesk! 🚀

Heres a clean, OS-specific deployment guide with direct download links:

RustDesk Client Installation

One-click downloads for all platforms:

Windows

🔗 Download RustDesk for Windows (.exe)

  1. Run the .exe file (no admin needed).
  2. Share your ID and one-time password from the app.

macOS

🔗 Download RustDesk for macOS (.dmg)

  1. Open .dmg and drag RustDesk to Applications.
  2. Launch and share ID + password.

Linux (Debian/Ubuntu)

🔗 Download RustDesk for Linux (.deb)

sudo apt install ./rustdesk-1.4.1-x86_64.deb
rustdesk  # Launch and share credentials

Android

🔗 Google Play Store
(or direct APK: Download)

iOS

🔗 App Store

Post-Install Steps

  1. Launch RustDesk on the target device.
  2. Share the ID (e.g., 123 456 789) and one-time password.
  3. Connect from your device by entering their credentials.

Notes

  • No configuration needed for basic use.
  • For self-hosted servers: Set ID/Relay Server to your server IP in Settings → Network.

Download Page: rustdesk.com/download

Clear, concise, and platform-specific. Let me know if you'd like any adjustments!