diff --git a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.de.md b/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.de.md deleted file mode 100644 index 6695558..0000000 --- a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.de.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -title: RustDesk Servers mehrschichtiges Sicherheitsmodell -weight: 100 ---- - -Freundlicherweise aufgeschrieben von [@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot). - -## Schichten -- [RustDesk](https://github.com/rustdesk/rustdesk) Werkzeug zur Fernunterstützung -- [NPM](https://nginxproxymanager.com/) Proxy-Manager-Werkzeug -- [Docker](https://www.docker.com) Werkzeug zur Containerisierung -- Firewall Tool - -### Voraussetzungen -Bei diesem Beispiel handelt es sich um eine All-in-one-Lösung, die nur die RustDesk-Dienste hostet. Dies kann zu einer flexibleren Lösung erweitert werden, indem der NPM in eine eigene Docker Compose aufgeteilt wird. -- DMZ-Netzwerk: 192.168.1.0/24 - - NPM (extern): 192.168.1.250 -- LAN-Netzwerk: 10.0.0.0/24 -- RSBackend-Netzwerk: 192.168.254.0/29 - - NPM (intern): 192.168.254.1 - - HBBS: 192.168.254.2 - - HBBR: 192.168.254.3 -- Docker-Host: Linux - - Jede Anwendung hat einen eigenen Ordner in `/opt/`. -- Hostname: uniquehostname (dies ändern) -- DNS-Name: rustdesk.example.com - -Ändern Sie die Beispiele nach Bedarf ab. - -## Docker vorbereiten -Sie müssen Docker bereits installiert haben. Diese Anleitung geht nicht auf die Einzelheiten ein. - -Sie müssen ein Netzwerk für das RustDesk Server-Backend und die DMZ erstellen. -Für jede Anwendung, die Sie mit dem NPM (Nginx Proxy Manager) verwenden, sollten Sie ein eigenes Backend-Netzwerk haben, um sie zu isolieren. - -``` - docker network create \ - --driver=bridge \ - --subnet=192.168.254.0/29 RSBackend - - docker network create \ - --driver=ipvlan --subnet=192.168.1.0/24 \ - --gateway=192.168.1.1 \ - -o ipvlan_mode=l2 \ - -o parent=eth0 DMZ -``` - -## Firewall einrichten -Konfigurieren Sie die folgenden Portweiterleitungen/NAT-Ports von Ihrer öffentlichen IP-Adresse zum NPM-Server. -- 21114 → 8080 TCP -- 21115 → 21115 TCP -- 21116 → 21116 TCP/UDP -- 21117 → 21117 TCP -- 21118 → 21118 TCP -- 21119 → 21119 TCP -- 443 → 443 TCP # Wenn Sie SSL verwenden möchten - -## Docker Compose einrichten -Dadurch wird ein Container mit NPM und den richtigen Netzwerken gestartet. - -Kopieren Sie den folgenden Text in die Datei docker-compose.yaml. - -``` -version: '3.5' -services: - NPM: - image: jlesage/nginx-proxy-manager:latest - container_name: proxy-manager - volumes: - - /opt/proxy-manager/config:/config - restart: 'unless-stopped' - networks: - DMZ: - ipv4_address: 192.168.1.250 - RSBackend: - ipv4_address: 192.168.254.1 - - hbbs: - container_name: rustdesk_hbbs - image: rustdesk/rustdesk-server-pro:latest - command: hbbs -k _ - hostname: uniquehostname # dies ändern - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.2 - depends_on: - - hbbr - restart: unless-stopped - - hbbr: - container_name: rustdesk_hbbr - image: rustdesk/rustdesk-server-pro:latest - command: hbbr -k _ - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.3 - restart: unless-stopped - -networks: - DMZ: - external: true - RSBackend: - external: true -``` - -## NPM einrichten -Stream Hosts für die folgenden Ports konfigurieren: -- 21115 → 192.168.254.2:21115 TCP -- 21116 → 192.168.254.2:21116 TCP / UDP -- 21117 → 192.168.254.3:21117 TCP -- 21118 → 192.168.254.2:21118 TCP -- 21119 → 192.168.254.3:21119 TCP -- 80 → 127.0.0.1:8080 TCP # erfasst den lokalen Verkehr - -Proxy-Host konfigurieren: -- Domainname: rustdesk.example.com -- Schema: http -- Weiterleitung des Hostnamens / IP: 192.168.254.2 -- Weiterleitungsport: 21114 -- Verbreitete Exploits blockieren: überprüft -- Optional: SSL konfigurieren **(NICHT ERFORDERLICH - Der Client muss in der Lage sein, ohne SSL zu kommunizieren.)** - -## RustDesk Server einrichten -Verbinden Sie sich mit der Server-Schnittstelle http://rustdesk.example.com oder https://rustdesk.example.com, wenn Sie SSL für die Web-Schnittstelle konfiguriert haben. - -## RustDesk-Client einrichten -Den Client konfigurieren: -- ID-Server: rustdesk.example.com -- Relay-Server: rustdesk.example.com -- API-Server: http://rustdesk.example.com (HTTPS verwenden, wenn Sie SSL konfiguriert haben) -- Key: {Serverschlüssel hier} - -## Endergebnis -Ihre Lösung wird von außen über den Proxy-Manager erreichbar sein. Sie können Ihre RustDesk-Server von anderen Systemen isolieren. Insbesondere, wenn Sie ein geteiltes Konfigurationssystem verwenden und andere Anwendungen bzw. Sites hinter einem gemeinsamen NPM haben. diff --git a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.en.md b/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.en.md deleted file mode 100644 index 9969b63..0000000 --- a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.en.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -title: RustDesk Server Layered Security Model -weight: 100 ---- - -Kindly written up by [@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot). - -## Layers -- [RustDesk](https://github.com/rustdesk/rustdesk) Remote Support Tool -- [NPM](https://nginxproxymanager.com/) Proxy Manager Tool -- [Docker](https://www.docker.com) Containerization Tool -- Firewall Tool - -### Assumptions -This example is an All in One for hosting just RustDesk services only. This can be expanded to a more flexible solution by splitting the NPM into it's own Docker Compose. -- DMZ Network: 192.168.1.0/24 - - NPM (External): 192.168.1.250 -- LAN Network: 10.0.0.0/24 -- RSBackend Network: 192.168.254.0/29 - - NPM (Internal): 192.168.254.1 - - HBBS: 192.168.254.2 - - HBBR: 192.168.254.3 -- Docker Host: Linux - - Each application has a dedicated folder in `/opt/`. -- Hostname: uniquehostname (Change This) -- DNS Name: rustdesk.example.com - -Make modifications to the examples as needed. - -## Prepare Docker -You must have Docker already installed this guide does not go into the specifics of that. - -You will need to create a network for the RustDesk Server Backend and the DMZ. -For each application you use with the NPM (Nginx Proxy Manager) you should have a dedicated backend network to isolate it. - -``` - docker network create \ - --driver=bridge \ - --subnet=192.168.254.0/29 RSBackend - - docker network create \ - --driver=ipvlan --subnet=192.168.1.0/24 \ - --gateway=192.168.1.1 \ - -o ipvlan_mode=l2 \ - -o parent=eth0 DMZ -``` - -## Setup Firewall -Configure the following Port forwarding/NAT ports from your public IP to the NPM Server. -- 21114 => 8080 TCP -- 21115 => 21115 TCP -- 21116 => 21116 TCP/UDP -- 21117 => 21117 TCP -- 21118 => 21118 TCP -- 21119 => 21119 TCP -- 443 => 443 TCP # If you want to use SSL - -## Setup Docker Compose -This will start a container with NPM and the correct networks. - -Copy the below into docker-compose.yaml. - -``` -version: '3.5' -services: - NPM: - image: jlesage/nginx-proxy-manager:latest - container_name: proxy-manager - volumes: - - /opt/proxy-manager/config:/config - restart: 'unless-stopped' - networks: - DMZ: - ipv4_address: 192.168.1.250 - RSBackend: - ipv4_address: 192.168.254.1 - - hbbs: - container_name: rustdesk_hbbs - image: rustdesk/rustdesk-server-pro:latest - command: hbbs -k _ - hostname: uniquehostname # Change This - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.2 - depends_on: - - hbbr - restart: unless-stopped - - hbbr: - container_name: rustdesk_hbbr - image: rustdesk/rustdesk-server-pro:latest - command: hbbr -k _ - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.3 - restart: unless-stopped - -networks: - DMZ: - external: true - RSBackend: - external: true -``` - -## Setup NPM -Configure Stream Hosts for the following Ports: -- 21115 => 192.168.254.2:21115 TCP -- 21116 => 192.168.254.2:21116 TCP / UDP -- 21117 => 192.168.254.3:21117 TCP -- 21118 => 192.168.254.2:21118 TCP -- 21119 => 192.168.254.3:21119 TCP -- 80 => 127.0.0.1:8080 TCP # catches local traffic - -Configure Proxy Host: -- Domain Name: rustdesk.example.com -- Scheme: http -- Forward Hostname / IP: 192.168.254.2 -- Forward Port: 21114 -- Block Common Exploits: Checked -- Optional: Configure SSL **(DO NOT REQUIRE - Client needs to be able to communicate without SSL.)** - -## Setup RustDesk Server -Connect to Server interface http://rustdesk.example.com or https://rustdesk.example.com if you have configured SSL for web interface. - -## Setup RustDesk Client -Configure the client: -- ID Server: rustdesk.example.com -- Relay Server: rustdesk.example.com -- API Server: http://rustdesk.example.com (use HTTPS if you have configured SSL) -- Key: {Server Key Here} - -## End Result -Your solution will be accessible externally through the Proxy manager. You will have isolation of your RustDesk Servers from other systems. Especially if you use a split configuration system and have other applications / sites behind a common NPM. diff --git a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.es.md b/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.es.md deleted file mode 100644 index 50bb1ad..0000000 --- a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.es.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -title: Modelo de Seguridad por Capas del Servidor RustDesk -weight: 100 ---- - -Amablemente escrito por [@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot). - -## Capas -- [RustDesk](https://github.com/rustdesk/rustdesk) Herramienta de Soporte Remoto -- [NPM](https://nginxproxymanager.com/) Herramienta de Gestión de Proxy -- [Docker](https://www.docker.com) Herramienta de Contenedorización -- Herramienta de Firewall - -### Suposiciones -Este ejemplo es un Todo en Uno para alojar solo servicios RustDesk. Esto puede expandirse a una solución más flexible dividiendo el NPM en su propio Docker Compose. -- Red DMZ: 192.168.1.0/24 - - NPM (Externo): 192.168.1.250 -- Red LAN: 10.0.0.0/24 -- Red RSBackend: 192.168.254.0/29 - - NPM (Interno): 192.168.254.1 - - HBBS: 192.168.254.2 - - HBBR: 192.168.254.3 -- Host Docker: Linux - - Cada aplicación tiene una carpeta dedicada en `/opt/`. -- Nombre de host: uniquehostname (Cambia Esto) -- Nombre DNS: rustdesk.example.com - -Realiza modificaciones a los ejemplos según sea necesario. - -## Preparar Docker -Debes tener Docker ya instalado, esta guía no entra en los detalles específicos de eso. - -Necesitarás crear una red para el Backend del Servidor RustDesk y la DMZ. -Para cada aplicación que uses con el NPM (Nginx Proxy Manager) deberías tener una red backend dedicada para aislarla. - -``` - docker network create \ - --driver=bridge \ - --subnet=192.168.254.0/29 RSBackend - - docker network create \ - --driver=ipvlan --subnet=192.168.1.0/24 \ - --gateway=192.168.1.1 \ - -o ipvlan_mode=l2 \ - -o parent=eth0 DMZ -``` - -## Configurar Firewall -Configura los siguientes puertos de reenvío/NAT desde tu IP pública al Servidor NPM. -- 21114 => 8080 TCP -- 21115 => 21115 TCP -- 21116 => 21116 TCP/UDP -- 21117 => 21117 TCP -- 21118 => 21118 TCP -- 21119 => 21119 TCP -- 443 => 443 TCP # Si quieres usar SSL - -## Configurar Docker Compose -Esto iniciará un contenedor con NPM y las redes correctas. - -Copia lo siguiente en docker-compose.yaml. - -``` -version: '3.5' -services: - NPM: - image: jlesage/nginx-proxy-manager:latest - container_name: proxy-manager - volumes: - - /opt/proxy-manager/config:/config - restart: 'unless-stopped' - networks: - DMZ: - ipv4_address: 192.168.1.250 - RSBackend: - ipv4_address: 192.168.254.1 - - hbbs: - container_name: rustdesk_hbbs - image: rustdesk/rustdesk-server-pro:latest - command: hbbs -k _ - hostname: uniquehostname # Cambia Esto - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.2 - depends_on: - - hbbr - restart: unless-stopped - - hbbr: - container_name: rustdesk_hbbr - image: rustdesk/rustdesk-server-pro:latest - command: hbbr -k _ - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.3 - restart: unless-stopped - -networks: - DMZ: - external: true - RSBackend: - external: true -``` - -## Configurar NPM -Configura Hosts de Stream para los siguientes Puertos: -- 21115 => 192.168.254.2:21115 TCP -- 21116 => 192.168.254.2:21116 TCP / UDP -- 21117 => 192.168.254.3:21117 TCP -- 21118 => 192.168.254.2:21118 TCP -- 21119 => 192.168.254.3:21119 TCP -- 80 => 127.0.0.1:8080 TCP # captura tráfico local - -Configura Host Proxy: -- Nombre de Dominio: rustdesk.example.com -- Esquema: http -- Nombre de Host / IP de Reenvío: 192.168.254.2 -- Puerto de Reenvío: 21114 -- Bloquear Exploits Comunes: Marcado -- Opcional: Configurar SSL **(NO REQUERIR - El cliente necesita poder comunicarse sin SSL.)** - -## Configurar Servidor RustDesk -Conéctate a la interfaz del servidor http://rustdesk.example.com o https://rustdesk.example.com si has configurado SSL para la interfaz web. - -## Configurar Cliente RustDesk -Configura el cliente: -- Servidor ID: rustdesk.example.com -- Servidor Relay: rustdesk.example.com -- Servidor API: http://rustdesk.example.com (usa HTTPS si has configurado SSL) -- Clave: {Clave del Servidor Aquí} - -## Resultado Final -Tu solución será accesible externamente a través del gestor de proxy. Tendrás aislamiento de tus Servidores RustDesk de otros sistemas. Especialmente si usas un sistema de configuración dividida y tienes otras aplicaciones / sitios detrás de un NPM común. \ No newline at end of file diff --git a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.fr.md b/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.fr.md deleted file mode 100644 index d3c719b..0000000 --- a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.fr.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -title: Modèle de Sécurité à Couches du Serveur RustDesk -weight: 100 ---- - -Aimablement rédigé par [@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot). - -## Couches -- [RustDesk](https://github.com/rustdesk/rustdesk) Outil de Support à Distance -- [NPM](https://nginxproxymanager.com/) Outil de Gestion de Proxy -- [Docker](https://www.docker.com) Outil de Conteneurisation -- Outil de Pare-feu - -### Hypothèses -Cet exemple est un Tout-en-Un pour héberger uniquement les services RustDesk. Cela peut être étendu à une solution plus flexible en séparant le NPM dans son propre Docker Compose. -- Réseau DMZ : 192.168.1.0/24 - - NPM (Externe) : 192.168.1.250 -- Réseau LAN : 10.0.0.0/24 -- Réseau RSBackend : 192.168.254.0/29 - - NPM (Interne) : 192.168.254.1 - - HBBS : 192.168.254.2 - - HBBR : 192.168.254.3 -- Hôte Docker : Linux - - Chaque application a un dossier dédié dans `/opt/`. -- Nom d'hôte : uniquehostname (Changez Ceci) -- Nom DNS : rustdesk.example.com - -Apportez des modifications aux exemples selon vos besoins. - -## Préparer Docker -Vous devez avoir Docker déjà installé, ce guide n'entre pas dans les spécificités de cela. - -Vous devrez créer un réseau pour le Backend du Serveur RustDesk et la DMZ. -Pour chaque application que vous utilisez avec le NPM (Nginx Proxy Manager), vous devriez avoir un réseau backend dédié pour l'isoler. - -``` - docker network create \ - --driver=bridge \ - --subnet=192.168.254.0/29 RSBackend - - docker network create \ - --driver=ipvlan --subnet=192.168.1.0/24 \ - --gateway=192.168.1.1 \ - -o ipvlan_mode=l2 \ - -o parent=eth0 DMZ -``` - -## Configurer le Pare-feu -Configurez les ports de redirection/NAT suivants de votre IP publique vers le serveur NPM. -- 21114 => 8080 TCP -- 21115 => 21115 TCP -- 21116 => 21116 TCP/UDP -- 21117 => 21117 TCP -- 21118 => 21118 TCP -- 21119 => 21119 TCP -- 443 => 443 TCP # Si vous voulez utiliser SSL - -## Configurer Docker Compose -Cela démarrera un conteneur avec NPM et les réseaux corrects. - -Copiez le contenu ci-dessous dans docker-compose.yaml. - -``` -version: '3.5' -services: - NPM: - image: jlesage/nginx-proxy-manager:latest - container_name: proxy-manager - volumes: - - /opt/proxy-manager/config:/config - restart: 'unless-stopped' - networks: - DMZ: - ipv4_address: 192.168.1.250 - RSBackend: - ipv4_address: 192.168.254.1 - - hbbs: - container_name: rustdesk_hbbs - image: rustdesk/rustdesk-server-pro:latest - command: hbbs -k _ - hostname: uniquehostname # Changez Ceci - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.2 - depends_on: - - hbbr - restart: unless-stopped - - hbbr: - container_name: rustdesk_hbbr - image: rustdesk/rustdesk-server-pro:latest - command: hbbr -k _ - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.3 - restart: unless-stopped - -networks: - DMZ: - external: true - RSBackend: - external: true -``` - -## Configurer NPM -Configurez les Hôtes de Flux pour les Ports suivants : -- 21115 => 192.168.254.2:21115 TCP -- 21116 => 192.168.254.2:21116 TCP / UDP -- 21117 => 192.168.254.3:21117 TCP -- 21118 => 192.168.254.2:21118 TCP -- 21119 => 192.168.254.3:21119 TCP -- 80 => 127.0.0.1:8080 TCP # capture le trafic local - -Configurez l'Hôte Proxy : -- Nom de Domaine : rustdesk.example.com -- Schéma : http -- Nom d'hôte / IP de Redirection : 192.168.254.2 -- Port de Redirection : 21114 -- Bloquer les Exploits Communs : Coché -- Optionnel : Configurer SSL **(NE PAS EXIGER - Le client doit pouvoir communiquer sans SSL.)** - -## Configurer le Serveur RustDesk -Connectez-vous à l'interface serveur http://rustdesk.example.com ou https://rustdesk.example.com si vous avez configuré SSL pour l'interface web. - -## Configurer le Client RustDesk -Configurez le client : -- Serveur ID : rustdesk.example.com -- Serveur Relais : rustdesk.example.com -- Serveur API : http://rustdesk.example.com (utilisez HTTPS si vous avez configuré SSL) -- Clé : {Clé Serveur Ici} - -## Résultat Final -Votre solution sera accessible de l'extérieur par le gestionnaire de proxy. Vous aurez l'isolement de vos serveurs RustDesk des autres systèmes. Surtout si vous utilisez un système de configuration divisée et avez d'autres applications / sites derrière un NPM commun. \ No newline at end of file diff --git a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.it.md b/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.it.md deleted file mode 100644 index 7f46345..0000000 --- a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.it.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -title: Modello di Sicurezza a Livelli del Server RustDesk -weight: 100 ---- - -Gentilmente scritto da [@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot). - -## Livelli -- [RustDesk](https://github.com/rustdesk/rustdesk) Strumento di Supporto Remoto -- [NPM](https://nginxproxymanager.com/) Strumento di Gestione Proxy -- [Docker](https://www.docker.com) Strumento di Containerizzazione -- Strumento Firewall - -### Assunzioni -Questo esempio è un Tutto-in-Uno per ospitare solo servizi RustDesk. Questo può essere espanso a una soluzione più flessibile dividendo l'NPM nel proprio Docker Compose. -- Rete DMZ: 192.168.1.0/24 - - NPM (Esterno): 192.168.1.250 -- Rete LAN: 10.0.0.0/24 -- Rete RSBackend: 192.168.254.0/29 - - NPM (Interno): 192.168.254.1 - - HBBS: 192.168.254.2 - - HBBR: 192.168.254.3 -- Host Docker: Linux - - Ogni applicazione ha una cartella dedicata in `/opt/`. -- Nome host: uniquehostname (Cambia Questo) -- Nome DNS: rustdesk.example.com - -Apporta modifiche agli esempi secondo necessità. - -## Preparare Docker -Devi avere Docker già installato, questa guida non entra nei dettagli specifici di questo. - -Dovrai creare una rete per il Backend del Server RustDesk e la DMZ. -Per ogni applicazione che usi con l'NPM (Nginx Proxy Manager) dovresti avere una rete backend dedicata per isolarla. - -``` - docker network create \ - --driver=bridge \ - --subnet=192.168.254.0/29 RSBackend - - docker network create \ - --driver=ipvlan --subnet=192.168.1.0/24 \ - --gateway=192.168.1.1 \ - -o ipvlan_mode=l2 \ - -o parent=eth0 DMZ -``` - -## Configurare Firewall -Configura i seguenti inoltri porta/NAT porte dal tuo IP pubblico al Server NPM. -- 21114 => 8080 TCP -- 21115 => 21115 TCP -- 21116 => 21116 TCP/UDP -- 21117 => 21117 TCP -- 21118 => 21118 TCP -- 21119 => 21119 TCP -- 443 => 443 TCP # Se vuoi usare SSL - -## Configurare Docker Compose -Questo avvierà un container con NPM e le reti corrette. - -Copia quanto segue in docker-compose.yaml. - -``` -version: '3.5' -services: - NPM: - image: jlesage/nginx-proxy-manager:latest - container_name: proxy-manager - volumes: - - /opt/proxy-manager/config:/config - restart: 'unless-stopped' - networks: - DMZ: - ipv4_address: 192.168.1.250 - RSBackend: - ipv4_address: 192.168.254.1 - - hbbs: - container_name: rustdesk_hbbs - image: rustdesk/rustdesk-server-pro:latest - command: hbbs -k _ - hostname: uniquehostname # Cambia Questo - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.2 - depends_on: - - hbbr - restart: unless-stopped - - hbbr: - container_name: rustdesk_hbbr - image: rustdesk/rustdesk-server-pro:latest - command: hbbr -k _ - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.3 - restart: unless-stopped - -networks: - DMZ: - external: true - RSBackend: - external: true -``` - -## Configurare NPM -Configura Host Stream per le seguenti Porte: -- 21115 => 192.168.254.2:21115 TCP -- 21116 => 192.168.254.2:21116 TCP / UDP -- 21117 => 192.168.254.3:21117 TCP -- 21118 => 192.168.254.2:21118 TCP -- 21119 => 192.168.254.3:21119 TCP -- 80 => 127.0.0.1:8080 TCP # cattura traffico locale - -Configura Host Proxy: -- Nome Dominio: rustdesk.example.com -- Schema: http -- Nome Host / IP di Inoltro: 192.168.254.2 -- Porta di Inoltro: 21114 -- Blocca Exploit Comuni: Spuntato -- Opzionale: Configura SSL **(NON RICHIEDERE - Il client deve essere in grado di comunicare senza SSL.)** - -## Configurare Server RustDesk -Collegati all'interfaccia server http://rustdesk.example.com o https://rustdesk.example.com se hai configurato SSL per l'interfaccia web. - -## Configurare Client RustDesk -Configura il client: -- Server ID: rustdesk.example.com -- Server Relay: rustdesk.example.com -- Server API: http://rustdesk.example.com (usa HTTPS se hai configurato SSL) -- Chiave: {Chiave Server Qui} - -## Risultato Finale -La tua soluzione sarà accessibile esternamente attraverso il gestory proxy. Avrai l'isolamento dei tuoi Server RustDesk da altri sistemi. Specialmente se usi un sistema di configurazione divisa e hai altre applicazioni / siti dietro un NPM comune. \ No newline at end of file diff --git a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.ja.md b/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.ja.md deleted file mode 100644 index 4c9114e..0000000 --- a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.ja.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -title: RustDeskサーバー層化セキュリティモデル -weight: 100 ---- - -[@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot)によって親切に作成されました。 - -## レイヤー -- [RustDesk](https://github.com/rustdesk/rustdesk) リモートサポートツール -- [NPM](https://nginxproxymanager.com/) プロキシ管理ツール -- [Docker](https://www.docker.com) コンテナ化ツール -- ファイアウォールツール - -### 前提 -この例はRustDeskサービスのみをホストするためのオールインワンです。NPMを独自のDocker Composeに分割することで、より柔軟なソリューションに拡張できます。 -- DMZネットワーク: 192.168.1.0/24 - - NPM(外部): 192.168.1.250 -- LANネットワーク: 10.0.0.0/24 -- RSBackendネットワーク: 192.168.254.0/29 - - NPM(内部): 192.168.254.1 - - HBBS: 192.168.254.2 - - HBBR: 192.168.254.3 -- Dockerホスト: Linux - - 各アプリケーションは`/opt/`に専用フォルダーを持っています。 -- ホスト名: uniquehostname(これを変更してください) -- DNS名: rustdesk.example.com - -必要に応じて例を修正してください。 - -## Dockerの準備 -Dockerが既にインストールされている必要があります。このガイドではその詳細には触れません。 - -RustDeskサーバーバックエンドとDMZ用のネットワークを作成する必要があります。 -NPM(Nginx Proxy Manager)と使用する各アプリケーションには、それを分離するための専用バックエンドネットワークが必要です。 - -``` - docker network create \ - --driver=bridge \ - --subnet=192.168.254.0/29 RSBackend - - docker network create \ - --driver=ipvlan --subnet=192.168.1.0/24 \ - --gateway=192.168.1.1 \ - -o ipvlan_mode=l2 \ - -o parent=eth0 DMZ -``` - -## ファイアウォールの設定 -パブリックIPからNPMサーバーへの次のポート転送/NATポートを設定してください。 -- 21114 => 8080 TCP -- 21115 => 21115 TCP -- 21116 => 21116 TCP/UDP -- 21117 => 21117 TCP -- 21118 => 21118 TCP -- 21119 => 21119 TCP -- 443 => 443 TCP # SSLを使用したい場合 - -## Docker Composeの設定 -これはNPMと正しいネットワークでコンテナを開始します。 - -以下をdocker-compose.yamlにコピーしてください。 - -``` -version: '3.5' -services: - NPM: - image: jlesage/nginx-proxy-manager:latest - container_name: proxy-manager - volumes: - - /opt/proxy-manager/config:/config - restart: 'unless-stopped' - networks: - DMZ: - ipv4_address: 192.168.1.250 - RSBackend: - ipv4_address: 192.168.254.1 - - hbbs: - container_name: rustdesk_hbbs - image: rustdesk/rustdesk-server-pro:latest - command: hbbs -k _ - hostname: uniquehostname # これを変更してください - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.2 - depends_on: - - hbbr - restart: unless-stopped - - hbbr: - container_name: rustdesk_hbbr - image: rustdesk/rustdesk-server-pro:latest - command: hbbr -k _ - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.3 - restart: unless-stopped - -networks: - DMZ: - external: true - RSBackend: - external: true -``` - -## NPMの設定 -次のポートのストリームホストを設定してください: -- 21115 => 192.168.254.2:21115 TCP -- 21116 => 192.168.254.2:21116 TCP / UDP -- 21117 => 192.168.254.3:21117 TCP -- 21118 => 192.168.254.2:21118 TCP -- 21119 => 192.168.254.3:21119 TCP -- 80 => 127.0.0.1:8080 TCP # ローカルトラフィックをキャッチ - -プロキシホストを設定してください: -- ドメイン名: rustdesk.example.com -- スキーム: http -- 転送ホスト名 / IP: 192.168.254.2 -- 転送ポート: 21114 -- 一般的な攻撃をブロック: チェック済み -- オプション: SSLを設定 **(必須にしないでください - クライアントはSSLなしで通信できる必要があります。)** - -## RustDeskサーバーの設定 -サーバーインターフェース http://rustdesk.example.com または https://rustdesk.example.com(Webインターフェース用にSSLを設定した場合)に接続してください。 - -## RustDeskクライアントの設定 -クライアントを設定してください: -- IDサーバー: rustdesk.example.com -- リレーサーバー: rustdesk.example.com -- APIサーバー: http://rustdesk.example.com(SSLを設定した場合はHTTPSを使用) -- キー: {サーバーキーをここに} - -## 最終結果 -あなたのソリューションはプロキシマネージャーを通じて外部からアクセス可能になります。RustDeskサーバーを他のシステムから分離できます。特に分離設定システムを使用し、共通のNPMの背後に他のアプリケーション/サイトがある場合に特に有効です。 \ No newline at end of file diff --git a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.pt.md b/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.pt.md deleted file mode 100644 index ec1a070..0000000 --- a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.pt.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -title: Modelo de Segurança em Camadas do Servidor RustDesk -weight: 100 ---- - -Gentilmente escrito por [@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot). - -## Camadas -- [RustDesk](https://github.com/rustdesk/rustdesk) Ferramenta de Suporte Remoto -- [NPM](https://nginxproxymanager.com/) Ferramenta de Gerenciamento de Proxy -- [Docker](https://www.docker.com) Ferramenta de Containerização -- Ferramenta de Firewall - -### Suposições -Este exemplo é um Tudo-em-Um para hospedar apenas serviços RustDesk. Isso pode ser expandido para uma solução mais flexível dividindo o NPM em seu próprio Docker Compose. -- Rede DMZ: 192.168.1.0/24 - - NPM (Externo): 192.168.1.250 -- Rede LAN: 10.0.0.0/24 -- Rede RSBackend: 192.168.254.0/29 - - NPM (Interno): 192.168.254.1 - - HBBS: 192.168.254.2 - - HBBR: 192.168.254.3 -- Host Docker: Linux - - Cada aplicação tem uma pasta dedicada em `/opt/`. -- Nome do host: uniquehostname (Altere Isso) -- Nome DNS: rustdesk.example.com - -Faça modificações nos exemplos conforme necessário. - -## Preparar Docker -Você deve ter o Docker já instalado, este guia não entra nos detalhes específicos disso. - -Você precisará criar uma rede para o Backend do Servidor RustDesk e a DMZ. -Para cada aplicação que você usa com o NPM (Nginx Proxy Manager), você deve ter uma rede backend dedicada para isolá-la. - -``` - docker network create \ - --driver=bridge \ - --subnet=192.168.254.0/29 RSBackend - - docker network create \ - --driver=ipvlan --subnet=192.168.1.0/24 \ - --gateway=192.168.1.1 \ - -o ipvlan_mode=l2 \ - -o parent=eth0 DMZ -``` - -## Configurar Firewall -Configure os seguintes redirecionamentos de porta/NAT do seu IP público para o Servidor NPM. -- 21114 => 8080 TCP -- 21115 => 21115 TCP -- 21116 => 21116 TCP/UDP -- 21117 => 21117 TCP -- 21118 => 21118 TCP -- 21119 => 21119 TCP -- 443 => 443 TCP # Se você quiser usar SSL - -## Configurar Docker Compose -Isso iniciará um container com NPM e as redes corretas. - -Copie o seguinte para docker-compose.yaml. - -``` -version: '3.5' -services: - NPM: - image: jlesage/nginx-proxy-manager:latest - container_name: proxy-manager - volumes: - - /opt/proxy-manager/config:/config - restart: 'unless-stopped' - networks: - DMZ: - ipv4_address: 192.168.1.250 - RSBackend: - ipv4_address: 192.168.254.1 - - hbbs: - container_name: rustdesk_hbbs - image: rustdesk/rustdesk-server-pro:latest - command: hbbs -k _ - hostname: uniquehostname # Altere Isso - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.2 - depends_on: - - hbbr - restart: unless-stopped - - hbbr: - container_name: rustdesk_hbbr - image: rustdesk/rustdesk-server-pro:latest - command: hbbr -k _ - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.3 - restart: unless-stopped - -networks: - DMZ: - external: true - RSBackend: - external: true -``` - -## Configurar NPM -Configure Hosts de Stream para as seguintes Portas: -- 21115 => 192.168.254.2:21115 TCP -- 21116 => 192.168.254.2:21116 TCP / UDP -- 21117 => 192.168.254.3:21117 TCP -- 21118 => 192.168.254.2:21118 TCP -- 21119 => 192.168.254.3:21119 TCP -- 80 => 127.0.0.1:8080 TCP # captura tráfego local - -Configure Host Proxy: -- Nome de Domínio: rustdesk.example.com -- Esquema: http -- Nome do Host / IP de Encaminhamento: 192.168.254.2 -- Porta de Encaminhamento: 21114 -- Bloquear Exploits Comuns: Marcado -- Opcional: Configurar SSL **(NÃO EXIGIR - O cliente precisa conseguir se comunicar sem SSL.)** - -## Configurar Servidor RustDesk -Conecte-se à interface do servidor http://rustdesk.example.com ou https://rustdesk.example.com se você configurou SSL para a interface web. - -## Configurar Cliente RustDesk -Configure o cliente: -- Servidor ID: rustdesk.example.com -- Servidor Relay: rustdesk.example.com -- Servidor API: http://rustdesk.example.com (use HTTPS se você configurou SSL) -- Chave: {Chave do Servidor Aqui} - -## Resultado Final -Sua solução será acessível externamente através do gerenciador de proxy. Você terá isolamento de seus Servidores RustDesk de outros sistemas. Especialmente se você usar um sistema de configuração dividida e tiver outras aplicações / sites atrás de um NPM comum. \ No newline at end of file diff --git a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.zh-cn.md b/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.zh-cn.md deleted file mode 100644 index a7447cf..0000000 --- a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.zh-cn.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -title: RustDesk 服务器分层安全模型 -weight: 100 ---- - -由 [@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot) 精心编写。 - -## 层级 -- [RustDesk](https://github.com/rustdesk/rustdesk) 远程支持工具 -- [NPM](https://nginxproxymanager.com/) 代理管理工具 -- [Docker](https://www.docker.com) 容器化工具 -- 防火墙工具 - -### 假设 -这个示例是一个仅用于托管 RustDesk 服务的一体化解决方案。可以通过将 NPM 拆分为独立的 Docker Compose 来扩展为更灵活的解决方案。 -- DMZ 网络:192.168.1.0/24 - - NPM(外部):192.168.1.250 -- LAN 网络:10.0.0.0/24 -- RSBackend 网络:192.168.254.0/29 - - NPM(内部):192.168.254.1 - - HBBS:192.168.254.2 - - HBBR:192.168.254.3 -- Docker 主机:Linux - - 每个应用程序在 `/opt/` 中都有一个专用文件夹。 -- 主机名:uniquehostname(请更改此值) -- DNS 名称:rustdesk.example.com - -请根据需要修改示例。 - -## 准备 Docker -您必须已安装 Docker,本指南不涉及具体安装细节。 - -您需要为 RustDesk 服务器后端和 DMZ 创建一个网络。 -对于与 NPM(Nginx 代理管理器)一起使用的每个应用程序,您应该拥有一个专用的后端网络来隔离它。 - -``` - docker network create \ - --driver=bridge \ - --subnet=192.168.254.0/29 RSBackend - - docker network create \ - --driver=ipvlan --subnet=192.168.1.0/24 \ - --gateway=192.168.1.1 \ - -o ipvlan_mode=l2 \ - -o parent=eth0 DMZ -``` - -## 设置防火墙 -配置以下端口转发/NAT 端口,从您的公共 IP 到 NPM 服务器。 -- 21114 => 8080 TCP -- 21115 => 21115 TCP -- 21116 => 21116 TCP/UDP -- 21117 => 21117 TCP -- 21118 => 21118 TCP -- 21119 => 21119 TCP -- 443 => 443 TCP # 如果您想使用 SSL - -## 设置 Docker Compose -这将启动一个包含 NPM 和正确网络的容器。 - -将以下内容复制到 docker-compose.yaml 中。 - -``` -version: '3.5' -services: - NPM: - image: jlesage/nginx-proxy-manager:latest - container_name: proxy-manager - volumes: - - /opt/proxy-manager/config:/config - restart: 'unless-stopped' - networks: - DMZ: - ipv4_address: 192.168.1.250 - RSBackend: - ipv4_address: 192.168.254.1 - - hbbs: - container_name: rustdesk_hbbs - image: rustdesk/rustdesk-server-pro:latest - command: hbbs -k _ - hostname: uniquehostname # 请更改此值 - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.2 - depends_on: - - hbbr - restart: unless-stopped - - hbbr: - container_name: rustdesk_hbbr - image: rustdesk/rustdesk-server-pro:latest - command: hbbr -k _ - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.3 - restart: unless-stopped - -networks: - DMZ: - external: true - RSBackend: - external: true -``` - -## 设置 NPM -为以下端口配置流主机: -- 21115 => 192.168.254.2:21115 TCP -- 21116 => 192.168.254.2:21116 TCP / UDP -- 21117 => 192.168.254.3:21117 TCP -- 21118 => 192.168.254.2:21118 TCP -- 21119 => 192.168.254.3:21119 TCP -- 80 => 127.0.0.1:8080 TCP # 捕获本地流量 - -配置代理主机: -- 域名:rustdesk.example.com -- 方案:http -- 转发主机名 / IP:192.168.254.2 -- 转发端口:21114 -- 阻止常见漏洞:已勾选 -- 可选:配置 SSL **(不要强制 - 客户端需要能够在不使用 SSL 的情况下通信。)** - -## 设置 RustDesk 服务器 -连接到服务器界面 http://rustdesk.example.com 或 https://rustdesk.example.com(如果您已为 Web 界面配置了 SSL)。 - -## 设置 RustDesk 客户端 -配置客户端: -- ID 服务器:rustdesk.example.com -- 中继服务器:rustdesk.example.com -- API 服务器:http://rustdesk.example.com(如果您已配置 SSL,请使用 HTTPS) -- 密钥:{服务器密钥在此处} - -## 最终结果 -您的解决方案将可通过代理管理器在外部访问。您将实现 RustDesk 服务器与其他系统的隔离。特别是如果您使用分离配置系统并在公共 NPM 后面有其他应用程序/站点。 \ No newline at end of file diff --git a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.zh-tw.md b/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.zh-tw.md deleted file mode 100644 index eab6d43..0000000 --- a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.zh-tw.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -title: RustDesk 伺服器分層安全模型 -weight: 100 ---- - -由 [@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot) 精心編寫。 - -## 層級 -- [RustDesk](https://github.com/rustdesk/rustdesk) 遠端支援工具 -- [NPM](https://nginxproxymanager.com/) 代理管理工具 -- [Docker](https://www.docker.com) 容器化工具 -- 防火牆工具 - -### 假設 -這個範例是一個僅用於代管 RustDesk 服務的一體化解決方案。可以通過將 NPM 拆分為獨立的 Docker Compose 來擴展為更靈活的解決方案。 -- DMZ 網路:192.168.1.0/24 - - NPM(外部):192.168.1.250 -- LAN 網路:10.0.0.0/24 -- RSBackend 網路:192.168.254.0/29 - - NPM(內部):192.168.254.1 - - HBBS:192.168.254.2 - - HBBR:192.168.254.3 -- Docker 主機:Linux - - 每個應用程式在 `/opt/` 中都有一個專用資料夾。 -- 主機名:uniquehostname(請更改此值) -- DNS 名稱:rustdesk.example.com - -請根據需要修改範例。 - -## 準備 Docker -您必須已安裝 Docker,本指南不涉及具體安裝細節。 - -您需要為 RustDesk 伺服器後端和 DMZ 建立一個網路。 -對於與 NPM(Nginx 代理管理器)一起使用的每個應用程式,您應該擁有一個專用的後端網路來隔離它。 - -``` - docker network create \ - --driver=bridge \ - --subnet=192.168.254.0/29 RSBackend - - docker network create \ - --driver=ipvlan --subnet=192.168.1.0/24 \ - --gateway=192.168.1.1 \ - -o ipvlan_mode=l2 \ - -o parent=eth0 DMZ -``` - -## 設置防火牆 -配置以下連接埠轉發/NAT 連接埠,從您的公共 IP 到 NPM 伺服器。 -- 21114 => 8080 TCP -- 21115 => 21115 TCP -- 21116 => 21116 TCP/UDP -- 21117 => 21117 TCP -- 21118 => 21118 TCP -- 21119 => 21119 TCP -- 443 => 443 TCP # 如果您想使用 SSL - -## 設置 Docker Compose -這將啟動一個包含 NPM 和正確網路的容器。 - -將以下內容複製到 docker-compose.yaml 中。 - -``` -version: '3.5' -services: - NPM: - image: jlesage/nginx-proxy-manager:latest - container_name: proxy-manager - volumes: - - /opt/proxy-manager/config:/config - restart: 'unless-stopped' - networks: - DMZ: - ipv4_address: 192.168.1.250 - RSBackend: - ipv4_address: 192.168.254.1 - - hbbs: - container_name: rustdesk_hbbs - image: rustdesk/rustdesk-server-pro:latest - command: hbbs -k _ - hostname: uniquehostname # 請更改此值 - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.2 - depends_on: - - hbbr - restart: unless-stopped - - hbbr: - container_name: rustdesk_hbbr - image: rustdesk/rustdesk-server-pro:latest - command: hbbr -k _ - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.3 - restart: unless-stopped - -networks: - DMZ: - external: true - RSBackend: - external: true -``` - -## 設置 NPM -為以下連接埠配置串流主機: -- 21115 => 192.168.254.2:21115 TCP -- 21116 => 192.168.254.2:21116 TCP / UDP -- 21117 => 192.168.254.3:21117 TCP -- 21118 => 192.168.254.2:21118 TCP -- 21119 => 192.168.254.3:21119 TCP -- 80 => 127.0.0.1:8080 TCP # 捕獲本地流量 - -配置代理主機: -- 域名:rustdesk.example.com -- 方案:http -- 轉發主機名 / IP:192.168.254.2 -- 轉發連接埠:21114 -- 阻止常見漏洞:已勾選 -- 可選:配置 SSL **(不要強制 - 客戶端需要能夠在不使用 SSL 的情況下通信。)** - -## 設置 RustDesk 伺服器 -連接到伺服器界面 http://rustdesk.example.com 或 https://rustdesk.example.com(如果您已為 Web 界面配置了 SSL)。 - -## 設置 RustDesk 客戶端 -配置客戶端: -- ID 伺服器:rustdesk.example.com -- 中繼伺服器:rustdesk.example.com -- API 伺服器:http://rustdesk.example.com(如果您已配置 SSL,請使用 HTTPS) -- 密鑰:{伺服器密鑰在此處} - -## 最終結果 -您的解決方案將可通過代理管理器在外部訪問。您將實現 RustDesk 伺服器與其他系統的隔離。特別是如果您使用分離配置系統並在公共 NPM 後面有其他應用程式/站點。 \ No newline at end of file diff --git a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/index.pt.md b/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/index.pt.md deleted file mode 100644 index 3f065a7..0000000 --- a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/index.pt.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -title: Modelo de Segurança em Camadas do Servidor RustDesk -weight: 100 ---- - -Gentilmente escrito por [@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot). - -## Camadas -- [RustDesk](https://github.com/rustdesk/rustdesk) Ferramenta de Suporte Remoto -- [NPM](https://nginxproxymanager.com/) Ferramenta de Gerenciamento de Proxy -- [Docker](https://www.docker.com) Ferramenta de Container -- Ferramenta de Firewall - -### Pressupostos -Este exemplo é um "Tudo em Um" para hospedar apenas serviços RustDesk. Ele pode ser expandido para uma solução mais flexível dividindo o NPM em seu próprio Docker Compose. -- DMZ Network: 192.168.1.0/24 - - NPM (Externo): 192.168.1.250 -- LAN Network: 10.0.0.0/24 -- RSBackend Network: 192.168.254.0/29 - - NPM (Interno): 192.168.254.1 - - HBBS: 192.168.254.2 - - HBBR: 192.168.254.3 -- Docker Host: Linux - - Cada aplicativo tem uma pasta dedicada em `/opt/`. -- Nome do Host: uniquehostname (Mude Isso) -- Nome DNS: rustdesk.example.com - -Faça modificações nos exemplos conforme necessário. - -## Preparar o Docker -Você deve ter o Docker já instalado, este guia não entra nos detalhes específicos disso. - -Você precisará criar uma rede para o Backend do Servidor RustDesk e a DMZ. -Para cada aplicação que você usar com o NPM (Nginx Proxy Manager), você deve ter uma rede de backend dedicada para isolá-la. - -``` - docker network create \ - --driver=bridge \ - --subnet=192.168.254.0/29 RSBackend - - docker network create \ - --driver=ipvlan --subnet=192.168.1.0/24 \ - --gateway=192.168.1.1 \ - -o ipvlan_mode=l2 \ - -o parent=eth0 DMZ -``` - -## Configurar o Firewall -Configure o encaminhamento de portas/NAT a seguir do seu IP público para o Servidor NPM. -- 21114 => 8080 TCP -- 21115 => 21115 TCP -- 21116 => 21116 TCP/UDP -- 21117 => 21117 TCP -- 21118 => 21118 TCP -- 21119 => 21119 TCP -- 443 => 443 TCP # Se você quiser usar SSL - -## Configurar o Docker Compose -Isso iniciará um contêiner com NPM e as redes corretas. - -Copie o código abaixo para docker-compose.yaml. - -``` -version: '3.5' -services: - NPM: - image: jlesage/nginx-proxy-manager:latest - container_name: proxy-manager - volumes: - - /opt/proxy-manager/config:/config - restart: 'unless-stopped' - networks: - DMZ: - ipv4_address: 192.168.1.250 - RSBackend: - ipv4_address: 192.168.254.1 - - hbbs: - container_name: rustdesk_hbbs - image: rustdesk/rustdesk-server-pro:latest - command: hbbs -k _ - hostname: uniquehostname # Change This - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.2 - depends_on: - - hbbr - restart: unless-stopped - - hbbr: - container_name: rustdesk_hbbr - image: rustdesk/rustdesk-server-pro:latest - command: hbbr -k _ - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.3 - restart: unless-stopped - -networks: - DMZ: - external: true - RSBackend: - external: true -``` - -## Setup NPM -Configure os Stream Hosts para as seguintes Portas: -- 21115 => 192.168.254.2:21115 TCP -- 21116 => 192.168.254.2:21116 TCP / UDP -- 21117 => 192.168.254.3:21117 TCP -- 21118 => 192.168.254.2:21118 TCP -- 21119 => 192.168.254.3:21119 TCP -- 80 => 127.0.0.1:8080 TCP # captura o tráfego local - -Configure o Proxy Host: -- Nome de Domínio: rustdesk.example.com -- Esquema: http -- Encaminhar Nome do Host / IP: 192.168.254.2 -- Porta de Encaminhamento: 21114 -- Bloquear Explorações Comuns: Marcado -- Opcional: Configurar SSL **(NÃO EXIGIR - O cliente precisa ser capaz de se comunicar sem SSL.)** - -## Configurar o Servidor RustDesk -Conecte-se à interface do servidor http://rustdesk.example.com ou https://rustdesk.example.com se você configurou SSL para a interface web. - -## Configurar o Cliente RustDesk -Configure o cliente: -- Servidor de ID: rustdesk.example.com -- Servidor de Relay: rustdesk.example.com -- Servidor de API: http://rustdesk.example.com (use HTTPS if you have configured SSL) -- Key: {Chave do Servidor Aqui} - -## Resultado Final -Sua solução estará acessível externamente através do Proxy Manager. Você terá isolamento de seus Servidores RustDesk de outros sistemas. Especialmente se você usar um sistema de configuração dividida e tiver outras aplicações / sites atrás de um NPM comum.