From 788f77182840231a880141c9d2209c5d5af94a66 Mon Sep 17 00:00:00 2001 From: rustdesk Date: Mon, 16 Jun 2025 19:34:44 +0900 Subject: [PATCH] fix faq --- .../rustdesk-server-pro/faq/_index.es.md | 225 +++++++++++++++- .../rustdesk-server-pro/faq/_index.it.md | 251 +++++++++++++++++- .../rustdesk-server-pro/faq/_index.ja.md | 251 +++++++++++++++++- .../rustdesk-server-pro/faq/_index.pt.md | 250 ++++++++++++++++- 4 files changed, 968 insertions(+), 9 deletions(-) diff --git a/content/self-host/rustdesk-server-pro/faq/_index.es.md b/content/self-host/rustdesk-server-pro/faq/_index.es.md index 4473370..ba8bd65 100644 --- a/content/self-host/rustdesk-server-pro/faq/_index.es.md +++ b/content/self-host/rustdesk-server-pro/faq/_index.es.md @@ -171,23 +171,66 @@ https://github.com/rustdesk/rustdesk/discussions/6576 - El panel de control de tu registrador de dominios (recomendado) - [Proveedores DNS](https://en.wikipedia.org/wiki/List_of_managed_DNS_providers) +Por ejemplo, si compras un nombre de dominio `example.com` de `Namesilo` y la dirección IP de tu servidor es `123.123.123.123`, quieres usar el subdominio `rustdesk.example.com` como tu dirección de consola web HTTPS. Necesitas abrir [link](https://www.namesilo.com/account_domains.php), hacer clic en el botón con información sobre herramientas `Manage dns for the domain`, agregar un registro `A` con el nombre de host `rustdesk` y la dirección IP de tu servidor. +![](/docs/en/self-host/rustdesk-server-pro/faq/images/namesilo-dns-button.png) +![](/docs/en/self-host/rustdesk-server-pro/faq/images/namesilo-add-a-record.png) +![](/docs/en/self-host/rustdesk-server-pro/faq/images/namesilo-dns-table.png) +* Toma algún tiempo para que el DNS surta efecto, https://www.whatsmydns.net y verifica si el nombre de dominio se ha resuelto a la dirección IP de tu servidor. El paso 6 depende del resultado correcto de resolución. En los siguientes pasos, reemplaza `` con tu subdominio, ej. `rustdesk.example.com`. + ### 2. Instalar Nginx * Debian/Ubuntu: `sudo apt-get install nginx` * Fedora/CentOS: `sudo dnf install nginx` o `sudo yum install nginx` * Arch: `sudo pacman -S install nginx` * openSUSE: `sudo zypper install nginx` * Gentoo: `sudo emerge -av nginx` -* Alpine: `sudo apk add --no-cache nginx` +* Appine: `sudo apk add --no-cache nginx` + +Ejecuta `nginx -h` para verificar si se ha instalado correctamente. ### 3. Instalar Certbot * Método 1: Si `snap` está instalado, ejecuta `sudo snap install certbot --classic`. -* Método 2: Usa `python3-certbot-nginx` en su lugar, ej. `sudo apt-get install python3-certbot-nginx` para Ubuntu. +* Método 2: Usando `python3-certbot-nginx` en su lugar, ej. `sudo apt-get install python3-certbot-nginx` para Ubuntu. * Método 3: Si los dos métodos anteriores fallaron, intenta instalar `certbot-nginx`, ej. `sudo yum install certbot-nginx` para CentOS 7. +Ejecuta `certbot -h` para verificar si se ha instalado correctamente. + ### 4. Configurar Nginx -Hay dos formas de hacerlo. Consulta la documentación completa para los pasos detallados. +Hay dos formas: +* Si existen los directorios `/etc/nginx/sites-available` y `/etc/nginx/sites-enabled`, reemplaza `` del siguiente comando con tu nombre de dominio y ejecútalo. +```sh +cat > /etc/nginx/sites-available/rustdesk.conf << EOF +server { + server_name ; + location / { + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; + } +} +EOF +``` +Luego ejecuta `sudo ln -s /etc/nginx/sites-available/rustdesk.conf /etc/nginx/sites-enabled/rustdesk.conf`. + +Ejecuta `cat /etc/nginx/sites-available/rustdesk.conf` para asegurarte de que su contenido sea correcto. + +* Si los directorios `/etc/nginx/sites-available` y `/etc/nginx/sites-enabled` no existen y existe el directorio `/etc/nginx/conf.d`, reemplaza `` del siguiente comando con tu nombre de dominio y ejecútalo. +```sh +cat > /etc/nginx/conf.d/rustdesk.conf << EOF +server { + server_name ; + location / { + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; + } +} +EOF +``` +Ejecuta `cat /etc/nginx/conf.d/rustdesk.conf` para asegurarte de que su contenido sea correcto. ### 5. Habilitar reglas de firewall para el dominio +Ejecuta los siguientes comandos: + ```sh sudo ufw allow 80/tcp sudo ufw allow 443/tcp @@ -196,11 +239,181 @@ sudo ufw --force reload ``` ### 6. Generar certificado SSL -Reemplaza `$YOUR_DOMAIN` con tu nombre de dominio, luego ejecuta: -`sudo certbot --nginx --cert-name $YOUR_DOMAIN --key-type ecdsa --renew-by-default --no-eff-email --agree-tos --server https://acme-v02.api.letsencrypt.org/directory -d $YOUR_DOMAIN` +Reemplaza `$YOUR_DOMAIN` con tu nombre de dominio, luego ejecuta +`sudo certbot --nginx --cert-name $YOUR_DOMAIN --key-type ecdsa --renew-by-default --no-eff-email --agree-tos --server https://acme-v02.api.letsencrypt.org/directory -d $YOUR_DOMAIN`. + +Si te solicita `Enter email address (used for urgent renewal and security notices)`, ingresa tu dirección de correo electrónico. + +Finalmente, el contenido de `rustdesk.conf` debería ser así: +``` +server { + server_name ; + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live//fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live//privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} + +server { + if ($host = ) { + return 301 https://$host$request_uri; + } # managed by Certbot + + server_name ; + listen 80; + return 404; # managed by Certbot +} +``` + +Aquí hay algunos errores comunes: + +* La consola imprime `Successfully deployed certificate for to /etc/nginx/.../default` en lugar de `Successfully deployed certificate for to /etc/nginx/.../rustdesk.conf`. + +La razón puede ser que Certbot no encuentra el archivo `rustdesk.conf`, puedes probar una de las siguientes soluciones: +- Verifica el resultado del paso 5, ejecuta `sudo service nginx restart`. +- Copia las configuraciones del servidor `server{...}` que contienen `` a `rustdesk.conf`, y cambia `location{...}` al contenido siguiente. + +```sh +location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; +} +``` + +* `too many certificates (5) already issued for this exact set of domains in the last 168 hours` + +Solución: Agrega otro nombre de dominio a DNS y cambia `` por él, ej. `rustdesk2.example.com`. Luego repite los pasos 1, 4, 6. + +* `Error getting validation data` + +Solución: puede ser causado por el firewall, por favor consulta https://rustdesk.com/docs/en/self-host/rustdesk-server-pro/faq/#firewall + +Aviso: Ejecuta `sudo service nginx restart` si cambias `rustdesk.conf` manualmente. ### 7. Iniciar sesión en la página web -Abre `https://` en el navegador, inicia sesión usando el nombre de usuario predeterminado "admin" y contraseña "test1234", luego cambia la contraseña a la tuya. +* Abre `https://` en el navegador, inicia sesión usando el nombre de usuario predeterminado "admin" y contraseña "test1234", luego cambia la contraseña a la tuya. + +### 8. Agregar soporte WebSocket Secure (WSS) para el servidor de ID y el servidor relay para habilitar comunicación segura en todas las plataformas. + +Agrega la siguiente configuración a la primera sección `server` del archivo `/etc/nginx/.../rustdesk.conf`, luego reinicia el servicio `Nginx`. +El cliente web se puede acceder a través de `https:///web`. Los clientes personalizados pueden usar WebSocket estableciendo `allow-websocket=Y` en las opciones avanzadas. Si se usa el cliente personalizado con WebSocket habilitado, no utilizará TCP/UDP y solo podrá conectarse a través de relay (excepto para conexiones IP directas). Si solo se usa este cliente con WebSocket habilitado, el servidor puede cerrar los puertos 21114 a 21119 y solo mantener abierto el puerto 443. + + + + +``` + location /ws/id { + proxy_pass http://127.0.0.1:21118; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + } + + location /ws/relay { + proxy_pass http://127.0.0.1:21119; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + } +``` + +La configuración completa es + +``` +server { + server_name ; + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; + } + + location /ws/id { + proxy_pass http://127.0.0.1:21118; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + } + + location /ws/relay { + proxy_pass http://127.0.0.1:21119; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live//fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live//privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} + +server { + if ($host = ) { + return 301 https://$host$request_uri; + } # managed by Certbot + + server_name ; + listen 80; + return 404; # managed by Certbot +} +``` + +{{% notice note %}} +Si has implementado previamente para clientes web y quieres usarlo en todas las plataformas, necesitas agregar `proxy_read_timeout`. +{{% /notice %}} + +### 9. Evitar CORS si usas el cliente web público de RustDesk `https://rustdesk.com/web` + +Necesitas agregar lo siguiente en la sección `location /` del `/etc/nginx/.../rustdesk.conf` para evitar la limitación CORS de los navegadores. Omite este paso si estás usando tu propio cliente web. + +``` + if ($http_origin ~* (https?://(www\.)?rustdesk\.com)) { + add_header 'Access-Control-Allow-Origin' "$http_origin" always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + } + + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' "$http_origin" always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + add_header 'Content-Length' 0; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + return 204; + } +``` ## SELinux Si aparece `Waiting for RustDesk Relay service to become active...` al instalar, puede ser causado por SELinux. Puedes intentar los siguientes comandos: diff --git a/content/self-host/rustdesk-server-pro/faq/_index.it.md b/content/self-host/rustdesk-server-pro/faq/_index.it.md index 43000a7..d4aa232 100644 --- a/content/self-host/rustdesk-server-pro/faq/_index.it.md +++ b/content/self-host/rustdesk-server-pro/faq/_index.it.md @@ -150,7 +150,256 @@ Assicurati che `hbbr` sia in esecuzione. Più informazioni su `hbbr`, puoi trova https://github.com/rustdesk/rustdesk/discussions/6576 ## Impostare HTTPS per console web manualmente -Consulta la documentazione completa per istruzioni dettagliate su configurazione dominio, Nginx, Certbot e certificati SSL. + +### 1. Acquistare un nome di dominio e risolverlo all'indirizzo IP del tuo server. +* Acquista un nome di dominio da un registrar come GoDaddy, Namecheap o Namesilo. +* Risolvi il nome di dominio all'indirizzo IP del tuo server con uno dei seguenti: + - Il pannello di controllo del tuo registrar di domini (consigliato) + - [Provider DNS](https://en.wikipedia.org/wiki/List_of_managed_DNS_providers) + +Ad esempio, se acquisti un nome di dominio `example.com` da `Namesilo` e l'indirizzo IP del tuo server è `123.123.123.123`, vuoi usare il sottodominio `rustdesk.example.com` come indirizzo della console web HTTPS. Devi aprire [link](https://www.namesilo.com/account_domains.php), fare clic sul pulsante con tooltip `Manage dns for the domain`, aggiungere un record `A` con il nome host `rustdesk` e l'indirizzo IP del tuo server. +![](/docs/en/self-host/rustdesk-server-pro/faq/images/namesilo-dns-button.png) +![](/docs/en/self-host/rustdesk-server-pro/faq/images/namesilo-add-a-record.png) +![](/docs/en/self-host/rustdesk-server-pro/faq/images/namesilo-dns-table.png) +* Ci vuole del tempo perché il DNS abbia effetto, https://www.whatsmydns.net e verifica se il nome di dominio è stato risolto all'indirizzo IP del tuo server. Il passaggio 6 dipende dal risultato corretto della risoluzione. Nei passaggi seguenti, sostituisci `` con il tuo sottodominio, ad es. `rustdesk.example.com`. + +### 2. Installare Nginx +* Debian/Ubuntu: `sudo apt-get install nginx` +* Fedora/CentOS: `sudo dnf install nginx` o `sudo yum install nginx` +* Arch: `sudo pacman -S install nginx` +* openSUSE: `sudo zypper install nginx` +* Gentoo: `sudo emerge -av nginx` +* Appine: `sudo apk add --no-cache nginx` + +Esegui `nginx -h` per verificare se è stato installato correttamente. + +### 3. Installare Certbot +* Metodo 1: Se `snap` è installato, esegui `sudo snap install certbot --classic`. +* Metodo 2: Usando `python3-certbot-nginx` invece, ad es. `sudo apt-get install python3-certbot-nginx` per Ubuntu. +* Metodo 3: Se i due metodi precedenti sono falliti, prova a installare `certbot-nginx`, ad es. `sudo yum install certbot-nginx` per CentOS 7. + +Esegui `certbot -h` per verificare se è stato installato correttamente. + +### 4. Configurare Nginx +Ci sono due modi: +* Se esistono le directory `/etc/nginx/sites-available` e `/etc/nginx/sites-enabled`, sostituisci `` del seguente comando con il tuo nome di dominio ed eseguilo. +```sh +cat > /etc/nginx/sites-available/rustdesk.conf << EOF +server { + server_name ; + location / { + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; + } +} +EOF +``` +Quindi esegui `sudo ln -s /etc/nginx/sites-available/rustdesk.conf /etc/nginx/sites-enabled/rustdesk.conf`. + +Esegui `cat /etc/nginx/sites-available/rustdesk.conf` per assicurarti che il suo contenuto sia corretto. + +* Se le directory `/etc/nginx/sites-available` e `/etc/nginx/sites-enabled` non esistono e la directory `/etc/nginx/conf.d` esiste, sostituisci `` del seguente comando con il tuo nome di dominio ed eseguilo. +```sh +cat > /etc/nginx/conf.d/rustdesk.conf << EOF +server { + server_name ; + location / { + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; + } +} +EOF +``` +Esegui `cat /etc/nginx/conf.d/rustdesk.conf` per assicurarti che il suo contenuto sia corretto. + +### 5. Abilitare le regole del firewall per il dominio +Esegui i seguenti comandi: + +```sh +sudo ufw allow 80/tcp +sudo ufw allow 443/tcp +sudo ufw --force enable +sudo ufw --force reload +``` + +### 6. Generare certificato SSL +Sostituisci `$YOUR_DOMAIN` con il tuo nome di dominio, quindi esegui +`sudo certbot --nginx --cert-name $YOUR_DOMAIN --key-type ecdsa --renew-by-default --no-eff-email --agree-tos --server https://acme-v02.api.letsencrypt.org/directory -d $YOUR_DOMAIN`. + +Se richiede `Enter email address (used for urgent renewal and security notices)`, inserisci il tuo indirizzo email. + +Infine, il contenuto di `rustdesk.conf` dovrebbe essere così: +``` +server { + server_name ; + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live//fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live//privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} + +server { + if ($host = ) { + return 301 https://$host$request_uri; + } # managed by Certbot + + server_name ; + listen 80; + return 404; # managed by Certbot +} +``` + +Ecco alcuni errori comuni: + +* La console stampa `Successfully deployed certificate for to /etc/nginx/.../default` invece di `Successfully deployed certificate for to /etc/nginx/.../rustdesk.conf`. + +Il motivo potrebbe essere che Certbot non trova il file `rustdesk.conf`, puoi provare una delle seguenti soluzioni: +- Controlla il risultato del passaggio 5, esegui `sudo service nginx restart`. +- Copia le configurazioni del server `server{...}` che contengono `` in `rustdesk.conf`, e cambia `location{...}` nel contenuto seguente. + +```sh +location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; +} +``` + +* `too many certificates (5) already issued for this exact set of domains in the last 168 hours` + +Soluzione: Aggiungi un altro nome di dominio al DNS e cambia `` con esso, ad es. `rustdesk2.example.com`. Quindi ripeti i passaggi 1, 4, 6. + +* `Error getting validation data` + +Soluzione: potrebbe essere causato dal firewall, consulta https://rustdesk.com/docs/en/self-host/rustdesk-server-pro/faq/#firewall + +Avviso: Esegui `sudo service nginx restart` se modifichi `rustdesk.conf` manualmente. + +### 7. Accedere alla pagina web +* Apri `https://` nel browser, accedi usando il nome utente predefinito "admin" e la password "test1234", quindi cambia la password con la tua. + +### 8. Aggiungere supporto WebSocket Secure (WSS) per il server ID e il server relay per abilitare la comunicazione sicura su tutte le piattaforme. + +Aggiungi la seguente configurazione alla prima sezione `server` del file `/etc/nginx/.../rustdesk.conf`, quindi riavvia il servizio `Nginx`. +Il client web può essere accessibile tramite `https:///web`. I client personalizzati possono utilizzare WebSocket impostando `allow-websocket=Y` nelle opzioni avanzate. Se viene utilizzato il client personalizzato con WebSocket abilitato, non utilizzerà TCP/UDP e potrà connettersi solo tramite relay (tranne che per le connessioni IP dirette). Se viene utilizzato solo questo client con WebSocket abilitato, il server può chiudere le porte da 21114 a 21119 e mantenere aperta solo la porta 443. + + + + +``` + location /ws/id { + proxy_pass http://127.0.0.1:21118; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + } + + location /ws/relay { + proxy_pass http://127.0.0.1:21119; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + } +``` + +La configurazione completa è + +``` +server { + server_name ; + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; + } + + location /ws/id { + proxy_pass http://127.0.0.1:21118; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + } + + location /ws/relay { + proxy_pass http://127.0.0.1:21119; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live//fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live//privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} + +server { + if ($host = ) { + return 301 https://$host$request_uri; + } # managed by Certbot + + server_name ; + listen 80; + return 404; # managed by Certbot +} +``` + +{{% notice note %}} +Se hai distribuito precedentemente per i client web e vuoi usarlo su tutte le piattaforme, devi aggiungere `proxy_read_timeout`. +{{% /notice %}} + +### 9. Bypassare CORS se usi il client web pubblico di RustDesk `https://rustdesk.com/web` + +Devi aggiungere quanto segue nella sezione `location /` del `/etc/nginx/.../rustdesk.conf` per bypassare la limitazione CORS dei browser. Salta questo passaggio se stai usando il tuo client web. + +``` + if ($http_origin ~* (https?://(www\.)?rustdesk\.com)) { + add_header 'Access-Control-Allow-Origin' "$http_origin" always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + } + + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' "$http_origin" always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + add_header 'Content-Length' 0; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + return 204; + } +``` ## SELinux Se `Waiting for RustDesk Relay service to become active...` appare durante l'installazione, potrebbe essere causato da SELinux: diff --git a/content/self-host/rustdesk-server-pro/faq/_index.ja.md b/content/self-host/rustdesk-server-pro/faq/_index.ja.md index 692cc73..ef6392d 100644 --- a/content/self-host/rustdesk-server-pro/faq/_index.ja.md +++ b/content/self-host/rustdesk-server-pro/faq/_index.ja.md @@ -150,7 +150,256 @@ Start-Process .\rustdesk.exe --silent-install -wait https://github.com/rustdesk/rustdesk/discussions/6576 ## Webコンソール用にHTTPSを手動設定 -ドメイン設定、Nginx、Certbot、SSL証明書の詳細な手順については完全なドキュメントを参照してください。 + +### 1. ドメイン名を購入し、サーバーのIPアドレスに解決する。 +* GoDaddy、Namecheap、Namesiloなどのドメインレジストラからドメイン名を購入します。 +* 以下のいずれかを使用してドメイン名をサーバーのIPアドレスに解決します: + - ドメインレジストラのコントロールパネル(推奨) + - [DNSプロバイダー](https://en.wikipedia.org/wiki/List_of_managed_DNS_providers) + +例えば、`Namesilo`から`example.com`というドメイン名を購入し、サーバーのIPアドレスが`123.123.123.123`の場合、`rustdesk.example.com`サブドメインをHTTPSウェブコンソールアドレスとして使用したいとします。[link](https://www.namesilo.com/account_domains.php)を開き、ツールチップ`Manage dns for the domain`のボタンをクリックし、ホスト名`rustdesk`とサーバーのIPアドレスで`A`レコードを追加する必要があります。 +![](/docs/en/self-host/rustdesk-server-pro/faq/images/namesilo-dns-button.png) +![](/docs/en/self-host/rustdesk-server-pro/faq/images/namesilo-add-a-record.png) +![](/docs/en/self-host/rustdesk-server-pro/faq/images/namesilo-dns-table.png) +* DNSが有効になるまでには時間がかかります。https://www.whatsmydns.net でドメイン名がサーバーのIPアドレスに解決されたかどうかを確認してください。ステップ6は正しい解決結果に依存します。以下の手順では、``をあなたのサブドメインに置き換えてください。例:`rustdesk.example.com`。 + +### 2. Nginxをインストール +* Debian/Ubuntu: `sudo apt-get install nginx` +* Fedora/CentOS: `sudo dnf install nginx` または `sudo yum install nginx` +* Arch: `sudo pacman -S install nginx` +* openSUSE: `sudo zypper install nginx` +* Gentoo: `sudo emerge -av nginx` +* Appine: `sudo apk add --no-cache nginx` + +`nginx -h`を実行して、正常にインストールされたかどうかを確認します。 + +### 3. Certbotをインストール +* 方法1:`snap`がインストールされている場合、`sudo snap install certbot --classic`を実行します。 +* 方法2:代わりに`python3-certbot-nginx`を使用します。例:Ubuntuの場合`sudo apt-get install python3-certbot-nginx`。 +* 方法3:上記の2つの方法が失敗した場合、`certbot-nginx`をインストールしてみます。例:CentOS 7の場合`sudo yum install certbot-nginx`。 + +`certbot -h`を実行して、正常にインストールされたかどうかを確認します。 + +### 4. Nginxを設定 +2つの方法があります: +* `/etc/nginx/sites-available`と`/etc/nginx/sites-enabled`ディレクトリが存在する場合、次のコマンドの``をあなたのドメイン名に置き換えて実行します。 +```sh +cat > /etc/nginx/sites-available/rustdesk.conf << EOF +server { + server_name ; + location / { + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; + } +} +EOF +``` +その後、`sudo ln -s /etc/nginx/sites-available/rustdesk.conf /etc/nginx/sites-enabled/rustdesk.conf`を実行します。 + +`cat /etc/nginx/sites-available/rustdesk.conf`を実行して、内容が正しいことを確認します。 + +* `/etc/nginx/sites-available`と`/etc/nginx/sites-enabled`ディレクトリが存在せず、`/etc/nginx/conf.d`ディレクトリが存在する場合、次のコマンドの``をあなたのドメイン名に置き換えて実行します。 +```sh +cat > /etc/nginx/conf.d/rustdesk.conf << EOF +server { + server_name ; + location / { + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; + } +} +EOF +``` +`cat /etc/nginx/conf.d/rustdesk.conf`を実行して、内容が正しいことを確認します。 + +### 5. ドメインのファイアウォールルールを有効にする +次のコマンドを実行します: + +```sh +sudo ufw allow 80/tcp +sudo ufw allow 443/tcp +sudo ufw --force enable +sudo ufw --force reload +``` + +### 6. SSL証明書を生成 +`$YOUR_DOMAIN`をあなたのドメイン名に置き換えて、次を実行します +`sudo certbot --nginx --cert-name $YOUR_DOMAIN --key-type ecdsa --renew-by-default --no-eff-email --agree-tos --server https://acme-v02.api.letsencrypt.org/directory -d $YOUR_DOMAIN`。 + +`Enter email address (used for urgent renewal and security notices)`というプロンプトが表示されたら、メールアドレスを入力します。 + +最終的に、`rustdesk.conf`の内容は次のようになるはずです: +``` +server { + server_name ; + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live//fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live//privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} + +server { + if ($host = ) { + return 301 https://$host$request_uri; + } # managed by Certbot + + server_name ; + listen 80; + return 404; # managed by Certbot +} +``` + +よくあるエラー: + +* コンソールに`Successfully deployed certificate for to /etc/nginx/.../default`と表示されるが、`Successfully deployed certificate for to /etc/nginx/.../rustdesk.conf`ではない。 + +理由はCertbotが`rustdesk.conf`ファイルを見つけられないことかもしれません。次のいずれかの解決策を試してください: +- ステップ5の結果を確認し、`sudo service nginx restart`を実行します。 +- ``を含む`server{...}`のサーバー設定を`rustdesk.conf`にコピーし、`location{...}`を以下の内容に変更します。 + +```sh +location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; +} +``` + +* `too many certificates (5) already issued for this exact set of domains in the last 168 hours` + +解決策:DNSに別のドメイン名を追加し、``をそれに変更します。例:`rustdesk2.example.com`。その後、ステップ1、4、6を繰り返します。 + +* `Error getting validation data` + +解決策:ファイアウォールが原因の可能性があります。https://rustdesk.com/docs/en/self-host/rustdesk-server-pro/faq/#firewall を参照してください。 + +注意:`rustdesk.conf`を手動で変更した場合は、`sudo service nginx restart`を実行してください。 + +### 7. ウェブページにログイン +* ブラウザで`https://`を開き、デフォルトのユーザー名「admin」とパスワード「test1234」を使用してログインし、パスワードを自分のものに変更します。 + +### 8. すべてのプラットフォームで安全な通信を有効にするために、IDサーバーとリレーサーバーにWebSocket Secure(WSS)サポートを追加する。 + +`/etc/nginx/.../rustdesk.conf`ファイルの最初の`server`セクションに以下の設定を追加し、`Nginx`サービスを再起動します。 +ウェブクライアントは`https:///web`経由でアクセスできます。カスタムクライアントは、詳細オプションで`allow-websocket=Y`を設定することでWebSocketを使用できます。WebSocketが有効になったカスタムクライアントを使用する場合、TCP/UDPを使用せず、リレー経由でのみ接続できます(直接IP接続を除く)。このWebSocket対応クライアントのみを使用する場合、サーバーはポート21114から21119を閉じて、ポート443のみを開いたままにすることができます。 + + + + +``` + location /ws/id { + proxy_pass http://127.0.0.1:21118; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + } + + location /ws/relay { + proxy_pass http://127.0.0.1:21119; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + } +``` + +完全な設定は + +``` +server { + server_name ; + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; + } + + location /ws/id { + proxy_pass http://127.0.0.1:21118; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + } + + location /ws/relay { + proxy_pass http://127.0.0.1:21119; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live//fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live//privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} + +server { + if ($host = ) { + return 301 https://$host$request_uri; + } # managed by Certbot + + server_name ; + listen 80; + return 404; # managed by Certbot +} +``` + +{{% notice note %}} +以前にウェブクライアント用にデプロイしていて、すべてのプラットフォームで使用したい場合は、`proxy_read_timeout`を追加する必要があります。 +{{% /notice %}} + +### 9. RustDeskの公開ウェブクライアント`https://rustdesk.com/web`を使用する場合のCORSバイパス + +ブラウザのCORS制限をバイパスするには、`/etc/nginx/.../rustdesk.conf`の`location /`セクションに以下を追加する必要があります。独自のウェブクライアントを使用している場合は、このステップをスキップしてください。 + +``` + if ($http_origin ~* (https?://(www\.)?rustdesk\.com)) { + add_header 'Access-Control-Allow-Origin' "$http_origin" always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + } + + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' "$http_origin" always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + add_header 'Content-Length' 0; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + return 204; + } +``` ## SELinux インストール時に`Waiting for RustDesk Relay service to become active...`が表示される場合、SELinuxが原因の可能性があります: diff --git a/content/self-host/rustdesk-server-pro/faq/_index.pt.md b/content/self-host/rustdesk-server-pro/faq/_index.pt.md index 5190c91..70bd4ed 100644 --- a/content/self-host/rustdesk-server-pro/faq/_index.pt.md +++ b/content/self-host/rustdesk-server-pro/faq/_index.pt.md @@ -150,7 +150,255 @@ Certifique-se de que `hbbr` esteja rodando. Mais informações sobre `hbbr`, voc https://github.com/rustdesk/rustdesk/discussions/6576 ## Configurar HTTPS para console web manualmente -Consulte a documentação completa para instruções detalhadas sobre configuração de domínio, Nginx, Certbot e certificados SSL. + +### 1. Compre um nome de domínio e resolva-o para o endereço IP do seu servidor. +* Compre um nome de domínio de um registrador de domínios como GoDaddy, Namecheap ou Namesilo. +* Resolva o nome de domínio para o endereço IP do seu servidor com uma das seguintes opções: + - Painel de controle do seu registrador de domínio (recomendado) + - [Provedores de DNS](https://en.wikipedia.org/wiki/List_of_managed_DNS_providers) + +Por exemplo, se você comprar um nome de domínio `example.com` da `Namesilo` e o endereço IP do seu servidor for `123.123.123.123`, você deseja usar o subdomínio `rustdesk.example.com` como seu endereço de console web HTTPS. Você precisa abrir o [link](https://www.namesilo.com/account_domains.php), clicar no botão com dica de ferramenta `Manage dns for the domain`, adicionar um registro `A` com o nome do host `rustdesk` e o endereço IP do seu servidor. +![](/docs/en/self-host/rustdesk-server-pro/faq/images/namesilo-dns-button.png) +![](/docs/en/self-host/rustdesk-server-pro/faq/images/namesilo-add-a-record.png) +![](/docs/en/self-host/rustdesk-server-pro/faq/images/namesilo-dns-table.png) +* Leva algum tempo para o DNS ter efeito, https://www.whatsmydns.net e verifique se o nome de domínio foi resolvido para o endereço IP do seu servidor. O passo 6 depende do resultado correto da resolução. Nos próximos passos, substitua `` pelo seu subdomínio, por exemplo, `rustdesk.example.com`. + +### 2. Instalar Nginx +* Debian/Ubuntu: `sudo apt-get install nginx` +* Fedora/CentOS: `sudo dnf install nginx` ou `sudo yum install nginx` +* Arch: `sudo pacman -S install nginx` +* openSUSE: `sudo zypper install nginx` +* Gentoo: `sudo emerge -av nginx` +* Alpine: `sudo apk add --no-cache nginx` + +Execute `nginx -h` para verificar se foi instalado com sucesso. + +### 3. Instalar Certbot +* Método 1: Se `snap` estiver instalado, execute `sudo snap install certbot --classic`. +* Método 2: Usando `python3-certbot-nginx` em vez disso, por exemplo, `sudo apt-get install python3-certbot-nginx` para Ubuntu. +* Método 3: Se os dois métodos acima falharam, tente instalar `certbot-nginx`, por exemplo, `sudo yum install certbot-nginx` para CentOS 7. + +Execute `certbot -h` para verificar se foi instalado com sucesso. + +### 4. Configurar Nginx +Existem duas maneiras: +* Se os diretórios `/etc/nginx/sites-available` e `/etc/nginx/sites-enabled` existirem, substitua `` do seguinte comando pelo seu nome de domínio e execute-o. +```sh +cat > /etc/nginx/sites-available/rustdesk.conf << EOF +server { + server_name ; + location / { + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; + } +} +EOF +``` +Em seguida, execute `sudo ln -s /etc/nginx/sites-available/rustdesk.conf /etc/nginx/sites-enabled/rustdesk.conf`. + +Execute `cat /etc/nginx/sites-available/rustdesk.conf` para garantir que seu conteúdo esteja correto. + +* Se os diretórios `/etc/nginx/sites-available` e `/etc/nginx/sites-enabled` não existirem e o diretório `/etc/nginx/conf.d` existir, substitua `` do seguinte comando pelo seu nome de domínio e execute-o. +```sh +cat > /etc/nginx/conf.d/rustdesk.conf << EOF +server { + server_name ; + location / { + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; + } +} +EOF +``` +Execute `cat /etc/nginx/conf.d/rustdesk.conf` para garantir que seu conteúdo esteja correto. + +### 5. Habilitar regras de firewall para o domínio +Execute os seguintes comandos: + +```sh +sudo ufw allow 80/tcp +sudo ufw allow 443/tcp +sudo ufw --force enable +sudo ufw --force reload +``` + +### 6. Gerar certificado SSL +Substitua `$YOUR_DOMAIN` pelo seu nome de domínio e execute +`sudo certbot --nginx --cert-name $YOUR_DOMAIN --key-type ecdsa --renew-by-default --no-eff-email --agree-tos --server https://acme-v02.api.letsencrypt.org/directory -d $YOUR_DOMAIN`. + +Se solicitar `Enter email address (used for urgent renewal and security notices)`, insira seu endereço de e-mail. + +Finalmente, o conteúdo de `rustdesk.conf` deve ser assim: +``` +server { + server_name ; + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live//fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live//privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} + +server { + if ($host = ) { + return 301 https://$host$request_uri; + } # managed by Certbot + + server_name ; + listen 80; + return 404; # managed by Certbot +} +``` + +Aqui estão alguns erros comuns: + +* O console imprime `Successfully deployed certificate for to /etc/nginx/.../default` em vez de `Successfully deployed certificate for to /etc/nginx/.../rustdesk.conf`. + +O motivo pode ser que o Certbot não encontra o arquivo `rustdesk.conf`, você pode tentar uma das seguintes soluções: +- Verifique o resultado do passo 5, execute `sudo service nginx restart`. +- Copie as configurações do servidor `server{...}` que contêm `` para `rustdesk.conf` e altere `location{...}` para o conteúdo abaixo. + +```sh +location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; +} +``` + +* `too many certificates (5) already issued for this exact set of domains in the last 168 hours` + +Solução: Adicione outro nome de domínio ao DNS e altere `` para ele, por exemplo, `rustdesk2.example.com`. Em seguida, repita os passos 1, 4, 6. + +* `Error getting validation data` + +Solução: pode ser causado por firewall, consulte https://rustdesk.com/docs/en/self-host/rustdesk-server-pro/faq/#firewall + +Aviso: Execute `sudo service nginx restart` se você alterar o `rustdesk.conf` manualmente. + +### 7. Fazer login na página web +* Abra `https://` no navegador, faça login usando o nome de usuário padrão "admin" e senha "test1234", depois altere a senha para a sua própria. + +### 8. Adicionar suporte WebSocket Secure (WSS) para o servidor de ID e servidor de retransmissão para habilitar comunicação segura em todas as plataformas. + +Adicione a seguinte configuração à primeira seção `server` do arquivo `/etc/nginx/.../rustdesk.conf`, depois reinicie o serviço `Nginx`. +O cliente web pode ser acessado via `https:///web`. Clientes personalizados podem usar WebSocket definindo `allow-websocket=Y` nas opções avançadas. Se o cliente personalizado com WebSocket habilitado for usado, ele não utilizará TCP/UDP e só poderá se conectar através de um retransmissor (exceto para conexões diretas de IP). Se apenas este cliente habilitado para WebSocket for usado, o servidor pode fechar as portas 21114 a 21119 e manter apenas a porta 443 aberta. + + + + +``` + location /ws/id { + proxy_pass http://127.0.0.1:21118; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + } + + location /ws/relay { + proxy_pass http://127.0.0.1:21119; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + } +``` + +A configuração completa é + +``` +server { + server_name ; + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:21114/; + } + + location /ws/id { + proxy_pass http://127.0.0.1:21118; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + } + + location /ws/relay { + proxy_pass http://127.0.0.1:21119; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live//fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live//privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} + +server { + if ($host = ) { + return 301 https://$host$request_uri; + } # managed by Certbot + + server_name ; + listen 80; + return 404; # managed by Certbot +} +``` + +{{% notice note %}} +Se você já implantou anteriormente para clientes web e deseja usá-lo em todas as plataformas, você precisa adicionar `proxy_read_timeout`. +{{% /notice %}} + +### 9. Contornar CORS se estiver usando o cliente web público RustDesk `https://rustdesk.com/web` + +Você precisa adicionar o seguinte na seção `location /` do `/etc/nginx/.../rustdesk.conf` para contornar a limitação de CORS dos navegadores. Pule este passo se você estiver usando seu próprio cliente web. + +``` + if ($http_origin ~* (https?://(www\.)?rustdesk\.com)) { + add_header 'Access-Control-Allow-Origin' "$http_origin" always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + } + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' "$http_origin" always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + add_header 'Content-Length' 0; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + return 204; + } +``` ## SELinux Se `Waiting for RustDesk Relay service to become active...` aparecer durante a instalação, pode ser causado pelo SELinux: