mirror of
https://github.com/rustdesk/doc.rustdesk.com.git
synced 2025-06-22 10:41:52 +02:00
Merge pull request #269 from dinger1986/master
adding in more config steps and change link that was wrong
This commit is contained in:
commit
a6d285f0ed
@ -28,14 +28,26 @@ or
|
|||||||
hbbs.example.com:21116
|
hbbs.example.com:21116
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Setup Using Import or Export
|
||||||
|
|
||||||
|
1. Use the steps [above](/docs/en/self-host/client-configuration/#manual-config) to configure RustDesk Client on a Device
|
||||||
|
2. Using the above machine go to Settings then Network and unlock
|
||||||
|
3. Click on "Export Server Config" icon
|
||||||
|
4. Paste the copied string into notepad or similar
|
||||||
|
5. Go to new client, copy the above to clipboard
|
||||||
|
6. Go to Settings then Network in RustDesk Client, unlock and click "Import Server Config"
|
||||||
|
7. It will automatically paste the settings in
|
||||||
|
8. click Apply
|
||||||
|
|
||||||
|
|
||||||
### Automatic Config
|
### Automatic Config
|
||||||
|
|
||||||
The easiest way to setup automatically is using deployment scripts found [here](/docs/en/client/client-deployment/)
|
The easiest way to setup automatically is using deployment scripts found [here](docs/en/self-host/client-deployment/)
|
||||||
|
|
||||||
You can fix the Password is required and use a reverse base64 string in the format `{"host":"HOSTADDRESS","key":"HOSTKEY","api":"http://HOSTADDRESS:21114"` to automatically configure the clients, this is available automatically with RustDesk Server Pro via the console.
|
You can fix the Password is required and use a reverse base64 string in the format `{"host":"HOSTADDRESS","key":"HOSTKEY","api":"http://HOSTADDRESS:21114"` to automatically configure the clients, this is available automatically with RustDesk Server Pro via the console.
|
||||||
|
|
||||||
|
You can also use the steps from [above](/docs/en/self-host/client-configuration/#setup-using-import-or-export) to export the string then reverse it using [this site](https://string-functions.com/reverse.aspx).
|
||||||
|
|
||||||
#### Put config in rustdesk.exe file name (Windows only)
|
#### Put config in rustdesk.exe file name (Windows only)
|
||||||
|
|
||||||
Change `rustdesk.exe` to rustdesk-`host=<host-ip-or-name>,key=<public-key-string>`.exe, e.g. rustdesk-`host=192.168.1.137,key=xfdsfsd32=32`.exe. You can see the config result in the About Window below.
|
Change `rustdesk.exe` to rustdesk-`host=<host-ip-or-name>,key=<public-key-string>`.exe, e.g. rustdesk-`host=192.168.1.137,key=xfdsfsd32=32`.exe. You can see the config result in the About Window below.
|
||||||
|
@ -0,0 +1,143 @@
|
|||||||
|
---
|
||||||
|
title: RustDesk Server Layered Security Model
|
||||||
|
weight: 100
|
||||||
|
---
|
||||||
|
|
||||||
|
Kindly written up by [@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot)
|
||||||
|
|
||||||
|
## Layers
|
||||||
|
- [RustDesk](https://github.com/rustdesk/rustdesk) Remote Support Tool
|
||||||
|
- [NPM](https://nginxproxymanager.com/) Proxy Manager Tool
|
||||||
|
- [Docker](https://www.docker.com) Containerization Tool
|
||||||
|
- Firewall Tool
|
||||||
|
|
||||||
|
#### Assumptions
|
||||||
|
This example is an All in One for hosting just RustDesk services only. This can be expanded to a more flexible solution by splitting the NPM into it's own Docker-Compose.
|
||||||
|
- DMZ network 192.168.1.0/24
|
||||||
|
- NPM (External): 192.168.1.250
|
||||||
|
- LAN Network: 10.0.0.0/24
|
||||||
|
- RSBackend Network: 192.168.254.0/29
|
||||||
|
- NPM (Internal): 192.168.254.1
|
||||||
|
- HBBS: 192.168.254.2
|
||||||
|
- HBBR: 192.168.254.3
|
||||||
|
- Docker Host: Linux
|
||||||
|
- Each application has a dedicated folder in /opt/
|
||||||
|
- Hostname: uniquehostname (Change This)
|
||||||
|
- DNS Name: rustdesk.example.com
|
||||||
|
|
||||||
|
Make modifications to the examples as needed
|
||||||
|
|
||||||
|
|
||||||
|
### Prepare Docker:
|
||||||
|
You must have docker already installed this guide does not go into the specifics of that.
|
||||||
|
|
||||||
|
You will need to create a network for the RustServer Backend and the DMZ.
|
||||||
|
For each application you use with the NPM (NGINX Proxy manager) you should have a dedicated backend network to isolate it.
|
||||||
|
|
||||||
|
```
|
||||||
|
docker network create \
|
||||||
|
--driver=bridge \
|
||||||
|
--subnet=192.168.254.0/29 RSBackend
|
||||||
|
|
||||||
|
docker network create \
|
||||||
|
--driver=ipvlan --subnet=192.168.1.0/24 \
|
||||||
|
--gateway=192.168.1.1 \
|
||||||
|
-o ipvlan_mode=l2 \
|
||||||
|
-o parent=eth0 DMZ
|
||||||
|
```
|
||||||
|
|
||||||
|
### Setup Firewall
|
||||||
|
Configure the following Port forwarding/NAT ports from your public IP to the NPM Server.
|
||||||
|
- 21114 => 8080 TCP
|
||||||
|
- 21115 => 21115 TCP
|
||||||
|
- 21116 => 21116 TCP/UDP
|
||||||
|
- 21117 => 21117 TCP
|
||||||
|
- 21118 => 21118 TCP
|
||||||
|
- 21119 => 21119 TCP
|
||||||
|
- 443 => 443 TCP # If you want to use SSL
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
### Setup docker-copose
|
||||||
|
This will start a container with NPM and the correct networks.
|
||||||
|
|
||||||
|
Docker-Compase.yaml
|
||||||
|
```
|
||||||
|
version: '3.5'
|
||||||
|
services:
|
||||||
|
NPM:
|
||||||
|
image: jlesage/nginx-proxy-manager:latest
|
||||||
|
container_name: proxy-manager
|
||||||
|
volumes:
|
||||||
|
- /opt/proxy-manager/config:/config
|
||||||
|
restart: 'unless-stopped'
|
||||||
|
networks:
|
||||||
|
DMZ:
|
||||||
|
ipv4_address: 192.168.1.250
|
||||||
|
RSBackend:
|
||||||
|
ipv4_address: 192.168.254.1
|
||||||
|
|
||||||
|
hbbs:
|
||||||
|
container_name: rustdesk_hbbs
|
||||||
|
image: rustdesk/rustdesk-server-pro:latest
|
||||||
|
command: hbbs -k _
|
||||||
|
hostname: uniquehostname #Change This
|
||||||
|
volumes:
|
||||||
|
- /opt/rustdeskserver:/root
|
||||||
|
networks:
|
||||||
|
RSBackend:
|
||||||
|
ipv4_address: 192.168.254.2
|
||||||
|
depends_on:
|
||||||
|
- hbbr
|
||||||
|
restart: unless-stopped
|
||||||
|
|
||||||
|
|
||||||
|
hbbr:
|
||||||
|
container_name: rustdesk_hbbr
|
||||||
|
image: rustdesk/rustdesk-server-pro:latest
|
||||||
|
command: hbbr -k _
|
||||||
|
volumes:
|
||||||
|
- /opt/rustdeskserver:/root
|
||||||
|
networks:
|
||||||
|
RSBackend:
|
||||||
|
ipv4_address: 192.168.254.3
|
||||||
|
restart: unless-stopped
|
||||||
|
|
||||||
|
networks:
|
||||||
|
DMZ:
|
||||||
|
external: true
|
||||||
|
RSBackend:
|
||||||
|
external: true
|
||||||
|
```
|
||||||
|
|
||||||
|
### Setup NPM
|
||||||
|
Configure Stream Hosts for the following Ports:
|
||||||
|
- 21115 => 192.168.254.2:21115 TCP
|
||||||
|
- 21116 => 192.168.254.2:21116 TCP / UDP
|
||||||
|
- 21117 => 192.168.254.3:21117 TCP
|
||||||
|
- 21118 => 192.168.254.2:21118 TCP
|
||||||
|
- 21119 => 192.168.254.3:21119 TCP
|
||||||
|
- 80 => 127.0.0.1:8080 TCP # catches local traffic
|
||||||
|
|
||||||
|
Configure Proxy Host
|
||||||
|
- Domain Name: rustdesk.example.com
|
||||||
|
- Scheme: http
|
||||||
|
- Forward Hostname / IP: 192.168.254.2
|
||||||
|
- Forward Port: 21114
|
||||||
|
- Block Common Exploits: Checked
|
||||||
|
- Optional: Configure SSL **DO NOT REQUIRE - Client needs to be able to communicate without ssl.**
|
||||||
|
|
||||||
|
### Setup RustDesk Server
|
||||||
|
Connect to Server interface http://rustdesk.example.com or https:// if you have configured SSL for web interface.
|
||||||
|
|
||||||
|
### Setup RustDesk Client
|
||||||
|
Configure the client
|
||||||
|
- ID Server: rustdesk.example.com
|
||||||
|
- Relay Server: rustdesk.example.com
|
||||||
|
- API Server: http://rustdesk.example.com (use HTTPS if you have configured SSL)
|
||||||
|
- Key: {Server Key Here}
|
||||||
|
|
||||||
|
##
|
||||||
|
|
||||||
|
## End Result
|
||||||
|
Your solution will be accessible externally through the Proxy manager. You will have isolation of your RustDesk Servers from other systems (Especially if you use a split configuration system and have other applications / sites behind a common NPM)
|
Loading…
x
Reference in New Issue
Block a user