mirror of
https://github.com/rustdesk/doc.rustdesk.com.git
synced 2024-12-25 16:39:19 +01:00
Update _index.en.md
This commit is contained in:
parent
44ce8e2f96
commit
bded62d623
@ -3,16 +3,16 @@ title: RustDesk Server Layered Security Model
|
||||
weight: 100
|
||||
---
|
||||
|
||||
Kindly written up by [@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot)
|
||||
Kindly written up by [@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot).
|
||||
|
||||
## Layers
|
||||
- [RustDesk](https://github.com/rustdesk/rustdesk) Remote Support Tool
|
||||
- [NPM](https://nginxproxymanager.com/) Proxy Manager Tool
|
||||
- [Docker](https://www.docker.com) Containerization Tool
|
||||
- Firewall Tool
|
||||
- Firewall Tool
|
||||
|
||||
#### Assumptions
|
||||
This example is an All in One for hosting just RustDesk services only. This can be expanded to a more flexible solution by splitting the NPM into it's own Docker-Compose.
|
||||
This example is an All in One for hosting just RustDesk services only. This can be expanded to a more flexible solution by splitting the NPM into it's own Docker Compose.
|
||||
- DMZ network 192.168.1.0/24
|
||||
- NPM (External): 192.168.1.250
|
||||
- LAN Network: 10.0.0.0/24
|
||||
@ -25,20 +25,19 @@ This example is an All in One for hosting just RustDesk services only. This can
|
||||
- Hostname: uniquehostname (Change This)
|
||||
- DNS Name: rustdesk.example.com
|
||||
|
||||
Make modifications to the examples as needed
|
||||
Make modifications to the examples as needed.
|
||||
|
||||
|
||||
### Prepare Docker:
|
||||
You must have docker already installed this guide does not go into the specifics of that.
|
||||
### Prepare Docker
|
||||
You must have Docker already installed this guide does not go into the specifics of that.
|
||||
|
||||
You will need to create a network for the RustServer Backend and the DMZ.
|
||||
For each application you use with the NPM (NGINX Proxy manager) you should have a dedicated backend network to isolate it.
|
||||
For each application you use with the NPM (Nginx Proxy Manager) you should have a dedicated backend network to isolate it.
|
||||
|
||||
```
|
||||
docker network create \
|
||||
--driver=bridge \
|
||||
--subnet=192.168.254.0/29 RSBackend
|
||||
|
||||
|
||||
docker network create \
|
||||
--driver=ipvlan --subnet=192.168.1.0/24 \
|
||||
--gateway=192.168.1.1 \
|
||||
@ -55,13 +54,11 @@ Configure the following Port forwarding/NAT ports from your public IP to the NPM
|
||||
- 21118 => 21118 TCP
|
||||
- 21119 => 21119 TCP
|
||||
- 443 => 443 TCP # If you want to use SSL
|
||||
|
||||
|
||||
|
||||
### Setup docker-copose
|
||||
### Setup Docker Compose
|
||||
This will start a container with NPM and the correct networks.
|
||||
|
||||
Docker-Compase.yaml
|
||||
Docker-Compose.yaml
|
||||
```
|
||||
version: '3.5'
|
||||
services:
|
||||
@ -119,25 +116,23 @@ Configure Stream Hosts for the following Ports:
|
||||
- 21119 => 192.168.254.3:21119 TCP
|
||||
- 80 => 127.0.0.1:8080 TCP # catches local traffic
|
||||
|
||||
Configure Proxy Host
|
||||
Configure Proxy Host:
|
||||
- Domain Name: rustdesk.example.com
|
||||
- Scheme: http
|
||||
- Forward Hostname / IP: 192.168.254.2
|
||||
- Forward Port: 21114
|
||||
- Block Common Exploits: Checked
|
||||
- Optional: Configure SSL **DO NOT REQUIRE - Client needs to be able to communicate without ssl.**
|
||||
- Optional: Configure SSL **DO NOT REQUIRE - Client needs to be able to communicate without SSL.**
|
||||
|
||||
### Setup RustDesk Server
|
||||
Connect to Server interface http://rustdesk.example.com or https:// if you have configured SSL for web interface.
|
||||
Connect to Server interface http://rustdesk.example.com or https://rustdesk.example.com if you have configured SSL for web interface.
|
||||
|
||||
### Setup RustDesk Client
|
||||
Configure the client
|
||||
Configure the client:
|
||||
- ID Server: rustdesk.example.com
|
||||
- Relay Server: rustdesk.example.com
|
||||
- API Server: http://rustdesk.example.com (use HTTPS if you have configured SSL)
|
||||
- API Server: http://rustdesk.example.com (use HTTPS if you have configured SSL)
|
||||
- Key: {Server Key Here}
|
||||
|
||||
##
|
||||
|
||||
## End Result
|
||||
Your solution will be accessible externally through the Proxy manager. You will have isolation of your RustDesk Servers from other systems (Especially if you use a split configuration system and have other applications / sites behind a common NPM)
|
||||
Your solution will be accessible externally through the Proxy manager. You will have isolation of your RustDesk Servers from other systems. Especially if you use a split configuration system and have other applications / sites behind a common NPM.
|
||||
|
Loading…
Reference in New Issue
Block a user