From bded62d623fed762be98559adbab5ecd82373b46 Mon Sep 17 00:00:00 2001 From: Mr-Update <37781396+Mr-Update@users.noreply.github.com> Date: Thu, 31 Aug 2023 22:04:34 +0200 Subject: [PATCH] Update _index.en.md --- .../_index.en.md | 37 ++++++++----------- 1 file changed, 16 insertions(+), 21 deletions(-) diff --git a/content/self-host/rustdesk-server-pro/Docker/RustDesk Server Layered Security Model/_index.en.md b/content/self-host/rustdesk-server-pro/Docker/RustDesk Server Layered Security Model/_index.en.md index 33baeb2..6aca029 100644 --- a/content/self-host/rustdesk-server-pro/Docker/RustDesk Server Layered Security Model/_index.en.md +++ b/content/self-host/rustdesk-server-pro/Docker/RustDesk Server Layered Security Model/_index.en.md @@ -3,16 +3,16 @@ title: RustDesk Server Layered Security Model weight: 100 --- -Kindly written up by [@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot) +Kindly written up by [@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot). ## Layers - [RustDesk](https://github.com/rustdesk/rustdesk) Remote Support Tool - [NPM](https://nginxproxymanager.com/) Proxy Manager Tool - [Docker](https://www.docker.com) Containerization Tool -- Firewall Tool +- Firewall Tool #### Assumptions -This example is an All in One for hosting just RustDesk services only. This can be expanded to a more flexible solution by splitting the NPM into it's own Docker-Compose. +This example is an All in One for hosting just RustDesk services only. This can be expanded to a more flexible solution by splitting the NPM into it's own Docker Compose. - DMZ network 192.168.1.0/24 - NPM (External): 192.168.1.250 - LAN Network: 10.0.0.0/24 @@ -25,20 +25,19 @@ This example is an All in One for hosting just RustDesk services only. This can - Hostname: uniquehostname (Change This) - DNS Name: rustdesk.example.com -Make modifications to the examples as needed +Make modifications to the examples as needed. - -### Prepare Docker: -You must have docker already installed this guide does not go into the specifics of that. +### Prepare Docker +You must have Docker already installed this guide does not go into the specifics of that. You will need to create a network for the RustServer Backend and the DMZ. -For each application you use with the NPM (NGINX Proxy manager) you should have a dedicated backend network to isolate it. +For each application you use with the NPM (Nginx Proxy Manager) you should have a dedicated backend network to isolate it. ``` docker network create \ --driver=bridge \ --subnet=192.168.254.0/29 RSBackend - + docker network create \ --driver=ipvlan --subnet=192.168.1.0/24 \ --gateway=192.168.1.1 \ @@ -55,13 +54,11 @@ Configure the following Port forwarding/NAT ports from your public IP to the NPM - 21118 => 21118 TCP - 21119 => 21119 TCP - 443 => 443 TCP # If you want to use SSL - - -### Setup docker-copose +### Setup Docker Compose This will start a container with NPM and the correct networks. -Docker-Compase.yaml +Docker-Compose.yaml ``` version: '3.5' services: @@ -119,25 +116,23 @@ Configure Stream Hosts for the following Ports: - 21119 => 192.168.254.3:21119 TCP - 80 => 127.0.0.1:8080 TCP # catches local traffic -Configure Proxy Host +Configure Proxy Host: - Domain Name: rustdesk.example.com - Scheme: http - Forward Hostname / IP: 192.168.254.2 - Forward Port: 21114 - Block Common Exploits: Checked - - Optional: Configure SSL **DO NOT REQUIRE - Client needs to be able to communicate without ssl.** + - Optional: Configure SSL **DO NOT REQUIRE - Client needs to be able to communicate without SSL.** ### Setup RustDesk Server -Connect to Server interface http://rustdesk.example.com or https:// if you have configured SSL for web interface. +Connect to Server interface http://rustdesk.example.com or https://rustdesk.example.com if you have configured SSL for web interface. ### Setup RustDesk Client -Configure the client +Configure the client: - ID Server: rustdesk.example.com - Relay Server: rustdesk.example.com -- API Server: http://rustdesk.example.com (use HTTPS if you have configured SSL) +- API Server: http://rustdesk.example.com (use HTTPS if you have configured SSL) - Key: {Server Key Here} -## - ## End Result -Your solution will be accessible externally through the Proxy manager. You will have isolation of your RustDesk Servers from other systems (Especially if you use a split configuration system and have other applications / sites behind a common NPM) +Your solution will be accessible externally through the Proxy manager. You will have isolation of your RustDesk Servers from other systems. Especially if you use a split configuration system and have other applications / sites behind a common NPM.