From ad7613ab141b773da0371aea92b0037b6c7cfe09 Mon Sep 17 00:00:00 2001 From: Xp96 <38923106+Xp96@users.noreply.github.com> Date: Sat, 8 Mar 2025 09:19:48 -0300 Subject: [PATCH 1/4] Update _index.pt.md --- .../rustdesk-server-pro/installscript/_index.pt.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/content/self-host/rustdesk-server-pro/installscript/_index.pt.md b/content/self-host/rustdesk-server-pro/installscript/_index.pt.md index 6a7eda3..afc1d1d 100644 --- a/content/self-host/rustdesk-server-pro/installscript/_index.pt.md +++ b/content/self-host/rustdesk-server-pro/installscript/_index.pt.md @@ -3,7 +3,7 @@ title: Installation weight: 2 --- -## Docker (Recommended) +## Docker (Recomendado) ``` bash <(wget -qO- https://get.docker.com) @@ -11,20 +11,20 @@ wget rustdesk.com/pro.yml -O compose.yml docker compose up -d ``` -For more details, please check [Docker](/docs/en/self-host/rustdesk-server-pro/installscript/docker/). +Para mais detalhes, por favor, verifique [Docker](/docs/pt/self-host/rustdesk-server-pro/installscript/docker/). ## install.sh -If you are proficient in Linux, please use the script below. Otherwise, you may encounter significant issues if it fails, and it could be difficult to determine why it isn’t working. +Se você é proficiente em Linux, por favor, utilize o script abaixo. Caso contrário, você pode encontrar problemas significativos se ele falhar, e pode ser difícil determinar por que não está funcionando. `bash <(wget -qO- https://raw.githubusercontent.com/rustdesk/rustdesk-server-pro/main/install.sh)` -For more details, please check [install.sh](/docs/en/self-host/rustdesk-server-pro/installscript/script/). +Para mais detalhes, por favor, verifique [install.sh](/docs/pt/self-host/rustdesk-server-pro/installscript/script/). -## Convert from open source +## Converter da versão de código aberto ### Docker -If you install the open-source version using Docker, there is no direct way to convert it. Instead, you’ll need to run a new container with the Pro image. Before doing this, please back up your private key (the `id_ed25519` file, not `id_ed25519.pub`). Once the new container is set up, copy the old `id_ed25519` private key file to the working directory of the new container, then restart the container. +Se você instalou a versão de código aberto usando Docker, não há uma maneira direta de convertê-la. Em vez disso, você precisará executar um novo contêiner com a imagem Pro. Antes de fazer isso, faça backup de sua chave privada (o arquivo `id_ed25519`, não `id_ed25519.pub`). Depois que o novo contêiner estiver configurado, copie o arquivo de chave privada `id_ed25519` antigo para o diretório de trabalho do novo contêiner e, em seguida, reinicie o contêiner. ### install.sh -If you install the open-source version using install.sh, please follow [this](/docs/en/self-host/rustdesk-server-pro/installscript/script/#convert-from-open-source). +Se você instalou a versão de código aberto usando install.sh, por favor, siga [isso](/docs/pt/self-host/rustdesk-server-pro/installscript/script/#convert-from-open-source). From 0d0b6f79464b3209551b30af537cb1fa535119ee Mon Sep 17 00:00:00 2001 From: Xp96 <38923106+Xp96@users.noreply.github.com> Date: Sat, 8 Mar 2025 09:37:59 -0300 Subject: [PATCH 2/4] to _index.pt.md --- .../_index.en.md | 138 ------------------ .../_index.pt.md | 138 ++++++++++++++++++ 2 files changed, 138 insertions(+), 138 deletions(-) delete mode 100644 content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.en.md create mode 100644 content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.pt.md diff --git a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.en.md b/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.en.md deleted file mode 100644 index 811131b..0000000 --- a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.en.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -title: RustDesk Server Layered Security Model -weight: 100 ---- - -Kindly written up by [@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot). - -### Layers -- [RustDesk](https://github.com/rustdesk/rustdesk) Remote Support Tool -- [NPM](https://nginxproxymanager.com/) Proxy Manager Tool -- [Docker](https://www.docker.com) Containerization Tool -- Firewall Tool - -#### Assumptions -This example is an All in One for hosting just RustDesk services only. This can be expanded to a more flexible solution by splitting the NPM into it's own Docker Compose. -- DMZ Network: 192.168.1.0/24 - - NPM (External): 192.168.1.250 -- LAN Network: 10.0.0.0/24 -- RSBackend Network: 192.168.254.0/29 - - NPM (Internal): 192.168.254.1 - - HBBS: 192.168.254.2 - - HBBR: 192.168.254.3 -- Docker Host: Linux - - Each application has a dedicated folder in `/opt/`. -- Hostname: uniquehostname (Change This) -- DNS Name: rustdesk.example.com - -Make modifications to the examples as needed. - -### Prepare Docker -You must have Docker already installed this guide does not go into the specifics of that. - -You will need to create a network for the RustDesk Server Backend and the DMZ. -For each application you use with the NPM (Nginx Proxy Manager) you should have a dedicated backend network to isolate it. - -``` - docker network create \ - --driver=bridge \ - --subnet=192.168.254.0/29 RSBackend - - docker network create \ - --driver=ipvlan --subnet=192.168.1.0/24 \ - --gateway=192.168.1.1 \ - -o ipvlan_mode=l2 \ - -o parent=eth0 DMZ -``` - -### Setup Firewall -Configure the following Port forwarding/NAT ports from your public IP to the NPM Server. -- 21114 => 8080 TCP -- 21115 => 21115 TCP -- 21116 => 21116 TCP/UDP -- 21117 => 21117 TCP -- 21118 => 21118 TCP -- 21119 => 21119 TCP -- 443 => 443 TCP # If you want to use SSL - -### Setup Docker Compose -This will start a container with NPM and the correct networks. - -Copy the below into docker-compose.yaml. - -``` -version: '3.5' -services: - NPM: - image: jlesage/nginx-proxy-manager:latest - container_name: proxy-manager - volumes: - - /opt/proxy-manager/config:/config - restart: 'unless-stopped' - networks: - DMZ: - ipv4_address: 192.168.1.250 - RSBackend: - ipv4_address: 192.168.254.1 - - hbbs: - container_name: rustdesk_hbbs - image: rustdesk/rustdesk-server-pro:latest - command: hbbs -k _ - hostname: uniquehostname # Change This - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.2 - depends_on: - - hbbr - restart: unless-stopped - - hbbr: - container_name: rustdesk_hbbr - image: rustdesk/rustdesk-server-pro:latest - command: hbbr -k _ - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.3 - restart: unless-stopped - -networks: - DMZ: - external: true - RSBackend: - external: true -``` - -### Setup NPM -Configure Stream Hosts for the following Ports: -- 21115 => 192.168.254.2:21115 TCP -- 21116 => 192.168.254.2:21116 TCP / UDP -- 21117 => 192.168.254.3:21117 TCP -- 21118 => 192.168.254.2:21118 TCP -- 21119 => 192.168.254.3:21119 TCP -- 80 => 127.0.0.1:8080 TCP # catches local traffic - -Configure Proxy Host: -- Domain Name: rustdesk.example.com -- Scheme: http -- Forward Hostname / IP: 192.168.254.2 -- Forward Port: 21114 -- Block Common Exploits: Checked -- Optional: Configure SSL **(DO NOT REQUIRE - Client needs to be able to communicate without SSL.)** - -### Setup RustDesk Server -Connect to Server interface http://rustdesk.example.com or https://rustdesk.example.com if you have configured SSL for web interface. - -### Setup RustDesk Client -Configure the client: -- ID Server: rustdesk.example.com -- Relay Server: rustdesk.example.com -- API Server: http://rustdesk.example.com (use HTTPS if you have configured SSL) -- Key: {Server Key Here} - -### End Result -Your solution will be accessible externally through the Proxy manager. You will have isolation of your RustDesk Servers from other systems. Especially if you use a split configuration system and have other applications / sites behind a common NPM. diff --git a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.pt.md b/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.pt.md new file mode 100644 index 0000000..ee46927 --- /dev/null +++ b/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.pt.md @@ -0,0 +1,138 @@ +--- +title: Modelo de Segurança em Camadas do Servidor RustDesk +weight: 100 +--- + +Gentilmente escrito por [@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot). + +### Camadas +- [RustDesk](https://github.com/rustdesk/rustdesk) Ferramenta de Suporte Remoto +- [NPM](https://nginxproxymanager.com/) Ferramenta de Gerenciamento de Proxy +- [Docker](https://www.docker.com) Ferramenta de Container +- Ferramenta de Firewall + +#### Pressupostos +Este exemplo é um "Tudo em Um" para hospedar apenas serviços RustDesk. Ele pode ser expandido para uma solução mais flexível dividindo o NPM em seu próprio Docker Compose. +- DMZ Network: 192.168.1.0/24 + - NPM (Externo): 192.168.1.250 +- LAN Network: 10.0.0.0/24 +- RSBackend Network: 192.168.254.0/29 + - NPM (Interno): 192.168.254.1 + - HBBS: 192.168.254.2 + - HBBR: 192.168.254.3 +- Docker Host: Linux + - Cada aplicativo tem uma pasta dedicada em `/opt/`. +- Nome do Host: uniquehostname (Mude Isso) +- Nome DNS: rustdesk.example.com + +Faça modificações nos exemplos conforme necessário. + +### Preparar o Docker +Você deve ter o Docker já instalado, este guia não entra nos detalhes específicos disso. + +Você precisará criar uma rede para o Backend do Servidor RustDesk e a DMZ. +Para cada aplicação que você usar com o NPM (Nginx Proxy Manager), você deve ter uma rede de backend dedicada para isolá-la. + +``` + docker network create \ + --driver=bridge \ + --subnet=192.168.254.0/29 RSBackend + + docker network create \ + --driver=ipvlan --subnet=192.168.1.0/24 \ + --gateway=192.168.1.1 \ + -o ipvlan_mode=l2 \ + -o parent=eth0 DMZ +``` + +### Configurar o Firewall +Configure o encaminhamento de portas/NAT a seguir do seu IP público para o Servidor NPM. +- 21114 => 8080 TCP +- 21115 => 21115 TCP +- 21116 => 21116 TCP/UDP +- 21117 => 21117 TCP +- 21118 => 21118 TCP +- 21119 => 21119 TCP +- 443 => 443 TCP # Se você quiser usar SSL + +### Configurar o Docker Compose +Isso iniciará um contêiner com NPM e as redes corretas. + +Copie o código abaixo para docker-compose.yaml. + +``` +version: '3.5' +services: + NPM: + image: jlesage/nginx-proxy-manager:latest + container_name: proxy-manager + volumes: + - /opt/proxy-manager/config:/config + restart: 'unless-stopped' + networks: + DMZ: + ipv4_address: 192.168.1.250 + RSBackend: + ipv4_address: 192.168.254.1 + + hbbs: + container_name: rustdesk_hbbs + image: rustdesk/rustdesk-server-pro:latest + command: hbbs -k _ + hostname: uniquehostname # Change This + volumes: + - /opt/rustdeskserver:/root + networks: + RSBackend: + ipv4_address: 192.168.254.2 + depends_on: + - hbbr + restart: unless-stopped + + hbbr: + container_name: rustdesk_hbbr + image: rustdesk/rustdesk-server-pro:latest + command: hbbr -k _ + volumes: + - /opt/rustdeskserver:/root + networks: + RSBackend: + ipv4_address: 192.168.254.3 + restart: unless-stopped + +networks: + DMZ: + external: true + RSBackend: + external: true +``` + +### Setup NPM +Configure os Stream Hosts para as seguintes Portas: +- 21115 => 192.168.254.2:21115 TCP +- 21116 => 192.168.254.2:21116 TCP / UDP +- 21117 => 192.168.254.3:21117 TCP +- 21118 => 192.168.254.2:21118 TCP +- 21119 => 192.168.254.3:21119 TCP +- 80 => 127.0.0.1:8080 TCP # captura o tráfego local + +Configure o Proxy Host: +- Nome de Domínio: rustdesk.example.com +- Esquema: http +- Encaminhar Nome do Host / IP: 192.168.254.2 +- Porta de Encaminhamento: 21114 +- Bloquear Explorações Comuns: Marcado +- Opcional: Configurar SSL **(NÃO EXIGIR - O cliente precisa ser capaz de se comunicar sem SSL.)** + +### Configurar o Servidor RustDesk +Conecte-se à interface do servidor http://rustdesk.example.com ou https://rustdesk.example.com se você configurou SSL para a interface web. + +### Configurar o Cliente RustDesk +Configure o cliente: +- Servidor de ID: rustdesk.example.com +- Servidor de Relay: rustdesk.example.com +- Servidor de API: http://rustdesk.example.com (use HTTPS if you have configured SSL) +- Key: {Chave do Servidor Aqui} + +### Resultado Final +Sua solução estará acessível externamente através do Proxy Manager. Você terá isolamento de seus Servidores RustDesk de outros sistemas. Especialmente se você usar um sistema de configuração dividida e tiver outras aplicações / sites atrás de um NPM comum. From d01540453974de4984125758f08c0e880b1404b1 Mon Sep 17 00:00:00 2001 From: Xp96 <38923106+Xp96@users.noreply.github.com> Date: Sat, 8 Mar 2025 09:43:22 -0300 Subject: [PATCH 3/4] Update and rename _index.pt.md to _index.en.md --- .../_index.en.md | 138 ++++++++++++++++++ .../_index.pt.md | 138 ------------------ 2 files changed, 138 insertions(+), 138 deletions(-) create mode 100644 content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.en.md delete mode 100644 content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.pt.md diff --git a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.en.md b/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.en.md new file mode 100644 index 0000000..811131b --- /dev/null +++ b/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.en.md @@ -0,0 +1,138 @@ +--- +title: RustDesk Server Layered Security Model +weight: 100 +--- + +Kindly written up by [@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot). + +### Layers +- [RustDesk](https://github.com/rustdesk/rustdesk) Remote Support Tool +- [NPM](https://nginxproxymanager.com/) Proxy Manager Tool +- [Docker](https://www.docker.com) Containerization Tool +- Firewall Tool + +#### Assumptions +This example is an All in One for hosting just RustDesk services only. This can be expanded to a more flexible solution by splitting the NPM into it's own Docker Compose. +- DMZ Network: 192.168.1.0/24 + - NPM (External): 192.168.1.250 +- LAN Network: 10.0.0.0/24 +- RSBackend Network: 192.168.254.0/29 + - NPM (Internal): 192.168.254.1 + - HBBS: 192.168.254.2 + - HBBR: 192.168.254.3 +- Docker Host: Linux + - Each application has a dedicated folder in `/opt/`. +- Hostname: uniquehostname (Change This) +- DNS Name: rustdesk.example.com + +Make modifications to the examples as needed. + +### Prepare Docker +You must have Docker already installed this guide does not go into the specifics of that. + +You will need to create a network for the RustDesk Server Backend and the DMZ. +For each application you use with the NPM (Nginx Proxy Manager) you should have a dedicated backend network to isolate it. + +``` + docker network create \ + --driver=bridge \ + --subnet=192.168.254.0/29 RSBackend + + docker network create \ + --driver=ipvlan --subnet=192.168.1.0/24 \ + --gateway=192.168.1.1 \ + -o ipvlan_mode=l2 \ + -o parent=eth0 DMZ +``` + +### Setup Firewall +Configure the following Port forwarding/NAT ports from your public IP to the NPM Server. +- 21114 => 8080 TCP +- 21115 => 21115 TCP +- 21116 => 21116 TCP/UDP +- 21117 => 21117 TCP +- 21118 => 21118 TCP +- 21119 => 21119 TCP +- 443 => 443 TCP # If you want to use SSL + +### Setup Docker Compose +This will start a container with NPM and the correct networks. + +Copy the below into docker-compose.yaml. + +``` +version: '3.5' +services: + NPM: + image: jlesage/nginx-proxy-manager:latest + container_name: proxy-manager + volumes: + - /opt/proxy-manager/config:/config + restart: 'unless-stopped' + networks: + DMZ: + ipv4_address: 192.168.1.250 + RSBackend: + ipv4_address: 192.168.254.1 + + hbbs: + container_name: rustdesk_hbbs + image: rustdesk/rustdesk-server-pro:latest + command: hbbs -k _ + hostname: uniquehostname # Change This + volumes: + - /opt/rustdeskserver:/root + networks: + RSBackend: + ipv4_address: 192.168.254.2 + depends_on: + - hbbr + restart: unless-stopped + + hbbr: + container_name: rustdesk_hbbr + image: rustdesk/rustdesk-server-pro:latest + command: hbbr -k _ + volumes: + - /opt/rustdeskserver:/root + networks: + RSBackend: + ipv4_address: 192.168.254.3 + restart: unless-stopped + +networks: + DMZ: + external: true + RSBackend: + external: true +``` + +### Setup NPM +Configure Stream Hosts for the following Ports: +- 21115 => 192.168.254.2:21115 TCP +- 21116 => 192.168.254.2:21116 TCP / UDP +- 21117 => 192.168.254.3:21117 TCP +- 21118 => 192.168.254.2:21118 TCP +- 21119 => 192.168.254.3:21119 TCP +- 80 => 127.0.0.1:8080 TCP # catches local traffic + +Configure Proxy Host: +- Domain Name: rustdesk.example.com +- Scheme: http +- Forward Hostname / IP: 192.168.254.2 +- Forward Port: 21114 +- Block Common Exploits: Checked +- Optional: Configure SSL **(DO NOT REQUIRE - Client needs to be able to communicate without SSL.)** + +### Setup RustDesk Server +Connect to Server interface http://rustdesk.example.com or https://rustdesk.example.com if you have configured SSL for web interface. + +### Setup RustDesk Client +Configure the client: +- ID Server: rustdesk.example.com +- Relay Server: rustdesk.example.com +- API Server: http://rustdesk.example.com (use HTTPS if you have configured SSL) +- Key: {Server Key Here} + +### End Result +Your solution will be accessible externally through the Proxy manager. You will have isolation of your RustDesk Servers from other systems. Especially if you use a split configuration system and have other applications / sites behind a common NPM. diff --git a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.pt.md b/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.pt.md deleted file mode 100644 index ee46927..0000000 --- a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/_index.pt.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -title: Modelo de Segurança em Camadas do Servidor RustDesk -weight: 100 ---- - -Gentilmente escrito por [@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot). - -### Camadas -- [RustDesk](https://github.com/rustdesk/rustdesk) Ferramenta de Suporte Remoto -- [NPM](https://nginxproxymanager.com/) Ferramenta de Gerenciamento de Proxy -- [Docker](https://www.docker.com) Ferramenta de Container -- Ferramenta de Firewall - -#### Pressupostos -Este exemplo é um "Tudo em Um" para hospedar apenas serviços RustDesk. Ele pode ser expandido para uma solução mais flexível dividindo o NPM em seu próprio Docker Compose. -- DMZ Network: 192.168.1.0/24 - - NPM (Externo): 192.168.1.250 -- LAN Network: 10.0.0.0/24 -- RSBackend Network: 192.168.254.0/29 - - NPM (Interno): 192.168.254.1 - - HBBS: 192.168.254.2 - - HBBR: 192.168.254.3 -- Docker Host: Linux - - Cada aplicativo tem uma pasta dedicada em `/opt/`. -- Nome do Host: uniquehostname (Mude Isso) -- Nome DNS: rustdesk.example.com - -Faça modificações nos exemplos conforme necessário. - -### Preparar o Docker -Você deve ter o Docker já instalado, este guia não entra nos detalhes específicos disso. - -Você precisará criar uma rede para o Backend do Servidor RustDesk e a DMZ. -Para cada aplicação que você usar com o NPM (Nginx Proxy Manager), você deve ter uma rede de backend dedicada para isolá-la. - -``` - docker network create \ - --driver=bridge \ - --subnet=192.168.254.0/29 RSBackend - - docker network create \ - --driver=ipvlan --subnet=192.168.1.0/24 \ - --gateway=192.168.1.1 \ - -o ipvlan_mode=l2 \ - -o parent=eth0 DMZ -``` - -### Configurar o Firewall -Configure o encaminhamento de portas/NAT a seguir do seu IP público para o Servidor NPM. -- 21114 => 8080 TCP -- 21115 => 21115 TCP -- 21116 => 21116 TCP/UDP -- 21117 => 21117 TCP -- 21118 => 21118 TCP -- 21119 => 21119 TCP -- 443 => 443 TCP # Se você quiser usar SSL - -### Configurar o Docker Compose -Isso iniciará um contêiner com NPM e as redes corretas. - -Copie o código abaixo para docker-compose.yaml. - -``` -version: '3.5' -services: - NPM: - image: jlesage/nginx-proxy-manager:latest - container_name: proxy-manager - volumes: - - /opt/proxy-manager/config:/config - restart: 'unless-stopped' - networks: - DMZ: - ipv4_address: 192.168.1.250 - RSBackend: - ipv4_address: 192.168.254.1 - - hbbs: - container_name: rustdesk_hbbs - image: rustdesk/rustdesk-server-pro:latest - command: hbbs -k _ - hostname: uniquehostname # Change This - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.2 - depends_on: - - hbbr - restart: unless-stopped - - hbbr: - container_name: rustdesk_hbbr - image: rustdesk/rustdesk-server-pro:latest - command: hbbr -k _ - volumes: - - /opt/rustdeskserver:/root - networks: - RSBackend: - ipv4_address: 192.168.254.3 - restart: unless-stopped - -networks: - DMZ: - external: true - RSBackend: - external: true -``` - -### Setup NPM -Configure os Stream Hosts para as seguintes Portas: -- 21115 => 192.168.254.2:21115 TCP -- 21116 => 192.168.254.2:21116 TCP / UDP -- 21117 => 192.168.254.3:21117 TCP -- 21118 => 192.168.254.2:21118 TCP -- 21119 => 192.168.254.3:21119 TCP -- 80 => 127.0.0.1:8080 TCP # captura o tráfego local - -Configure o Proxy Host: -- Nome de Domínio: rustdesk.example.com -- Esquema: http -- Encaminhar Nome do Host / IP: 192.168.254.2 -- Porta de Encaminhamento: 21114 -- Bloquear Explorações Comuns: Marcado -- Opcional: Configurar SSL **(NÃO EXIGIR - O cliente precisa ser capaz de se comunicar sem SSL.)** - -### Configurar o Servidor RustDesk -Conecte-se à interface do servidor http://rustdesk.example.com ou https://rustdesk.example.com se você configurou SSL para a interface web. - -### Configurar o Cliente RustDesk -Configure o cliente: -- Servidor de ID: rustdesk.example.com -- Servidor de Relay: rustdesk.example.com -- Servidor de API: http://rustdesk.example.com (use HTTPS if you have configured SSL) -- Key: {Chave do Servidor Aqui} - -### Resultado Final -Sua solução estará acessível externamente através do Proxy Manager. Você terá isolamento de seus Servidores RustDesk de outros sistemas. Especialmente se você usar um sistema de configuração dividida e tiver outras aplicações / sites atrás de um NPM comum. From 340876cde91521929e8b125ed99124ce8172b006 Mon Sep 17 00:00:00 2001 From: Xp96 <38923106+Xp96@users.noreply.github.com> Date: Sat, 8 Mar 2025 09:44:55 -0300 Subject: [PATCH 4/4] Create index.pt.md --- .../index.pt.md | 138 ++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/index.pt.md diff --git a/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/index.pt.md b/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/index.pt.md new file mode 100644 index 0000000..ee46927 --- /dev/null +++ b/content/self-host/rustdesk-server-pro/installscript/Docker/RustDesk Server Layered Security Model/index.pt.md @@ -0,0 +1,138 @@ +--- +title: Modelo de Segurança em Camadas do Servidor RustDesk +weight: 100 +--- + +Gentilmente escrito por [@I-Am-Skoot](https://github.com/I-Am-Skoot/RustDeskNPMDocker/commits?author=I-Am-Skoot). + +### Camadas +- [RustDesk](https://github.com/rustdesk/rustdesk) Ferramenta de Suporte Remoto +- [NPM](https://nginxproxymanager.com/) Ferramenta de Gerenciamento de Proxy +- [Docker](https://www.docker.com) Ferramenta de Container +- Ferramenta de Firewall + +#### Pressupostos +Este exemplo é um "Tudo em Um" para hospedar apenas serviços RustDesk. Ele pode ser expandido para uma solução mais flexível dividindo o NPM em seu próprio Docker Compose. +- DMZ Network: 192.168.1.0/24 + - NPM (Externo): 192.168.1.250 +- LAN Network: 10.0.0.0/24 +- RSBackend Network: 192.168.254.0/29 + - NPM (Interno): 192.168.254.1 + - HBBS: 192.168.254.2 + - HBBR: 192.168.254.3 +- Docker Host: Linux + - Cada aplicativo tem uma pasta dedicada em `/opt/`. +- Nome do Host: uniquehostname (Mude Isso) +- Nome DNS: rustdesk.example.com + +Faça modificações nos exemplos conforme necessário. + +### Preparar o Docker +Você deve ter o Docker já instalado, este guia não entra nos detalhes específicos disso. + +Você precisará criar uma rede para o Backend do Servidor RustDesk e a DMZ. +Para cada aplicação que você usar com o NPM (Nginx Proxy Manager), você deve ter uma rede de backend dedicada para isolá-la. + +``` + docker network create \ + --driver=bridge \ + --subnet=192.168.254.0/29 RSBackend + + docker network create \ + --driver=ipvlan --subnet=192.168.1.0/24 \ + --gateway=192.168.1.1 \ + -o ipvlan_mode=l2 \ + -o parent=eth0 DMZ +``` + +### Configurar o Firewall +Configure o encaminhamento de portas/NAT a seguir do seu IP público para o Servidor NPM. +- 21114 => 8080 TCP +- 21115 => 21115 TCP +- 21116 => 21116 TCP/UDP +- 21117 => 21117 TCP +- 21118 => 21118 TCP +- 21119 => 21119 TCP +- 443 => 443 TCP # Se você quiser usar SSL + +### Configurar o Docker Compose +Isso iniciará um contêiner com NPM e as redes corretas. + +Copie o código abaixo para docker-compose.yaml. + +``` +version: '3.5' +services: + NPM: + image: jlesage/nginx-proxy-manager:latest + container_name: proxy-manager + volumes: + - /opt/proxy-manager/config:/config + restart: 'unless-stopped' + networks: + DMZ: + ipv4_address: 192.168.1.250 + RSBackend: + ipv4_address: 192.168.254.1 + + hbbs: + container_name: rustdesk_hbbs + image: rustdesk/rustdesk-server-pro:latest + command: hbbs -k _ + hostname: uniquehostname # Change This + volumes: + - /opt/rustdeskserver:/root + networks: + RSBackend: + ipv4_address: 192.168.254.2 + depends_on: + - hbbr + restart: unless-stopped + + hbbr: + container_name: rustdesk_hbbr + image: rustdesk/rustdesk-server-pro:latest + command: hbbr -k _ + volumes: + - /opt/rustdeskserver:/root + networks: + RSBackend: + ipv4_address: 192.168.254.3 + restart: unless-stopped + +networks: + DMZ: + external: true + RSBackend: + external: true +``` + +### Setup NPM +Configure os Stream Hosts para as seguintes Portas: +- 21115 => 192.168.254.2:21115 TCP +- 21116 => 192.168.254.2:21116 TCP / UDP +- 21117 => 192.168.254.3:21117 TCP +- 21118 => 192.168.254.2:21118 TCP +- 21119 => 192.168.254.3:21119 TCP +- 80 => 127.0.0.1:8080 TCP # captura o tráfego local + +Configure o Proxy Host: +- Nome de Domínio: rustdesk.example.com +- Esquema: http +- Encaminhar Nome do Host / IP: 192.168.254.2 +- Porta de Encaminhamento: 21114 +- Bloquear Explorações Comuns: Marcado +- Opcional: Configurar SSL **(NÃO EXIGIR - O cliente precisa ser capaz de se comunicar sem SSL.)** + +### Configurar o Servidor RustDesk +Conecte-se à interface do servidor http://rustdesk.example.com ou https://rustdesk.example.com se você configurou SSL para a interface web. + +### Configurar o Cliente RustDesk +Configure o cliente: +- Servidor de ID: rustdesk.example.com +- Servidor de Relay: rustdesk.example.com +- Servidor de API: http://rustdesk.example.com (use HTTPS if you have configured SSL) +- Key: {Chave do Servidor Aqui} + +### Resultado Final +Sua solução estará acessível externamente através do Proxy Manager. Você terá isolamento de seus Servidores RustDesk de outros sistemas. Especialmente se você usar um sistema de configuração dividida e tiver outras aplicações / sites atrás de um NPM comum.