RustDesk
Материал из support.qbpro.ru
RustDesk Self-Host Guide: Complete Setup and Configuration
What is RustDesk?
RustDesk is an open-source remote desktop software written in Rust. It's a powerful alternative to TeamViewer that allows you to control computers remotely with your own self-hosted server, ensuring complete privacy and security over your remote connections.
RustDesk Interface
Features of RustDesk
Cross-Platform Support Windows: Full support with all features macOS: Complete compatibility including clipboard sync Linux: Native support for all major distributions Android/iOS: Mobile apps for remote access on-the-go Web Browser: Browser-based client for quick access Advanced Remote Desktop Features High Performance: Hardware-accelerated encoding/decoding Low Latency: Optimized for real-time interaction Multi-Monitor: Support for multiple displays File Transfer: Secure file sharing between devices Clipboard Sync: Seamless copy-paste across devices Audio Forwarding: Stream audio from remote computer Security and Privacy End-to-End Encryption: All connections are encrypted 2FA Support: Two-factor authentication for enhanced security Access Control: Fine-grained permission management Session Logging: Comprehensive audit trails No Data Collection: Complete privacy with self-hosting Enterprise Features Address Book: Centralized device management User Groups: Organize users and devices Access Control: Role-based permissions Unattended Access: Connect without user intervention API Integration: Programmatic access for automation Why Self Host RustDesk? Self-hosting provides complete control and eliminates reliance on third-party services.
Benefits of Self-Hosting RustDesk Complete Privacy: No data passes through external servers Cost Savings: No per-user licensing fees Performance: Optimized for your network infrastructure Customization: Tailor configuration to your needs Compliance: Meet strict data governance requirements Reliability: No dependency on external service availability System Requirements Minimum Requirements CPU: 2 cores RAM: 2GB Storage: 10GB Network: Stable internet connection with public IP OS: Linux (Ubuntu 20.04+ recommended)
- Recommended Requirements
CPU: 4+ cores RAM: 4GB+ Storage: 50GB SSD Network: High-speed connection with low latency Firewall configured for RustDesk ports SSL certificate for secure web access Network Requirements TCP Port 21115: Relay server TCP Port 21116: ID server TCP Port 21117: HTTP API (optional) TCP Port 21118: Web console (optional) UDP Port 21116: NAT type test
Installation Guide
Using Docker (Recommended) Create docker-compose.yml:
version: '3.8'
services:
rustdesk-server:
image: rustdesk/rustdesk-server:latest
container_name: rustdesk-server
ports:
- "21115:21115"
- "21116:21116"
- "21116:21116/udp"
- "21117:21117"
- "21118:21118"
volumes:
- ./data:/data
environment:
- RELAY_HOST=your-domain.com
- API_HOST=your-domain.com
restart: unless-stopped
rustdesk-api:
image: rustdesk/rustdesk-api:latest
container_name: rustdesk-api
ports:
- "21114:21114"
volumes:
- ./api-data:/data
environment:
- DB_URL=sqlite:///data/db.sqlite3
- API_SECRET=your-secret-key
restart: unless-stopped
depends_on:
- rustdesk-server
Start the services:
docker-compose up -d
Generate server key:
docker exec rustdesk-server /usr/bin/rustdesk-utils genkey
Manual Installation
- Download RustDesk server:
wget https://github.com/rustdesk/rustdesk-server/releases/latest/download/rustdesk-server-linux-amd64.tar.gz tar -xzf rustdesk-server-linux-amd64.tar.gz cd rustdesk-server-linux-amd64
- Generate encryption keys:
./rustdesk-utils genkey
# This creates id_ed25519 and id_ed25519.pub files
- Create systemd service:
# /etc/systemd/system/rustdesk-relay.service [Unit] Description=RustDesk Relay Server After=network.target [Service] Type=simple User=rustdesk WorkingDirectory=/opt/rustdesk ExecStart=/opt/rustdesk/rustdesk-relay -k /opt/rustdesk/id_ed25519 Restart=always RestartSec=5 [Install] WantedBy=multi-user.target Create ID server service: # /etc/systemd/system/rustdesk-signal.service [Unit] Description=RustDesk Signal Server After=network.target [Service] Type=simple User=rustdesk WorkingDirectory=/opt/rustdesk ExecStart=/opt/rustdesk/rustdesk-signal -k /opt/rustdesk/id_ed25519 Restart=always RestartSec=5 [Install] WantedBy=multi-user.target Start services: sudo systemctl enable --now rustdesk-relay sudo systemctl enable --now rustdesk-signal
- Using Pre-built Binaries
Install from GitHub releases: # Download latest release curl -s https://api.github.com/repos/rustdesk/rustdesk-server/releases/latest | grep "browser_download_url.*linux.*tar.gz" | cut -d '"' -f 4 | wget -i -
- Extract and install
tar -xzf rustdesk-server-*.tar.gz sudo cp rustdesk-server-*/rustdesk-* /usr/local/bin/ sudo chmod +x /usr/local/bin/rustdesk-*
Configuration
- Server Configuration
# rustdesk.toml [server] # Server hostname or IP host = "your-domain.com" # Relay port relay_port = 21115 # Signal port signal_port = 21116 # API port api_port = 21117 [security] # Enable encryption encryption = true # Key file path key_file = "/opt/rustdesk/id_ed25519" # Password protection password = "your-server-password" [logging] # Log level: error, warn, info, debug, trace level = "info" # Log file path file = "/var/log/rustdesk/server.log" [api] # Enable web API enabled = true # API secret key secret = "your-api-secret" # Admin user admin_user = "admin" admin_password = "admin-password"
- Environment Variables
# Server Configuration RUSTDESK_HOST=your-domain.com RUSTDESK_RELAY_PORT=21115 RUSTDESK_SIGNAL_PORT=21116 RUSTDESK_API_PORT=21117 # Security RUSTDESK_KEY_FILE=/data/id_ed25519 RUSTDESK_PASSWORD=your-server-password RUSTDESK_ENCRYPTION=true # Logging RUSTDESK_LOG_LEVEL=info RUSTDESK_LOG_FILE=/var/log/rustdesk.log # API RUSTDESK_API_ENABLED=true RUSTDESK_API_SECRET=your-api-secret RUSTDESK_ADMIN_USER=admin RUSTDESK_ADMIN_PASSWORD=admin-password # Database (if using API server) DATABASE_URL=sqlite:///data/db.sqlite3
Nginx Reverse Proxy
# /etc/nginx/sites-available/rustdesk
server {
listen 80;
server_name your-domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name your-domain.com;
ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
# API endpoint
location /api/ {
proxy_pass http://localhost:21117/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Web console
location / {
proxy_pass http://localhost:21118/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Client Setup
- Desktop Client Configuration
Download RustDesk client: Windows: Download from RustDesk website Linux: Install via package manager or download binary macOS: Download from website or use Homebrew
- Configure server settings:
Open RustDesk client Go to Settings → Network Set ID Server: your-domain.com:21116 Set Relay Server: your-domain.com:21115 Set Key: (paste your public key content) Import configuration automatically:
- Create configuration file
cat > rustdesk.toml << EOF [options] relay-server = "your-domain.com:21115" id-server = "your-domain.com:21116" key = "your-public-key-here" EOF
- Import configuration
rustdesk --import-config rustdesk.toml Mobile App Configuration Install RustDesk mobile app:
Android: Google Play Store or F-Droid iOS: App Store
- Configure server:
Open app settings Add custom server Enter server details and key
- Web Client Setup
- Enable web console in server config:
[web] enabled = true port = 21118
- Access via browser:
- Navigate to https://your-domain.com
Enter server credentials Connect to remote devices Security Configuration
- SSL/TLS Setup
- Generate SSL certificate:
# Using Let's Encrypt sudo certbot certonly --standalone -d your-domain.com
# Or generate self-signed certificate openssl req -x509 -newkey rsa:4096 -keyout rustdesk.key -out rustdesk.crt -days 365 -nodes
- Configure SSL in RustDesk:
[ssl] enabled = true cert_file = "/etc/ssl/certs/rustdesk.crt" key_file = "/etc/ssl/private/rustdesk.key"
- Firewall Configuration
# UFW (Ubuntu) sudo ufw allow 21115/tcp sudo ufw allow 21116/tcp sudo ufw allow 21116/udp sudo ufw allow 21117/tcp sudo ufw allow 21118/tcp # iptables iptables -A INPUT -p tcp --dport 21115 -j ACCEPT iptables -A INPUT -p tcp --dport 21116 -j ACCEPT iptables -A INPUT -p udp --dport 21116 -j ACCEPT iptables -A INPUT -p tcp --dport 21117 -j ACCEPT iptables -A INPUT -p tcp --dport 21118 -j ACCEPT
- Access Control
[access] # Whitelist specific IPs allowed_ips = ["192.168.1.0/24", "10.0.0.0/8"] # Blacklist IPs blocked_ips = ["1.2.3.4"] # Require password for connections require_password = true # Enable session logging session_logging = true Two-Factor Authentication [2fa] # Enable 2FA enabled = true # TOTP issuer name issuer = "RustDesk Server" # Require 2FA for all users required = false
Backup and Maintenance
Backup Strategy
#!/bin/bash
# RustDesk backup script
BACKUP_DIR="/backup/rustdesk"
DATE=$(date +%Y%m%d_%H%M%S)
# Create backup directory
mkdir -p $BACKUP_DIR
# Backup configuration files
tar -czf $BACKUP_DIR/config-$DATE.tar.gz /opt/rustdesk/*.toml /opt/rustdesk/id_ed25519*
# Backup database (if using API server)
if [ -f /data/db.sqlite3 ]; then
cp /data/db.sqlite3 $BACKUP_DIR/db-$DATE.sqlite3
fi
# Backup logs
tar -czf $BACKUP_DIR/logs-$DATE.tar.gz /var/log/rustdesk/
# Cleanup old backups (keep 30 days)
find $BACKUP_DIR -name "*.tar.gz" -mtime +30 -delete
find $BACKUP_DIR -name "*.sqlite3" -mtime +30 -delete
echo "Backup completed: $DATE"
Update Process
- Stop services:
sudo systemctl stop rustdesk-relay rustdesk-signal
- Backup current installation:
cp -r /opt/rustdesk /opt/rustdesk-backup-$(date +%Y%m%d)
- Download and install update:
wget https://github.com/rustdesk/rustdesk-server/releases/latest/download/rustdesk-server-linux-amd64.tar.gz tar -xzf rustdesk-server-linux-amd64.tar.gz sudo cp rustdesk-server-linux-amd64/* /opt/rustdesk/
- Restart services:
sudo systemctl start rustdesk-relay rustdesk-signal sudo systemctl status rustdesk-relay rustdesk-signal
- Monitoring
#!/bin/bash
# Monitoring script
# Check service status
if ! systemctl is-active --quiet rustdesk-relay; then
echo "RustDesk relay service is down!"
# Send alert or restart service
fi
if ! systemctl is-active --quiet rustdesk-signal; then
echo "RustDesk signal service is down!"
# Send alert or restart service
fi
# Check port connectivity
if ! nc -z localhost 21115; then
echo "Relay port 21115 is not accessible!"
fi
if ! nc -z localhost 21116; then
echo "Signal port 21116 is not accessible!"
fi
# Check disk space
DISK_USAGE=$(df /opt/rustdesk | tail -1 | awk '{print $5}' | sed 's/%//')
if [ $DISK_USAGE -gt 80 ]; then
echo "Disk usage is above 80%: ${DISK_USAGE}%"
fi
# Check memory usage
MEMORY_USAGE=$(free | grep Mem | awk '{printf "%.0f", $3/$2 * 100.0}')
if [ $MEMORY_USAGE -gt 90 ]; then
echo "Memory usage is above 90%: ${MEMORY_USAGE}%"
fi
Troubleshooting
- Common Issues
- Connection Problems
# Test server connectivity telnet your-domain.com 21115 telnet your-domain.com 21116 # Check firewall rules sudo ufw status sudo iptables -L # Test DNS resolution nslookup your-domain.com dig your-domain.com Service Issues # Check service status sudo systemctl status rustdesk-relay sudo systemctl status rustdesk-signal # View service logs sudo journalctl -u rustdesk-relay -f sudo journalctl -u rustdesk-signal -f # Restart services sudo systemctl restart rustdesk-relay rustdesk-signal
- Performance Issues
- Monitor system resources
htop iotop netstat -tlnp # Check network latency ping your-domain.com mtr your-domain.com # Monitor RustDesk processes ps aux | grep rustdesk Key/Certificate Problems # Regenerate server keys ./rustdesk-utils genkey # Verify key permissions ls -la /opt/rustdesk/id_ed25519* sudo chmod 600 /opt/rustdesk/id_ed25519 sudo chmod 644 /opt/rustdesk/id_ed25519.pub # Test SSL certificate openssl s_client -connect your-domain.com:443 Log Analysis # Server logs location tail -f /var/log/rustdesk/server.log # System logs tail -f /var/log/syslog | grep rustdesk # Docker logs docker logs -f rustdesk-server FAQ How does RustDesk compare to TeamViewer? RustDesk offers similar functionality to TeamViewer but with complete self-hosting capabilities, no licensing fees, and full data privacy. Can I use RustDesk without a public IP? Yes, you can use services like Cloudflare Tunnel or VPN to expose your RustDesk server without a public IP. Is RustDesk secure for business use? Yes, RustDesk uses end-to-end encryption and allows complete control over your infrastructure, making it suitable for business environments.
How do I migrate from TeamViewer to RustDesk? Set up your RustDesk server Install RustDesk clients on all devices Configure clients to use your server Export/import address books if needed Train users on the new interface Can I customize the RustDesk client? Yes, RustDesk is open-source, allowing you to customize the client application for your specific needs. What's the maximum number of concurrent connections? The limit depends on your server resources. A typical server can handle hundreds of concurrent connections.
How do I set up automatic updates? # Create update script cat > /usr/local/bin/rustdesk-update.sh << 'EOF' #!/bin/bash # Auto-update script for RustDesk # Add to crontab: 0 2 * * 0 /usr/local/bin/rustdesk-update.sh EOF
chmod +x /usr/local/bin/rustdesk-update.sh Can I use RustDesk with load balancing? Yes, you can run multiple RustDesk servers behind a load balancer for high availability and scalability.
- How do I enable session recording?
[recording] enabled = true path = "/var/log/rustdesk/sessions/" format = "mp4" quality = "high"
ИСТОЧНИКИ
* RustDesk Self-Host Guide: Complete Setup and Configuration
