User Tools

Site Tools


computing:rustdesk

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
computing:rustdesk [2024/11/02 16:53] oemb1905computing:rustdesk [2024/11/02 17:26] (current) oemb1905
Line 25: Line 25:
 You can always download the package as a .deb and install it directly. The [[https://github.com/rustdesk/rustdesk-server/releases/tag/1.1.12|rustdesk repository]] has the latest amd64. I used wget to grab this, and installed it with dpkg -i. If you take this approach, you will need to set up the hbbs/hbbr environments manually. After reviewing the code and discussing the project with members of the [[https://matrix.to/#/#pubglug:gnulinux.club|pubglug community]], I decided the script was just fine. The script prompts the user with two questions. First, do you want to be IP-based or domain-based, I chose domain. It also asks if you want to set up the http server; I also chose yes. After the script was done, I went ahead and focused on setting up apache2's reverse proxy configs. You can always download the package as a .deb and install it directly. The [[https://github.com/rustdesk/rustdesk-server/releases/tag/1.1.12|rustdesk repository]] has the latest amd64. I used wget to grab this, and installed it with dpkg -i. If you take this approach, you will need to set up the hbbs/hbbr environments manually. After reviewing the code and discussing the project with members of the [[https://matrix.to/#/#pubglug:gnulinux.club|pubglug community]], I decided the script was just fine. The script prompts the user with two questions. First, do you want to be IP-based or domain-based, I chose domain. It also asks if you want to set up the http server; I also chose yes. After the script was done, I went ahead and focused on setting up apache2's reverse proxy configs.
  
- +  * [[https://repo.haacksnetworking.org/haacknet/haackingclub/-/blob/main/configs/webservers/apache/apache-rustdesk-domain.com.conf?ref_type=heads|HTTP Virtual Host]] 
 +  * [[https://repo.haacksnetworking.org/haacknet/haackingclub/-/blob/main/configs/webservers/apache/apache-rustdesk-domain.com-ssl.conf?ref_type=heads|TLS Virtual Host]]
  
 +Use the configs above and adapt to your needs. However, before you put them in place using ''a2ensite'', you should first setup TLS for your domain using the default virtual host. Leaving ''000-default.conf'' as the active virtual host for now, run the following commands:
  
 +  sudo apt install certbot letsencrypt python3-certbot-apache
 +  sudo certbot --authenticator standalone --installer apache -d site1.com --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2" 
 +  
 +Once this completes successfully, you want to disable both the default virtual host called ''000-default.conf'' and the Let's Encrypt generated one called ''000-default-le-ssl.conf''
  
 +  sudo a2dissite 000-default.conf
 +  sudo a2dissite 000-default-le-ssl.conf
 +  
 +Please note that these are example virtual host names, so adjust to your OS / distro accordingly. Once all virtual hosts are disabled, you want to take the reverse proxy configs above and copy them into ''/etc/apache2/sites-available/''. Make sure to edit each and replace the example domains and ports with your FQDN and your port, presumably 8000. Additionally, make sure you have the required php modules enabled before restarting apache2's service:
  
 +  sudo a2enmod proxy_http
 +  sudo a2enmod proxy
 +  sudo a2enmod rewrite
 +  sudo a2enmod headers
 +  sudo systemctl restart apache2
 +  sudo reboot
 +  
 +If you did everything correctly, your server will now load at ''https://fqdn.com'' without entering a port, as it will be handled by apache, which in turn passes it back to gohttp server running your RustDesk instance. This ensures that you communicate with the external instance using TLS, and that only the apache2 TLS communicates back via the proxy with RustDesk using http. Thus, only apache2 via TLS is publicly exposed, and by extension, this means when you set up your clients and the API key, you are sending/receiving all these sensitive remote desktop sessions across a TLS encrypted session. Make sure that you have Let's Encrypt cert renewal attached to an appropriate cronjob. Once this is in place, you need to setup the clients. Download RustDesk from the main website, and then adjust the following settings with the following information.
  
- --- //[[webmaster@haacksnetworking.org|oemb1905]] 2024/11/02 16:39//+  cat /opt/rustdesk/id_ed25519.pub 
 +   
 +The output above is your API key. On each client that you want to use with this server, you open the RustDesk client, unlock Network Settings, and enter this key into the parameter called "Key." In the sections above, enter you FQDN.tld without http:// or https://. Here's an example: \\ 
 +\\ 
 + 
 +{{ :computing:screenshot_from_2024-11-02_11-12-52.png?direct&800 |}} 
 + 
 +\\ 
 +// 
 +Personally, I choose to use both one-time keys and set/static passwords for the connections, but those are personal preference decisions, so I won't detail that here. From here on out, just make sure to set up all other clients equivalently and you are all set. After you confirm all is working, you can test to see if RustDesk was indeed using your new self-hosted relay by attempting to use it when your VPS is powered down. The connection will fail because neither client is using the RustDesk default server any longer and yours is down. A bit overkill, but we like to confirm things at Haack's Networking lol. Well, hope this helps other Debian users who want to use and set this up without using docker! 
 + 
 + --- //[[webmaster@haacksnetworking.org|oemb1905]] 2024/11/02 17:23//
computing/rustdesk.1730566422.txt.gz · Last modified: 2024/11/02 16:53 by oemb1905