Created
February 4, 2024 15:21
-
-
Save hadim/2225f0869ada523dec8148510ca438ca to your computer and use it in GitHub Desktop.
RustDesk and Traefik Docker Compose Configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# A minimal configuration to host a RustDesk server with Traefik v3 (also works with Traefik v2). | |
# | |
# This configuration is based on a single Rustdesk container hosting the two hbbr and hbbs services | |
# instead of running two separate containers as in the official documentation. | |
# See https://rustdesk.com/docs/en/self-host/rustdesk-server-oss/docker/ for more information. | |
# | |
# This configuration is adapted from https://gist.github.com/FracKenA/5015150a6057afe9a22bf2e4b9d5f2b6. | |
# | |
# Pay attention to the comments in the file and adapt the configuration to your needs. | |
# Once deployed you must configure the Rustdesk client in the Network tab to use the domain | |
# name of the relay server and the port 21117. | |
# ID server: DOMAIN_NAME:21116 | |
# Relay server: DOMAIN_NAME:21117 | |
# Key: THE_PUBLIC_KEY | |
version: "3" | |
services: | |
# Traefik proxy | |
# | |
# This traefik configuration is the strict minimum to make Rustdesk work without any other services | |
# such as Traefik dashboard. Adapt it to your needs. | |
traefik: | |
container_name: traefik | |
image: traefik:v3.0 | |
ports: | |
# Rustdesk ports | |
# Those MUST be open on your router and firewall and forwarded to the host running | |
# this docker-compose file. | |
- 21115:21115/tcp | |
- 21116:21116/tcp | |
- 21117:21117/tcp | |
- 21118:21118/tcp | |
- 21119:21119/tcp | |
- 21116:21116/udp | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock:ro | |
restart: unless-stopped | |
command: | |
- --global.checkNewVersion=false | |
- --global.sendAnonymousUSage=false | |
- --providers.docker=true | |
- --providers.docker.exposedbydefault=false | |
- --log.level=INFO | |
- --accesslog.filters.statuscodes=400-499 | |
# Rustdesk entrypoints | |
- --entrypoints.rd5-tcp.address=:21115/tcp # ID Server - NAT type test | |
- --entrypoints.rd6-tcp.address=:21116/tcp # ID Server - TCP hole punching | |
- --entrypoints.rd6-udp.address=:21116/udp # ID Server - ID registration and heartbeat | |
- --entrypoints.rd8-tcp.address=:21118/tcp # ID Server - Web client | |
- --entrypoints.rd7-tcp.address=:21117/tcp # Relay Server - Relay services | |
- --entrypoints.rd9-tcp.address=:21119/tcp # Relay Server - Web client | |
# RustDesk ID/Rendezvous server and Relay server | |
# | |
# This container uses rustdesk-server-s6 instead of rustdesk-server. The difference is that | |
# rustdesk-server-s6 is based on s6-overlay which runs the two services hbbr and hbbs in the same | |
# container. | |
rustdesk: | |
container_name: rustdesk | |
image: rustdesk/rustdesk-server-s6:latest | |
volumes: | |
- LOCAL_DIR_TO_HOST_THE_DATABASE:/db | |
- LOCAL_DIR_TO_HOST_THE_KEYS:/data | |
restart: unless-stopped | |
environment: | |
- RELAY=DOMAIN_NAME:21117 | |
- ENCRYPTED_ONLY=1 | |
- DB_URL=/db/db_v2.sqlite3 | |
# The private and public keys must be generated with the following command: | |
# Generate the private key: `openssl genpkey -algorithm Ed25519 -out private.key` | |
# Generate the public key: `openssl pkey -in private.key -pubout -out public.key` | |
# Display botk keys and copy them below: `cat private.key public.key` | |
# openssl rsa -in private.pem -pubout -out public.pem | |
- KEY_PRIV=THE_PRIVATE_KEY | |
- KEY_PUB=THE_PUBLIC_KEY | |
- RUST_LOG=debug | |
labels: | |
- traefik.enable=true | |
# 21115/tcp | |
- traefik.tcp.routers.rustdesk-rd5.entrypoints=rd5-tcp | |
- traefik.tcp.routers.rustdesk-rd5.rule=HostSNI(`*`) | |
- traefik.tcp.routers.rustdesk-rd5.service=rustdesk-rd5 | |
- traefik.tcp.services.rustdesk-rd5.loadbalancer.server.port=21115 | |
- traefik.tcp.routers.rustdesk-rd5.tls=false | |
- traefik.tcp.routers.rustdesk-rd5.tls.passthrough=true | |
# 21116/tcp | |
- traefik.tcp.routers.rustdesk-rd6.entrypoints=rd6-tcp | |
- traefik.tcp.routers.rustdesk-rd6.rule=HostSNI(`*`) | |
- traefik.tcp.routers.rustdesk-rd6.service=rustdesk-rd6 | |
- traefik.tcp.services.rustdesk-rd6.loadbalancer.server.port=21116 | |
- traefik.tcp.routers.rustdesk-rd6.tls=false | |
- traefik.tcp.routers.rustdesk-rd6.tls.passthrough=true | |
# 21118/tcp | |
- traefik.tcp.routers.rustdesk-rd8.entrypoints=rd8-tcp | |
- traefik.tcp.routers.rustdesk-rd8.rule=HostSNI(`*`) | |
- traefik.tcp.routers.rustdesk-rd8.service=rustdesk-rd8 | |
- traefik.tcp.services.rustdesk-rd8.loadbalancer.server.port=21118 | |
- traefik.tcp.routers.rustdesk-rd8.tls=false | |
- traefik.tcp.routers.rustdesk-rd8.tls.passthrough=true | |
# 21116/udp | |
- traefik.udp.routers.rustdesk-rd6.entrypoints=rd6-udp | |
- traefik.udp.routers.rustdesk-rd6.service=rustdesk-rd6 | |
- traefik.udp.services.rustdesk-rd6.loadbalancer.server.port=21116 | |
# 21117/tcp | |
- traefik.tcp.routers.rustdesk-rd7.entrypoints=rd7-tcp | |
- traefik.tcp.routers.rustdesk-rd7.rule=HostSNI(`*`) | |
- traefik.tcp.routers.rustdesk-rd7.service=rustdesk-rd7 | |
- traefik.tcp.services.rustdesk-rd7.loadbalancer.server.port=21117 | |
- traefik.tcp.routers.rustdesk-rd7.tls=false | |
- traefik.tcp.routers.rustdesk-rd7.tls.passthrough=true | |
# 21119/tcp | |
- traefik.tcp.routers.rustdesk-rd9.entrypoints=rd9-tcp | |
- traefik.tcp.routers.rustdesk-rd9.rule=HostSNI(`*`) | |
- traefik.tcp.routers.rustdesk-rd9.service=rustdesk-rd9 | |
- traefik.tcp.services.rustdesk-rd9.loadbalancer.server.port=21119 | |
- traefik.tcp.routers.rustdesk-rd9.tls=false | |
- traefik.tcp.routers.rustdesk-rd9.tls.passthrough=true |
as per official documentation the keys can be generated using docker run --rm --entrypoint /usr/bin/rustdesk-utils rustdesk/rustdesk-server-s6:latest genkeypair
. This worked for me, the gist should be updated with this command.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
Could you help me out? Im following your instructions to the letter but i get an error (docker logs):
I tried multiple things:
Also, what do i need to do with: "openssl rsa -in private.pem -pubout -out public.pem" ? Doesnt seem to be connected with the commands above.