RustDesk Self-Host Guide: Complete Setup and Configuration
Table of Contents
- What is RustDesk?
- Features of RustDesk
- Why Self Host RustDesk?
- System Requirements
- Installation Guide
- Configuration
- Client Setup
- Security Configuration
- Backup and Maintenance
- Troubleshooting
- FAQ
What is RustDesk?
RustDesk is an open-source remote desktop software written in Rust. It's a powerful alternative to TeamViewer that allows you to control computers remotely with your own self-hosted server, ensuring complete privacy and security over your remote connections.
Features of RustDesk
Cross-Platform Support
- Windows: Full support with all features
- macOS: Complete compatibility including clipboard sync
- Linux: Native support for all major distributions
- Android/iOS: Mobile apps for remote access on-the-go
- Web Browser: Browser-based client for quick access
Advanced Remote Desktop Features
- High Performance: Hardware-accelerated encoding/decoding
- Low Latency: Optimized for real-time interaction
- Multi-Monitor: Support for multiple displays
- File Transfer: Secure file sharing between devices
- Clipboard Sync: Seamless copy-paste across devices
- Audio Forwarding: Stream audio from remote computer
Security and Privacy
- End-to-End Encryption: All connections are encrypted
- 2FA Support: Two-factor authentication for enhanced security
- Access Control: Fine-grained permission management
- Session Logging: Comprehensive audit trails
- No Data Collection: Complete privacy with self-hosting
Enterprise Features
- Address Book: Centralized device management
- User Groups: Organize users and devices
- Access Control: Role-based permissions
- Unattended Access: Connect without user intervention
- API Integration: Programmatic access for automation
Why Self Host RustDesk?
Self-hosting provides complete control and eliminates reliance on third-party services.
Benefits of Self-Hosting RustDesk
- Complete Privacy: No data passes through external servers
- Cost Savings: No per-user licensing fees
- Performance: Optimized for your network infrastructure
- Customization: Tailor configuration to your needs
- Compliance: Meet strict data governance requirements
- Reliability: No dependency on external service availability
System Requirements
Minimum Requirements
- CPU: 2 cores
- RAM: 2GB
- Storage: 10GB
- Network: Stable internet connection with public IP
- OS: Linux (Ubuntu 20.04+ recommended)
Recommended Requirements
- CPU: 4+ cores
- RAM: 4GB+
- Storage: 50GB SSD
- Network: High-speed connection with low latency
- Firewall configured for RustDesk ports
- SSL certificate for secure web access
Network Requirements
- TCP Port 21115: Relay server
- TCP Port 21116: ID server
- TCP Port 21117: HTTP API (optional)
- TCP Port 21118: Web console (optional)
- UDP Port 21116: NAT type test
Installation Guide
Using Docker (Recommended)
- Create docker-compose.yml:
version: '3.8'
services:
rustdesk-server:
image: rustdesk/rustdesk-server:latest
container_name: rustdesk-server
ports:
- "21115:21115"
- "21116:21116"
- "21116:21116/udp"
- "21117:21117"
- "21118:21118"
volumes:
- ./data:/data
environment:
- RELAY_HOST=your-domain.com
- API_HOST=your-domain.com
restart: unless-stopped
rustdesk-api:
image: rustdesk/rustdesk-api:latest
container_name: rustdesk-api
ports:
- "21114:21114"
volumes:
- ./api-data:/data
environment:
- DB_URL=sqlite:///data/db.sqlite3
- API_SECRET=your-secret-key
restart: unless-stopped
depends_on:
- rustdesk-server
- Start the services:
docker-compose up -d
- Generate server key:
docker exec rustdesk-server /usr/bin/rustdesk-utils genkey
Manual Installation
- Download RustDesk server:
wget https://github.com/rustdesk/rustdesk-server/releases/latest/download/rustdesk-server-linux-amd64.tar.gz
tar -xzf rustdesk-server-linux-amd64.tar.gz
cd rustdesk-server-linux-amd64
- Generate encryption keys:
./rustdesk-utils genkey
# This creates id_ed25519 and id_ed25519.pub files
- Create systemd service:
# /etc/systemd/system/rustdesk-relay.service
[Unit]
Description=RustDesk Relay Server
After=network.target
[Service]
Type=simple
User=rustdesk
WorkingDirectory=/opt/rustdesk
ExecStart=/opt/rustdesk/rustdesk-relay -k /opt/rustdesk/id_ed25519
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
- Create ID server service:
# /etc/systemd/system/rustdesk-signal.service
[Unit]
Description=RustDesk Signal Server
After=network.target
[Service]
Type=simple
User=rustdesk
WorkingDirectory=/opt/rustdesk
ExecStart=/opt/rustdesk/rustdesk-signal -k /opt/rustdesk/id_ed25519
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
- Start services:
sudo systemctl enable --now rustdesk-relay
sudo systemctl enable --now rustdesk-signal
Using Pre-built Binaries
- Install from GitHub releases:
# Download latest release
curl -s https://api.github.com/repos/rustdesk/rustdesk-server/releases/latest | grep "browser_download_url.*linux.*tar.gz" | cut -d '"' -f 4 | wget -i -
# Extract and install
tar -xzf rustdesk-server-*.tar.gz
sudo cp rustdesk-server-*/rustdesk-* /usr/local/bin/
sudo chmod +x /usr/local/bin/rustdesk-*
Configuration
Server Configuration
# rustdesk.toml
[server]
# Server hostname or IP
host = "your-domain.com"
# Relay port
relay_port = 21115
# Signal port
signal_port = 21116
# API port
api_port = 21117
[security]
# Enable encryption
encryption = true
# Key file path
key_file = "/opt/rustdesk/id_ed25519"
# Password protection
password = "your-server-password"
[logging]
# Log level: error, warn, info, debug, trace
level = "info"
# Log file path
file = "/var/log/rustdesk/server.log"
[api]
# Enable web API
enabled = true
# API secret key
secret = "your-api-secret"
# Admin user
admin_user = "admin"
admin_password = "admin-password"
Environment Variables
# Server Configuration
RUSTDESK_HOST=your-domain.com
RUSTDESK_RELAY_PORT=21115
RUSTDESK_SIGNAL_PORT=21116
RUSTDESK_API_PORT=21117
# Security
RUSTDESK_KEY_FILE=/data/id_ed25519
RUSTDESK_PASSWORD=your-server-password
RUSTDESK_ENCRYPTION=true
# Logging
RUSTDESK_LOG_LEVEL=info
RUSTDESK_LOG_FILE=/var/log/rustdesk.log
# API
RUSTDESK_API_ENABLED=true
RUSTDESK_API_SECRET=your-api-secret
RUSTDESK_ADMIN_USER=admin
RUSTDESK_ADMIN_PASSWORD=admin-password
# Database (if using API server)
DATABASE_URL=sqlite:///data/db.sqlite3
Nginx Reverse Proxy
# /etc/nginx/sites-available/rustdesk
server {
listen 80;
server_name your-domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name your-domain.com;
ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
# API endpoint
location /api/ {
proxy_pass http://localhost:21117/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Web console
location / {
proxy_pass http://localhost:21118/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Client Setup
Desktop Client Configuration
Download RustDesk client:
- Windows: Download from RustDesk website
- Linux: Install via package manager or download binary
- macOS: Download from website or use Homebrew
Configure server settings:
- Open RustDesk client
- Go to Settings → Network
- Set ID Server:
your-domain.com:21116 - Set Relay Server:
your-domain.com:21115 - Set Key: (paste your public key content)
Import configuration automatically:
# Create configuration file
cat > rustdesk.toml << EOF
[options]
relay-server = "your-domain.com:21115"
id-server = "your-domain.com:21116"
key = "your-public-key-here"
EOF
# Import configuration
rustdesk --import-config rustdesk.toml
Mobile App Configuration
Install RustDesk mobile app:
- Android: Google Play Store or F-Droid
- iOS: App Store
Configure server:
- Open app settings
- Add custom server
- Enter server details and key
Web Client Setup
- Enable web console in server config:
[web]
enabled = true
port = 21118
- Access via browser:
- Navigate to
https://your-domain.com - Enter server credentials
- Connect to remote devices
- Navigate to
Security Configuration
SSL/TLS Setup
- Generate SSL certificate:
# Using Let's Encrypt
sudo certbot certonly --standalone -d your-domain.com
# Or generate self-signed certificate
openssl req -x509 -newkey rsa:4096 -keyout rustdesk.key -out rustdesk.crt -days 365 -nodes
- Configure SSL in RustDesk:
[ssl]
enabled = true
cert_file = "/etc/ssl/certs/rustdesk.crt"
key_file = "/etc/ssl/private/rustdesk.key"
Firewall Configuration
# UFW (Ubuntu)
sudo ufw allow 21115/tcp
sudo ufw allow 21116/tcp
sudo ufw allow 21116/udp
sudo ufw allow 21117/tcp
sudo ufw allow 21118/tcp
# iptables
iptables -A INPUT -p tcp --dport 21115 -j ACCEPT
iptables -A INPUT -p tcp --dport 21116 -j ACCEPT
iptables -A INPUT -p udp --dport 21116 -j ACCEPT
iptables -A INPUT -p tcp --dport 21117 -j ACCEPT
iptables -A INPUT -p tcp --dport 21118 -j ACCEPT
Access Control
[access]
# Whitelist specific IPs
allowed_ips = ["192.168.1.0/24", "10.0.0.0/8"]
# Blacklist IPs
blocked_ips = ["1.2.3.4"]
# Require password for connections
require_password = true
# Enable session logging
session_logging = true
Two-Factor Authentication
[2fa]
# Enable 2FA
enabled = true
# TOTP issuer name
issuer = "RustDesk Server"
# Require 2FA for all users
required = false
Backup and Maintenance
Backup Strategy
#!/bin/bash
# RustDesk backup script
BACKUP_DIR="/backup/rustdesk"
DATE=$(date +%Y%m%d_%H%M%S)
# Create backup directory
mkdir -p $BACKUP_DIR
# Backup configuration files
tar -czf $BACKUP_DIR/config-$DATE.tar.gz /opt/rustdesk/*.toml /opt/rustdesk/id_ed25519*
# Backup database (if using API server)
if [ -f /data/db.sqlite3 ]; then
cp /data/db.sqlite3 $BACKUP_DIR/db-$DATE.sqlite3
fi
# Backup logs
tar -czf $BACKUP_DIR/logs-$DATE.tar.gz /var/log/rustdesk/
# Cleanup old backups (keep 30 days)
find $BACKUP_DIR -name "*.tar.gz" -mtime +30 -delete
find $BACKUP_DIR -name "*.sqlite3" -mtime +30 -delete
echo "Backup completed: $DATE"
Update Process
- Stop services:
sudo systemctl stop rustdesk-relay rustdesk-signal
- Backup current installation:
cp -r /opt/rustdesk /opt/rustdesk-backup-$(date +%Y%m%d)
- Download and install update:
wget https://github.com/rustdesk/rustdesk-server/releases/latest/download/rustdesk-server-linux-amd64.tar.gz
tar -xzf rustdesk-server-linux-amd64.tar.gz
sudo cp rustdesk-server-linux-amd64/* /opt/rustdesk/
- Restart services:
sudo systemctl start rustdesk-relay rustdesk-signal
sudo systemctl status rustdesk-relay rustdesk-signal
Monitoring
#!/bin/bash
# Monitoring script
# Check service status
if ! systemctl is-active --quiet rustdesk-relay; then
echo "RustDesk relay service is down!"
# Send alert or restart service
fi
if ! systemctl is-active --quiet rustdesk-signal; then
echo "RustDesk signal service is down!"
# Send alert or restart service
fi
# Check port connectivity
if ! nc -z localhost 21115; then
echo "Relay port 21115 is not accessible!"
fi
if ! nc -z localhost 21116; then
echo "Signal port 21116 is not accessible!"
fi
# Check disk space
DISK_USAGE=$(df /opt/rustdesk | tail -1 | awk '{print $5}' | sed 's/%//')
if [ $DISK_USAGE -gt 80 ]; then
echo "Disk usage is above 80%: ${DISK_USAGE}%"
fi
# Check memory usage
MEMORY_USAGE=$(free | grep Mem | awk '{printf "%.0f", $3/$2 * 100.0}')
if [ $MEMORY_USAGE -gt 90 ]; then
echo "Memory usage is above 90%: ${MEMORY_USAGE}%"
fi
Troubleshooting
Common Issues
Connection Problems
# Test server connectivity
telnet your-domain.com 21115
telnet your-domain.com 21116
# Check firewall rules
sudo ufw status
sudo iptables -L
# Test DNS resolution
nslookup your-domain.com
dig your-domain.com
Service Issues
# Check service status
sudo systemctl status rustdesk-relay
sudo systemctl status rustdesk-signal
# View service logs
sudo journalctl -u rustdesk-relay -f
sudo journalctl -u rustdesk-signal -f
# Restart services
sudo systemctl restart rustdesk-relay rustdesk-signal
Performance Issues
# Monitor system resources
htop
iotop
netstat -tlnp
# Check network latency
ping your-domain.com
mtr your-domain.com
# Monitor RustDesk processes
ps aux | grep rustdesk
Key/Certificate Problems
# Regenerate server keys
./rustdesk-utils genkey
# Verify key permissions
ls -la /opt/rustdesk/id_ed25519*
sudo chmod 600 /opt/rustdesk/id_ed25519
sudo chmod 644 /opt/rustdesk/id_ed25519.pub
# Test SSL certificate
openssl s_client -connect your-domain.com:443
Log Analysis
# Server logs location
tail -f /var/log/rustdesk/server.log
# System logs
tail -f /var/log/syslog | grep rustdesk
# Docker logs
docker logs -f rustdesk-server
FAQ
How does RustDesk compare to TeamViewer?
RustDesk offers similar functionality to TeamViewer but with complete self-hosting capabilities, no licensing fees, and full data privacy.
Can I use RustDesk without a public IP?
Yes, you can use services like Cloudflare Tunnel or VPN to expose your RustDesk server without a public IP.
Is RustDesk secure for business use?
Yes, RustDesk uses end-to-end encryption and allows complete control over your infrastructure, making it suitable for business environments.
How do I migrate from TeamViewer to RustDesk?
- Set up your RustDesk server
- Install RustDesk clients on all devices
- Configure clients to use your server
- Export/import address books if needed
- Train users on the new interface
Can I customize the RustDesk client?
Yes, RustDesk is open-source, allowing you to customize the client application for your specific needs.
What's the maximum number of concurrent connections?
The limit depends on your server resources. A typical server can handle hundreds of concurrent connections.
How do I set up automatic updates?
# Create update script
cat > /usr/local/bin/rustdesk-update.sh << 'EOF'
#!/bin/bash
# Auto-update script for RustDesk
# Add to crontab: 0 2 * * 0 /usr/local/bin/rustdesk-update.sh
EOF
chmod +x /usr/local/bin/rustdesk-update.sh
Can I use RustDesk with load balancing?
Yes, you can run multiple RustDesk servers behind a load balancer for high availability and scalability.
How do I enable session recording?
[recording]
enabled = true
path = "/var/log/rustdesk/sessions/"
format = "mp4"
quality = "high"
