Manually • Docker • Keypair • Binaries • Variables
[French] | [Deutsch] | [Nederlands] | [繁體中文] | [简体中文] | [Русский]

SctgDesk Server Program

Binary Download

API Documentation

This is a modified version of RustDesk Server, which is free and open source.

• The first difference is that this version includes the new tcp mode included in the RustDesk Server Pro version.
• The second difference is that this version includes a preliminary implementation of the Rustdesk Server Pro API server.
  • Support for personal address book
  • Support for shared address book at group level
  • read-only, read-write, admin
  • Support for shared address book at user level
  • read-only, read-write, admin
• The third difference is that this version includes a preliminary implementation of a simple webconsole.

The webconsole is accessible at the address http://<server-ip>:21114/ with login "admin" and password "Hello,world!" .
You can browse the API documentation in the builtins API server at the address http://<server-ip>:21114/api/doc/.

A non interactive API documentation is available at sctgdesk-api-server repo.

Star the project

If you appreciate my work, please consider giving it a star! 🤩 or a

TL;DR

You can use the following docker-compose.yml file to start the server:

version: '3'

networks:
  sctgdesk-net:
    external: false

services:
  hbbs:
    container_name: hbbs
    ports:
      - 21114:21114
      - 21115:21115
      - 21116:21116
      - 21116:21116/udp
      - 21118:21118
    image: sctg/sctgdesk-server:latest
    command: hbbs -r sctgdesk.example.com:21117
    volumes:
      - ./data:/usr/local/share/sctgdesk
    networks:
      - sctgdesk-net
    depends_on:
      - hbbr
    restart: unless-stopped

  hbbr:
    container_name: hbbr
    ports:
      - 21117:21117
      - 21119:21119
    image: sctg/sctgdesk-server:latest
    command: hbbr
    volumes:
      - ./data:/usr/local/share/sctgdesk
    networks:
      - sctgdesk-net
    restart: unless-stopped

and start the server with:

mkdir -p data
docker-compose up 

Binaries

Binaries are available for the following platforms:

• Linux x86_64 statically linked
• Linux arm64 statically linked
• Linux armv7 statically linked
• MacOS Intel
• MacOS Apple Silicon
• Windows x86_64

Default admin user

The default admin user is created with the username admin and the password Hello,world!. You can change the password after the first login on the webconsole.

API Standalone version

The api standalone version is a version of the server that includes the API server and the webconsole but not the rendez-vous server.
The standalone version is available in its own repository sctgdesk-api-server.
For all api or webconsole related issues, please refer to the sctgdesk-api-server repository.

Screenshots

Webconsole

Api documentation

Use in Rustdesk client

Generating autoupdate links

We modified our client to retrieve the autoupdate links from the api server rather from Github releases.
For having the autoupdate links working, you need to modify your client to retrieve the autoupdate links from the api server. This how you can do it:

// src/common.rs
#[tokio::main(flavor = "current_thread")]
async fn check_software_update_() -> hbb_common::ResultType<()> {
    let url=format!("{}/api/software/releases/latest",get_api_server("".to_owned(), "".to_owned())).to_owned();
    log::info!("URL for checking software updates: {}", url);
    //let url = "https://github.com/rustdesk/rustdesk/releases/latest";
    let latest_release_response = create_http_client_async().get(url).send().await?;
    let latest_release_version = latest_release_response
        .url()
        .path()
        .rsplit('/')
        .next()
        .unwrap_or_default();

    let response_url = latest_release_response.url().to_string();

    if get_version_number(&latest_release_version) > get_version_number(crate::VERSION) {
        *SOFTWARE_UPDATE_URL.lock().unwrap() = response_url;
    }
    Ok(())
}

Security

The embedded API server is not secured nor protected agains DDOS attacks. A good practice is to use a reverse proxy in front of the API server. NGINX is a good choice for this purpose. HAProxy is also a good choice.
We use HAProxy in front of the API server in our production environment. This is our configuration file for HAProxy it is provided as an example only. You should adapt it to your own needs.:

global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

defaults
    log global
    retries 2
    timeout connect 3000ms
    timeout server 5000ms
    timeout client 5000ms

frontend hbbs_wss
    bind 0.0.0.0:21120 ssl crt /etc/haproxy/hbb.pem
    default_backend hbbs_wss_backend

frontend hbbs_api
    mode http
    option forwardfor
    bind 0.0.0.0:21114 ssl crt /etc/haproxy/api.pem
    http-request set-header X-Forwarded-Proto https
    default_backend hbbs_api_backend

frontend hbbs_api_443
    mode http
    option forwardfor
    bind 0.0.0.0:443 ssl crt /etc/haproxy/api.pem
    http-request set-header X-Forwarded-Proto https
    filter compression
    compression algo gzip
    compression type text/css text/html text/javascript application/javascript text/plain text/xml application/json
    compression offload
    default_backend hbbs_api_backend

frontend hbbr_wss
    bind 0.0.0.0:21121 ssl crt /etc/haproxy/hbb.pem
    default_backend hbbr_wss_backend

backend hbbs_api_backend
    mode http
    server srv_main 127.0.0.1:21113

backend hbbs_wss_backend
    server srv_main 127.0.0.1:21118

backend hbbr_wss_backend
    server srv_main 127.0.0.1:21119

The hbbs server is launched with

[Unit]
Description=Rustdesk Signal Server

[Service]
Type=simple
LimitNOFILE=1000000
ExecStart=/usr/bin/hbbs --api-port=21113 -k AucFCOYVWNHRkJnx13FFh7C0tmUZ3nei5wXKmlfK6WPYthz65fRavaA5HO/OIz2kq+bCSlAqBkZgvikwVGqw/Q== --mask=10.10.0.235/24 -r rendez-vous.example.org -R rendez-vous.example.org
#Environment="RUST_LOG=debug"
Environment="ALWAYS_USE_RELAY=Y"
Environment="OAUTH2_CREATE_USER=1"
Environment="S3CONFIG_FILE=s3config.toml"
Environment="OAUTH2_CONFIG_FILE=oauth2.toml"
WorkingDirectory=/var/lib/rustdesk-server/
User=
Group=
Restart=always
StandardOutput=append:/var/log/rustdesk-server/hbbs.log
StandardError=append:/var/log/rustdesk-server/hbbs.error
# Restart service after 10 seconds if node service crashes
RestartSec=10

[Install]
WantedBy=multi-user.target

Limit Unwanted Access

To restrict access to your server, you can use the --logged-in-only option or set the LOGGED_IN_ONLY=Y environment variable for the hbbs server. This will limit control to logged-in users only.

Even with this option enabled, users can still register on the Rendez-vous server, but they won't be able to control another user's peer. If someone tries to control a peer without being logged in, they'll receive an error message:

By enabling this feature, you can add an extra layer of security to your server and prevent unauthorized access.

Configuring LOGGED_IN_ONLY

To enable this feature:

1. Set the LOGGED_IN_ONLY=Y environment variable for the hbbs server.
2. Alternatively, you can use the --logged-in-only option when running the hbbs server.

Example

To set the LOGGED_IN_ONLY environment variable, you can add the following line to your ~/.bashrc file or equivalent:

export LOGGED_IN_ONLY=Y

RustDesk Server Program

Download

Manual

FAQ

Self-host your own RustDesk server, it is free and open source.

How to build manually

First you need to have a working Rust development toolchain and a Node ≥ 20 working installation.

• Unices (Linux, MacOS, etc.):

DATABASE_URL=sqlite://$(pwd)/db_v2.sqlite3 cargo build --release

• Windows with cmd.exe shell:

set "DATABASE_URL=sqlite://%CD%/db_v2.sqlite3" && cargo build --release

Three executables will be generated in target/release.

• hbbs - RustDesk ID/Rendezvous server with API server
• hbbr - RustDesk relay server
• rustdesk-utils - RustDesk CLI utilities

You can find updated binaries on the releases page.

All released binaries after release v1.1.99-40 are attestated with Github Actions. You can check the attestation by checking the sha256sum of the binary with https://search.sigstore.dev/?hash=<sha256> for example.

If you want extra features RustDesk Server Pro might suit you better.

If you want to develop your own server, rustdesk-server-demo might be a better and simpler start for you than this repo.

Docker images

Docker images are automatically generated and published on every github release.

These images are build against ubuntu-22.04 with the only addition of the main binaries (hbbr and hbbs). They're available on Docker hub with these tags:

You can start these images directly with docker run with these commands:

docker run --name hbbs --net=host -v "$PWD/data:/usr/local/share/sctgdesk" -d sctg/sctgdesk-server:latest hbbs -r <relay-server-ip[:port]> 
docker run --name hbbr --net=host -v "$PWD/data:/usr/local/share/sctgdesk" -d sctg/sctgdesk-server:latest hbbr 

or without --net=host, but P2P direct connection can not work.

For systems using SELinux, replacing /root by /root:z is required for the containers to run correctly. Alternatively, SELinux container separation can be disabled completely adding the option --security-opt label=disable.

docker run --name hbbs -p 21114:21114 -p 21115:21115 -p 21116:21116 -p 21116:21116/udp -p 21118:21118 -v "$PWD/data:/usr/local/share/sctgdesk" -d sctg/sctgdesk-server:latest hbbs -r <relay-server-ip[:port]> 
docker run --name hbbr -p 21117:21117 -p 21119:21119 -v "$PWD/data:/usr/local/share/sctgdesk" -d sctg/sctgdesk-serverlatest hbbr 

The relay-server-ip parameter is the IP address (or dns name) of the server running these containers. The optional port parameter has to be used if you use a port different than 21117 for hbbr.

You can also use docker-compose, using this configuration as a template:

version: '3'

networks:
  sctgdesk-net:
    external: false

services:
  hbbs:
    container_name: hbbs
    ports:
      - 21114:21114
      - 21115:21115
      - 21115:21115
      - 21116:21116
      - 21116:21116/udp
      - 21118:21118
    image: sctg/sctgdesk-server:latest
    command: hbbs -r sctgdesk.example.com:21117
    volumes:
      - ./data:/usr/local/share/sctgdesk
    networks:
      - sctgdesk-net
    depends_on:
      - hbbr
    restart: unless-stopped

  hbbr:
    container_name: hbbr
    ports:
      - 21117:21117
      - 21119:21119
    image: sctg/sctgdesk-server-server:latest
    command: hbbr
    volumes:
      - ./data:/usr/local/share/sctgdesk
    networks:
      - sctgdesk-net
    restart: unless-stopped

Edit line 16 to point to your relay server (the one listening on port 21117). You can also edit the volume lines (line 18 and line 33) if you need.

(docker-compose credit goes to @lukebarone and @QuiGonLeong)

Note that here, the sctg/sctgdesk-server-server:latest in China may be replaced with the latest version number on dockerhub, such as sctg/sctgdesk-server-server:1.1.99-37. Otherwise, the old version may be pulled due to image acceleration.

How to create a keypair

A keypair is needed for encryption; you can provide it, as explained before, but you need a way to create one.

You can use this command to generate a keypair:

/usr/bin/rustdesk-utils genkeypair

If you don't have (or don't want) the rustdesk-utils package installed on your system, you can invoke the same command with docker:

docker run --rm --entrypoint /usr/bin/rustdesk-utils  sctg/sctgdesk-server-server:latest genkeypair

The output will be something like this:

Public Key:  8BLLhtzUBU/XKAH4mep3p+IX4DSApe7qbAwNH9nv4yA=
Secret Key:  egAVd44u33ZEUIDTtksGcHeVeAwywarEdHmf99KM5ajwEsuG3NQFT9coAfiZ6nen4hfgNICl7upsDA0f2e/jIA==

Packages

Separate .deb packages are available for each binary, you can find them in the releases. These packages are meant for the following distributions:

• Ubuntu 22.04 LTS
• MacOS Intel or Apple Silicon
• Windows x86_64 or i686

ENV variables

hbbs and hbbr can be configured using these ENV variables. You can specify the variables as usual or use an .env file.