mirrors/rustdesk
1
0
Fork 0
mirror of https://github.com/rustdesk/rustdesk.git synced 2025-05-10 18:06:01 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
Page: Set up http proxy server
Pages
About delegate of MacOS RustDesk FAQ Headless Linux Support Home How does RustDesk work? Ideas Remove RustDesk test certificate Run flatpak RustDesk Desktop Flutter Migration Set up http proxy server
36 Set up http proxy server
fufesou edited this page 2025-04-26 15:04:08 +08:00
Table of Contents

Be noted, OSS RustDesk Server does not support http proxy, you have to use Pro or public server.

RustDesk traffic is already encrypted, you do not need to use https encrypting again (wasting power). I think 80 is enough.

Set up http proxy server on Ubuntu / Debian.

This HTTP proxy is not the same as a reverse proxy in NGINX; they are different concepts. I know that ChatGPT may direct you to NGINX when you ask about an HTTP proxy server.

Install http server

Here, we use Tinyproxy.

sudo apt install tinyproxy

The service will start automatically after installation. Please confirm as below.

sudo service tinyproxy status

To ensure that Tinyproxy starts automatically after a reboot, please do this.

sudo systemctl enable tinyproxy

Configure tinyproxy

Please open the configuration file /etc/tinyproxy/tinyproxy.conf and add the lines below.

BasicAuth myuser mypassword
Listen 0.0.0.0
Allow 0.0.0.0/0

Please modify myuser and mypassword to your own values.

By default, Tinyproxy listens on 127.0.0.1. We will change it to 0.0.0.0 so that it can be accessed from outside.

By default, Tinyproxy only accepts requests from 127.0.0.1. We will modify it to 0.0.0.0/0 so that it accepts requests from any IP address and port.

By default, Tinyproxy listens on port 8888. You can find the line port 8888 in the configuration file and change it to your desired value.

By default, Tinyproxy connect to 443 and 563 (for SSL). Please also add the ports that RustDesk needs.

ConnectPort 443
ConnectPort 563
ConnectPort 21114
ConnectPort 21115
ConnectPort 21116
ConnectPort 21117
ConnectPort 21118
ConnectPort 21119

Please restart the server after making your modifications to the configuration file.

sudo service tinyproxy restart

Verify if it works

curl -x http://<proxy-server-ip>:8888 --proxy-user myuser:mypassword  -L http://www.yahoo.com

e.g. If you do not add Allow 0.0.0.0/0 in above configuration file, you will get something as below.

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">

<head>
<title>403 Access denied</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>

<body>

<h1>Access denied</h1>

<p>The administrator of this proxy has not configured it to service requests from your host.</p>

<hr />

<p><em>Generated by <a href="https://tinyproxy.github.io/">tinyproxy</a> version 1.11.1.</em></p>

</body>

</html>

Here you can ask chatgpt if you see some error.

image

Configure it on RustDesk

image

Configure it in custom client

https://rustdesk.com/docs/en/self-host/client-configuration/advanced-settings/#proxy-url

For more security options, please check https://github.com/rustdesk/rustdesk-server-pro/discussions/620

Https proxy server

The http proxy allows connections to HTTPS endpoints.

You can hide Tinyproxy behind NGINX to create a true https proxy, but there seems some bugs, https://github.com/tinyproxy/tinyproxy/issues/399, this might be why it is called tiny.

One RustDesk user shared his method for creating an HTTPS proxy with Apache2. I have never tested, but you can try yourself.

   sudo apt install apache2

Enable the necessary modules

   sudo a2enmod ssl
   sudo a2enmod proxy
   sudo a2enmod proxy_connect
   sudo a2enmod proxy_http
   sudo service apache2 restart

Create a file with proxy-user credentials:

   sudo htpasswd -b -c /etc/apache2/.htpasswd myuser mypassword

Create a file /etc/apache2/sites-available/rustdesk.conf and add below lines:

   <VirtualHost *:443>
   SSLEngine on
   SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
   SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

   ProxyRequests On
   ProxyVia On
   AllowCONNECT 21114-21119
   <Proxy *>
         AuthType Basic
         AuthName "Password Required"
         AuthUserFile /etc/apache2/.htpasswd
         Require valid-user
   </Proxy>
   </VirtualHost>

Disable the default site and enable the proxy config:

sudo a2dissite 000-default.conf
sudo a2ensite rustdesk.conf
sudo service apache2 restart

If you want to use ssl for the web console you can add another virtualhost to /etc/apache2/sites-available/rustdesk.conf. As port 443 is already used for the forwarding proxy, you can use for example port 4443.

<VirtualHost *:4443>
SSLEngine on
SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

ProxyPass / http://127.0.0.1:21114/
ProxyPassReverse / http://127.0.0.1:21114/
</VirtualHost>

Change the line

AllowCONNECT 21114-21119

into

AllowCONNECT 4443 21114-21119

Restart apache2

sudo service apache2 restart

As all ports of hbbs and hbbr are connected via proxy, you can disable these ports in ufw. You only need to open port 443 and 4443:

sudo ufw allow 443/tcp
sudo ufw allow 4443/tcp

You can verify the proxy like this

curl -x https://<proxy-server-ip>:443 --proxy-user myuser:mypassword  -L http://www.yahoo.com

If you use your self-signed certificate, you can ignore the tsl verification by adding --proxy-insecure

curl -x https://<proxy-server-ip>:443 --proxy-user myuser:mypassword  -L http://www.yahoo.com --proxy-insecure

Finally configure it on rustdesk:

image