How To Install RustDesk on Rocky Linux 10

Remote desktop solutions have become essential for modern IT infrastructure, and RustDesk stands out as a powerful, open-source alternative to proprietary software. This comprehensive guide walks you through installing RustDesk on Rocky Linux 10, covering everything from initial setup to advanced configuration.

RustDesk offers enterprise-grade security features with end-to-end encryption, cross-platform compatibility, and the flexibility of self-hosting. Unlike traditional remote desktop solutions, RustDesk provides complete control over your data while maintaining professional-level performance. Rocky Linux 10, with its enterprise stability and robust security framework, creates an ideal foundation for hosting RustDesk servers.

Whether you’re a system administrator looking to implement a secure remote access solution or an IT professional seeking alternatives to expensive commercial software, this guide provides the detailed instructions needed for a successful deployment.

Understanding RustDesk Architecture

RustDesk operates on a distributed architecture consisting of two primary components that work together to facilitate secure remote connections. The hbbs (hub server) handles client registration, authentication, and connection coordination, while the hbbr (relay server) manages data transmission between connected devices when direct peer-to-peer connections aren’t possible.

The network architecture employs intelligent routing algorithms that prioritize direct connections for optimal performance. When clients cannot establish direct connections due to NAT or firewall restrictions, the relay server seamlessly handles data forwarding without compromising security or user experience.

Security remains paramount throughout the entire system. RustDesk implements end-to-end encryption using industry-standard algorithms, ensuring that all data transmission remains protected from potential interception. The key management system generates unique cryptographic keys for each server installation, providing an additional security layer that prevents unauthorized access attempts.

Platform compatibility extends across Windows, macOS, Linux, iOS, and Android, making RustDesk suitable for heterogeneous environments. This cross-platform support eliminates compatibility concerns while maintaining consistent functionality across different operating systems.

Prerequisites and System Requirements

Successful RustDesk deployment on Rocky Linux 10 requires careful attention to hardware specifications and software dependencies. Minimum hardware requirements include 2GB RAM, 1 CPU core, and 10GB available disk space, though production environments benefit significantly from upgraded specifications.

Recommended hardware configuration for production deployments includes 4GB RAM, 2 CPU cores, and 20GB disk space to ensure optimal performance under moderate to heavy usage. High-traffic environments may require additional resources based on concurrent connection requirements and data transfer volumes.

Essential software prerequisites include a fresh Rocky Linux 10 installation with root or sudo access, SSH connectivity for remote administration, and reliable internet connectivity for downloading necessary packages and container images. The server should maintain consistent uptime to ensure continuous remote access availability.

Network infrastructure planning involves several critical considerations. A static IP address simplifies client configuration and ensures consistent connectivity, while domain name registration enables SSL certificate deployment for enhanced security. Required network ports include 21115 (web interface), 21116 (TCP and UDP for hbbs), 21117 (hbbr), 21118, and 21119 for various protocol communications.

Security preparation involves firewall configuration planning and SSL certificate acquisition for secure HTTPS connections. Consider implementing additional security measures such as fail2ban for brute force protection and regular security audits to maintain system integrity.

System Preparation

Begin RustDesk installation by updating your Rocky Linux 10 system to ensure all packages remain current with the latest security patches and bug fixes. Execute the following command to perform a comprehensive system update:

sudo dnf update -y

This command downloads and installs all available package updates, including kernel updates that may require a system reboot. Monitor the update process carefully and reboot if kernel updates are installed.

Install essential packages required for RustDesk deployment using the following command:

sudo dnf install -y yum-utils nano curl wget git firewalld

These packages provide repository management utilities, text editors for configuration file modification, download tools, version control capabilities, and firewall management functionality essential for server administration.

Configure user permissions to ensure proper access control throughout the installation process. Add your user account to the docker group (after Docker installation) and verify sudo access remains properly configured:

sudo usermod -aG docker $USER

Remember to log out and log back in for group membership changes to take effect.

Firewall configuration requires opening specific ports for RustDesk communication. Configure firewalld to allow necessary traffic:

sudo systemctl enable firewalld
sudo systemctl start firewalld
sudo firewall-cmd --permanent --add-port=21115-21119/tcp
sudo firewall-cmd --permanent --add-port=21116/udp
sudo firewall-cmd --reload

These commands enable the firewall service, open required ports for RustDesk communication, and reload the configuration to apply changes immediately.

SELinux configuration may require adjustment for Docker container operations. Check current SELinux status and consider setting appropriate policies:

sudo setsebool -P container_manage_cgroup on

Docker Installation and Setup

Docker provides the containerization platform necessary for RustDesk deployment, ensuring consistent performance across different environments while simplifying maintenance and updates.

Configure the official Docker repository on Rocky Linux 10 by adding the Docker CE repository:

sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

This command adds the Docker Community Edition repository to your system’s package sources, enabling installation of the latest Docker version compatible with Rocky Linux.

Install Docker CE and related components using DNF package manager:

sudo dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

This installation includes the Docker engine, command-line interface, container runtime, build tools, and Docker Compose plugin for multi-container application management.

Start and enable Docker service to ensure automatic startup during system boot:

sudo systemctl start docker
sudo systemctl enable docker

Verify Docker installation by checking service status and running a test container:

sudo systemctl status docker
sudo docker run hello-world

The hello-world container test confirms Docker functionality and network connectivity for image downloads.

Install Docker Compose for multi-container orchestration. While the plugin version was installed above, you may prefer the standalone binary for compatibility:

sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

Verify Docker Compose installation:

docker-compose --version

Configure Docker daemon settings for optimal performance by creating or editing /etc/docker/daemon.json:

sudo nano /etc/docker/daemon.json

Add the following configuration:

{
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "10m",
    "max-file": "3"
  },
  "storage-driver": "overlay2"
}

Restart Docker to apply configuration changes:

sudo systemctl restart docker

RustDesk Server Installation

Create a dedicated directory structure for RustDesk installation and configuration files. This organization simplifies maintenance and backup procedures:

sudo mkdir -p /opt/rustdesk/data
cd /opt/rustdesk

The /opt/rustdesk/data directory stores persistent data including configuration files, logs, and cryptographic keys generated during the installation process.

Create a comprehensive Docker Compose configuration file that defines both hbbs and hbbr services with proper networking and volume configurations:

sudo nano rustdesk.yml

Insert the following Docker Compose configuration:

version: '3.8'

networks:
  rustdesk-net:
    external: false

services:
  hbbs:
    container_name: hbbs
    image: rustdesk/rustdesk-server:latest
    command: hbbs -r rustdesk-server.example.com:21117
    volumes:
      - ./data:/root
    networks:
      - rustdesk-net
    ports:
      - 21115:21115
      - 21116:21116
      - 21116:21116/udp
      - 21118:21118
    restart: unless-stopped

  hbbr:
    container_name: hbbr
    image: rustdesk/rustdesk-server:latest
    command: hbbr
    volumes:
      - ./data:/root
    networks:
      - rustdesk-net
    ports:
      - 21117:21117
      - 21119:21119
    restart: unless-stopped

Important configuration notes:

• Replace rustdesk-server.example.com with your actual domain name or server IP address
• The -r parameter in the hbbs command specifies the relay server address
• Volume mapping ensures persistent storage of keys and configuration data
• Both containers share the same data directory for key synchronization

Deploy the RustDesk server containers using Docker Compose:

sudo docker-compose -f rustdesk.yml up -d

This command downloads the necessary container images, creates the network infrastructure, and starts both services in detached mode.

Verify successful deployment by checking container status:

sudo docker ps

Both hbbs and hbbr containers should appear in the running state. Examine container logs for any startup errors or warnings:

sudo docker logs hbbs
sudo docker logs hbbr

Successful startup logs should indicate that both services are listening on their respective ports and have generated necessary cryptographic keys.

Server Configuration and Security

Retrieve the public key generated during the initial startup process. This key is essential for client authentication and must be distributed to all connecting clients:

sudo docker exec -it hbbs cat /root/id_ed25519.pub

Save this public key securely as it will be required for client configuration. Consider storing it in a secure password manager or documentation system for easy distribution to authorized users.

For production deployments, implement SSL/TLS encryption using Let’s Encrypt certificates. Install certbot for automated certificate management:

sudo dnf install -y certbot python3-certbot-nginx

Obtain SSL certificates for your domain:

sudo certbot certonly --standalone -d rustdesk-server.example.com

Configure Nginx as a reverse proxy to provide SSL termination and additional security features. Install Nginx and create a virtual host configuration:

sudo dnf install -y nginx
sudo nano /etc/nginx/conf.d/rustdesk.conf

Add the following Nginx configuration:

server {
    listen 80;
    server_name rustdesk-server.example.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name rustdesk-server.example.com;

    ssl_certificate /etc/letsencrypt/live/rustdesk-server.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/rustdesk-server.example.com/privkey.pem;
    
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://localhost:21115;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Enable and start Nginx:

sudo systemctl enable nginx
sudo systemctl start nginx

Configure automatic certificate renewal:

sudo crontab -e

Add the following line for automatic renewal:

0 3 * * * certbot renew --quiet && systemctl reload nginx

Implement additional firewall rules for enhanced security:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload

Configure fail2ban for brute force protection:

sudo dnf install -y epel-release
sudo dnf install -y fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Client Installation and Configuration

RustDesk client installation varies by operating system, but the configuration process remains consistent across platforms. Download the appropriate client from the official RustDesk website or GitHub releases page.

Windows Client Setup

Download the Windows installer from the official RustDesk website. Run the installer with administrator privileges and follow the installation wizard. After installation, launch RustDesk and access the settings menu.

Configure the following connection parameters:

• ID Server: Enter your server domain or IP address
• Relay Server: Use the same value as ID Server for most configurations
• Key: Paste the public key retrieved from the server installation

Linux Client Installation

For Debian-based systems, download the appropriate .deb package:

wget https://github.com/rustdesk/rustdesk/releases/download/1.4.1/rustdesk-1.4.1-x86_64.deb
sudo dpkg -i rustdesk-1.4.1-x86_64.deb
sudo apt-get install -f

For RPM-based systems, download and install the .rpm package:

wget https://github.com/rustdesk/rustdesk/releases/download/1.4.1/rustdesk-1.4.1-0.x86_64.rpm
sudo rpm -i rustdesk-1.4.1-0.x86_64.rpm

Launch RustDesk from the applications menu or command line:

rustdesk

Client Configuration Parameters

Configure all clients with identical server information:

1. ID Server: Your domain name (rustdesk-server.example.com) or server IP
2. Relay Server: Same as ID Server in most configurations
3. Key: The public key from your server installation
4. API Server: Leave blank for standard installations

Test connectivity by checking the network status indicator in the client interface. A green indicator confirms successful server connection and client registration.

Testing and Verification

Comprehensive testing ensures reliable operation before deploying RustDesk in production environments. Begin with server connectivity verification using network diagnostic tools.

Test port accessibility from external networks:

nmap -p 21115-21119 rustdesk-server.example.com

All specified ports should appear as open and accessible. If ports show as filtered or closed, review firewall configuration and network routing.

Verify container health and resource utilization:

sudo docker stats
sudo docker exec -it hbbs ps aux
sudo docker exec -it hbbr ps aux

Monitor CPU and memory usage to ensure adequate resource allocation. High resource consumption may indicate configuration issues or inadequate hardware specifications.

Test client connectivity from multiple networks and devices. Successful connection establishment should display the remote desktop within seconds of authentication. Test various scenarios including:

• Local network connections (same subnet)
• Internet connections (different networks)
• Mobile network connections
• VPN connections

Evaluate file transfer functionality by sending files of various sizes between connected devices. Monitor transfer speeds and verify file integrity after completion.

Conduct stress testing with multiple simultaneous connections to validate server performance under load. Document connection limits and resource requirements for capacity planning purposes.

Advanced Configuration and Optimization

Optimize Docker container resource allocation for production environments by implementing resource limits and constraints:

sudo nano rustdesk.yml

Add resource specifications to the service definitions:

services:
  hbbs:
    # ... existing configuration
    deploy:
      resources:
        limits:
          memory: 1G
          cpus: '0.5'
        reservations:
          memory: 512M
          cpus: '0.25'
  
  hbbr:
    # ... existing configuration
    deploy:
      resources:
        limits:
          memory: 1G
          cpus: '0.5'
        reservations:
          memory: 512M
          cpus: '0.25'

Configure advanced logging options for detailed troubleshooting and monitoring:

services:
  hbbs:
    # ... existing configuration
    environment:
      - RUST_LOG=info
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "5"

Implement high availability configurations for critical deployments. Consider using Docker Swarm or Kubernetes for container orchestration in clustered environments:

# Initialize Docker Swarm (optional)
sudo docker swarm init

Deploy monitoring solutions such as Prometheus and Grafana for comprehensive performance tracking:

# Add to docker-compose.yml
  prometheus:
    image: prom/prometheus:latest
    ports:
      - "9090:9090"
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml

Configure automated backup procedures for configuration data and cryptographic keys:

#!/bin/bash
# Backup script
sudo tar -czf /backup/rustdesk-$(date +%Y%m%d).tar.gz /opt/rustdesk/data
sudo docker exec hbbs tar -czf /root/backup-$(date +%Y%m%d).tar.gz /root/*.pem /root/*.pub

Maintenance and Troubleshooting

Regular maintenance ensures continued reliable operation and security of your RustDesk installation. Establish routine procedures for updates, monitoring, and preventive maintenance.

Update container images regularly to receive security patches and feature improvements:

cd /opt/rustdesk
sudo docker-compose -f rustdesk.yml pull
sudo docker-compose -f rustdesk.yml down
sudo docker-compose -f rustdesk.yml up -d

Monitor disk usage in the data directory to prevent storage exhaustion:

du -sh /opt/rustdesk/data/
sudo find /opt/rustdesk/data/ -name "*.log" -mtime +30 -delete

Common troubleshooting scenarios include connection failures, performance degradation, and authentication issues.

For connection refused errors, verify that:

• All required ports remain open in the firewall
• Docker containers are running and healthy
• Network routing allows external access to the server

Performance issues often result from insufficient hardware resources or network bandwidth limitations. Monitor system resources during peak usage periods:

sudo docker stats --no-stream
htop
iftop

Authentication failures typically indicate key mismatches or client misconfiguration. Verify that clients use the correct public key and server addresses.

Examine detailed logs for specific error messages:

sudo docker logs --tail=100 hbbs
sudo docker logs --tail=100 hbbr

Implement log rotation to prevent disk space exhaustion:

sudo nano /etc/logrotate.d/rustdesk

Add the following configuration:

/opt/rustdesk/data/*.log {
    daily
    rotate 7
    compress
    delaycompress
    missingok
    notifempty
    create 0644 root root
}

Security Best Practices

Implement comprehensive security measures to protect your RustDesk installation from potential threats and unauthorized access attempts.

Network security begins with proper firewall configuration and network segmentation. Consider placing the RustDesk server in a dedicated DMZ or isolated network segment with controlled access rules.

Configure intrusion detection systems to monitor for suspicious activities:

sudo dnf install -y aide
sudo aide --init
sudo aide --check

Implement regular security audits using automated tools:

# Install and run security scanner
sudo dnf install -y lynis
sudo lynis audit system

Access control should follow the principle of least privilege. Create dedicated user accounts for RustDesk administration rather than using root access for routine operations.

Configure SSH key-based authentication and disable password authentication:

sudo nano /etc/ssh/sshd_config

Set the following parameters:

PasswordAuthentication no
PubkeyAuthentication yes
PermitRootLogin no

Regular key rotation enhances security posture. Generate new keys periodically and distribute them to authorized clients:

sudo docker exec -it hbbs rm /root/id_ed25519*
sudo docker restart hbbs hbbr

Monitor security events through centralized logging solutions. Configure rsyslog to forward security-related events to a SIEM system for correlation and analysis.

Implement backup encryption to protect archived data:

sudo tar -czf - /opt/rustdesk/data | gpg --cipher-algo AES256 --compress-algo 1 --symmetric --output rustdesk-backup-$(date +%Y%m%d).tar.gz.gpg

Congratulations! You have successfully installed RustDesk. Thanks for using this tutorial for installing the RustDesk open-source remote desktop access on your Rocky Linux 10 system. For additional or useful information, we recommend you check the official RustDesk website.