hexianglong/rustdesk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Page: Set up http proxy server
Pages
About delegate of MacOS RustDesk FAQ Headless Linux Support Home How does RustDesk work? Ideas Remove RustDesk test certificate Run flatpak RustDesk Desktop Flutter Migration Set up http proxy server
Clone
27
Set up http proxy server
RustDesk edited this page 2024-09-16 19:42:22 +08:00
Table of Contents

Be noted, OSS RustDesk Server does not support http proxy, you have to use Pro or public server.

Set up http proxy server on Ubuntu / Debian.

This HTTP proxy is not the same as a reverse proxy in NGINX; they are different concepts. I know that ChatGPT may direct you to NGINX when you ask about an HTTP proxy server.

Install http server

Here, we use Tinyproxy.

sudo apt install tinyproxy

The service will start automatically after installation. Please confirm as below.

sudo service tinyproxy status

To ensure that Tinyproxy starts automatically after a reboot, please do this.

sudo systemctl enable tinyproxy

Configure tinyproxy

Please open the configuration file /etc/tinyproxy/tinyproxy.conf and add the lines below.

BasicAuth myuser mypassword
Listen 0.0.0.0
Allow 0.0.0.0/0

Please modify myuser and mypassword to your own values.

By default, Tinyproxy listens on 127.0.0.1. We will change it to 0.0.0.0 so that it can be accessed from outside.

By default, Tinyproxy only accepts requests from 127.0.0.1. We will modify it to 0.0.0.0/0 so that it accepts requests from any IP address and port.

By default, Tinyproxy listens on port 8888. You can find the line port 8888 in the configuration file and change it to your desired value.

Please restart the server after making your modifications to the configuration file.

sudo service tinyproxy restart

Verify if it works

curl -x http://<proxy-server-ip>:8888 --proxy-user myuser:mypassword  -L http://www.yahoo.com

e.g. If you do not add Allow 0.0.0.0/0 in above configuration file, you will get something as below.

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">

<head>
<title>403 Access denied</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>

<body>

<h1>Access denied</h1>

<p>The administrator of this proxy has not configured it to service requests from your host.</p>

<hr />

<p><em>Generated by <a href="https://tinyproxy.github.io/">tinyproxy</a> version 1.11.1.</em></p>

</body>

</html>

Here you can ask chatgpt if you see some error.

image

Configure it on RustDesk

image

Configure it in custom client

https://rustdesk.com/docs/en/self-host/client-configuration/advanced-settings/#proxy-url

Https proxy server

The http proxy allows connections to HTTPS endpoints.

You can hide Tinyproxy behind NGINX to create a true https proxy, but there seems some bugs, https://github.com/tinyproxy/tinyproxy/issues/399, this might be why it is called tiny.

One RustDesk user shared his method for creating an HTTPS proxy with Apache2. I have never tested, but you can try yourself.

   sudo apt install apache2

Enable the necessary modules

   a2enmod ssl
   a2enmod proxy
   a2enmod proxy_connect
   a2enmod proxy_http

Create a file with proxy-user credentials:

   sudo htpasswd -b -c /etc/apache2/.htpasswd proxy-user your-password

Create a file /etc/apache2/sites-available/rustdesk.conf and add below lines:

   <VirtualHost *:443>
   SSLEngine on
   SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
   SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

   ProxyRequests On
   ProxyVia On
   AllowCONNECT 21114-21119
   <Proxy *>
         AuthType Basic
         AuthName "Password Required"
         AuthUserFile /etc/apache2/.htpasswd
         Require valid-user
   </Proxy>
   </VirtualHost>

Disable the default site and enable the proxy config:

sudo a2dissite 000-default.conf
sudo a2ensite rustdesk.conf
sudo service apache2 restart

If you want to use ssl for the web console you can add another virtualhost to /etc/apache2/sites-available/rustdesk.conf. As port 443 is already used for the forwarding proxy, you can use for example port 4443.

<VirtualHost *:4443>
SSLEngine on
SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

ProxyPass / http://127.0.0.1:21114/
ProxyPassReverse / http://127.0.0.1:21114/
</VirtualHost>

Change the line

AllowCONNECT 21114-21119

into

AllowCONNECT 4443 21114-21119

Restart apache2

sudo service apache2 restart

As all ports of hbbs and hbbr are connected via proxy, you can disable these ports in ufw. You only need to open port 443 and 4443:

ufw allow 443/tcp
ufw allow 4443/tcp

Finally configure it on rustdesk: image