Self-Hosted RustDesk Server on Oracle Cloud Free Tier
Deploy a privacy-focused, self-hosted alternative to TeamViewer on Oracle Cloud's free tier with Docker and SSL.
Set up a self-hosted RustDesk server on an Oracle Cloud Infrastructure (OCI) Free Tier VM using Docker and Nginx as a reverse proxy with SSL. Deploy RustDesk securely and enable remote desktop connections without exposing sensitive details.
Note: All references to IP addresses, domain names, and keys are generic. Replace placeholders with your own values during your setup. This guide assumes you are using an Oracle Free Tier instance (e.g. a VM.Standard.E2.1.Micro shape) and a domain of your choosing.
Overview
RustDesk is an open-source remote desktop solution that uses two main services:
Allows clients to discover and negotiate connections.
Relays traffic when a direct connection is not possible.
This guide deploys both services on an OCI Free Tier VM, secures them with SSL using Nginx, and configures your clients.
Prerequisites
- OCI Account: Oracle Cloud Infrastructure account (Free Tier eligible).
- Linux VM: A Linux-based VM instance on OCI (e.g. Ubuntu Server 22.04 LTS or Oracle Linux).
- Domain Name: A domain for your reverse proxy (e.g.
<YOUR_DOMAIN>). - Working Knowledge: Basic knowledge of SSH, Docker, and network/firewall management.
- Docker: Docker and Docker Compose installed on your VM.
OCI VM Setup on Free Tier
- Log in to your OCI Console.
- Navigate to Compute > Instances and create a new instance.
- Choose a Linux image (e.g. Ubuntu Server 22.04 LTS) and select the VM.Standard.E2.1.Micro shape (Always Free eligible).
Connect via SSH:
ssh -i /path/to/your/private_key username@<YOUR_VM_PUBLIC_IP>Replace /path/to/your/private_key and <YOUR_VM_PUBLIC_IP> with your key file and assigned public IP.
sudo apt update && sudo apt upgrade -y
sudo apt install docker.io docker-compose -yFirewall and Ingress Configuration
OCI Security List Ingress Rules
In OCI, configure your Virtual Cloud Network (VCN) with Security List rules to allow the necessary traffic:
- Source:
0.0.0.0/0 - Protocol: TCP
- Port Range:
21115-21119
- Source:
0.0.0.0/0 - Protocol: UDP
- Port:
21116
- Source:
0.0.0.0/0 - Protocol: TCP
- Port:
80
- Source:
0.0.0.0/0 - Protocol: TCP
- Port:
443
These rules ensure that the RustDesk services and the Nginx reverse proxy are accessible from the internet.
Local Firewall Configuration (UFW on Ubuntu)
On your VM, allow the same ports:
sudo ufw allow 21115/tcp
sudo ufw allow 21116/tcp
sudo ufw allow 21116/udp
sudo ufw allow 21117/tcp
sudo ufw allow 21118/tcp
sudo ufw allow 21119/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enableDocker Compose Setup for RustDesk
sudo mkdir -p /opt/rustdesk
cd /opt/rustdeskversion: '3'
services:
hbbs:
container_name: hbbs
image: rustdesk/rustdesk-server:latest
command: hbbs -r 127.0.0.1:21117 -k _
ports:
- "21115:21115"
- "21116:21116"
- "21116:21116/udp"
- "21118:21118"
volumes:
- ./hbbs:/root
depends_on:
- hbbr
restart: unless-stopped
hbbr:
container_name: hbbr
image: rustdesk/rustdesk-server:latest
command: hbbr -k _
ports:
- "21117:21117"
- "21119:21119"
volumes:
- ./hbbr:/root
restart: unless-stoppedsudo docker-compose up -dsudo docker psReverse Proxy & DNS Setup
1. DNS Configuration
- Log in to your DNS provider.
- Create an A Record:
- Name: Use a subdomain (e.g.
support) - Type: A
- Value: Your VM's public IP (replace with
<YOUR_VM_PUBLIC_IP>)
- Name: Use a subdomain (e.g.
- Allow Time for Propagation: Verify that your subdomain resolves correctly using tools like WhatsMyDNS.
2. Nginx Reverse Proxy Setup
sudo apt update
sudo apt install nginx -ysudo nano /etc/nginx/conf.d/rustdesk.confserver {
listen 80;
server_name <YOUR_DOMAIN>;
# Redirect all HTTP traffic to HTTPS
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name <YOUR_DOMAIN>;
# SSL configuration (certificates obtained via Certbot)
ssl_certificate /etc/letsencrypt/live/<YOUR_DOMAIN>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<YOUR_DOMAIN>/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# Main reverse proxy for RustDesk web interface
location / {
proxy_pass http://127.0.0.1:21114/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Reverse proxy for WebSocket endpoints
location /ws/id {
proxy_pass http://127.0.0.1:21118;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /ws/relay {
proxy_pass http://127.0.0.1:21119;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}Replace <YOUR_DOMAIN> with your chosen domain (e.g. support.yourdomain.com).
sudo nginx -t
sudo systemctl reload nginxsudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d <YOUR_DOMAIN>Follow the prompts to complete certificate issuance.
RustDesk Server & Client Configuration
Server Configuration
sudo cat /opt/rustdesk/hbbs/id_ed25519.pubCopy the output (this is needed for client configuration).
sudo docker psClient Configuration
For desktop or mobile, visit the RustDesk Downloads page.
- Open Settings in the client and go to the Network tab.
- ID Server: Set to
<YOUR_DOMAIN>(e.g.support.yourdomain.com). - Key: Paste the public key from your server.
- Leave the Relay Server and API fields blank unless using a custom setup.
- Save your settings.
- Note the unique RustDesk ID on the client.
- Use another client to connect by entering the target device's ID.
Additional Notes
Certbot auto-renews certificates. Test with:
sudo certbot renew --dry-runMonitor Docker logs for RustDesk services:
sudo docker logs hbbs
sudo docker logs hbbr