Failed to connect via relay server

[silverskymedia]

Outside the LAN, I am unable to connect to system using my relay server, which I have on a reverse proxy. The status shows green (Ready), but I cannot connect. I have all required ports open. What am I missing?

[rustdesk]

go to discord, https://discord.gg/nDceKgxnkV, there may be some one can help you. Or search in the discord welcome channel, there are many guys who have asked similar questions.

[rustdesk]

#763

[troubleshootme]

Do not use nginx reverse proxy function, instead use streams feature of nginx proxy manager.

I am using portainer, which is essentially docker compose, but basically you want to remove all ports from your rustdesk docker containers. There should be 2 containers in the stack, HBBS (server) and HBBR (relay). Comment all the ports and then add them to nginx proxy manager container instead.

Some ports will be redirected to the server, HBBS container (21115 (tcp), 21116 (udp & tcp), 21118 (tcp))
the others will be directed to relay, HBBR container (21117 (tcp), 21119 (tcp))

I also created DNS A record for my domain rustdesk.apps.mydomain.com to point to my vps where docker is hosted so I could use subdomain for server and relay instead of IP address.

Just rename your executable to reflect your ip or domain and the public key and you should be good to go.

*** Keep in mind, you will need to open those ports in your firewall as well ***

[cmcooper1980]

Do not use nginx reverse proxy function, instead use streams feature of nginx proxy manager.

I am using portainer, which is essentially docker compose, but basically you want to remove all ports from your rustdesk docker containers. There should be 2 containers in the stack, HBBS (server) and HBBR (relay). Comment all the ports and then add them to nginx proxy manager container instead.

Some ports will be redirected to the server, HBBS container (21115 (tcp), 21116 (udp & tcp), 21118 (tcp)) the others will be directed to relay, HBBR container (21117 (tcp), 21119 (tcp))

I also created DNS A record for my domain rustdesk.apps.mydomain.com to point to my vps where docker is hosted so I could use subdomain for server and relay instead of IP address.

Just rename your executable to reflect your ip or domain and the public key and you should be good to go.

*** Keep in mind, you will need to open those ports in your firewall as well ***

@troubleshootme Can you please give an example/excerpt of what the streams config block looks like (currently all my micro services utilize subdomains in server blocks)? I am asking because I am using nginx within SWAG and not nginx proxy manager so I would have to manually edit the config(s)

[troubleshootme]

@cmcooper1980

# ------------------------------------------------------------
# 21115 TCP: 1 UDP: 0
# ------------------------------------------------------------


server {
  listen 21115;
#listen [::]:21115;


  proxy_pass hbbs.npm:21115;

  # Custom
  include /data/nginx/custom/server_stream[.]conf;
  include /data/nginx/custom/server_stream_tcp[.]conf;
}

[cmcooper1980]

@troubleshootme thanks! While you were answering me I guess I got it to work with the server block/proxy pass method. My initial issue was I was trying to reverse proxy RustDesk like my many other microservices, until I realized I had to actually port forward ports 21115-21119 and not use 80 and 443 like the other microservices. On the nginx side I just copied the guacamole config and changed the bits relating to IP and port...but the port I used was 21117 instead of the 21115 you posted (maybe I have this wrong or the server block passes to the destination IP and the ports are auto-detected and my 21117 entry doesn't matter?). I was testing for open ports on my public IP (with the online tool: https://www.yougetsignal.com/tools/open-ports/) and it kept coming back closed on that range...I opened them up on my router and plugged the public IP into the client ID server and my status was green, yay! But entering my subdomain was not working...so then I turned off the orange cloud proxy at Cloudflare and after a few minutes tried the client again and the status was now green with my subdomain entered. I verified connection was succesfull by downloading the android client and remoting into my VM with no issue...

Any downside to using the way I got it to work versus the nginx config you posted?

[Ard3ny]

@cmcooper1980 I'm currently facing the same issue. Could you maybe paste your nginx config here? That would help a lot, thank you.

[cmcooper1980]

@cmcooper1980 I'm currently facing the same issue. Could you maybe paste your nginx config here? That would help a lot, thank you.

`server {
listen 443 ssl;
listen [::]:443 ssl;

server_name rustdesk.*;

include /config/nginx/ssl.conf;

client_max_body_size 0;

location / {

    include /config/nginx/proxy.conf;
    include /config/nginx/resolver.conf;
    set $upstream_app rustdesk;
    set $upstream_port 21117;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    proxy_buffering off;
}

}`

not sure why the code block isn't including the first and last part of the config...but that is what I had.

[pokemaster974]

Hi @troubleshootme just to be clear, your rustdesk containers are called hbbs.npm & hbbr.npm ?

I've tried your solution.
If all my forward ports are open it success to connect to my servers. So it seems to work.

I've lesage-npm installed into a bridge network called "reverseproxy". I've successed to use proxy hosts on other several containers (jellyfin, syncthing, ...)
I'm tried to use the stream function and so I've created the 2 rd containers without any ports and on my reverseproxy network, and after this moving this ports into my npm container.
But rustdesk can't success to connect it.

With docker exec -it nginx-proxy-manager sh I can check that ping hbbs & ping hbbr work.
Also my configurations into npm are the same like you. Example for 21115

# ------------------------------------------------------------
# 21115 TCP: 1 UDP: 0
# ------------------------------------------------------------


server {
  listen 21115;
#listen [::]:21115;


  proxy_pass hbbs:21115;

  # Custom
  include /data/nginx/custom/server_stream[.]conf;
  include /data/nginx/custom/server_stream_tcp[.]conf;
}

I've done same for 21116 (TCP & UDP), 21117, 21118 & 21119

NB : after some tests, I remark that if I let all ports forwarded into my router it will success to connect. So I don't understand what the advantages of using npm if we still need to open all the ports externally ?

[Boxylmer]

Hi @troubleshootme just to be clear, your rustdesk containers are called hbbs.npm & hbbr.npm ?

I'm also struggling with this right now. Any updates?

[troubleshootme]

Make sure you are using streams and not proxy hosts. Yes, my containers are hbbs and hbbr and on my network is called npm, typically just the container name works just as well. If your nginx is behind your router, you will have to open those ports in the router but you don't have to expose the container itself. Not a lot of benefits to npm when using streams so entirely optional. I suppose you could host nginx on an external vps and this would mask your wan ip to an extent.