openwrt/luci
1
0
Fork 0
mirror of https://github.com/openwrt/luci.git synced 2026-04-15 10:51:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d28ebe176474195f2aefe9d44049327ff003c5b5
luci/applications/luci-app-rustdesk-server
History
Hannu Nyman 77f8596e2a treewide: sync translations 
Sync translations.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2026-01-25 08:52:33 +02:00
..
htdocs/luci-static/resources/view/rustdesk-server
po/templates
root
Makefile
README.md

README.md

luci-app-rustdesk-server

LuCI web interface for managing RustDesk Server on OpenWrt.

RustDesk is a full-featured open source remote control alternative to TeamViewer and AnyDesk. This LuCI application provides a web-based interface to configure and manage the self-hosted RustDesk server components (hbbs and hbbr) on OpenWrt routers.

Features

  • Service Management - Start/Stop/Restart services directly from the UI
  • Boot Enable/Disable - Toggle service startup at boot
  • Status Monitoring - Real-time status of HBBS and HBBR services with live polling
  • Public Key Display - View and copy the generated public key for client configuration
  • Key Regeneration - Regenerate encryption keys when needed
  • Log Viewer - View service logs with auto-refresh and auto-scroll features
  • Firewall Hints - Displays required ports for manual firewall configuration
  • Tabbed Configuration - Organized settings for ID Server (hbbs) and Relay Server (hbbr)
  • Input Validation - Validates paths, ports, and configuration values
  • i18n Ready - Full translation support with POT template

Architecture

luci-app-rustdesk-server/
├── Makefile                      # OpenWrt package build file
├── htdocs/luci-static/resources/view/rustdesk-server/
│   └── general.js                # Main UI view (JavaScript)
├── po/templates/
│   └── rustdesk-server.pot       # Translation template
└── root/
    ├── etc/
    │   ├── config/rustdesk-server        # UCI configuration
    │   ├── init.d/rustdesk-server        # procd init script
    │   └── uci-defaults/50-luci-rustdesk-server  # First-run setup
    └── usr/share/
        ├── luci/menu.d/luci-app-rustdesk-server.json  # Menu entry
        └── rpcd/
            ├── acl.d/luci-app-rustdesk-server.json    # ACL permissions
            └── ucode/rustdesk-server.uc               # RPC backend

Requirements

OpenWrt Dependencies

  • OpenWrt 23.05 or later with LuCI installed
  • luci-base - LuCI core framework
  • rpcd - RPC daemon
  • rpcd-mod-ucode - ucode support for rpcd

RustDesk Server Binaries

The RustDesk server binaries (hbbs, hbbr) must be installed separately. They are not included in this package.

Installing RustDesk Server Binaries

  1. Download from GitHub Releases:

    # Check your architecture
uname -m

# Download appropriate binaries from:
# https://github.com/rustdesk/rustdesk-server/releases

# Example for aarch64:
wget https://github.com/rustdesk/rustdesk-server/releases/download/1.1.11/rustdesk-server-linux-arm64v8.zip
unzip rustdesk-server-linux-arm64v8.zip
cp amd64/hbbs amd64/hbbr /usr/bin/
chmod +x /usr/bin/hbbs /usr/bin/hbbr

  2. Or build from source:

    # See https://github.com/rustdesk/rustdesk-server for build instructions

  3. Verify installation:

    /usr/bin/hbbs --version
/usr/bin/hbbr --version

Installation

From OpenWrt Package Repository

opkg update
opkg install luci-app-rustdesk-server

From Source (Development)

# Clone the LuCI repository
git clone https://github.com/openwrt/luci.git
cd luci

# Build the package
make package/luci-app-rustdesk-server/compile

Manual Installation

  1. Copy the application files to your OpenWrt device:

    # Copy htdocs to /www
cp -r htdocs/luci-static /www/luci-static/

# Copy root files
cp -r root/* /

# Set permissions
chmod +x /etc/init.d/rustdesk-server

  2. Reload rpcd to register the new RPC methods:

    /etc/init.d/rpcd reload

  3. Clear LuCI cache:

    rm -rf /tmp/luci-*

  4. Access the interface at: Services → RustDesk Server

Configuration

Binary Location

The application expects hbbs and hbbr binaries to be installed in /usr/bin.

Firewall Configuration

Firewall rules must be configured manually in Network → Firewall → Traffic Rules. The application displays the required ports in the Service Status section.

The standard RustDesk port layout is:

Port Protocol Service Calculation
HBBS-1 TCP NAT type test server_port - 1
HBBS TCP/UDP ID server / Hole punching server_port
HBBS+2 TCP Web client support server_port + 2
HBBR TCP Relay server relay_port
HBBR+2 TCP Web client support relay_port + 2

Example: With default ports (server_port=21116 and relay_port=21117):

  • TCP ports: 21115, 21116, 21117, 21118, 21119
  • UDP port: 21116

Logging

Enable logging in General settings to write service output to /var/log/rustdesk-server.log. View logs in real-time using the Logs tab.

Database Location

The database is stored in /tmp/rustdesk_db_v2.sqlite3. This is a non-persistent location and will be cleared on reboot. This is intentional for embedded systems like OpenWrt where persistent storage may be limited.

Client Configuration

After starting the service:

  1. Go to the LuCI interface and note your router's IP address
  2. Copy the Public Key from the Service Status section
  3. In RustDesk client settings, configure:
    • ID Server: Your router's IP:21116 (or custom port if configured)
    • Relay Server: Your router's IP:21117 (or custom port if configured)
    • Key: The public key from step 2

UCI Configuration Reference

The configuration is stored in /etc/config/rustdesk-server:

config rustdesk-server
    option enabled '1'              # Enable ID server (hbbs)
    option enabled_relay '1'        # Enable Relay server (hbbr)
    
    # HBBS options
    option server_port '21116'      # ID server port
    option server_key ''            # Custom key (optional)
    
    # HBBR options  
    option relay_port '21117'       # Relay server port
    
    # Environment variables
    option server_env_rust_log 'info'

Files

Path Description
/etc/config/rustdesk-server UCI configuration file
/etc/init.d/rustdesk-server procd init script
/etc/rustdesk/ Key storage directory
/etc/rustdesk/id_ed25519.pub Public key (auto-generated)
/var/log/rustdesk-server.log Service log file (when enabled)
/usr/share/rpcd/ucode/rustdesk-server.uc RPC backend
/usr/share/luci/menu.d/luci-app-rustdesk-server.json Menu entry
/usr/share/rpcd/acl.d/luci-app-rustdesk-server.json ACL permissions

Troubleshooting

Service won't start

  1. Check binaries exist: 
    ls -la /usr/bin/hbbs /usr/bin/hbbr
  2. Verify binaries are executable: 
    chmod +x /usr/bin/hbbs /usr/bin/hbbr
  3. Check system log: 
    logread | grep rustdesk-server
  4. Verify at least one server is enabled in the configuration

Key not generated

The public key (id_ed25519.pub) is generated automatically when HBBS starts for the first time. If missing:

  1. Ensure the key directory exists: mkdir -p /etc/rustdesk
  2. Start the service and wait a few seconds
  3. Check if key was created: cat /etc/rustdesk/id_ed25519.pub

Firewall / Connection issues

  1. Verify firewall rules are configured in Network → Firewall → Traffic Rules
  2. Check that required ports are open (TCP: 21115-21119, UDP: 21116)
  3. Reload firewall: 
    /etc/init.d/firewall reload
  4. Verify the service is running: 
    pidof hbbs hbbr
  5. Check if ports are listening: 
    netstat -tlnp | grep -E '2111[5-9]'
  6. Test connectivity from client: 
    nc -zv <router-ip> 21116

RPC errors in browser console

  1. Reload rpcd: 
    /etc/init.d/rpcd reload
  2. Clear LuCI cache: 
    rm -rf /tmp/luci-*

Development

Building Translations

# Scan for translatable strings
./build/i18n-scan.pl applications/luci-app-rustdesk-server > applications/luci-app-rustdesk-server/po/templates/rustdesk-server.pot

# Update existing translations
./build/i18n-update.pl applications/luci-app-rustdesk-server

Testing Changes

  1. Make changes to files
  2. Copy to device and reload rpcd
  3. Clear browser cache and LuCI cache
  4. Refresh the page

Security Considerations

This application implements multiple layers of input validation and sanitization to prevent shell injection attacks:

Frontend Validation (JavaScript)

All user inputs are validated before being saved to UCI configuration:

Field Type Validation
Ports Numeric only, range 1-65535, supports ranges and comma-separated lists
CIDR masks Strict IP/prefix format validation
Keys Alphanumeric and base64 characters only (A-Za-z0-9+/=)
URLs Must start with http:// or https://, no shell metacharacters
Paths Must start with /, no shell metacharacters (`;
Server lists Alphanumeric, dots, colons, commas, hyphens, underscores only
Numeric fields Use LuCI's built-in uinteger datatype

Backend Validation (Init Script)

The init script (/etc/init.d/rustdesk-server) includes comprehensive validation functions that re-validate all configuration values before using them in shell commands:

  • validate_numeric() - Ensures values contain only digits
  • validate_port() - Validates port range (1-65535)
  • validate_path() - Checks for shell metacharacters and requires leading /
  • validate_url() - Validates URL format and rejects dangerous characters
  • validate_key() - Allows only base64-safe characters
  • validate_server_list() - Allows only hostname/IP-safe characters
  • validate_cidr() - Allows only digits, dots, and slash
  • validate_log_level() - Whitelist of valid log levels

Invalid values are rejected and logged with warnings to syslog.

RPC Backend Validation (ucode)

The RPC backend (rustdesk-server.uc) validates:

  • service_action: Whitelist of allowed actions (start, stop, restart, reload, enable, disable)
  • get_log lines parameter: Clamped to range 10-1000
Reference in New Issue View Git Blame Copy Permalink