Skip to content

Instantly share code, notes, and snippets.

@christian-korneck

christian-korneck/rustdesk_podman_el9.md

Last active April 18, 2026 17:27
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save christian-korneck/8e8a18c66bcf706dcadb6ec15b4cc57e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save christian-korneck/8e8a18c66bcf706dcadb6ec15b4cc57e to your computer and use it in GitHub Desktop.
Download ZIP
Rustdesk Server - podman quadlet - EL9
Raw
rustdesk_podman_el9.md

install rustdesk server (OSS) on EL9 (RHEL9, Alma9, Rocky9, OL9) via podman quadlet (podman systemd integration) and auto updates (via podman-auto-update.timer)

server

loginctl enable-linger $USER
systemctl --user enable --now podman-auto-update.timer
systemctl --user cat podman-auto-update.timer

# also make sure these ports are open on your cloud provider's security group/firewall
sudo firewall-cmd --permanent --add-port=21115-21119/tcp
sudo firewall-cmd --permanent --add-port=21116/udp
sudo firewall-cmd --reload

mkdir -p ~/.config/containers/systemd/
cd ~/.config/containers/systemd/

create these files:

rustdesk-data.volume:

[Volume]

rustdesk-hbbr.container:

[Unit]
Description=RustDesk relay server (hbbr)

[Container]
ContainerName=hbbr
AutoUpdate=registry
Image=docker.io/rustdesk/rustdesk-server:latest
Exec=hbbr
Volume=rustdesk-data.volume:/root
PublishPort=21117:21117
PublishPort=21119:21119

[Service]
Restart=always
RestartSec=5

[Install]
WantedBy=default.target

rustdesk-hbbs.container: (note: ⚠️ replace the hostname in Exec=hbbs -r rustdesk.example.com:21117 (public IP or hostname) ⚠️)

[Unit]
Description=RustDesk ID/rendezvous server (hbbs)
Wants=rustdesk-hbbr.service
After=rustdesk-hbbr.service

[Container]
ContainerName=hbbs
AutoUpdate=registry
Image=docker.io/rustdesk/rustdesk-server:latest
Exec=hbbs -r rustdesk.example.com:21117
Volume=rustdesk-data.volume:/root
PublishPort=21115:21115
PublishPort=21116:21116
PublishPort=21116:21116/udp
PublishPort=21118:21118

[Service]
Restart=always
RestartSec=5

[Install]
WantedBy=default.target

then:

systemctl --user daemon-reload
systemctl --user start rustdesk-hbbs.service
systemctl --user start rustdesk-hbbr.service

# get pubkey for client config
cat "$(podman volume inspect systemd-rustdesk-data --format '{{.Mountpoint}}')/id_ed25519.pub"

client config

  • in UI: 3-dot-menu -> Settings -> Network -> ID/Relay Server
    • ID Server: <server public ip>
    • Relay Server: <server public ip - can also be left blank if the server is configured correctly>
    • API server: <blank>
    • Key: <contents of id_ed25519.pub in the podman volume, see above>

Note: -k _ on the server side is no longer needed. The pub key is both the password for connecting to the server (anonymous not possible anymore unless -k "" on the server side) and used for server verification/MitM prevention.

The connection settings can also get "embedded" into the windows .exe filename. Example:

rustdesk-host=rustdesk.example.com,relay=rustdesk.example.com,key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=.exe`

(No such meachnism exists for Linux, MacOS -> use UI after installation)

good to know

how to decode a client config string exported from the UI:

python3 -c 'import sys,base64,json;s=sys.argv[1][::-1];print(json.dumps(json.loads(base64.urlsafe_b64decode(s+"="*(-len(s)%4))),indent=2))' '==XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
{
  "host": "rustdesk.example.com",
  "relay": "rustdesk.example.com",
  "api": "",
  "key": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX="
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment