version: "3.9" services: hbbs: image: rustdesk/rustdesk-server:latest container_name: rustdesk_hbbs # hbbs needs to know where the relay is (-r) command: hbbs -r rustdesk.rozic-dev.com:21117 -k _ restart: unless-stopped volumes: - ./data:/root # stores keys, db, etc. # These are for **native clients** (desktop/mobile), bypassing Traefik: ports: - "21115:21115/tcp" # NAT test - "21116:21116/tcp" # ID / TCP hole punching - "21116:21116/udp" # ID / heartbeat (UDP) # NOTE: 21118 is *not* exposed here; Traefik will reach it internally networks: - traefik labels: - "traefik.enable=true" - "traefik.docker.network=traefik_default" # Web client ID WebSocket endpoint: # wss://rustdesk.rozic-dev.com/ws/id - "traefik.http.routers.rustdesk-idws.rule=Host(`rustdesk.rozic-dev.com`) && PathPrefix(`/ws/id`)" - "traefik.http.routers.rustdesk-idws.entrypoints=websecure" - "traefik.http.routers.rustdesk-idws.tls.certresolver=letsencrypt" - "traefik.http.routers.rustdesk-idws.service=rustdesk-idws" - "traefik.http.services.rustdesk-idws.loadbalancer.server.port=21118" hbbr: image: rustdesk/rustdesk-server:latest container_name: rustdesk_hbbr command: hbbr -k _ restart: unless-stopped volumes: - ./data:/root # share same keys as hbbs # Relay for native clients (direct, not via Traefik): ports: - "21117:21117/tcp" # NOTE: 21119 is *not* exposed; Traefik reaches it internally networks: - traefik labels: - "traefik.enable=true" - "traefik.docker.network=traefik_default" # Web client relay WebSocket endpoint: # wss://rustdesk.rozic-dev.com/ws/relay - "traefik.http.routers.rustdesk-relayws.rule=Host(`rustdesk.rozic-dev.com`) && PathPrefix(`/ws/relay`)" - "traefik.http.routers.rustdesk-relayws.entrypoints=websecure" - "traefik.http.routers.rustdesk-relayws.tls.certresolver=letsencrypt" - "traefik.http.routers.rustdesk-relayws.service=rustdesk-relayws" - "traefik.http.services.rustdesk-relayws.loadbalancer.server.port=21119" networks: traefik: external: true name: traefik_default