diff --git a/README.md b/README.md index 5a59cca..4ed9795 100644 --- a/README.md +++ b/README.md @@ -110,3 +110,154 @@ xmake b -vy crossdesk xmake r -d crossdesk ``` 更多使用方法可参考 [Xmake官方文档](https://xmake.io/guide/quick-start.html) 。 + +## 自托管服务器 +推荐使用Docker部署CrossDesk Server。 +``` +sudo docker run -d \ + --name crossdesk_server \ + --network host \ + -e EXTERNAL_IP=xxx.xxx.xxx.xxx \ + -e INTERNAL_IP=xxx.xxx.xxx.xxx \ + -e CROSSDESK_SERVER_PORT=9099 \ + -v /path/to/your/certs:/crossdesk-server/certs \ + -v /path/to/your/db:/crossdesk-server/db \ + -v /path/to/your/logs:/crossdesk-server/logs \ + crossdesk/crossdesk-server:latest +``` + +上述命令中,用户需注意的参数如下: + +- EXTERNAL_IP:服务器公网 IP , 对应 CrossDesk 客户端**自托管服务器配置**中填写的**服务器地址** + +- INTERNAL_IP:服务器内网 IP + +- CROSSDESK_SERVER_PORT:自托管服务使用的端口,对应 CrossDesk 客户端**自托管服务器配置**中填写的**服务器端口** + +- /path/to/your/certs:证书文件目录 + +- /path/to/your/db:CrossDesk Server 设备管理数据库 + +- /path/to/your/logs:日志目录 + +**注意**: +- **/path/to/your/ 是示例路径,请替换为你自己的实际路径。挂载的目录必须事先创建好,否则容器会报错。** +- **服务器需开放端口:3478/udp,3478/tcp,30000-60000/udp,CROSSDESK_SERVER_PORT/tcp,443/tcp。** + +## 证书文件 +客户端需加载根证书文件,服务端需加载服务器私钥和服务器证书文件。 + +如果已有SSL证书的用户,可以忽略下面的证书生成步骤。 + +对于无证书的用户,可使用下面的脚本自行生成证书文件: +``` +# 创建证书生成脚本 +vim generate_certs.sh +``` +拷贝到脚本中 +``` +#!/bin/bash +set -e + +# 检查参数 +if [ "$#" -ne 1 ]; then + echo "Usage: $0 " + exit 1 +fi + +SERVER_IP="$1" + +# 文件名 +ROOT_KEY="crossdesk.cn_root.key" +ROOT_CERT="crossdesk.cn_root.crt" +SERVER_KEY="crossdesk.cn.key" +SERVER_CSR="crossdesk.cn.csr" +SERVER_CERT="crossdesk.cn_bundle.crt" +FULLCHAIN_CERT="crossdesk.cn_fullchain.crt" + +# 证书主题 +SUBJ="/C=CN/ST=Zhejiang/L=Hangzhou/O=CrossDesk/OU=CrossDesk/CN=$SERVER_IP" + +# 1. 生成根证书 +echo "Generating root private key..." +openssl genrsa -out "$ROOT_KEY" 4096 + +echo "Generating self-signed root certificate..." +openssl req -x509 -new -nodes -key "$ROOT_KEY" -sha256 -days 3650 -out "$ROOT_CERT" -subj "$SUBJ" + +# 2. 生成服务器私钥 +echo "Generating server private key..." +openssl genrsa -out "$SERVER_KEY" 2048 + +# 3. 生成服务器 CSR +echo "Generating server CSR..." +openssl req -new -key "$SERVER_KEY" -out "$SERVER_CSR" -subj "$SUBJ" + +# 4. 生成临时 OpenSSL 配置文件,加入 SAN +SAN_CONF="san.cnf" +cat > $SAN_CONF < "$FULLCHAIN_CERT" + +# 7. 清理中间文件 +rm -f "$ROOT_CERT.srl" "$SAN_CONF" "$ROOT_KEY" "$SERVER_CSR" "FULLCHAIN_CERT" + +echo "Generation complete. Deployment files:" +echo " Client root certificate: $ROOT_CERT" +echo " Server private key: $SERVER_KEY" +echo " Server certificate: $SERVER_CERT" +``` +执行 +``` +chmod +x generate_certs.sh +./generate_certs.sh 服务器外网IP + +# 例如 ./generate_certs.sh 111.111.111.111 +``` +输出如下: +``` +生成根证书私钥... +生成自签根证书... +生成服务器私钥... +生成服务器证书签名请求(CSR)... +用根证书签发服务器证书... +Certificate request self-signature ok +subject=C = CN, ST = Zhejiang, L = Hangzhou, O = CrossDesk, OU = CrossDesk, CN = CrossDesk +清理中间文件... +生成完成,部署时需要: + 根证书: crossdesk.cn_root.crt + 服务器私钥: crossdesk.cn.key + 服务器证书: crossdesk.cn_bundle.crt +``` + +#### 服务端 +将 **crossdesk.cn.key** 和 **crossdesk.cn_bundle.crt** 放置到 **/path/to/your/certs** 目录下。 + +#### 客户端 +1. 点击右上角设置进入设置页面。 +2. 点击点击**自托管服务器配置**。 +3. 在**证书文件路径**选择框中找到 **crossdesk.cn_root.crt** 的存放路径,选中 **crossdesk.cn_root.crt**。 +4. 勾选使用**自托管服务器配置**。 \ No newline at end of file diff --git a/README_EN.md b/README_EN.md index 99c8cba..bf9e076 100644 --- a/README_EN.md +++ b/README_EN.md @@ -114,3 +114,154 @@ xmake r -d crossdesk ``` For more information, please refer to the [official Xmake documentation](https://xmake.io/guide/quick-start.html) . + +## Self-Hosted Server +It is recommended to deploy CrossDesk Server using Docker. +``` +sudo docker run -d \ + --name crossdesk_server \ + --network host \ + -e EXTERNAL_IP=150.158.81.30 \ + -e INTERNAL_IP=10.0.4.3 \ + -e CROSSDESK_SERVER_PORT=9099 \ + -v /path/to/your/certs:/crossdesk-server/certs \ + -v /path/to/your/db:/crossdesk-server/db \ + -v /path/to/your/logs:/crossdesk-server/logs \ + crossdesk/crossdesk-server:latest +``` + +The parameters you need to pay attention to are as follows: + +- **EXTERNAL_IP**: The server's public IP, corresponding to the **Server Address** in the CrossDesk client **Self-Hosted Server Configuration**. + +- **INTERNAL_IP**: The server's internal IP. + +- **CROSSDESK_SERVER_PORT**: The port used by the self-hosted server, corresponding to the **Server Port** in the CrossDesk client **Self-Hosted Server Configuration**. + +- **/path/to/your/certs**: Directory for certificate files. + +- **/path/to/your/db**: CrossDesk Server device management database. + +- **/path/to/your/logs**: Log directory. + +**Note**: +- **/path/to/your/ is an example path; please replace it with your actual path. The mounted directories must be created in advance, otherwise the container will fail.** +- **The server must open the following ports: 3478/udp, 3478/tcp, 30000-60000/udp, CROSSDESK_SERVER_PORT/tcp, 443/tcp.** + +## Certificate Files +The client needs to load the root certificate, and the server needs to load the server private key and server certificate. + +If you already have an SSL certificate, you can skip the following certificate generation steps. + +For users without a certificate, you can use the script below to generate the certificate files: +``` +# Create certificate generation script +vim generate_certs.sh +``` +Copy the following into the script: +``` +#!/bin/bash +set -e + +# Check arguments +if [ "$#" -ne 1 ]; then + echo "Usage: $0 " + exit 1 +fi + +SERVER_IP="$1" + +# Filenames +ROOT_KEY="crossdesk.cn_root.key" +ROOT_CERT="crossdesk.cn_root.crt" +SERVER_KEY="crossdesk.cn.key" +SERVER_CSR="crossdesk.cn.csr" +SERVER_CERT="crossdesk.cn_bundle.crt" +FULLCHAIN_CERT="crossdesk.cn_fullchain.crt" + +# Certificate subject +SUBJ="/C=CN/ST=Zhejiang/L=Hangzhou/O=CrossDesk/OU=CrossDesk/CN=$SERVER_IP" + +# 1. Generate root certificate +echo "Generating root private key..." +openssl genrsa -out "$ROOT_KEY" 4096 + +echo "Generating self-signed root certificate..." +openssl req -x509 -new -nodes -key "$ROOT_KEY" -sha256 -days 3650 -out "$ROOT_CERT" -subj "$SUBJ" + +# 2. Generate server private key +echo "Generating server private key..." +openssl genrsa -out "$SERVER_KEY" 2048 + +# 3. Generate server CSR +echo "Generating server CSR..." +openssl req -new -key "$SERVER_KEY" -out "$SERVER_CSR" -subj "$SUBJ" + +# 4. Create temporary OpenSSL config file with SAN +SAN_CONF="san.cnf" +cat > $SAN_CONF < "$FULLCHAIN_CERT" + +# 7. Clean up intermediate files +rm -f "$ROOT_CERT.srl" "$SAN_CONF" "$ROOT_KEY" "$SERVER_CSR" "FULLCHAIN_CERT" + +echo "Generation complete. Deployment files:" +echo " Client root certificate: $ROOT_CERT" +echo " Server private key: $SERVER_KEY" +echo " Server certificate: $SERVER_CERT" +``` +Execute: +``` +chmod +x generate_certs.sh +./generate_certs.sh EXTERNAL_IP + +# example ./generate_certs.sh 111.111.111.111 +``` +Expected output: +``` +Generating root private key... +Generating self-signed root certificate... +Generating server private key... +Generating server CSR... +Signing server certificate with root certificate... +Certificate request self-signature ok +subject=C = CN, ST = Zhejiang, L = Hangzhou, O = CrossDesk, OU = CrossDesk, CN = xxx.xxx.xxx.xxx +cleaning up intermediate files... +Generation complete. Deployment files:: + Client root certificate:: crossdesk.cn_root.crt + Server private key: crossdesk.cn.key + Server certificate: crossdesk.cn_bundle.crt +``` + +#### Server Side +Place **crossdesk.cn.key** and **crossdesk.cn_bundle.crt** into the **/path/to/your/certs** directory. + +#### Client Side +1. Click the settings icon in the top-right corner to enter the settings page. +2. Click **Self-Hosted Server Configuration**. +3. In the **Certificate File Path** selection, locate and select the **crossdesk.cn_root.crt** file. +4. Check the option to use **Self-Hosted Server Configuration**. \ No newline at end of file