中文 | English
EdgeRDP is a lightweight Gateway for Windows Remote Desktop. A controlled Windows machine keeps an outbound connection to the Gateway, and the controlling side can use the built-in Windows Remote Desktop client (mstsc.exe) from any Windows PC. No software is required on the controlling PC.
Typical address:
office-pc.desk.example.com
The client runs on the Windows machine that will be controlled. A regular user only needs to enter three values:
server_domain: "desk.example.com"
subdomain: "office-pc"
password: "device credential generated by the server"server_domain can point to your own self-hosted Gateway or to a Gateway operated by someone else. subdomain identifies this controlled machine, and password is generated in the server admin UI.
After the client is online, any Windows PC can open mstsc.exe and connect to:
office-pc.desk.example.com
Log in with the Windows username and password on the controlled machine. The controlling PC does not need EdgeRDP installed.
Remote Desktop must be enabled on the controlled Windows machine, and the Windows login account must have a password.
The server provides the proxy tunnel for controlled machines and a Web admin panel. It has two main services:
- Control API: admin UI, device credentials, online status, Agent login, and client updates.
- RDP Router: listens on the public RDP port and routes connections by device subdomain.
In practice, the server is a self-hostable RDP Gateway. One Gateway can serve many controlled Windows machines, so you can run it for yourself, for a team, or for customer devices.
If you are using a Gateway provided by a third party, the client-side configuration above is usually sufficient. Continue with the following sections if you plan to deploy your own server.
Prepare an Ubuntu 22.04/24.04 server and a domain such as desk.example.com. DNS must point both desk.example.com and *.desk.example.com to the server. Open 3389/tcp for RDP Router, 4389/tcp for Agent tunnels, and 4390/tcp for the fastest HTTP deployment. If you enable HTTPS, also open 80/tcp and 443/tcp. If the server is in Mainland China, complete the required ICP filing before exposing the domain publicly.
Use this path to get the system running first. It assumes DNS is ready, the ports are free, and HTTPS is not enabled yet.
Install baseline dependencies:
sudo apt update
sudo apt install -y git curl ca-certificates build-essentialSource deployment also needs Go 1.26+, Node.js 22+, and npm. If your Ubuntu apt repository provides sufficiently new packages, you can install golang-go nodejs npm; otherwise install newer Go and Node.js from their official sources first.
Then run:
git clone https://github.com/inklife/EdgeRDP.git
cd EdgeRDP
sudo bash server/scripts/deploy-all.sh --server-domain desk.example.comThe script builds the admin UI, Control API, and RDP Router, then installs them under /opt/edgerdp/. Default HTTP deployment:
Admin UI: http://desk.example.com:4390
Agent Tunnel: desk.example.com:4389
RDP entry: <subdomain>.desk.example.com
Default account: admin / admin
After first login, change the admin password and create a device. The admin UI will generate the device subdomain and credential. Give those values plus server_domain to the controlled Windows client.
Useful checks:
sudo systemctl status edgerdp-api
sudo systemctl status edgerdp-router
sudo journalctl -u edgerdp-api -f
sudo journalctl -u edgerdp-router -fHTTPS is recommended for real use. The simplest option is to let the deployment script install and configure Caddy:
cd EdgeRDP
sudo bash server/scripts/deploy-all.sh --server-domain desk.example.com --https trueControl API will listen on 127.0.0.1:4390, and the public admin URL becomes:
https://desk.example.com
Caddy config:
desk.example.com {
reverse_proxy 127.0.0.1:4390
}Nginx reference:
server {
listen 443 ssl;
server_name desk.example.com;
ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.pem;
location / {
proxy_pass http://127.0.0.1:4390;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}If you configure the reverse proxy yourself, keep /opt/edgerdp/control-api/config.yaml aligned:
web:
listen_host: "127.0.0.1"
listen_port: 4390
public_scheme: "https"
https:
enabled: trueRestart:
sudo systemctl restart edgerdp-api
sudo systemctl restart edgerdp-router
sudo systemctl reload caddy # or sudo systemctl reload nginxRDP Router and Agent Tunnel do not go through the HTTP reverse proxy. Keep 3389/tcp and 4389/tcp open directly.
- Chinese detailed guide
- English detailed guide: full configuration fields, ports, troubleshooting, and backups.
cd server/control-api
go test ./...
cd ../rdp-router-go
go test ./...cd client\gui
.\build.ps1