After almost 5 years using Blogger, a few days ago I decided to move the platform to HTMLy an open source databaseless blogging platform (Flat-File Blog).

Yes, I am the HTMLy project lead so it's reasonable.

When ordering dedicated server sometimes we only got 1 IPv4, but that’s enough, we can using NAT for container with IP Tables and HAProxy to creating many OpenVZ VPS inside our dedicated server.

Install OpenVZ

yum update -y

yum install -y wget

cd /etc/yum.repos.d

wget http://download.openvz.org/openvz.repo

rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ

yum install -y vzkernel.x86_64

yum install -y vzctl vzquota

yum install -y ploop

sed -i 's/kernel.sysrq = 0/kernel.sysrq = 1/g' /etc/sysctl.conf

sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf

echo 'net.ipv4.conf.default.proxy_arp = 0' >> /etc/sysctl.conf

echo 'net.ipv4.conf.all.rp_filter = 1' >> /etc/sysctl.conf

echo 'net.ipv4.conf.default.send_redirects = 1' >> /etc/sysctl.conf

echo 'net.ipv4.conf.all.send_redirects = 0' >> /etc/sysctl.conf

echo 'net.ipv4.icmp_echo_ignore_broadcasts=1' >> /etc/sysctl.conf

echo 'net.ipv4.conf.default.forwarding=1' >> /etc/sysctl.conf

sysctl -p

sed -i 's/NEIGHBOUR_DEVS=detect/NEIGHBOUR_DEVS=all/g' /etc/vz/vz.conf

sed -i 's/options nf_conntrack ip_conntrack_disable_ve0=1/options nf_conntrack ip_conntrack_disable_ve0=0/g' /etc/modprobe.d/openvz.conf

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux

yum install -y ntp

ntpdate -u us.pool.ntp.org

chkconfig ntpd on

reboot

Install OpenVZ Web Panel

Now we can install the OpenVZ Web Panel:

wget -O - https://raw.githubusercontent.com/sibprogrammer/owp/master/installer/ai.sh | sh

Open http://PublicIP:3000 in your browser (Login admin/admin, make sure to change your default password).

For private IP, I pick this IP range 192.168.2.0/24, and let say our public IP is 8.8.8.8, and our virtual server IP is set to 192.168.2.1 using OpenVZ Web Panel.

Provide access for container to Internet

Use below rule so our container can access the internet:

iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j SNAT --to 8.8.8.8

SSH for virtual server (port forwarding)

User can access their VPS trough SSH by using our public IP and custom port, I pick port 2122.

iptables -t nat -A PREROUTING -p tcp -d 8.8.8.8 --dport 2122 -j DNAT --to-destination 192.168.2.1:22

Save the iptables:

service iptables save

Restart iptables:

service iptables restart

HAProxy (web access)

We can use HAProxy to bind any http request to our private IPs (DNAT). Install HAProxy first:

rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

yum install -y haproxy

Now configure the /etc/haproxy/haproxy.cfg, example:

frontend httpd
    bind *:80
    acl example_www hdr_end(host) -i example.com www.example.com
    use_backend example_http if example_www

backend example_http
    mode http
    server localhost-stash-http 192.168.2.1:80

Start HAProxy and set to start automatically on reboot:

service haproxy start

chkconfig haproxy on

Nginx

If you prefer using nginx instead of haproxy than install nginx first:

rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

yum install nginx

Than creating your nginx configurations, example:

server {
  listen 80;
  server_name example.com www.example.com;
    location / {
      access_log off;
      proxy_pass http://192.168.2.1;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_buffering    off;
      proxy_buffer_size  128k;
      proxy_buffers 100  128k;
    }
}

Troubleshoot

When you start OpenVZ service and you got Running kernel is not an OpenVZ kernel message, you’ll just need to modify /boot/grub/grub.conf manually, example:

default=0
timeout=5

    title OpenVZ (2.6.32-042stab090.5)
        root (hd0,0)
        kernel /boot/vmlinuz-2.6.32-042stab090.5 root=/dev/sda1  ro
        initrd /boot/initramfs-2.6.32-042stab090.5.img

Important! pick kernel that has stab filename, if mistaken than our dedibox will not booting, after checking the grub.conf file properly than reboot it.