Sometimes we need to hide our IP address for security, if we use Cloudflare we need to create separate email server so our IP site origin will keep hidden.

The following is how to to remove client sender IP (X-Originating-IP) from Postfix generated email header and the only available data is IP from our email server.

Open /etc/postfix/master.cf and find:

cleanup   unix  n       -       n       -       0       cleanup

Add below those line and become:

cleanup   unix  n       -       n       -       0       cleanup
  -o header_checks=pcre:/etc/postfix/header_checks

Edit /etc/postfix/header_checks and add below codes:

/^Received:/ IGNORE

Now restart postfix. Let say on CentOS:

service postfix restart

I have several boxes using RAID controller from LSI brands. And of course, sometimes we need to know important information about our disks, let say disk health status.

When using Software RAID then the command is very simple, eg:

smartctl -a /dev/sda

However, when using a hardware RAID, the command is slightly different:

# Physical drive information
MegaCli -PDList -aALL

# Outputting device ID
MegaCli -PDList -aALL | grep "Device Id"

# Smartctl test
smartctl -a -d sat+megaraid,#DeviceID /dev/sd[a-z]

Note: the RAID controller is MegaRAID LSI.

After almost 5 years using Blogger, a few days ago I decided to move the platform to HTMLy an open source databaseless blogging platform (Flat-File Blog).

Yes, I am the HTMLy project lead so it's reasonable.

When ordering dedicated server sometimes we only got 1 IPv4, but that’s enough, we can using NAT for container with IP Tables and HAProxy to creating many OpenVZ VPS inside our dedicated server.

Install OpenVZ

yum update -y

yum install -y wget

cd /etc/yum.repos.d

wget http://download.openvz.org/openvz.repo

rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ

yum install -y vzkernel.x86_64

yum install -y vzctl vzquota

yum install -y ploop

sed -i 's/kernel.sysrq = 0/kernel.sysrq = 1/g' /etc/sysctl.conf

sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf

echo 'net.ipv4.conf.default.proxy_arp = 0' >> /etc/sysctl.conf

echo 'net.ipv4.conf.all.rp_filter = 1' >> /etc/sysctl.conf

echo 'net.ipv4.conf.default.send_redirects = 1' >> /etc/sysctl.conf

echo 'net.ipv4.conf.all.send_redirects = 0' >> /etc/sysctl.conf

echo 'net.ipv4.icmp_echo_ignore_broadcasts=1' >> /etc/sysctl.conf

echo 'net.ipv4.conf.default.forwarding=1' >> /etc/sysctl.conf

sysctl -p

sed -i 's/NEIGHBOUR_DEVS=detect/NEIGHBOUR_DEVS=all/g' /etc/vz/vz.conf

sed -i 's/options nf_conntrack ip_conntrack_disable_ve0=1/options nf_conntrack ip_conntrack_disable_ve0=0/g' /etc/modprobe.d/openvz.conf

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux

yum install -y ntp

ntpdate -u us.pool.ntp.org

chkconfig ntpd on

reboot

Install OpenVZ Web Panel

Now we can install the OpenVZ Web Panel:

wget -O - https://raw.githubusercontent.com/sibprogrammer/owp/master/installer/ai.sh | sh

Open http://PublicIP:3000 in your browser (Login admin/admin, make sure to change your default password).

For private IP, I pick this IP range 192.168.2.0/24, and let say our public IP is 8.8.8.8, and our virtual server IP is set to 192.168.2.1 using OpenVZ Web Panel.

Provide access for container to Internet

Use below rule so our container can access the internet:

iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j SNAT --to 8.8.8.8

SSH for virtual server (port forwarding)

User can access their VPS trough SSH by using our public IP and custom port, I pick port 2122.

iptables -t nat -A PREROUTING -p tcp -d 8.8.8.8 --dport 2122 -j DNAT --to-destination 192.168.2.1:22

Save the iptables:

service iptables save

Restart iptables:

service iptables restart

HAProxy (web access)

We can use HAProxy to bind any http request to our private IPs (DNAT). Install HAProxy first:

rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

yum install -y haproxy

Now configure the /etc/haproxy/haproxy.cfg, example:

frontend httpd
    bind *:80
    acl example_www hdr_end(host) -i example.com www.example.com
    use_backend example_http if example_www

backend example_http
    mode http
    server localhost-stash-http 192.168.2.1:80

Start HAProxy and set to start automatically on reboot:

service haproxy start

chkconfig haproxy on

Nginx

If you prefer using nginx instead of haproxy than install nginx first:

rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

yum install nginx

Than creating your nginx configurations, example:

server {
  listen 80;
  server_name example.com www.example.com;
    location / {
      access_log off;
      proxy_pass http://192.168.2.1;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_buffering    off;
      proxy_buffer_size  128k;
      proxy_buffers 100  128k;
    }
}

Troubleshoot

When you start OpenVZ service and you got Running kernel is not an OpenVZ kernel message, you’ll just need to modify /boot/grub/grub.conf manually, example:

default=0
timeout=5

    title OpenVZ (2.6.32-042stab090.5)
        root (hd0,0)
        kernel /boot/vmlinuz-2.6.32-042stab090.5 root=/dev/sda1  ro
        initrd /boot/initramfs-2.6.32-042stab090.5.img

Important! pick kernel that has stab filename, if mistaken than our dedibox will not booting, after checking the grub.conf file properly than reboot it.

Perhaps you already know if Google does not index the content inside an iframe, so the comments from Disqus or Facebook is not indexed.

But now Google has started indexing the content inside an iframe, I realized this today when I checked the HTMLy blog demo, Danlogs.

The blogs using Disqus comments, and it turns out all the comments on the blog indexed by Google. A certainly good news for Disqus users.

For Facebook comments, I have not yet figured out its already indexed or not, but it should also being indexed because it uses an iframe as well.