Virtual Multiserver Environment With Dedicated Web & MySQL, Email & DNS Servers On Debian Squeeze With ISPConfig 3

Want to support HowtoForge? Become a subscriber!
 
Submitted by MaddinXx (Contact Author) (Forums) on Mon, 2012-05-21 15:28. :: Debian | ISPConfig | OpenVZ | Control Panels

Virtual Multiserver Environment With Dedicated Web & MySQL, Email & DNS Servers On Debian Squeeze With ISPConfig 3

Version 1.0
Author: Michel Käser <info [at] rackster [dot] ch>
Last edited 05/04/2012

This tutorial describes how you can set up a single dedicated server as a virtual multiserver environment using OpenVZ with dedicated Web & MySQL, Email and DNS servers on Debian Squeeze. Also, you will learn how to maintain all these servers. As an addition, you will learn how to install some very useful packages on all of them, how to protect them and how to monitor them.

At the end you will have a fully functional virtual multiserver environment, ready for shared hosting.

I do not issue any guarantee that this will work for you!

 

1 Requirements

To follow this tutorial you will need the following:

  • a dedicated server
  • at least 5 IPs
  • a lot of time

 

2 Preliminary Note

In this tutorial I use this dedicated server: http://www.hetzner.de/hosting/produkte_rootserver/ex4 with the Flexi-Pack and an additional /28 subnet (14 IPs).

The goal is to have these servers:

  • Type: Node
  • Hardware: Dedicated
  • Hostname: root.example.tld
  • 192.168.1.1
  • Type: Container
  • Hardware: Virtual
  • Hostname: web.example.tld
  • 192.168.1.2
  • Type: Container
  • Hardware: Virtual
  • Hostname: mail.example.tld
  • 192.168.1.3
  • Type: Container
  • Hardware: Virtual
  • Hostname: ns1.example.tld
  • 192.168.1.4
  • Type: Container
  • Hardware: Virtual
  • Hostname: ns2.example.tld
  • 192.168.1.5

 

3 The Base System

I assume you took the same dedicated server as I did. The Hetzner Web-Interface allows you to install a range of distributions. Take the minimal Debian 6.0 64-bit.

Click to enlarge

This will install the base system for you and you do not have to configurate it yourself. You will get the root password as well.

 

4 Installing OpenVZ + OVZ Web Panel

As soon as your server is ready, login using the received credentials. We first will do an update/upgrade:

apt-get update && apt-get -y upgrade && apt-get -y dist-upgrade

which will upgrade our server to latest version.

We install some additional packages to:

apt-get -y install nano wget ntp ntpdate

 

4.1 Installing OpenVZ

We now want to install OpenVZ, the base for our virtual multiserver environment.

An OpenVZ kernel and the vzctl, vzquota, and vzdump packages are available in the Debian Squeeze repositories, so we can install them as follows:

apt-get install linux-image-openvz-amd64 vzctl vzquota vzdump

Create a symlink from /var/lib/vz to /vz to provide backward compatibility:

ln -s /var/lib/vz /vz

Open /etc/sysctl.conf and make sure that you have the following settings in it:

nano /etc/sysctl.conf

[...]
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward=1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.eth0.proxy_arp=1
[...]

If you needed to modify /etc/sysctl.conf, run

sysctl -p

afterwards.

The following step is important if the IP addresses of your virtual machines are from a different subnet than the host system's IP address. If you don't do this, networking will not work in the virtual machines!

Open /etc/vz/vz.conf and set NEIGHBOUR_DEVS to all:

nano /etc/vz/vz.conf

[...]
# Controls which interfaces to send ARP requests and modify APR tables on.
NEIGHBOUR_DEVS=all
[...]

Finally, reboot the system:

reboot

If your system reboots without problems, then everything is fine!

Run

uname -r

and your new OpenVZ kernel should show up:

root@root:~# uname -r
2.6.32-5-openvz-amd64

Since Hetzner mounts /home on a separate hard disk, we can use it as the OpenVZ backup location. To do so, run:

rm -rf /var/lib/vz/dump
ln -s /home/backup/vz /var/lib/vz/dump

As we will use fail2ban within our virtual containers, we have to enable some IPTables support for them. We do that by editing the /etc/vz/vz.conf file:

nano /etc/vz/vz.conf

Search the line starting with IPTABLES and comment it (#). Paste the following afterwards:

[...]
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state"

Next, active the state module in the kernel:

modprobe xt_state

 

4.2 Installing OVZ Web Panel

The OpenVZ Web Panel is a GUI web-based frontend for controlling of the hardware and virtual servers with the OpenVZ virtualization technology.

The most simple way to install OpenVZ Web Panel is to run the following command:

wget -O - http://ovz-web-panel.googlecode.com/svn/installer/ai.sh | sh

After installation Panel should be available by the following URL:

http://<192.168.1.1>:3000

Default administrator's credentials are: admin/admin. Don't forget to change default password.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by jokajinx@gmail.com (not registered) on Tue, 2014-08-05 13:27.
<?xml:namespace prefix = "o" />  ************If you get ************ Setting up g++ (4:4.7.2-1) ...update-alternatives: using /usr/bin/g++ to provide /usr/bin/c++ (c++) in auto modeSetting up build-essential (11.5) ...Setting up libstdc++6-4.7-dev (4.7.2-5) ...Checking presence of the command: ruby Fatal error: Panel requires Ruby 1.8 (Ruby 1.9 is not supported).************Check version ************ruby -vruby 1.9.3p194 (2012-04-20 revision 35410) [i486-linux] dpkg -l | grep "ruby1.8"ii  libruby1.8                           1.8.7.358-7.1+deb7u1          i386         Libraries necessary to run Ruby 1.8ii  ruby1.8                              1.8.7.358-7.1+deb7u1          i386         Interpreter of object-oriented scripting language Ruby 1.8ii  ruby1.8-dev                          1.8.7.358-7.1+deb7u1          i386         Header files for compiling extension modules for the Ruby 1.8************You Fixed it with  ************ update-alternatives --config rubyThere are 2 choices for the alternative ruby (providing /usr/bin/ruby).  Selection    Path                Priority   Status------------------------------------------------------------* 0            /usr/bin/ruby1.9.1   51        auto mode  1            /usr/bin/ruby1.8     50        manual mode  2            /usr/bin/ruby1.9.1   51        manual modePress enter to keep the current choice[*], or type selection number: 1update-alternatives: using /usr/bin/ruby1.8 to provide /usr/bin/ruby (ruby) in manual mode
Submitted by Jorge Quiterio (not registered) on Thu, 2014-05-22 02:52.

On the 

http://ovz-web-panel.googlecode.com/svn/installer/ai.sh

Alter from ruby to ruby1.8 for ap-get -y install on the line 88

Submitted by Nexusguy59 (registered user) on Sat, 2013-07-06 19:34.
You will need to install these two gems to add another server  to the mix in OpenVZ Web Panel, Just an fyi 

gem install net-ssh
gem install net-sftp 
Submitted by MaddinXx (registered user) on Tue, 2013-07-09 22:09.
Do you have any reference confirming that (e.g. an OVZ issue ticket)? The installer should handle everything itself and I never had to install additional gems to get things up and running. 
 
Please let me know so I can recheck. Thanks!
 
 edit: found this// https://code.google.com/p/ovz-web-panel/issues/detail?id=282#c5 -> no need to install the gems...if you need to, therefor something really wrong.
Submitted by trambinux (not registered) on Mon, 2012-07-23 02:57.

Hi thanks for your howto, a little error here : /etc/vz/vz.conf :

  IPTABLES=".....iptable__mangle.....

 

must be

 IPTABLES="....iptable_mangle... 

 

Submitted by MaddinXx (registered user) on Fri, 2012-08-03 22:28.
Oh, what an ugly typo. Fixed now - thanks :)
Submitted by Anonymous (not registered) on Tue, 2012-05-22 04:13.
thank you very much!