Installing OpenVZ
We start from a basic Centos 6 installation. Our objective will be to install OpenVZ and run several virtual machines. Attention OpenVZ supports virtualization only for GNU/Linux systems. In addition you can install an OpenVZ panel. In first, update Centos and install some necessary tools :
yum update -y yum install screen wget -y
OpenVZ uses a modified Linux kernel, we will install it and tools from the official repository.
rpm --import http://ftp.openvz.org/RPM-GPG-Key-OpenVZ wget -P /etc/yum.repos.d/ http://ftp.openvz.org/openvz.repo yum install vzkernel vzctl ploop
In /etc/sysconfig/selinux, SELINUX must be deactivated.
SELINUX=disabled
To allow access to Internet from virtual machines, edit /etc/sysctl.conf.
# On Hardware Node we generally need # packet forwarding enabled and proxy arp disabled net.ipv4.ip_forward = 1 net.ipv6.conf.default.forwarding = 1 net.ipv6.conf.all.forwarding = 1 net.ipv4.conf.default.proxy_arp = 0 # Enables source route verification net.ipv4.conf.all.rp_filter = 1 # We do not want all our interfaces to send redirects net.ipv4.conf.default.send_redirects = 1 net.ipv4.conf.all.send_redirects = 0
Check the first kernel in /boot/grub/grub.conf and reboot your server.
reboot
We no longer use the Linux kernel provided by CentOS, it is better to uninstall it.
yum remove kernel -y
In the examples, our network will be 192.168.1.0/24 and our public ip is 11.22.33.44.
iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to 11.22.33.44 /sbin/service iptables save
Open /etc/vz/vz.conf and add “iptable_nat” in IPTABLES_MODULES
IPTABLES_MODULES="ipt_REJECT
Becomes
IPTABLES_MODULES="iptable_nat ipt_REJECT
The installation is now complete, you can now manage your OpenVZ server with VCA.
Templates download
We will install some templates, files must be placed in /vz/template/cache. Warning, do not unpack them.
Example with Ubuntu 14.04
cd /vz/template/cache wget http://download.openvz.org/template/precreated/ubuntu-14.04-x86_64-minimal.tar.gz
Share port 80
If multiple sites are hosted on different virtual machines, we have two possibility:
- Use failover IP
- Do NAT
We will do NAT, on the host machine we install Nginx who will do reverse proxy. It is also possible to redirect port 80 to a virtual machine that will itself contain Nginx. Nginx is not activated in the default repositories, we will need to activate EPEL.
yum install epel-release -y yum install nginx -y chkconfig nginx on
By default, configuration files are in /etc/nginx/conf.d/. To separate proxy web sites, we create new folders.
mkdir /etc/nginx/sites-available/ mkdir /etc/nginx/sites-enabled/
In /etc/nginc/nginx.conf, replace
include /etc/nginx/conf.d/*.conf;
By
include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*.conf;
Create /etc/nginx/conf.d/proxy.conf
proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; client_header_buffer_size 64k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 16k; proxy_buffers 32 16k; proxy_busy_buffers_size 64k;
To redirect a web site, create a symbolic file in /etc/nginx/sites-available/, link ir to /etc/nginx/sites-enabled/ and reload Nginx.
Example with a virtual machine in 192.168.1.5
server { listen 80; server_name mywebsite.com; location / { proxy_pass http://192.168.1.5/; } }
Open port 80 on the host machine.
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT /sbin/service iptables save