TOP

Reverse DNS (PTR) Records for VPS

We are happy to announce that reverse DNS records for VPS accounts are now fully controllable via the SolusVM control panel.

Starting today, it will be no longer necessary to open a support ticket to modify reverse DNS entries.

We hope this will add an extra layer of simplicity to the service.

Sincerely,

Media-Hosts Inc.

Read More
TOP

IPv6 Addresses now available on all OpenVZ VPS accounts at OpenVZ.ca

IPv6 addesses are available on the Medium, Large and Extra large VPS accounts at no additional cost.

There is a one time setup fee of $19.99 to activate IPv6 addresses on the Small VPS package.

For more information on IPv6 click here

We are proud to announce, that our IPv6 network is now online. We have connectivity to the following upstream providers as of today:

  • Cogent Communications (AS174)
  • NeTELLIGENT Hosting Services (AS10929)
  • Hurricane Electric (AS6939)

If you are a current customer looking to add IPv6 connectivity to your existing VPS, please open a support ticket.

Note: While these IP addresses do not have a monthly per-unit cost. Justifications are still required for larger amounts of IP addresses to be allocated. Please refer to the ARIN policy regarding the exact policy that we follow.

IPv6 Addresses now available at OpenVZ.ca on all OpenVZ VPS servers

IPv6 Addresses now available

Read More
TOP

SolusVM Migrations Completed

We are happy to report that all of the migrations to the new SolusVM platform and Hardware Nodes has been completed successfully.

At this point, all customers should have received an email for each VPS they have with us with instructions on how to access the new panel. If you have not received an email from us please open a ticket with support.

We hope everyone enjoys the added benefits this control panel brings us.

Read More
TOP

SolusVM Control Panel Coming by September 2011!

SolusVM VPS Control PanelDue to the increasing number of requests we get to migrate to a newer control panel, we have decided to go with SolusVM as the control panel for all of our VPS servers going forward.

What does this mean for existing customers?

Between now and September 2011, you will get an email with instructions on how to login to the new web control panel. The Legacy HyperVM web interface will continue to be active until all VPS accounts are fully migrated to the new system.

Will there be any downtime as a result of this upgrade?

Absolutely NOT! One of the benefits of OpenVZ virtualization technology is the the ability to “live migrate” virtual servers. Your VPS will be moved to the new nodes with the SolusVM software enabled live. Nothing will change with your configuration.

When your VPS is fully migrated, you will get an email to confirm.

Why are we migrating?

One of the benefits to this migration, is that you will be able to see all of your usage graphs (CPU, Load Average, RAM, Network) from within your ePortal (secure.media-hosts.com).

In addition, these extra features will also give us room to grow in the future:

  • API Access for use with iPhone applications and other 3rd party programs.
  • Simplified web interface that makes much more sense.
  • Ability to add other types of virtualization (KVM, Xen PV & HVM). I know we are OpenVZ.ca but Media-Hosts.com will be offering other virtualization technologies as a result, and it’s much easier for us to manage one system instead of two.
  • SSH console built into the ePortal and Web Portal.
  • Tun/Tap will be user installable with one button.

If you have any questions regarding this new feature/migration please email us directly: support@media-hosts.com

Read More
TOP

Setup a Tun/Tap OpenVPN Server on OpenVZ in Under 5 Minutes

How can I install a VPN server on my VPS in order to access the internet through it? If you want to skip the background and methodology behind the script, skip to the section called “Installing OpenVPN on OpenVZ.”

One of the pre-requisites to run common PPTP and IPSEC VPN protocols is PPP. Due to the nature of OpenVZ virtualization, it requires it’s own custom version of the Linux Kernel to run. As a result, ppp is not available for us to use.

So, OpenVPN is the simplest way to get a VPN server running on your VPS since it utilizes the TUN interface /dev/net/tun and creates a tunnel to your client software running on your PC. Then, using simple IPTables rules, you can masquerade or NAT your traffic to your public interface. Sounds complicated? to a degree it can be (depending on your linux knowledge level).

So we have come up with  a script that will allow you to install a “simple” version of OpenVPN server and allow you to download the appropriate configuration file (.ovpn & certificate) to import into the OpenVPN client software. This requires no configuration from your side other than running the script and answering some questions in the wizard.

Installing OpenVPN on OpenVZ

The following script will do the following things:

  1. It will check to ensure tun/tap is enabled. If it isn’t you will need to contact your support department and have it enabled before continuing.
  2. It will download and install the RPMForge Repository for CentOS (where OpenVPN packages are located)
  3. It will use YUM and install all the required packages (openvpn openssl openssl-devel)

Once the required packages are installed the script will create a sample easy to use configuration for OpenVPN and put the required files you will need for your Client to connect in /root/openvpn-keys.tgz

It will set OpenVPN to run on boot and create the necessary iptables NAT rules to route your traffic to your primary Public IP address and save it so it will remember when iptables is restarted.

Installation Steps

Download the following script (tested and supported on CentOS 5 32bit) and run as root:  OpenVPN Install Script

or

Type the following commands as root:

cd ~
wget http://www.openvz.ca/scripts/install-openvpn.sh
chmod 700 install-openvpn.sh
./install-openvpn.sh

Wizard Instructions:

  • When asked to enter a “Passphrase” do not enter one, leave it blank and just press “enter”
  • When asked for Country Code, Province, City… These do not have the be accurate. Any values will do.
  • When asked if you want to build/sign the generated certificates enter yes (y).
  • It is normal for it to ask you two times for the same information (Since you are generating both client/server keys)

The final step is to download the /root/openvpn-keys.tgz archive, unzip it on your PC and import the .ovpn file in your OpenVPN Client (you can download it here if you haven’t already). This will create a simple button in your client and allow you to quickly establish a VPN connection to your VPS whenever you need it.

Questions? Contact Us or post a comment on this blog so we can clarify anything not mentioned.

pre-requisites

Read More
TOP

How to Reduce Delays when Purchasing Web Hosting or VPS Accounts

One of the things I have been noticing on various forums and blogs these days is the huge amount of time differences in processing and activating web hosting or VPS accounts once the payment has been made.

While many of you will think there are a lot of different variables that come into play here (size of the company, available stock, man power, workload etc…) one thing that is often over-looked is the fraud checking mechanisms. What many customers and potential customers don’t allow for is this buffer zone between when payments are made and when the account gets activated.

Most hosting companies today (at least I hope) have some sort of fraud checking system in place. Whether it is an automated one that is custom develloped, an API powered by another company, a simple phone call confirmation to the phone number the user signed up with or just a simple method of manual checks.

Some of the things YOU should do to avoid delays:

  1. Ensure that you purchase from an IP address in the same Country as your billing address.
  2. Ensure your phone number and area code match the Country and region as your billing address.
  3. Pay with a PayPal account or credit card that matches your name.
  4. Expect a phone call to confirm if you are from a different Country as the host you are purchasing from.
  5. Do not use a VPN service or other web proxy to purchase your service.
  6. Avoid free email addresses (hotmail, gmail, yahoo) use your ISP or Work email.
  7. In the event that you cannot follow steps 1-6 provide an explanation in the comment section of your order.

In addition to all of these precautions, the host will still do additional checks to ensure that you are not a security risk to the network.

Doing these simple things will make your life much easier and will get your new orders online much faster!

That’s alll for now.

Read More
TOP

Simple Certificate Based SSH Authentication for your VPS

As a sequel to my first blog post (Simple Ways to Secure the SSH Port on your VPS) I am adding a simple tutorial on how you can setup Certificate based SSH authentication.

The reason someone would implement this method is to avoid using plain-text passwords. This way, anyone who does not have the client-side certificate installed in their SSH client will not be able to login to the VPS.

Overview

There are 3 things that we will need to do in order to get this to work:

  1. Create a Public/Private SSH Key on the Client Computer
  2. Create the Public Key file on the VPS (Server)
  3. Disable password based authentication on the Server

I need to stress at this point, do not do step number 3 before you test a login with the SSH key method or you will potentially loose access to the server entirely and will need to open a ticket with your host!

Step 1

Create an SSH Key Pair (Public/Private) on the client. Type the following commands (do not use root as the user):

$ cd ~/.ssh
$ ssh-keygen -t rsa -b 2048

You will be asked: “Enter file in which to save the key (/home/testuser/.ssh/id_rsa):” Press Enter.

You will then be asked: “Enter passphrase (empty for no passphrase):” Type in a passphrase that you will remember. You will need to enter it every time you ssh to your server from now on.

Note: If you do not enter a passphrase in this step, you will not be asked to enter it when you login to the server. This can be good or bad… It’s good because you can just ssh to the server and login automatically without typing a password. It’s bad because anyone who has a copy of this Private Key will be able to login to your server without a passphrase. So make sure you keep this file in a very safe place if you choose not to use a passphrase.

In your .ssh directory you will see the following 2 new files: ‘id_rsa’ & ‘id_rsa.pub’.

Step 2

SSH to your VPS Server, and go to the .ssh directory in the home directory of the user you want to be able to access with the key. Ex: /home/user1/.ssh

Copy the contents of id_rsa.pub (That you generated in Step 1 on the Client Computer) And paste it in the “authorized_keys” file in your ~/.ssh directory on the Server. Ensure that everything is on one line.

Edit /etc/ssh/sshd_config (You need to be root to do this).

Find the following lines:

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

Remove the “#” symbols next to each of these three lines and save the file.

Restart sshd

Close the session and login to your server again with the user you created the key for.

This time you should be asked for a passphrase (if you entered one in step 1). If you didn’t enter one in step 1 then it should just login and you should have a console $ under the user you created the key for.

Step 3

Once you have confirmed that SSH Key Authentication is working, edit /etc/ssh/sshd_config and find the following line:

PasswordAuthentication yes

Change the ‘yes’ to ‘no’ and restart sshd.

You will now only be able to login with the user you created the Key for. From now on, whenever you want to SSH to the server you will need to make sure that there is a copy of the Private Key in the users Home Directory on the Client Machine.

Read More
TOP

What is the Difference Between “Guaranteed” and “Burstable” RAM on OpenVZ?

Another popular question we get at OpenVZ.ca is: “What is the difference between Guaranteed and Burstable RAM.”

To answer this question we must first briefly understand how OpenVZ works. Unlike other virtualization methods (XEN, VMWare) OpenVZ does not “Guarantee” system resources. Think of it more like a “chroot” of sorts. While it is not exactly the same as the chroot definition, it acts similarly to those principles. As a result the Virtualized Environments (VE’s) will share the Harware Node’s Kernel, RAM and SWAP space. From there, OpenVZ sets limits to each individual VE for such things as CPU speed and time, hard drive quota, hostname, IP addresses and more.

All of these limits are viewable in the following file on a OpenVZ based VE: /proc/user_beancounters

So how does all of this information relate to the amount of RAM on my VPS??

The important number is the Burstable amount. The reason for this is because the majority of programs allocate memory for more than what they actually use. Usually this is about double.

Lets take YUM for example. In order to run it, almost 100mb of RAM will get allocated, but it will only use about half that (there are variables here depending on what it’s actually doing). Majority of programs do this just incase they need more.

Example: If the “Small” package on OpenVZ.ca were to have 128mb burst and guaranteed RAM, running #yum update -y would lead to an error. This is because the yum program will try to allocate about 100mb of RAM. OpenVZ will see that this is higher than the burstable limit (assuming there are other things running as well), resulting in the error.

Since the “Small” VPS package has a burstable amount of 256mb it allows YUM to excecute perfectly. The actual RAM usage is under the guaranteed 128mb and the allocated is under 256mb.

Summary

The Guaranteed RAM is the amount the can be used, the Burstable RAM is the amount that can be allocated. Generally assume that the program will allocate double the RAM it uses.

Recommendations When Buying

In general, build up a good relationship with your host and make sure they are honest with you. There is nothing wrong with asking for the full spec of the hardware node and asking how many customers are on it or how much of it’s resources are allocated (or intend to be allocated).

From there it’s important to know just how much ram your system will be using. Always get double the amount of burstable ram to ensure that your programs will run perfectly. If you know your system will be using 512mb of ram, make sure that you get a burstable amount of 1gb or more. Always look at the burstable limit as a rule of thumb.

In the end, it’s your money and you need to make sure that it’s being well invested.

Read More
TOP

Simple Ways to Secure the SSH Port on your VPS

One of the most important things to do once your VPS has been created is to secure the standard SSH port.

Since SSH is the main method to communicate with any VPS it is the first target for any non-authorized person trying to gain access.

There are a few different ways to add more security to this vulnerable port. You can choose to do one of the following or all of the following depending on your needs.

Change the common port 22

This is the easiest and quickest starting point. Since the default port is 22, most hackers will scan to see if this port is open to start an attack. Changing it to a non-standard port will make it harder to identify where the SSH service is running.

Steps: Login to your VPS through SSH and type the following as root:

vi /etc/ssh/sshd_config

Scroll until you see:

#Port 22
#Protocol 2,1
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

Press “i” to enter insert mode in vi and then move to the line that says #port 22. Remove the “#” and specify a different port (example: 22122, 3355 etc…) Make it random but within the acceptible tcp range.

Once this is done, press “escape” then colon (:) and then “x”. Hit enter and this will save your changes.

At the command prompt type (On CentOS):

service sshd restart

On other OS’s you may need to type: /etc/init.d/sshd restart

At this point you may loose connectivity because you changed the port! If you didn’t you will need to exit the current session and reconnect to your server using the new port that you specified.

(Optional) at this point, if your VPS has more than one IP address assigned to it, you can specify only one by changing the “ListenAddress 0.0.0.0” to one of your IP addresses. This way, you can only access SSH through the one interface.

Disable root login through SSH

Using the same methods in step 1 edit /etc/ssh/sshd_config and scroll until you see

#PermitRootLogin yes

Remove the “#” symbol and change the “yes” to “no”, save the file and restart sshd service.

Next time you try to login as root it will deny you.

Note: SSH will still allow you to try and login as root if you specify “root” as the username. It will reject the login even though you specify the right password.

IP Restriction

This step may not appeal to the users who are on Dynamic IP addresses. But it is a very effective way to secure the SSH port even more.

IP restriction will reject a user trying to login from a non specified source IP address. This will allow you to control which hosts will have access and which do not.

If you have many users using your VPS who require SSH access, this is not a good idea as you will block their traffic when implementing this method.

In order to specify the incoming IP address you can use the “/etc/hosts.allow” and “/etc/hosts.deny” files.

Edit “/etc/hosts.deny” and add a line with the following:

sshd:*

This will deny all traffic. Once this is completed you will allow your IP address.

Edit “/etc/hosts.allow” and add a line with your ip address:

sshd: <your ip> (Example: sshd:192.168.1.1)

Note: The allow file will get processed first. So if an ip address matches in the allow file first, traffic will be allowed even if it is specified in the deny file.

Once this is completed the only host that will be able to SSH to your VPS will be the one specified in your hosts.allow file.

Read More
TOP

Can I run Virtualmin with under 512mb of Ram?

One of the most popular trends we have been seeing at OpenVZ.ca as of late is the huge incoming flow of orders on which our customers are choosing Virtualmin GPL as their desired control panel. As an alternative to cPanel or DirectAdmin it has some advantages. The first and foremost is that it is free (There is a paid version with more features) and it accomodates the more advanced users giving access to such things as apache configuration files and named zone files.

So why am I writing about this? Well, majority of these new orders are placed with the most minimum VPS package we offer, “Small.” Weighing in at 128mb of ram and 2 CPU cores at 1.0ghz this configuration will create errors even before you try to run Virtualmin GPL.

In order to run Virtualmin GPL properly you will need a “Class A” supported system which is on the Virtualmin Website, and at a very minimum 512mb of ram.

RAM Usage on OpenVZ Virtualmin CentOS Fresh Installation

RAM Resources during/post Installation on CentOS 5 in OpenVZ

We have done some experimenting and the installation script will fail with errors unless you have approximately 490mb of ram available. This is on an OpenVZ VPS (XEN may be different).

At 512mb of ram, the installer will complete and you will be able to run the panel but when you go through the setup wizard do not select any options which require more ram or you will max out the guaranteed resources for your VPS.

In short, if you want to run Virtualmin GPL on a VPS do so with at least 768mb of guaranteed ram and if possible go for 1gb to accomodate for future growth. Always use a “Grade A” supported system and make sure that you scatter virtualmin’s default cron job’s throughout the day so that you do not max out all of your CPU time at midnight.

Read More