Manage VPS Domain Forwarding

From Virtualizor Wiki
Revision as of 08:11, 30 May 2017 by Team (talk | contribs) (Private Network Configurations)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Introduction

VPS Domain Forwarding feature in Virtualizor allows VPSes to host HTTP/HTTPS services or any other TCP services on a private IP without any need for a public IP. To host an HTTP/HTTPS service, all that is required for a VPS is a valid domain name registered with any Domain Registrar. This domain name must point to any one of the source IPs made available for VPS Domain Forwarding by Virtualizor administrator.


Terminology

Below is a list of various terms used in this documentation related to VPS Domain Forwarding feature.

  • VDF
VPS Domain Forwarding.
  • HAProxy service
This is the core service which will be running in background on the server where VPSes are hosted and will be of performing domain forwarding requests for VPSes as per VDF records set.
  • Protocol
This is a term related to HAProxy service. Virtualizor uses TCP and HTTP services provided by HAProxy.
  • TCP
With this protocol, a VPS can host service which can be accessible through server's Source IPs.
  • HTTP/HTTPS
With this protocol, a VPS can host service which can be accessible through Source Domain (Domain Name which VPS user points to any one of Virtualizor server's IP set by Virtualizor Admin).
  • Source IP
This is the public IP of the server using which users will be able to access TCP services hosted in VPSes publically.
  • Source Domain
This is the domain name through which HTTP/HTTPS services hosted by a VPS can be accessed publically. Source Domain must point to any one of the Source IPs of the server which Virtualizor administrator has made available for VDF. It is the responsiblity of the VPS owner to point VPS domain name to any one of server's Source IP.
  • Source Port
This is the port attached to Source IP of the server on which TCP/HTTP/HTTPS service hosted by VPSes will be available publically.
  • Destination IP
This is the private (local) IP assigned to VPS on which the VPS will host its services which can be accessed through Source IP and Source Port.
  • Destination Port
This is the port attached to Destination IP within VPS on which various services will be listening internally. This services will then be made available publically through HAProxy service.


Requirements

  1. Host OS with kernel not older than version 2.6.28
  2. Local private network IPs with Host server as a gateway and working internet access on this IPs.


Configuration

To use Domain Forwarding for VPS, the administrator needs to perform following setup from the Admin Panel:

  1. Enable HAProxy
    • Select and save "Enable HAProxy" option under Admin Panel > Configuration > Master Settings page > HAProxy Settings. This enables Domain Forwarding on master and all its slaves.
  2. Set HAProxy parameters
    • For each Virtualizor hosts (both master and slave), setup following parameters under Admin Panel > Configuraton > Slave Settings page > HAProxy Settings:
    1. HAProxy Source IPs
      List of server's IPs which haproxy service can use for VPS Domain Forwarding as source IPs.
    2. HAProxy Reserved ports
      List of source ports which you do not want HAProxy service to use for VPS's Domain Forwarding as source ports (Reserved).
    3. HAProxy allowed ports
      List of source ports which can be used by HAProxy service for any service hosted in VPS (TCP, HTTP/HTTPS).
    4. HAProxy Reserved ports for HTTP and HTTPS only
      List of source ports which can be used only for HTTP/HTTPS services hosted in VPS. These ports must be a subset of allowed ports.
Note
  • Multiple IPs must be separated by comma ','. eg: X1.X2.X3.X4,Y1.Y2.Y3.Y4
  • Multiple ports must be separated by comma ','. eg: 80,443
  • Port ranges can be specified with hyphen '-'. eg: 5020-6020
  • Admin can disable Domain Forwarding for individual slaves through Slave Settings


VPS Domain Forwarding (VDF) Records Management

Interface

Interface to manage VDF records can be accessed by navigating to:

  1. Admin Panel
    1. Admin Panel > Virtual Servers > Domain Forwarding

    2. VPS Domain Forwarding page on Admin panel

    3. Admin Panel > Virtual Servers > List All > Select VPS Manage button on right of VPS row > Domain Forwarding Domain ForwardingIcon

    4. VPS Domain Forwarding page on Admin panel

  2. EndUser Panel
    1. VPS Management > Domain Forwarding Domain ForwardingIcon

    VPS Domain Forwarding page on Admin panel

VDF Records table shows following information about records:
  1. ID: VDF record's unique ID.
  2. VPS: VPS ID and hostname to which the VDF record belongs [Available only on Admin Panel on Domain Forwarding page]
  3. Server: Server name of the server on which the VPS is hosted. [Available only on Admin Panel on Domain Forwarding page]
  4. Protocol: Protocol type of the VDF record.
  5. Source Domain/IP: Externally visible source domain name or IP of the VDF record through which VPS service will be accessible.
  6. Source Port: Externally visible source port of the VDF record through which VPS service will be accessible.
  7. Destination IP: One of the VPS private (local) IPs on which the VPS will be hosting its service internally.
  8. Destination Port: Port attached to one of the VPS private (local) IPs on which the VPS will be hosting its service internally.
  9. Actions: Provides the option to udpate/delete VDF record.

Operations

Adding VDF record

VPS Domain Forwarding Add VDF record Admin Page

  1. On Domain Forwarding page, click on "NEW"
  2. Fill in following details:
    1. Server: Select the server on which the VPS is hosted. [Available only on Admin Panel on Domain Forwarding page]
    2. VPS: Select the VPS for which you want to add record. [Available only on Admin Panel on Domain Forwarding page]
    3. Protocol: Select HTTP or HTTPS protocol for WEB service and TCP for any.
    4. Source Domain/IP: Select Souce IP if the selected Protocol is TCP. Enter valid domain name if the selected Protocol is HTTP or HTTPS.
      Note: For HTTP/HTTPS, the domain name must point to one of the server's allowed IP. IP address is not allowed to be used as a Source Domain.
    5. Source Port: This is the server's port on which it will listen for request from outside (publically).
    6. Destination IP: One of the IP of the VPS on which to pass on the request internally to the VPS.
    7. Destination Port: Any port on which the service will be listening on within the VPS.
  3. Click on "Add" to add the record.
Modifying VDF record

VPS Domain Forwarding page on Admin panel

  1. On Domain Forwarding page, click on edit icon on right of the VDF record.
  2. Make necessary changes.
  3. Click on Save icon on the right to save the changes made or revert icon to revert back.
Removing VDF record
  1. On Domain Forwarding page, click on delete icon on right of the VDF record.
  2. Confirm to delete.
Removing multiple VDF records
  1. On Domain Forwarding page, select VDF records which you want to remove.
  2. At bottom, select "Delete" option and click on "Go".

Note: After VDF record is added, modified or removed, Virtualizor reloads HAProxy service.


Logs

Virtualizor logs two types of operations related to VDF records.

VDF Records change logs

Whenever any record is added, updated or removed, its details are logged under "VPS and Users" logs "VPS and Users" logs can be accessed by navigating to:

  1. Admin Panel > Logs > VPS and Users
  2. Enduser Panel > VPS Management > Logs

HAProxy service logs

  • HAProxy service configuration changes made by Virtualizor are logged under Tasks page.


HAProxy Service Management

HAProxy service can be managed from "Servers" tab under Domain Forwarding page on Admin Panel


VPS Domain Forwarding page on Admin panel

It displays:

  • ID: Virtualizor server's ID
  • Server: Virtualizor server's name
  • Enable: Yes/No, HAProxy enabled on this server
  • Status: HAProxy service running, stopped, or in error state
  • Actions:
Currently two actions are supported:
Remap Source IPs:
If source IPs have been modified, new IPs can be mapped to already existing old source IPs of the server in HAProxy configuration
Reload HAProxy service:
When reloading HAProxy service, Virtualizor updates HAProxy configuration with any changes already made and reloads HAProxy service

To view back VDF Records page click on "List Records" button

VPS Migrations

  • When VPS is migrated from source to destination, Virtualizor also attempts to migrate that VPSes VDF records after verifying that these records do not conflict with one on destination server.
  • Virtualizor allows us to decide whether to stop migration if the records conflict or ignore conflicts and just migrate VPS without migrating VDF records.
  • This option can be controled by "Ignore Domain Forwarding if conflict" option on migration page.

VPS Domain Forwarding page on Admin panel

  • For multiple VPS migration or VPS clonning, this option is by default ON .
  • For single VPS migration, this option is by default OFF, that is, if any conflict occurrs VPS will not be migrated.

Private Network Configurations

Below we show you example private network configuration on different nodes with specific virtualization.

We will create internal network with following details:

  • Network: 10.0.0.0
  • Netmask: 255.0.0.0
  • Prefix: 8
  • Gateway: 10.0.0.1
  • Usable IPs: 10.0.0.2 to 10.0.0.50

KVM, LXC, OpenVZ 7 and XEN

Login to command line console as root and follow below steps on host where you want internal network with working Internet access:

  1. Create internal network (eg network and bridge name: VirtualizorHAProxyNetwork) on the host
    1. Navigate to /etc/libvirt/qemu/networks
    2. Create a new xml file with network_name (eg VirtualizorHAProxyNetwork) as filename and with following content:
    3. <network>
        <name>VirtualizorHAProxyNetwork</name>
        <forward mode='nat'/>
        <bridge name='VirtualizorHAProxyNetwork' stp='on' delay='0' />
        <ip address='10.0.0.1' netmask='255.0.0.0'>
        </ip>
       </network>
      
    4. Define this network by running following command:
    5. virsh net-define /etc/libvirt/qemu/networks/VirtualizorHAProxyNetwork.xml
      
    6. Set to auto start this network by running following command (replace network name VirtualizorHAProxyNetwork with the one you created in below command):
    7. virsh net-autostart VirtualizorHAProxyNetwork
      
    8. Start this network by running following command (replace network name VirtualizorHAProxyNetwork with the one you created in below command):
    9. virsh net-start VirtualizorHAProxyNetwork
      
  2. Now create an IP Pool with internal network details through Virtualizor Admin Panel:
    1. Navigate to Admin Panel > IP Pool > Create IP Pool
    2. Select the server where you have setup the internal network
    3. Provide a meaningful name for this pool
    4. Set according to our example network:
      • Gateway to: 10.0.0.1
      • Netmask to: 255.0.0.0
      • Nameserver 1: 8.8.8.8
      • Nameserver 2: 8.8.4.4
      • First IP: 10.0.0.2
      • Last IP: 10.0.0.50
      • Enable VLAN: checked
      • VLAN Bridge: BRIDGE_NAME you set when creating it (VirtualizorHAProxyNetwork)
    5. Click "Add IP Pool" to save the new pool
  3. Create VPS with any one of the IPs in the above IP range. The VPS will have a working internet access

  4. Done!

XCP

Login to command line console as root and follow below steps on host where you want internal network with working Internet access:

  1. Create internal network (name: VirtualizorXCPHAProxyNetwork) on the host by running following command:
  2. xe network-create name-label="VirtualizorXCPHAProxyNetwork"
    
  3. Get the bridge name of this internal network:
  4. xe network-list name-label="VirtualizorXCPHAProxyNetwork" params=bridge
    
  5. Create a udev rule to run a script once this bridge is updated
    1. Navigate to path /etc/udev/rules.d/
    2. Create a file named VirtualizorXCPHAProxyNetwork.rules and add following content:
    3.  SUBSYSTEM=="net" ACTION=="add" KERNEL=="xapi*" RUN+="/etc/udev/scripts/VirtualizorXCPHAProxyNetwork.sh"
      
    4. Navigate to path /etc/udev/scripts/
    5. Create a script file named "VirtualizorXCPHAProxyNetwork.sh" to set the bridge IP as gateway IP and netmask mentioned above, for this put following content in this sh file:
    6. #!/usr/bin/sh
      bridge=`xe network-list name-label=VirtualizorXCPHAProxyNetwork params=bridge minimal=true`
      ifconfig $bridge 10.0.0.1/8
      
    7. Make this script file executable by running following command:
    8. chmod +x VirtualizorXCPHAProxyNetwork.sh
      
  6. Set the host to forward IPv4 by running following command:
  7. echo "1" > /proc/sys/net/ipv4/ip_forward
    
  8. Set the network interface having the public IP in MASQUERADE mode. Assuming xenbr0 is the primary interface with public IP run below command:
  9. iptables -t nat -A POSTROUTING -o xenbr0 -j MASQUERADE
    
  10. Now create an IP Pool with internal network details through Virtualizor Admin Panel:
    1. Navigate to Admin Panel > IP Pool > Create IP Pool
    2. Select the server where you have setup the internal network
    3. Provide a meaningful name for this pool
    4. Set according to our example network:
      • Gateway to: 10.0.0.1
      • Netmask to: 255.0.0.0
      • Nameserver 1: 8.8.8.8
      • Nameserver 2: 8.8.4.4
      • First IP: 10.0.0.2
      • Last IP: 10.0.0.50
      • Enable VLAN: checked
      • VLAN Bridge: xapi0
    5. Click "Add IP Pool" to save the new pool
  11. Create VPS with any one of the IPs in the above IP range. The VPS will have a working internet access
  12. Done!

OpenVZ

  1. Create an IP Pool with internal network details through Virtualizor Admin Panel:
    1. Navigate to Admin Panel > IP Pool > Create IP Pool
    2. Select the server where you want to setup internal network
    3. Provide a meaningful name for this pool
    4. Set according to our example network:
      • Gateway to: 10.0.0.1
      • Netmask to: 255.0.0.0
      • Nameserver 1: 8.8.8.8
      • Nameserver 2: 8.8.4.4
      • First IP: 10.0.0.2
      • Last IP: 10.0.0.50
    5. Click "Add IP Pool" to save the new pool
  2. Create VPS with any one of the IPs in the above IP range. The VPS will have a working internet access

  3. Done!