Server Guide and Blog

Rock Your Linux


VirtualBox Manager Pro – Machine Status Check Plus More

Added to VirtualBox Pro is status checking. When you login to the host your virtual machines are displayed with on/off information. In the onCreate a thread is launched that scans the server for machine status; it then updates the UI thread accordingly. I’ve also added header icons to replace the default one, and a new menu item has been added. The new menu item, in the free version, will not change. It currently dispalys information regarding upcoming features. In the Pro version the features will be implemented.

The Pro version will soon have the ability to login to individual machines, hosts or virtual machines, and scan for running processes. It will display the status of the running process and give the ability to start, stop, or reset it. Theoretically the list can be the entire contents of ps aux, but at first I will probably restrict it to Apache, Mysql, Sendmail, and Dovecot. The user can start, stop, and reset the processes the same way virtual machines are controlled in the current application. I should be done with the new features within a week or so.

Downloads look promising. In the first week there were about 250 downloads. I think this should grow being that first week downloads is always random. Users searching for random keywords to see what apps exist. As a reputation builds downloads should also be driven by word of mouth and hopefully a listing in the tops apps. In time, we’ll see. The paid version is off to a slow start, but as the free version grows in popularity I expect sales to pick up given the powerful features only available in the Pro version.


VirtualBox Manager – Whats Next?

There is a small bug on the delete hosts page that will be fixed. I’m going to keep the max number of hosts, at this time, to 7 to support smaller screens without having to rewrite the code to support multiple pages of hosts. I’m going to add, at mininum, an additional class where I want to allow users to connect to the virtual machine itself to run commands. I will configure the virtual machine menu the same way as the host control menu. VirtualBox Manager will scan the virtual machine and display buttons with relevant servers that are running. For example if the machine has apache, sendmail, and mysql it will detect them and display a button for each service. The user can then start, stop, or reset the service.

I should have this update implemented in the next couple of days. I will also set a toggle in the main menu to enable a main application password required before connecting to any host. Although I may reserve this feature for the enterprise level application.


SSL Implementation – StartSSL

Implementing SSL on your server is relatively straight forward. Its funny how things always seem relatively straight forward after you finally get it implemented. Apahce2, in Debian, starts with the ports.conf file. Add NameVirtualHost *:80 to support regular virtual hosts, and also a *:443.

Enable mod ssl:

sudo a2enmod ssl

Then for your regular virtual hosts change:

<VirtualHost *:80>

Without ssl you need not distinguish between ports and can just use a wildcard (*).

In the ssl virtual host block add the parameters to reference the certs and keys and the document root:

DocumentRoot /var/www/html2
SSLEngine on
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/DigiCertCA.crt

For this website the document root is the same that is defined in the non ssl virtual host block. The cert was created using StartSSL and is just a regular cert. The EV certs are pretty interesting being that they turn the address bar green in modern browsers; they cost some money though and required a business entity. While this entire website can be accessed using ssl, there are many links in the code that point only to http, which break ssl encryption requirements. The admin area, on the other hand, is fully ssl encrypted. You can force wordpress to use ssl for the entire admin area using (in your wp-config.php file):

define('FORCE_SSL_ADMIN', true);

Place the above code underneath the already existing ‘define’ parameters. Now when you navigate to wp-admin it will automatically load the login page as https. Just remember to configure port forwarding of 443 to your server. You should also implement a plugin called user locker. Yes the admin area may be encrypted, but this does not handle brute force attacks. User locker is kind of like fail2ban at the server level. I recommend fail2ban use always!! Especially to handle ssh brute force attacks on systems that require password login to be enabled.


Apache2 Virtualhosting with a Single SSL Host

To start, Apache2 cannot process multiple ssl virtualhosts. It can handle multiple regular virtualhosts, and a single ssl host.

Name-based virtual hosting cannot be used with SSL secure servers because of the nature of the SSL protocol. [1]

NameVirtualHost IP1:80
NameVirtualHost IP1:443
ServerName main_server:80
DocumentRoot "/var/www/html"
ServerName 2nd_server:80
DocumentRoot "/var/www/2nd_server"
ServerName 3rd_server:80
DocumentRoot "/var/www/3rd_server"
ServerName main_server
DocumentRoot "/var/www/secure_html"
SSLEngine on

I plan to implement a store to sell various items, and I want to make people feel comfortable. To feel comfortable the visitor needs to see the lock icon in their web browser, and maybe a third party certification so the title bar becomes green in newer browsers.


Server and Backup Layout

Both the master and slave servers reside on a host machine. Clearly the servers are virtual machines. Its strategic to use virtual machines because the host machine remains useful for a variety of other tasks. The virtual server compartmentalize the functions to a discretely backupable file. In my particular arrangement the master server is synchronized with the slave server. The slave server has the same applications installed as the master. A fully functional apache web server with php and mysql support. The mysql database is synchronized as a replicate in real time, and rsync is used to sync the apache web root. In the rsync function I skip the wordpress and wiki config files, in which I reference the mysql server on the slave machine. Doing so allows server2 to be a drop in replacement for the master just by switching the port forwarding settings in the router. I would have to reconfigure my.cnf as the master in such a transplanation. The mail server has spamassassin and clamav installed on master and slave and /var/mail are synchronized to keep a relatively real time backup.

Then once a day the slave server is backed up. Vboxtool handled this seamlessly. Vboxtool stops the virtual machine, transfers it, and automatically restarts it. The initial backup is done to backup1. Then rsync is used to backup the home folder on my host system. I also use the computer for my own personal things, which are effectively backed up to backup1. Then, subsequently, the host initiates an rsync of backup1 to backup2, then to backup3. I have a rsync duplicate of backup1 on backup2 and backup3.

The host also is a MythTV server, and backup3 is the client that is subsequently connected to the TV. I have my various hosts relatively diversified and multitasked.


VirtualBox – Peaking Interest as a Serious Competitor

I’ve said for year VirtualBox was good stuff. I’ve used it since it was previously owned directly by Innotek. Now that Sun has purchase the relatively small European company, the software has exploded with new features and stability. Years ago usb support was in its infancy. Now its robust. Years ago processor support was limited, now its fully SMP enabled. I like the nested paging option reducing ram overhead, and integrating guests into, rather than partitioning, the host. A while back there was problems with the host processor no syncing completely with the guest, causing load when no guest load was present. This was resolved a long time ago, and now running multiple machines only causes load on the lost when load is indeed in the guest. My system has run stably for a long time now, only requiring host reboots when new updates are available.

How can paid system compete with free? I can understand in a Corporate environment commercial support may be needed. In such an application I would imagine Sun provides commercial level support for their VirtualBox product. This is indeed the case for the paid systems of Vmware, Parallels, and others. But ultimately if in house tech support is up to the task VirtualBox is a free product. This also allows for people to get their hands on it for learning purposes. I have learned VirtualBox by working it for years. I am very much discouraged to learn many software packages because I would have to pay for it. I will not be learning Windows 7 for this reason.

San Francisco – Desktop virtualization is one of those technologies that confound the experts. Just when you think you’ve got it figured out, along comes some interloping development to upset the apple cart. Most recently, that role has fallen to Sun’s VirtualBox, the plucky open source VM solution that’s quickly gobbling up the general-purpose desktop virtualization space left vacant by Microsoft and VMware. Users from the three major platforms — Windows, Mac OS X, and Linux — are flocking to VirtualBox for its scalability, robust networking, and bargain price point (it’s free).[Source]