Table of Contents

Introduction

Chroot VPS is a method of implementing multiple servers in a single machine. This method is different from Virtualisation or UML (User Mode Linux) because it doesn't require to run multiple kernel in the same machine.

It is also different from Virtual host, because chroot VPS will give user maximum control to the service they are using, Chroot User can install application or software, modify their own web or mail server, turn on/off services and so on.

why Chroot VPS? because i found Virtualisation or UML is SLOW.

well, there are some security risks you have to take care if you run Chroot VPS, i will explain later.

Anyway, i am still new to this but i am willing share my knowledge on chroot VPS.

First thing First

Things you need for a host machine

Setup a Virtual LAN

If you run multiple servers, you need Virtual LAN and you need services in the guest server to bind to a specify IP. 

# vconfig add eth0 1
# ifconfig vlan1 192.168.2.201 up
#ifconfig
eth0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
        inet addr:192.168.2.200  Bcast:192.168.2.255  Mask:255.255.255.0
        inet6 addr: fe80::21c:c0ff:fe34:e1c6/64 Scope:Link
        UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
        RX packets:207371 errors:0 dropped:0 overruns:0 frame:0
        TX packets:188315 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:100
        RX bytes:45757908 (43.6 MiB)  TX bytes:71616500 (68.2 MiB)
        Memory:d0380000-d03a0000

lo      Link encap:Local Loopback
        inet addr:127.0.0.1  Mask:255.0.0.0
        inet6 addr: ::1/128 Scope:Host
        UP LOOPBACK RUNNING  MTU:16436  Metric:1
        RX packets:144334 errors:0 dropped:0 overruns:0 frame:0
        TX packets:144334 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:0
        RX bytes:21849482 (20.8 MiB)  TX bytes:21849482 (20.8 MiB)

vlan1   Link encap:Ethernet  HWaddr 00:00:00:00:00:00
        inet addr:192.168.2.201  Bcast:192.168.2.255  Mask:255.255.255.0
        inet6 addr: fe80::21c:c0ff:fe34:e1c6/64 Scope:Link
        UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
        RX packets:0 errors:0 dropped:0 overruns:0 frame:0
        TX packets:75 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:0
        RX bytes:0 (0.0 B)  TX bytes:9623 (9.3 KiB)

NOTE: vlan1:192.168.2.201 will be the IP address you will need to you for all services in your chroot guest server.

Setup a Guest Server

The next thing is to decide which guest server do you want ? you can use debootstrap to build the following guest server

  1. Debian Stable/Unstable/Testing/Experimental
  2. Ubuntu Inteprid/Gutsy/Dapper
  3. other debian based

Prepare new space

you probably do not allow guest server to utilise full capacity of your hard disk. so you may need to allocate a portion of the disk space to your guest server. The easiest way is to create a disk image with limited size. 

# dd of=new_server.img if=/dev/zero bs=1024 count=1000k

This example will create a new image file called new_server.img with 1GB size 

# mkfs.ext3 new_server.img

it will format new_server in ext3 filesystem, if you dont like ext3, try other filesystem as you like

Get my guest server ready

Let's get our new guest ready 

# mkdir /tmp/new_server
# mount -o loop new_server.img /tmp/new_server

our new server is still empty, let check it's free space 

# df|grep new_server
/tmp/new_server.img
                     1007896     17668    939028   2% /tmp/new_server

Ah! it shows you this image file only consume 2% of disk space, let's continue install our favorite Guest distro 

# debootstrap etch /tmp/new_server/ http://www.debian.org
# debootstrap intrepid /tmp/new_server/ http://archive.ubuntu.com/ubuntu

setup your /tmp/new_server/etc/hosts 

192.168.2.207 localhost neserver newserver.myrinix.com

PS : i do not recommend to include 127.0.0.1 due to security reason, and i do not wish all the services from the guest will run on loopback (127.0.0.1) ip.

setup your /tmp/new_server/etc/hostname 

newserver.myrinix.com

Install Applications (Debian based)

Install any applications that you think you need it 

# chroot /tmp/new_server
# apt-get install apache2 mysql-server postfix ssh ...

Make sure your services bind to the correct IP

This step is essential, because you do not want your server be able to all network interfaces. it may stop other guest server to run properly.

SSH Daemon

By default, SSH daemon will listen to all interface. 

# netstat -lnp|grep ssh
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      4654/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      4654/sshd
unix  2      [ ACC ]     STREAM     LISTENING     27607    5769/gnome-keyring- /tmp/keyring-eBUfTu/ssh
unix  2      [ ACC ]     STREAM     LISTENING     26098    5494/ssh-agent      /tmp/ssh-vEIohK5433/agent.5433

we do not want it because it may misbehave if you have more than 1 chroot guest server running. We only need SSH to listen to certain ip (ex: 192.168.2.201).

so we edit the file /etc/ssh/sshd_config Locate 

#ListenAddress 0.0.0.0

replace 

ListenAddress 192.168.2.201

we check it again 

# netstat -lnp |grep ssh
tcp        0      0 192.168.2.201:22        0.0.0.0:*               LISTEN      7288/sshd
unix  2      [ ACC ]     STREAM     LISTENING     27607    5769/gnome-keyring- /tmp/keyring-eBUfTu/ssh
unix  2      [ ACC ]     STREAM     LISTENING     26098    5494/ssh-agent      /tmp/ssh-vEIohK5433/agent.5433

we had done!

NOTES : for SSH access, you may need to bind pts device in your guest server, otherwise you will not be able to gain terminal access from remote. here it is. 

# mount -t devpts none /dev/pts

Visit this page for more How to bind services to specified ip