LXC containers are great for application isolation and safe deployment. Running unprivileged containers is the safest way to run containers in a production environment. This note contains enough information to create your own safe container.
I’ve completed setting up my comfort set of LXC containers and want to save some points I spent a lot of time for or things for copy-paste.
I used the official Ubuntu Server Guide but note at Digital Ocean knowledge base also helped me a lot. I created 3 containers: one for vpn, one for site on Drupal and last one as www proxy for second one with nginx only.
This Python script retrieves computer’s external IP address (using internet.yandex.ru) and emails message with new IP if IP has been changed since last check. BeautifulSoup module is needed, so install it if you have no installed version:
Firstly you need to install webserver, php-related stuff and database server (we use PostgreSQL).
apt-get install -y php5-fpm nginx postgresql php5-pgsql
To enable tun device in OpenVZ containers tun module - needs to be loaded in the host system (in my case CentOS 6.4) - containter (in my case Ubuntu Server 12.04) must be allowed to use tun