LXC containers are great for application isolation and safe deployment. Running unprivileged containers is the safest way to run containers in a production environment. This note contains enough information to create your own safe container.
I've completed setting up my comfort set of LXC containers and want to save some points I spent a lot of time for or things for copy-paste.
I used the official Ubuntu Server Guide but note at Digital Ocean knowledge base also helped me a lot. I created 3 containers: one for vpn, one for site on Drupal and last one as www proxy for second one with nginx only.