Looking someone to make minimal openvz templates for us
Hii,
Hope you guys are doing awesome!
I'm looking for someone to make minimal openvz templates for us.
This will be used for nat vps, so expecting real minimal template ram/disk consumption by default.
Debian 9,10 and 11 , Ubuntu 18 & 20 , CentOS 7
no hurries but expecting to be completed in a week, incase more let me know.
payment - paypal or in kind (services from webhorizon) or some other way (?) as per your choice.
if any guys are got free time on hands / are interested to help please PM your price and expected completion.
Thanked by (1)Ganonk
Comments
I would strongly advice against using OS templates from random person from internet, as it creates huge security risk (some intentional backdoor or unintentional mistake) for your customers and your reputation
see what happened in the past:
https://support.solus.io/hc/en-us/articles/360019368659
https://talk.lowendspirit.com/discussion/2508/vulnerability-in-solusvm-debian-10-template-debianuser-backdoor-default-user
Why not just make them yourself?
Install the OS on a VPS, remove everything you don't need, remove network config and make a gzip backup.
This is how I modified my LXC templates.
HostCram LLC - Web Hosting Built For Speed, Reliability, Security & Uptime! [We operate AS39618]
I would install the bare minimal, upgrade, if you need to install something else.
zip and use.
yeah I get what you guys be saying, ... our existing templates are made by me.
I feel they are not minimal enough.
Perhaps I should've asked for idea on which packages be kept, I was to be checking the templates once made for such risks ...
anyways just discovered this similar old thread and will continue with this https://talk.lowendspirit.com/discussion/292/what-do-you-want-to-see-in-a-minimal-template-openvz-7
https://webhorizon.net
I don't care what's pre-installed, because I can clean them up:
The
apt-mark auto $(apt-mark showmanual)
marks every package to be deleted, and thenapt install
re-selects the packages I need.I hate that OpenVZ still wants deprecated
net-tools
…Don't run this on your KVM because it would delete the kernel.
Accepting submissions for IPv6 less than /64 Hall of Incompetence.
We have a related post on our blog now, Reduce Debian 10 to Minimal Environment using you can make your install minimal yourself. instructions for both kvm & ovz Thanks for all you guys help
https://webhorizon.net
I use a modified https://github.com/frieder/dab-templates to create LXC templates for Proxmox LXC
You can try alpine.
I converted CentOS 7 to alpine in ovz7, and it works well.
https://uk.lxd.images.canonical.com/
Yup! I already added alpine yesterday on NAT & VZ VPS line.
https://webhorizon.net
nice
I bought the NAT bundle, reinstalled all nodes with Debian 11.
I noticed that all five containers have the same SSH host key, which means the host key was included in the template.
This is not good because it allows MITM attack.
The template should not contain any SSH host key.
SSH server will automatically generate host keys upon first boot.
Accepting submissions for IPv6 less than /64 Hall of Incompetence.
This was written for Debian 10.
In Debian 11, the
apt install
line must also includeifupdown
.Otherwise, you'll lose access as soon as you get to
apt autoremove
line.Sadly, OpenVZ7 depends on this deprecated package…
In Debian 10,
ifupdown
was a dependency ofresolvconf
so I didn't write it explicitly; in Debian 11, the dependency becomes an enhancement so it needs to be listed separately.Accepting submissions for IPv6 less than /64 Hall of Incompetence.
thanks for pointing, I have corrected the Debian templates.
https://webhorizon.net
Alpine templates does not set ipv4 nameserver, It can't run
apk update
.And Sgp nat domain forwarding maybe not work.
please make a ticket to check.
It works fine as I tested on another SG VM
https://webhorizon.net