Hosting via VPN
Using OpenVPN and VMs for cheap, flexible and resilient hosting
Making the most out of limited resources series.
We will look at how CPU and storage heavy, but low traffic sites can be hosted in the “cloud”, providing cost savings but also a bit of resilience.
Managed services and virtual server hosting are very cost effective, heavily reducing the costs of IT infrastructure, thereby making a variety of basic IT services such as office productivity and storage accessible to even the most cash strapped of CSOs.
For tech heavy CSOs with custom developed hosted services with heavy CPU or storage requirements, but low traffic and demand however the costs especially storage can be prohibitive. Often these are services that do not have funding for a rewrite to make use of different dynamic pricing cloud services either.
Services such as Malaysian Government Documents Archive or Parliamentary Documents provides full text indexing and searching for gigabytes of document archives. For the most part these are unfunded projects, but remain an important public resource for researchers and journalists that should remain online and accessible.
With limited funds for hosting (less than USD50/month ie. out of your own pocket), then there is a workaround that is currently in use at Sinar Project.
Using OpenVPN for consistent IPs on different networks
OpenVPN provides clients with a reliable internal static IP address regardless of which network the clients are on. This provides somewhat reliable access to various virtual servers and services on VMs on random cheap home ISP network connections with a dynamic IP address.
With OpenVPN server on virtual server with public IP address, there is a single point of access to the wider Internet to all the virtual servers with connecting OpenVPN client.
HTTP Proxy services such as haproxy, pound or even even via nginx can then manage virtual hosting proxy connections to the different OpenVPN clients. For better latency and performance, additional layer of caching can be added with services such as varnish.
This cheap single virtual server with single public IP address is of course a security risk and single point of failure. This IP and server can, and should be hidden behind a service such as CloudFlare which also provides caching, anti-DDOS and https services.
VM images for offsite backup and redundancy
This set up was also taking into consideration, worse case scenario in which office was shut down or hardware confiscated due to a raid.
VM images are stored as ZFS volumes on FreeNAS server at the office, which can easily be exported to external storage or replicated via remote ZFS snapshots.
As long as there is a desktop, server or laptop connected to the Internet allowing OpenVPN connection, anywhere in the world, that can load up a copy of the VM image, we can keep the services up and running.
As a result, we can probably keep all of Sinar Project online services running with the worse case scenario of USD10/month with a few volunteers with somewhat reliable broadband connections, willing to keep a server or run a VM image off their desktop at home or office.