Introducing CloudLinux to our cPanel hosting servers

Over the past few weeks, BGSA Web Hosting have been rolling out CloudLinux on our web hosting, master reseller hosting and normal cpanel reseller hosting servers.


What is CloudLinux?

CloudLinux is an operating system that uses lightweight virtualization to improve the performance and stability of the server. Using some of the latest technology usually found in cloud environments, it brings some massive benefits to a regular hosting environment. In a shared web hosting environment, one web server is shared between a number of users. This means that all users on the server share access to the CPU/Processor, the Memory and the Hard Disks. In a shared environment, it was previously possible that one user could install a bad script or run some bad software (often unintentionally), make a coding/programming error or be responsible for some other mishap that could potentially severely slow down or even crash the server. This causes pain and downtime for all of the users on the server.

CloudLinux ensures that each user on the server is given a finite amount of resources that they cannot exceed. We’ve set these resources at approximately 200-300% of the limits mentioned in our AUP to be more than generous. This roughly equates to each user on the server getting 2 full CPU/Processor core and 1GB of RAM. Obviously we’re not allowing you to use all of that permanently (you need a VPS if you need this amount of resources permanently) but these are here to allow you to burst during busy times (peak visitor times, installing/upgrading software, etc).

Note – the above is for web hosting and reseller hosting.

Posted in General | Leave a comment

Hire remote staff and the benefits it can bring to you and your business

We are web hosting and managed outsourcing / offshoring business in the Philippines. What makes us different is that we provide virtual staff for a low flat monthly rate to our customers, who are then able to grow a team of offshore staff that are familiar with your business and how you like things done.

  • choose from our large data base of English proficient virtual assistants who are trained in relevant outsourcing skills;
  • saves you up to 70% of your recruitment budget;
  • saves you up to 70% of your payroll budget;
  • gives you a 14-day or less guarantee of right job placement from a pre-screened 100 applicants;
  • allows you a swap/replace of virtual employees;
  • gives you flexible hours – we can match the working hours of your virtual staff according to your schedule preference.
  • provides extensive project management system to assure you of the productivity and work flow of your own virtual assistant;
  • helps you Manage Remote Employee Effectively” through our – Screen Sharing, Instant Messaging, Document Sharing & Collaboration Technologies;

For more information contact us


Posted in Featured | Leave a comment

How to Install Minecraft Server on CentOS VPS

Virtual servers are the ideal hosts for minecraft servers. Setting up a Minecraft server is simple, but there are a few requirements you must double-check:

– Xen-based VPS is better due to differences in how Java works with OpenVZ and Xen, a Xen server is recommended for best performance.

– At least 1gb of RAM. Less will work for a small server, but 1gb or more is recommended.

– CentOS i386/x86_64 Operating system

On to the Minecraft server setup:

1. Start by installing Java-JDK:

# yum install java-1.6.0-openjdk
2. Check if Java was installed:

# which java
The following will be displayed if it was properly installed:

# /usr/bin/java
3. Switch to the root directory, if you’re not there already:

# cd
4. Create a directory for Minecraft:

# mkdir Minecraft
5. Enter the directory:

# cd Minecraft
6. Download Minecraft:

# wget
7. CHMOD the Minecraft .jar like so:

# chmod +x minecraft_server.jar
8. Minecraft is now installed. You’ll now need to install “screen” to keep the Minecraft server running after the SSH session is closed.

# yum install screen
9. Use the screen and run Minecraft. Enter screen:

# screen
10. Start up Minecraft (you can edit the 1024M value to match your server’s RAM):

# java -Xmx1024M -Xms1024M -jar minecraft_server.jar nogui
To get back to the normal screen, press these keys: Control+A+D

To get back to the screen where Minecraft is running:

# screen -r
You should now be off and running with a fully functional Minecraft server!

We offer Minecraft Game server on VPS, just contact us

Posted in Tips and Tricks, VPS Hosting | Leave a comment

How to install and configure OpenVPN OpenVZ Ubuntu

This howto will show you how to install OpenVPN inside an OpenVZ VPS on Ubuntu.

OpenVZ supports VPN inside a container via kernel TUN/TAP module and device.
First thing you need to do is to enable TUN/TAP if you didn’t already:

Enable TUN/TAP from your VPS Control Panel

Ubuntu 10.04

First, install the openvpn package:

sudo apt-get install openvpn

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn
cd /etc/openvpn/
sudo gunzip server.conf.gz

This will copy and unpack the example server config. The sample config uses the ip range and subnet
Edit the server.conf file with your favorite editor:

nano /etc/openvpn/server.conf

Now you need to uncomment the following (remove the “;” in front of the line):
push “redirect-gateway def1 bypass-dhcp”
push “dhcp-option DNS
push “dhcp-option DNS

Copy the necessary files to to create our certificates:

sudo mkdir /etc/openvpn/easy-rsa/
sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
cd /etc/openvpn/easy-rsa
We need to adjust the vars file, which contains the settings for the certificates.
Please keep in mind that the ‘country’ field may only contain 2 letters.

Open the vars file and go to the end.
The default file contains:

# These are the default values for fields
# which will be placed in the certificate.
# Don’t leave any of these fields blank.
export KEY_CITY=”SanFrancisco”
export KEY_ORG=”Fort-Funston”
export KEY_EMAIL=”me@myhost.mydomain”
You can modify these values if you like.
After that create the necessary key and CA’s:

Creating server certificates

cd /etc/openvpn/easy-rsa/
source vars
./pkitool –initca
./pkitool –server server

This will build your proper certificates based up the example files slightly editted. I recommend this for non-advanced users and first-timers.

Creating client certificates

cd /etc/openvpn/easy-rsa/
source vars
./pkitool hostname

Remember to replace hostname with the name of the client you want to connect. This can be used as an identifier for example “client1”
You’ll need to do 1 thing more to fix the routing. That is to route the traffic from tun0 to the interface that provides internet (venet0:0 by default).

iptables -t nat -A POSTROUTING -s -j SNAT –to-source your_vps_ip

Since we can’t use the MASQUERADE command, we need to use SNAT. Also only full interfaces are supported (So venet0:0 isn’t compatible with the -o option). That’s why I cover this on a static IP based configuration. This will route all network traffic on to the internet-supplying interface.

sudo /etc/init.d/openvpn restart

COnfigure your VPN client on your computer:

The client will need the following files

Create a config file, for example yourvpn.ovpn and change the certificate settings to include the files above:

In the line “remote hostname 1194” change “hostname” with your VPS hostname that will match the certificate.
Also change the ssl settings in case you used a different name for the client certificates then yourvpn:

#Sample config file

dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote hostname 1194
;remote my-server-2 1194

# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don’t need to bind to
# a specific local port number.

# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody

# Try to preserve some state across restarts.

;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.

# SSL/TLS parms.
# See the server config file for more
# description. It’s best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca ca.crt
cert yourvpn.crt
key yourvpn.key

# Verify server certificate by checking
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
# Enable compression on the VPN link.
# Don’t enable this unless it is also
# enabled in the server config file.
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20

When this is done, import the client files into your favorite openVPN client and you should be ready to go.
To confirm the connection you can try to ping the server locally ( or connect to the internet through a web browser.
If some things don’t work out, please contact us.

Posted in Tips and Tricks, VPS Hosting | Leave a comment

Memory usage seems too high inside a VPS

There are cases when you may notice that the memory usage is too high inside your VPS without a specific reason.

This may happen because of how OpenVZ calculates the memory used by your applications, most visible with Java applications or other servers using threads (Apache with mpm_worker or mpm_event).

You can read more here:

A solution as explained in the article above is to decrease the stack size since the default value is too high in almost all cases.

For example, we installed Apache with mpm_worker in a VPS with MaxClients set to 25 and the threads per child set to 25 also. While 25 concurrent requests is not much the memory usage for that Apache spiked to 300MB. That’s a little too high.

We then edited /etc/init.d/httpd (on CentOS, for other distributions it may be called apache2) and added: ulimit -s 256 on a separate line in the file, at the beginning like this:

# Source function library.
. /etc/rc.d/init.d/functions
ulimit -s 128

if [ -f /etc/sysconfig/httpd ]; then
. /etc/sysconfig/httpd

After restarting Apache, the total memory used went down to around 30MB, which is acceptable.

This also works for other applications like MySQL for example.

Posted in Tips and Tricks, VPS Hosting | Leave a comment

How to setup a VPN server on a CentOS OpenVZ VPS instantly

We have made a small and dirty bash script which installs and configures OpenVPN on CentOS 5 32bit. The VPN server’s primary (and only) use is for safe browsing i.e. tunneling all your traffic through your VPS. The script also generates your client configuration file along with the necessary keys for authentication.


1. CentOS 5 32bit minimal OS template

2. TUN/TAP device enabled on your VPS

3. iptables NAT support, Just ask your VPS support to setup NAT

# iptables support
vzctl set YOUR_VEID --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save
vzctl start YOUR_VEID

Make sure they will replace ‘YOUR_VEID’ with your VPS’s VEID and you will be ready to roll

Login to your VPS as root and execute the following commands

chmod +x

You will be prompted to enter values for your server and client certificate, feel free to accept (hit enter) the default values. Its not recommended to setup a password for your server certificate as you will have to type in the password each time you wish to start/restart the openvpn daemon.
You can however set a password for your client’s certificate since it offers extra level of protection in case your certificate and key files are compromised. You will be prompted for that password each time you connect on your VPS’s VPN.

After the script finished installing openvpn (should be very quick) the client keys and the openvpn clientconfiguration file will be archived in /root/keys.tgz
You may use a sftp/scp client such as winscp or filezilla to download the archive on your computer.

If you already haven’t installed openvpn for windows you may do so now.
You may use winrar or 7zip to extract the content of keys.tgz in C:\Program Files\OpenVPN\config\VPN (create a folder named VPN there)
After you have extracted the files from keys.tgz in the above folder, you may start openvpn-gui from the start menu, right click the tray icon, go to VPN and click connect. After the icon turns green all your traffic will be forwarded through your VPS, no extra configuration on your browser/IM client/email client is required.

If you’re facing issues make sure that your computer clock is synchronized, if so make sure that your VPS’s clock is correct as well. If it’s not you will have to ask your host to sync it.

For any other issues and feedback please e-mail us at


Posted in General, Tips and Tricks, VPS Hosting | Leave a comment

Where to next?

We’re always looking to expand to new locations. Our current locations are:

Chicago, USA
Czech, Europe (Soon)

So I want to ask you: if we were to open a new location for our VPS’s what would be the best location for you?

Posted in Dedicated Server Hosting, VPS Hosting | Leave a comment

Basic VPS security checklist precautions

We have a customer that has been hacked. So I decided to make a short checklist for basic VPS security precaution. Obviously security is a vast subject and you should hire a system administrator to take care of your VPS security if you don’t have the know how.

Here’s the basic list:

1. Use strong passwords – Your passwords must have at least 8 characters or more, password contents small and capital letters, alphanumeric and special charaters. Or setup keys for SSH authentication from your desktop PC. This applies for the root your VPS.

2. Update your server – First time you login to SSH you should update your system (yum update in CentOS and alike, apt-get upgrade in Ubuntu and alike). The OS template that was used when deploying your system may not be up to date. Although we’re trying to keep all OS templates up to date. Make sure you update frequently or set up an update daemon/cron.

3. Disable all daemons/services that you don’t need. For instance, if you need just VPN, it doesn’t make sense to run a mail server or web server. This will reduce the attack surface on your server and you won’t be affected by some of the software vulnerabilities. And you’ll save a lot of memory for the system processes.

4. Consider changing the default ssh ports. Just choose a random number that cropped up from your keyboard, instead of default 22. But don’t rely on this too much, while some of the automatic bots that do brute force will try just on port 22, there’s no excuse for having a weak password.

5. Again, this is just a basic checklist for security pecaution. Talk to a professional system administrator if you don’t have the knowledge or you don’t have the time.

What is your basic security check list?

Posted in Tips and Tricks, VPS Hosting | Leave a comment

Coming soon: the new BGSA Web Services identity

We’ll soon launch our new web site, but in the meanwhile wanted to give you a taste of our new web services identity:


Posted in Featured, General | Leave a comment

How to setup OpenVPN in Xen with Centos 5

Please select CentOS 5 as your OS when you purchase your VPS from BGSA Web Hosting Services or rebuild the VPS via SolusVM control Panel.
Installing OpenVPN:

The packages required to install OpenVPN and it’s dependencies are not available in the standard CentOS repositories. As a result, in order to install OpenVPN, we must install the “EPEL” system. EPEL, or “Extra Packages for Enterprise Linux,” is a product of the Fedora Project that attempts to provide Enterprise-grade software that’s more current than what is typically available in the CentOS repositories. Enable EPEL with the following command:

On 32bit (i386):
rpm -Uvh

On 64bit (x86_64):
rpm -Uvh

Make sure your package repositories and installed programs are up to date by issuing the following command:

yum update -y
Now we can begin installing the OpenVPN software with the following command:

yum install openvpn -y
The OpenVPN package provides a set of encryption-related tools called “easy-rsa”. These scripts are located by default in the /usr/share/doc/openvpn/examples/easy-rsa/ directory. However, in order to function properly, these scripts should be located in the /etc/openvpn directory. Copy these files with the following command:

cp -R /usr/share/openvpn/easy-rsa/ /etc/openvpn
Most of the relevant configuration for the OpenVPN public key infrastructure is contained in /etc/openvpn/easy-rsa/2.0/, and much of our configuration will be located in this directory.
Configure Public Key Infrastructure Variables:

Before we can generate the public key infrastructure for OpenVPN we must configure a few variables that the easy-rsa scripts will use to generate the scripts. These variables are set near the end of the /etc/OpenVPN/easy-rsa/2.0/vars file. Here is an example of the relevant values:

File: /etc/OpenVPN/easy-rsa/2.0/vars :



export KEY_CITY=”SanFrancsico”

export KEY_ORG=”VPN-Organization”

export KEY_EMAIL=”
Alter the examples to reflect your configuration. This information will be included in certificates you create and it is important that the information be accurate, particularly theKEY_ORG and KEY_EMAIL values.

Initialize the Public Key Infrastructure (PKI)
Issue the following three commands in sequence to initialize the certificate authority and the public key infrastructure:

cd /etc/OpenVPN/easy-rsa/2.0/



These scripts will prompt you to enter a number of values. By configuring the vars you can be sure that your PKI is configured properly. If you set the correct values in vars, you will be able to press return at each prompt.

Generate Certificates and Private Keys
With the certificate authority generated you can generate the private key for the server. To accomplish this, issue the following command:

./etc/OpenVPN/easy-rsa/2.0/build-key-server server
This script will also prompt you for additional information. By default, the Common Name for this key will be “server”. You can change these values in cases where it makes sense to use alternate values. The challenge password and company names are optional and can be left blank. When you’ve completed the question section you can confirm the signing of the certificate and the “certificate requests certified” by answering “yes” to these questions.

With the private keys generated, we can create certificates for all of the VPN clients. Issue the following command:

./etc/OpenVPN/easy-rsa/2.0/build-key client1
Replace the client1 parameter with a relevant identifier for each client. You will want to generate a unique key for every user of the VPN. Each key should have it’s own unique identifier. All other information can remain the same. If you need to add users to your OpenVPN at any time, repeat this step to create additional keys.

Generate Diffie Hellman Parameters
The “Diffie Hellman Parameters” govern the method of key exchange and authentication used by the OpenVPN server. Issue the following command to generate these parameters:


This should produce the following output:

Generating DH parameters, 1024 bit long safe prime, generator 2

This is going to take a long time

This will be followed by a quantity of seemingly random output.

The task has succeeded.


Relocate Secure Keys:

The /etc/OpenVPN/easy-rsa/2.0/keys/ directory contains all of the keys that you have generated using the easy-rsa tools.
In order to authenticate to the VPN, you’ll need to copy a number of certificate and key files to the remote client machines. They are:

– ca.crt
– client1.crt
– client1.key

You can use the scp tool, filezilla, or any other means of transferring. Be advised, these keys should transferred with the utmost attention to security. Anyone who has the key or is able to intercept an unencrypted copy of the key will be able to gain full access to your virtual private network.

Typically we recommend that you encrypt the keys for transfer, either by using a protocol like SSH, or by encrypting them with the PGP tool.

The keys and certificates for the server need to be relocated to the /etc/openvpn directory so the OpenVPN server process can access them. These files are:

– ca.crt
– ca.key
– dh1024.pem
– server.crt
– server.key

Issue the following commands:

cd /etc/OpenVPN/easy-rsa/2.0/keys

cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn

These files need not leave your server. Maintaining integrity and control over these files is of the utmost importance to the integrity of your server. If you ever need to move or back up these keys, ensure that they’re encrypted and secured. If these files are compromised, they will need to be recreated along with all client keys.
Revoking Client Certificates:

If you need to remove a user’s access to the VPN server, issue the following command sequence.


./etc/OpenVPN/easy-rsa/2.0/revoke-full client1

This will revoke the ability of users who have the client1 certificate to access the VPN. For this reason, keeping track of which users are in possession of which certificates is crucial.


Configuring the Virtual Private Network
We’ll now need to configure our server file. There is an example file in /usr/share/doc/openvpn-2.1.1/examples/sample-config-files. Issue the following sequence of commands to retrieve the example configuration files and move them to the required directories:

cp /usr/share/doc/openvpn-2.1.1/sample-config-files/server.conf /etc/OpenVPN/

cp /usr/share/doc/openvpn-2.1.1/sample-config-files/client.conf ~/

cd ~/

Modify the remote line in your ~/client.conf file to reflect the OpenVPN server’s name or IP.

File: ~/client.conf

# The hostname/IP and port of the server.

# You can have multiple remote entries

# to load balance between the servers.

remote VPS_IP 1194

Edit the client.conf file to reflect the name of your key. In this example we use client1 for the file name.

File: ~/client1.conf

# SSL/TLS parms.

# See the server config file for more

# description.  It’s best to use

# a separate .crt/.key file pair

# for each client.  A single ca

# file can be used for all clients.

ca ca.crt

cert client1.crt

key client1.key

Copy the ~/client1.conf file(which is the client1.ovpn file mentioned below for the openvpn client in Windows) to your client system. You’ll need to repeat the entire key generation and distribution process for every user and every key that will connect to your network.
Using OpenVPN:

Connect Remote Networks Securely With the VPN

Once configured, the OpenVPN server allows you to encrypt traffic between your local computer and your Linode’s local network. While all other traffic is handled in the conventional manner, the VPN allows traffic on non-public interfaces to be securely passed through your Linode. This will also allow you to connect to the local area network in your Linode’s data center if you are using the LAN to connect to multiple Linodes in the same datacenter. Using OpenVPN in this manner is supported by the default configuration, and if you connect to the OpenVPN you have configured at this point, you will have access to this functionality.

Tunnel All Connections through the VPN
By deploying the following configuration, you will be able to forward all traffic from client machines through your Linode, and encrypt it with transport layer security (TLS/SSL) between the client machine and the Linode. Begin by adding the following parameter to the /etc/OpenVPN/server.conf file to enable “full tunneling”:

File excerpt: /etc/OpenVPN/server.conf

push “redirect-gateway def1”

push “dhcp-option DNS”


Now edit the /etc/sysctl.conf file to modify the following line to ensure that your system is able to forward IPv4 traffic:

File excerpt: /etc/sysctl.conf

net.ipv4.ip_forward = 1

#net.ipv4.tcp_synccookies = 1 ‘comment this line’

Issue the following command to config it:

sysctl -p
Issue the following commands to configure iptables to properly forward traffic through the VPN:

iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -s -j ACCEPT

iptables -A FORWARD -j REJECT

iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE

/etc/init.d/iptables save


Connect to the OpenVPN:

To initialize the OpenVPN server process, run the following command:

/etc/init.d/openvpn start
This will scan the /etc/openvpn directory on the server for files with a .conf extension. For every file that it finds, it will create and run a VPN daemon (server). Enable OpenVPN to start on the following boot, issue the following command:

chkconfig openvpn on

chkconfig iptables on
The process for connecting to the VPN varies depending on your specific operating system and distribution running on the client machine. You will need to install the OpenVPN package for your operating system if you have not already.

Most network management tools provide some facility for managing connections to a VPN. Configure connections to your OpenVPN through the same interface where you might configure wireless or ethernet connections. If you choose to install and manage OpenVPN manually, you will need to place the the client1.conf file and the requisite certificate files in the local machine’s /etc/openvpn directory, or equivalent location.

So far the openvpn server is setup and running on your yardvps.

Let’s setup your openvpn client on your windows.

Download your windows client at

Install it.(all next buttons)

– Copy the client1.conf ca.crt  client1.crt  client1.key 4 files into your openvpn <installation directory>\config\ (defaults to C:\Program Files\Openvpn\config)

– Rename client1.conf to client1.ovpn
Edit the remote line with the format:

remote vps_ip 1194

Now run openvpn-gui and right click the tray icon, select connect. You should be now on your openvpn network.

Posted in General, Tips and Tricks | Leave a comment