• FreeBSD with two default routes on GCP

    I was excited to try GCP (Google Compute Platform) with FreeBSD since community images are available to deploy. DigitalOcean stopped supporting FreeBSD so I’ve moved on to GCP. In GCP’s Compute engine, if you need multiple interfaces, you must create a VM instance with multiple NICs at creation time — you cannot add a second…

  • Isolate websites on FreeBSD with Nginx, PHP-FPM, Acme.sh, MySQL

    Last updated on January 15, 2024. This article seeks to isolate multiple websites on a single server to minimize threat exposure. Web applications are commonly vulnerable to compromise if they are not kept up-to-date. We want to limit lateral movement so in the event of an exploit, other websites and systems on the server are…

  • Kelly’s MySQL quick tutorial

    A very simple tutorial for getting going with MySQL 8 quickly.  You don’t need tools like MySQLAdmin for basic tasks like creating and deleting databases, adding users and adjusting permissions. This can easily be done from the command line.  Basic tasks Log into mysql: Create a database: Create a user and grant privileges: Then reload…

  • Configure postfix on FreeBSD to use Gmail as an SMTP relay

    I wanted postfix on my server to send mail through Gmail so messages don’t get market as spam. Rather than setup all the interesting mail security options on my server and within my mail domain, I’d rather leave all that to the experts at Google. The best article I found on the subject shows exactly…

  • Using iSCSI block storage and ZFS on FreeBSD with Oracle Cloud Infrastructure (OCI)

    Use cloud block storage on OCI (Oracle Cloud Infrastructure) with FreeBSD, just like it’s done on Linux and Windows compute instances, and optionally leverage ZFS for simple management, cloning, encryption, redundancy, and more. Disclaimer: at the time of writing, I work for Oracle. I wrote this article for fun on my free time. FreeBSD isn’t…

  • Simple pf configuration for jails in FreeBSD

    This is just an example configuration for pf on FreeBSD with two or more jails. We require private jail networking using NAT and RDR (redirect). Some of the lines below wrap on smaller screens so I’ve included extra spaces between the rdr entries to make them easier to read: ext_if=”em0″ sshd_port=”45678″ web=”192.168.0.1″ db=”192.168.0.2″ scrub in…

  • Create a custom image for OCI-Classic on macOS

    This short article describes how to create a custom image for a server that can be deployed as a “private image” on OCI Classic (formerly known as OPC, or Oracle Public Cloud). This is not really security-related but may still be helpful for someone. The first step is to use Oracle’s free VirtualBox virtualization app…

  • Why FreeBSD is a great secure server

    It’s important to keep computer systems updated and this process should be as simple as possible to stay safe and secure. A server that runs web applications should be simple to build, easy to patch, update and upgrade, and it should have a great manual. Then being able to monitor problems remotely and be alerted…

  • WordPress SFTP into FreeBSD jail

    The purpose of this article is to make it easy for WordPress and its 3rd party SFTP plugin to work on a FreeBSD host where the website and web server daemon runs within a jail, but the sshd daemon runs on the host thereby causing problems that prevent the WordPress SFTP plugin from working properly. In…