• Isolate websites using Nginx, PHP-FPM, Acme.sh, MySQL and AIDE on FreeBSD

    This article seeks to isolate each website on a server to minimize threat exposure. If one website gets compromised we want to limit lateral movement so that other websites are unaffected and busy servers running dozens or hundreds of website domains can continue to function. Objectives, how, and why We setup php-fpm and nginx to…

  • Kelly’s MySQL quick tutorial

    A very simple tutorial for getting going with MySQL 8 quickly.  You don’t need tools like MySQLAdmin for basic tasks like creating and deleting databases, adding users and adjusting permissions. This can easily be done from the command line.  Basic tasks Log into mysql: Create a database: Create a user and grant privileges: Then reload…

  • Configure postfix on FreeBSD to use Gmail as an SMTP relay

    I wanted postfix on my server to send mail through Gmail so messages don’t get market as spam. Rather than setup all the interesting mail security options on my server and within my mail domain, I’d rather leave all that to the experts at Google. The best article I found on the subject shows exactly…

  • Using iSCSI block storage and ZFS on FreeBSD with Oracle Cloud Infrastructure (OCI)

    Use cloud block storage on OCI (Oracle Cloud Infrastructure) with FreeBSD, just like it’s done on Linux and Windows compute instances, and optionally leverage ZFS for simple management, cloning, encryption, redundancy, and more. Disclaimer: at the time of writing, I work for Oracle. I wrote this article for fun on my free time. FreeBSD isn’t…

  • Simple pf configuration for jails in FreeBSD

    This is just an example configuration for pf on FreeBSD with two or more jails. We require private jail networking using NAT and RDR (redirect). Some of the lines below wrap on smaller screens so I’ve included extra spaces between the rdr entries to make them easier to read: ext_if=”em0″ sshd_port=”45678″ web=”192.168.0.1″ db=”192.168.0.2″ scrub in…

  • Create a custom image for OCI-Classic on macOS

    This short article describes how to create a custom image for a server that can be deployed as a “private image” on OCI Classic (formerly known as OPC, or Oracle Public Cloud). This is not really security-related but may still be helpful for someone. The first step is to use Oracle’s free VirtualBox virtualization app…

  • Why FreeBSD is a great secure server

    It’s important to keep computer systems updated and this process should be as simple as possible to stay safe and secure. A server that runs web applications should be simple to build, easy to patch, update and upgrade, and it should have a great manual. Then being able to monitor problems remotely and be alerted…

  • WordPress SFTP into FreeBSD jail

    The purpose of this article is to make it easy for WordPress and its 3rd┬áparty SFTP plugin to work on a FreeBSD host where the website and web server daemon runs within a jail, but the sshd daemon runs on the host thereby causing problems that prevent the WordPress SFTP plugin from working properly. In…