Category: FreeBSD

  • Isolate websites on FreeBSD with Nginx, PHP-FPM, Acme.sh, MySQL

    Last updated on January 15, 2024. This article seeks to isolate multiple websites on a single server to minimize threat exposure. Web applications are commonly vulnerable to compromise if they are not kept up-to-date. We want to limit lateral movement so in the event of an exploit, other websites and systems on the server are…

  • Configure postfix on FreeBSD to use Gmail as an SMTP relay

    I wanted postfix on my server to send mail through Gmail so messages don’t get market as spam. Rather than setup all the interesting mail security options on my server and within my mail domain, I’d rather leave all that to the experts at Google. The best article I found on the subject shows exactly…

  • Using iSCSI block storage and ZFS on FreeBSD with Oracle Cloud Infrastructure (OCI)

    Use cloud block storage on OCI (Oracle Cloud Infrastructure) with FreeBSD, just like it’s done on Linux and Windows compute instances, and optionally leverage ZFS for simple management, cloning, encryption, redundancy, and more. Disclaimer: at the time of writing, I work for Oracle. I wrote this article for fun on my free time. FreeBSD isn’t…

  • Simple pf configuration for jails in FreeBSD

    This is just an example configuration for pf on FreeBSD with two or more jails. We require private jail networking using NAT and RDR (redirect). Some of the lines below wrap on smaller screens so I’ve included extra spaces between the rdr entries to make them easier to read: ext_if=”em0″ sshd_port=”45678″ web=”192.168.0.1″ db=”192.168.0.2″ scrub in…

  • Create a custom image for OCI-Classic on macOS

    This short article describes how to create a custom image for a server that can be deployed as a “private image” on OCI Classic (formerly known as OPC, or Oracle Public Cloud). This is not really security-related but may still be helpful for someone. The first step is to use Oracle’s free VirtualBox virtualization app…