Category: FreeBSD

  • Isolate websites on FreeBSD with Nginx, PHP-FPM, Acme.sh, MySQL

    Last updated on January 15, 2025. This article is for building a web server that isolates multiple websites to reduce threat exposure. Web applications are commonly vulnerable to compromise if they are not kept up-to-date. The goal is to limit lateral movement in and exploit incident, keeping other websites and systems on that server unaffected.…

  • Configure postfix on FreeBSD to use Gmail as an SMTP relay

    I wanted postfix on my server to send mail through Gmail so messages don’t get market as spam. Rather than setup all the interesting mail security options on my server and within my mail domain, I’d rather leave all that to the experts at Google. The best article I found on the subject shows exactly…

  • Using iSCSI block storage and ZFS on FreeBSD with Oracle Cloud Infrastructure (OCI)

    Use cloud block storage on OCI (Oracle Cloud Infrastructure) with FreeBSD, just like it’s done on Linux and Windows compute instances, and optionally leverage ZFS for simple management, cloning, encryption, redundancy, and more. Disclaimer: at the time of writing, I work for Oracle. I wrote this article for fun on my free time. FreeBSD isn’t…

  • Simple pf configuration for jails in FreeBSD

    This is just an example configuration for pf on FreeBSD with two or more jails. We require private jail networking using NAT and RDR (redirect). Some of the lines below wrap on smaller screens so I’ve included extra spaces between the rdr entries to make them easier to read: ext_if=”em0″ sshd_port=”45678″ web=”192.168.0.1″ db=”192.168.0.2″ scrub in…

  • Create a custom image for OCI-Classic on macOS

    This short article describes how to create a custom image for a server that can be deployed as a “private image” on OCI Classic (formerly known as OPC, or Oracle Public Cloud). This is not really security-related but may still be helpful for someone. The first step is to use Oracle’s free VirtualBox virtualization app…