Recently, I bought a second-hand HPE DL360e Gen 8 with the idea of trying to stop the EC2 instance where I host my personal website/online radio station.
First decision I had to take was the OS I would use. I tried to install Ubuntu Server unsuccessfully, so FreeBSD was my next option on the list.
According to the official FreeBSD page "FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms." and "FreeBSD is an operating system for a variety of platforms which focuses on features, speed, and stability. It is derived from BSD, the version of UNIX® developed at the University of California, Berkeley. It is developed and maintained by a large community".
FreeBSD offers great documentation, all of it you can find in https://docs.freebsd.org/en/books/faq/. It has an amazing community hanging on https://forums.freebsd.org/ and IRC.
One of the main differences with a Linux OS is that Docker is not supported on FreeBSD but a great alternative is available, jails and the easy-to-use jails manager ezjail.
Those two approaches have some similarities on the surface, but are pretty much different once you start working with them.
We can consider both of them as containerization technologies. That means isolated processes from the host server. But FreeBSD's jails takes the concept further, since each jail has its own directory sub-tree (vs. Docker mounted volumes) and its own set of users and groups. That means is easy to create a jail, enable ssh, and a secure environment is created within the host.
On the other hand, Docker as standard is a fact, but keep in mind that these tools serve different purposes.
Ezjail makes the management of the jails a pretty easy job, see the "hello world" of it:
# Create a clone of the loopback interface
echo 'cloned_interfaces="lo1"' >> /etc/rc.conf
service netif cloneup
ezjail-admin create hello-world 'lo1|127.0.1.1'
# add dns nameserver for the jail
cp /etc/resolv.conf /usr/jails/hello-world/etc/
ezjail-admin start -f hello-world
In order to forward all the traffic from the jail through the external interface, we can use the FreeBSD packet filter:
ext_if="xn0"
jail_net="127.0.1.1"
nat pass on $ext_if from $jail_net to any -> $ext_if
pass out
pass in
Now, we can also redirect some of the host ports to the jails:
rdr pass on $ext_if inet proto { tcp, udp } from any to $ext_if_private_ip port 23 -> $jail_net port 22
rdr pass on $ext_if inet proto { tcp, udp } from any to $ext_if_private_ip port 81 -> $jail_net port 80
In addition we can use Nginx to configure a different domain for each jail:
events {
worker_connections 4096; ## Default: 1024
}
http {
log_format upstreamlog '[$time_local] $remote_addr - $remote_user - $server_name $host to: $upstream_addr: $request $status upstream_response_time $upstream_response_time msec $msec request_time $request_time';
access_log /var/log/nginx/access.log upstreamlog;
include "servers/*.conf";
}
upstream example {
server 127.0.1.1:443;
}
server {
listen 80;
server_name www.example.com example.com;
return 301 https://$host$request_uri;
}
server{
listen 443 ssl;
server_name www.example.com example.com;
ssl_certificate /home/ssl/example/fullchain.pem;
ssl_certificate_key /home/ssl/example/privkey.pem;
location / {
proxy_pass https://example;
}
}
In conclusion FreeBSD can offer a very nice alternative to Docker, running on a robust OS, with many good parts like the ZFS file system, its cleanliness and predictability, and the great documentation available.
Top comments (0)