3.1. Using a helper “basejail”One technique to prepare a boostrapped jail for quickest deployment involves setting up a “basejail”, which is a complete, configured jail which you clone every time you need to spawn a new jail. While managing many jails is best done with some kind of configuration automation which, in a way, obsoletes having bootstrapped jails like this, in some cases this can be useful. In short, it boils down to:
freebsd-update Reverse Proxy CacheEither because you’re a good netizen and don’t want to repeatedly hammer the FreeBSD mirrors to upgrade all your systems, or you want to benefit from the speed of having a local “mirror” (cache, more precisely), running a freebsd update reverse proxy cache with, say, nginx is dead simple.
Install iRedMail on FreeBSD inside Jail (with ezjail)
FTR and in case anybody arrives here via search, here’s a working squid configuration that effectively caches packages forever (2 years) and meta information slightly less aggressively (four weeks):
sm-mta: STARTTLS=server: file /etc/mail/certs/dh.param unsafe: No such file or directory
cd /etc/mail/certs && openssl dhparam -out dh.param 4096
Source: Sendmail Error at Boot
You have a FreeBSD VPS with a single IP and you wish to create a FreeBSD jail for additional security and/or isolation. For this write up I’ll illustrate how you can use a single VPS with a jail create on an internal IP with both NAT access and port-forwarding to the jail for specific ports (web, ssh, etc).
My private server is hosted at a small company in munich. This server is currently running FreeBSD 11.0-RELEASE and has around 15 Jails running on it, most of them Apache Webserver with PHP application servers running some websites or blogs like this one and some other jails for major internet services like dns, mail, proxy server, shell server and some internal infrastructure jails (mysql, ssl/acme management, git, …) Continue reading “private server”