#Tag · bonfire.cafe

One nice thing about #IPv6: Even with a low-cost VPS, you get more addresses than you ever need. Perfect when experimenting with #Jails, for instance. If a Jail needs IPv4 WAN access, simply allow NAT64 on the host system.

BTW, I'm surprised how many "major" news sites don't have an IPv6 address.

xinqu

@xinqu@mastodon.bsd.cafe · last week

BTW, I'm surprised how many "major" news sites don't have an IPv6 address.

Stefano Marinelli boosted

Larvitz

@Larvitz@mastodon.bsd.cafe · 2 weeks ago

Made my FreeBSD server at Netcup ready to host multiple isolated applications with automatic https via Let's Encrypt.

Internet → Server → PF firewall → Caddy jail (reverse proxy) → Individual application jails

Each app gets its own isolated jail for security, while Caddy handles all the routing and https. PF keeps the front door locked.

All of course with IPv6 first, where every Jail has it's own public IP address and using NAT for legacy IPv4.

Love how FreeBSD jails make this kind of segmentation so elegant.

#FreeBSD #Jails #SelfHosting #Caddy #ipv4

Larvitz

@Larvitz@mastodon.bsd.cafe · 2 weeks ago

Made my FreeBSD server at Netcup ready to host multiple isolated applications with automatic https via Let's Encrypt.

Internet → Server → PF firewall → Caddy jail (reverse proxy) → Individual application jails

Each app gets its own isolated jail for security, while Caddy handles all the routing and https. PF keeps the front door locked.

All of course with IPv6 first, where every Jail has it's own public IP address and using NAT for legacy IPv4.

Love how FreeBSD jails make this kind of segmentation so elegant.

#FreeBSD #Jails #SelfHosting #Caddy #ipv4

Stefano Marinelli

@stefano@mastodon.bsd.cafe · 2 weeks ago

Client: "I’d like to try some alternative themes for my WordPress site you’re hosting, but I’m afraid of breaking the production site."

Me: "Say no more."

I start:
- create a record for the test site

- bastille clone -l prod testing ip

- bastille console nginx → edit nginx proxy, add the new domain → certbot --nginx -d newdomain.tld

- bastille console testing → mysql → UPDATE wp_options SET option_value = 'https://newdomain.tld' WHERE option_name = 'siteurl';
UPDATE wp_options SET option_value = 'https://newdomain.tld' WHERE option_name = 'home';

- "Done. You can now connect to..."

FreeBSD, jails, ZFS. No limits.

#RunBSD #FreeBSD #jails #BastilleBSD #WordPress

Michael Dexter and 1 other boosted

xinqu

@xinqu@mastodon.bsd.cafe · 3 weeks ago

Don't be a fool (like I was) when it comes to #jails on #FreeBSD. I ignored them despite using FreeBSD for decades, because I had no problem that could not be solved w/o them and thought "why learn yet another technology I barely need".

But it's not only about solving problems. It gives you a super lightweight and fast tool to test things (and trashing 🗑️ them with zfs destroy) without cluttering your configs or interfering with production services.

E.g. I hesitated to run a webserver for publishing content because I didn't want a publicly accessible Apache on my mail relays, nor on my Nextcloud instance at home.

With jails, the MX is left unmodified. If I feel like it I could move it to a different system just using tar or cpio or zfs send.

All I needed to accomplish that was a few shell scripts to initially generate a jail template and, of course, the invaluable book "FreeBSD Mastery: Jails" of @mwl .

What motivated me to get started? All the
speakers at #EuroBSDCon showing what incredible things they do with Jails. Especially >>IMUNES: A Network Emulation and Simulation Tool Built on FreeBSD<<.

If you want to watch the IMUNES talk you can find the link on my jailed webserver 😉 here https://pub.v32bis.cc/eurobsdcon.html

xinqu

@xinqu@mastodon.bsd.cafe · 3 weeks ago

E.g. I hesitated to run a webserver for publishing content because I didn't want a publicly accessible Apache on my mail relays, nor on my Nextcloud instance at home.

With jails, the MX is left unmodified. If I feel like it I could move it to a different system just using tar or cpio or zfs send.

All I needed to accomplish that was a few shell scripts to initially generate a jail template and, of course, the invaluable book "FreeBSD Mastery: Jails" of @mwl .

What motivated me to get started? All the
speakers at #EuroBSDCon showing what incredible things they do with Jails. Especially >>IMUNES: A Network Emulation and Simulation Tool Built on FreeBSD<<.

If you want to watch the IMUNES talk you can find the link on my jailed webserver 😉 here https://pub.v32bis.cc/eurobsdcon.html

Stefano Marinelli boosted

xinqu

@xinqu@mastodon.bsd.cafe · 3 weeks ago

#FreeBSD #jails:
Creating a #Unix system with ssh-access in a millisecond.

xinqu

@xinqu@mastodon.bsd.cafe · 3 weeks ago

#FreeBSD #jails:
Creating a #Unix system with ssh-access in a millisecond.

Alex Akselrod boosted

InarticulateQuilter

@inarticulatequilter@mastodon.art · last month

That new #SanDiego independent news outlet Daylight San Diego (on the Fedi at @index) did a really thorough article about a new push here locally to end incarceration of girls

https://www.daylightsandiego.org/san-diego-advocates-push-to-end-girls-incarceration/

#Incarceration #Jails

InarticulateQuilter

@inarticulatequilter@mastodon.art · last month

That new #SanDiego independent news outlet Daylight San Diego (on the Fedi at @index) did a really thorough article about a new push here locally to end incarceration of girls

https://www.daylightsandiego.org/san-diego-advocates-push-to-end-girls-incarceration/

#Incarceration #Jails