Running common services on #FreeBSD is simple. But sometimes you want to run several services on the same OS instance, but have each service safely ‘contained’ away from one another. A web service isn’t a lot of use unless it’s presented to the internet, but that also opens up the possibility of a security compromise. Naturally, we don’t want that. In the instance of a security bug arising and a service being compromised, it would be better to minimise the system’s exposure, wouldn’t it? Enter jails. The lightweight answer to containerisation, that’s been around for a long time before Docker became trendy.
00:00 – Introduction
00:29 – off we go
01:16 – sysrc enable
01:37 – create zfs filesystems
02:06 – download userland
02:59 – patch the template
03:40 – snapshot the template
03:59 – jail.conf
04:25 – let’s create a new jail
04:57 – thoughts on scaling
Blog: https://freebsdfoundation.org/blog/freebsd-jails-are-simple-and-easy/
GitHub repo: https://github.com/FreeBSDFoundation/blog/tree/main/easy-jail-setup
dch’s Ansible role: https://git.sr.ht/~dch/ansible-jails
FreeBSD on Hetzner: https://youtu.be/8RGbstrTWUo?si=TYgB2e91xMCI5PZR
FreeBSD on AWS: https://youtu.be/V9-5QC6vLHY?si=KF9JrTJNtVK67G4L
FreeBSD on a Macbook: https://youtu.be/CWuZLJkUBfw?si=q4OQYJtKrmR_3-r8