WIP! - Infrastructure - WIP!
Setup Guide
Notes On FreeBSD

Notes On FreeBSD

We make heavy use of FreeBSD and its broader ecosystem (jails, zfs, pf). Since the current, general approach to selfhosting services seems to be focusing mostly on Linux and OCI Containers (docker, podman), this choice comes with some challenges. E.g. some applications might not be designed to run on FreeBSD or their setup on FreeBSD might not be documented. We came to the conclusion that the benefits of jails/zfs outweigh the challenges of this architectural choice. This section provides some notes on differences between FreeBSD and mainstream Linux Distributions, common pitfalls, and how to find suitable documentation.

FreeBSD

FreeBSD is not a Linux Distribution and one should not expect it to behave as one. While FreeBSD provides a compatibility layer to execute programs compiled for linux. We recommend making yourself familiar with FreeBSD as a operating system and it’s conventions instead of trying to apply Linux workflows in FreeBSD (although knowledge of Linux userland tools certainly helps). The best way to learn how things are done on FreeBSD is to read the FreeBSD Handbook.

System Configuration

TODO

Services

There’s no SystemD on FreeBSD. So service management might differ from what you are accustomed to.

Jails

Jails are FreeBSDs concept of Containers - but they differ substantially from OCI containers as used by Docker and co. Think of jails more as isolated virtualized hosts and not as distribution method for applications.

No ping

Processes in jails are not allowed to open raw sockets. Because of this, the ping command will not run inside jails.

Localhost Pitfalls

The behaviour of sending requests to localhost differs in jails from other systems. While localhost will be resolved to 127.0.0.1, requests sent to localhost will not originate from it. Instead, the requests will originate from the internal ip-address of the jail. This causes issues with any application/service which restricts actions to localhost. Since any requests, even when sent to localhost, will look like it is coming from an external address (even if that address is the same as the one belonging to the jail itself). It is usually required to whitelist the internal ip-address in the services configuration and services must listen on the correct interface.

What You'll NeedOS Installation