Build Secure FreeBSD Containers in 5 Minutes

Running common services on #FreeBSD is simple. But sometimes you want to run several services on the same OS instance, but have each service safely ‘contained’ away from one another. A web service isn’t a lot of use unless it’s presented to the internet, but that also opens up the possibility of a security compromise. Naturally, we don’t want that. In the instance of a security bug arising and a service being compromised, it would be better to minimise the system’s exposure, wouldn’t it? Enter jails. The lightweight answer to containerisation, that's been around for a long time before Docker became trendy. 00:00 - Introduction 00:29 - off we go 01:16 - sysrc enable 01:37 - create zfs filesystems 02:06 - download userland 02:59 - patch the template 03:40 - snapshot the template 03:59 - jail.conf 04:25 - let's create a new jail 04:57 - thoughts on scaling Blog: https://freebsdfoundation.org/blog/fr... GitHub repo: https://github.com/FreeBSDFoundation/... dch's Ansible role: https://git.sr.ht/~dch/ansible-jails FreeBSD on Hetzner:    • How to install FreeBSD on Hetzner   FreeBSD on AWS:    • Can we install FreeBSD on AWS in under a m...   FreeBSD on a Macbook:    • FreeBSD on an Apple MacBook in under 5 min...