Larvitz @Larvitz@bsd.cafe
Public

New blog post: Hosting a Static Blog on FreeBSD with Bastille Jails

A deep dive into my self-hosting setup:
- FreeBSD 15.0 with securelevel 2
- Bastille jails for isolation (Caddy, Nginx, deployment gateway)
- PF firewall with strict NAT/RDR rules
- CI/CD via Forgejo Actions with rrsync-restricted deployments
- nullfs mounts for zero-copy file sharing between jails

The "transporter pattern" keeps the blog jail unexposed while enabling automated deploys. Jails remain the most elegant isolation mechanism around.

blog.hofstede.it/hosting-a-sta

Hosting a Static Blog on FreeBSD with Bastille Jails and Automated Deployment | Larvitz Blog

A full-stack overview of hosting a Pelican blog on FreeBSD 15.0 using Bastille jails, Caddy reverse proxy, and automated CI/CD deployment via Forgejo Actions.

blog.hofstede.it

0
0
1

If you have a fediverse account, you can quote this note from your own instance. Search https://mastodon.bsd.cafe/users/Larvitz/statuses/115718085687749256 on your instance and quote it. (Note that quoting is not supported in Mastodon.)

0
0
0