How to Install FreeBSD on a VPS: A Step-by-Step Guide

Installing FreeBSD on a VPS (Virtual Private Server) is a great way to get a reliable and flexible operating system for various tasks, such as web hosting, development, testing, and more. In this article, we will thoroughly examine the process of installing FreeBSD on your VPS, from choosing a suitable provider to the initial system configuration. We will provide step-by-step instructions and command examples so you can easily and successfully install FreeBSD on your VPS.

Contents

Choosing a VPS Provider

The first step to installing FreeBSD on a VPS is choosing a suitable provider. There are many companies offering VPS services, and it’s important to choose one that meets your requirements and budget. When choosing, consider several key factors:
  • Price: Compare prices from different providers, considering the amount of RAM, disk space, and traffic.
  • Performance: Pay attention to the type of processors and storage devices used (SSD or HDD). SSDs provide significantly higher performance.
  • Operating System Support: Make sure the provider offers the ability to install FreeBSD. Some providers offer ready-made images, while others require manual installation.
  • Server Location: Choose a server located closer to your target audience to reduce latency.
  • Technical Support: Check the availability and quality of technical support. In case of problems, you will need qualified assistance.
Some popular VPS providers offering the possibility of installing FreeBSD:
  • DigitalOcean
  • Vultr
  • Linode
  • Hetzner
Example 1: Checking FreeBSD availability with DigitalOcean. When creating a new droplet (virtual machine) in DigitalOcean, you will see a list of available operating systems. In the «Marketplace» section, you can find pre-configured FreeBSD images. If they are not in the standard list, you can install FreeBSD manually using your own ISO image (more on this later). Example 2: Choosing a VPS plan on Vultr. Vultr offers a wide selection of VPS plans, starting from the cheapest (e.g., $2.5 per month) and ending with more expensive ones with a large amount of resources. When choosing a plan, pay attention to the number of CPUs, amount of RAM, disk space, and bandwidth. To start, you can choose the cheapest plan, and then, if necessary, increase the resources. Example 3: Hetzner server locations. Hetzner is known for its low prices and good performance. When ordering a VPS, you can choose the server location: Germany, Finland, or the USA. Choose the one closest to your target audience.

Expert Tip: Before finally choosing a VPS provider, test its performance using free tools such as `iperf3` to measure network bandwidth and `dd` to measure disk write speed.

Example 4: Testing disk write speed using the `dd` command. 
dd if=/dev/zero of=testfile bs=1M count=1024 conv=fdatasync
This command will write 1 GB of data to disk and measure the write speed. The result will show how many MB/s were written.

Preparing for Installation

After choosing a VPS provider and plan, you need to prepare for the installation of FreeBSD. The preparation process depends on whether the provider provides a ready-made FreeBSD image or requires manual installation. In most cases, if there is no ready-made image, you will need a FreeBSD ISO image and the ability to upload it to the VPS.
  • Obtaining access to the VPS: After ordering the VPS, the provider will provide you with an IP address, login, and password (or SSH key) to access the server. Access is usually via the SSH protocol.
  • Downloading the FreeBSD ISO image: Download the FreeBSD ISO image from the official website (https://www.freebsd.org/where/). Choose the appropriate version and architecture (usually amd64 for 64-bit systems).
  • Creating a bootable medium (if necessary): If your VPS does not support booting from an ISO image, you may need to create a bootable medium (for example, a USB drive) and boot from it. This process depends on the capabilities provided by your VPS provider.
Example 1: Connecting to the VPS via SSH. Use an SSH client (for example, PuTTY for Windows or built-in SSH in Linux/macOS) to connect to your VPS. In the command line, enter: 
ssh root@your_vps_ip_address
Replace `your_vps_ip_address` with the IP address of your VPS. Enter the password provided by the provider. Example 2: Downloading the FreeBSD ISO image to the VPS (if required). If your provider does not provide the ability to boot from an ISO image, you may need to download the ISO image to the VPS and then use tools such as `kexec` or `GRUB` to boot from it. To download the ISO image, you can use `wget`: 
wget https://download.freebsd.org/ftp/releases/amd64/FreeBSD-13.2-RELEASE-amd64-disc1.iso
Replace the link with the actual version of FreeBSD. Example 3: Checking the ISO image checksum. After downloading the ISO image, make sure it is not corrupted by checking the checksum. Checksums for all images can be found on the FreeBSD website. Use the `sha256` command: 
sha256 FreeBSD-13.2-RELEASE-amd64-disc1.iso
Compare the obtained checksum with the checksum indicated on the FreeBSD website. If they match, the image is not corrupted.

Installing FreeBSD from an ISO Image

The process of installing FreeBSD from an ISO image may vary slightly depending on your VPS provider and the tools they provide. In most cases, you will need to access the VNC console or serial console of your VPS to interact with the FreeBSD installer. Some providers provide tools for loading the ISO image and rebooting the VPS into installation mode.
  • Booting from an ISO image: Reboot your VPS and select boot from the ISO image. This is usually done through the VPS provider’s control panel.
  • Running the FreeBSD installer: After booting from the ISO image, the FreeBSD installer will start. Follow the instructions on the screen to configure the installation parameters.
  • Disk configuration: Specify which disks FreeBSD will be installed on. You can use the entire disk or create partitions. It is recommended to use ZFS for reliability and flexibility.
  • Network configuration: Specify the IP address, network mask, gateway, and DNS servers. These parameters are usually provided by your VPS provider.
  • Root user configuration: Set a password for the root user. This is necessary for system administration.
  • Selection of system components: Choose which system components will be installed. You can install the base system, ports, and other tools.
Example 1: Disk configuration using ZFS. During FreeBSD installation, select «ZFS» as the file system. Select the disks that will be used for ZFS. You can create one ZFS pool on the entire disk or create multiple pools. It is recommended to use RAIDZ1 or RAIDZ2 to protect against data loss. Example 2: Network configuration. During installation, specify the IP address, network mask, gateway, and DNS servers. These parameters are usually provided by your VPS provider. If you are using DHCP, select automatic network configuration. Example `/etc/rc.conf` file after network configuration: 
hostname="your_hostname"
ifconfig_vtnet0="inet your_vps_ip_address netmask 255.255.255.0"
defaultrouter="your_gateway_ip_address"
Replace `your_hostname`, `your_vps_ip_address` and `your_gateway_ip_address` with the appropriate values. Example 3: SSH installation. Make sure that SSH is installed and running during installation. Usually SSH is installed by default. Check the `/etc/ssh/sshd_config` file and make sure that the `PermitRootLogin` parameter is set to `no` to improve security. Instead, create a regular user and add it to the `wheel` group to gain administrator rights via `sudo`. 
#PermitRootLogin yes
PermitRootLogin no

Initial FreeBSD Configuration

After completing the installation of FreeBSD, you need to perform the initial system configuration. This includes setting the time zone, locale, hostname, users, and other parameters.
  • Time zone configuration: Set the correct time zone for your server.
  • Locale configuration: Set the locale corresponding to your language and region.
  • Hostname configuration: Set the hostname for your server.
  • Creating a user: Create a regular user to administer the system. It is not recommended to use the root user for everyday work.
  • Sudo configuration: Configure sudo for a regular user so that they can execute commands with root privileges.
  • Firewall installation and configuration: Install and configure a firewall to protect your server.
Example 1: Time zone configuration. To configure the time zone, use the `tzsetup` command: 
tzsetup
Select your region and city from the list. Example 2: Creating a user and adding them to the `wheel` group. To create a user, use the `adduser` command: 
adduser
Follow the instructions on the screen to enter the username, password, and other information. After creating the user, add them to the `wheel` group so that they can use `sudo`: 
pw groupmod wheel -m your_username
Replace `your_username` with the name of the created user. Example 3: `sudo` configuration. After adding the user to the `wheel` group, you need to configure `sudo`. Edit the `/usr/local/etc/sudoers` file (use `visudo` for safe editing): 
visudo
Make sure that the `%wheel ALL=(ALL) ALL` line is uncommented: 
%wheel ALL=(ALL) ALL
Now a user who is a member of the `wheel` group can execute commands with root privileges using `sudo`.

System Updates and Security

After the initial configuration, it is important to regularly update the system and ensure its security. This includes installing the latest security updates, configuring a firewall, and other security measures.
  • System update: Regularly update the system using the `freebsd-update` command.
  • Installing port updates: Update ports (if you use them) using the `portmaster` command.
  • Firewall configuration: Configure a firewall to protect your server. It is recommended to use `pf` (Packet Filter), the built-in FreeBSD firewall.
  • Security monitoring: Monitor the system for suspicious activity. Use tools such as `fail2ban` to protect against brute-force attacks.
  • Regular backups: Regularly back up your data so that you can quickly restore the system in the event of a failure.
Example 1: Updating the system using `freebsd-update`. To update the system, use the following commands: 
freebsd-update fetch
freebsd-update install
Reboot the system after installing updates: 
shutdown -r now
Example 2: Firewall configuration using `pf`. Create a configuration file `/etc/pf.conf` with firewall rules. Example of a simple `/etc/pf.conf` file: 
ext_if = "vtnet0"
tcp_services = "{ 22, 80, 443 }"

set skip on lo0

block all

pass in on $ext_if proto tcp to any port $tcp_services flags S/SA keep state
pass out on $ext_if proto tcp from any port $tcp_services flags S/SA keep state

pass out quick inet from any to any keep state
pass in quick inet from any to any keep state
Replace `vtnet0` with the name of your network interface. Allow incoming connections only to ports 22 (SSH), 80 (HTTP), and 443 (HTTPS). Start the firewall: 
pfctl -f /etc/pf.conf
pfctl -e
Add `pf_enable=»YES»` to the `/etc/rc.conf` file so that the firewall starts automatically when the system boots. Example 3: Installing and configuring `fail2ban`. To install `fail2ban`, use pkg: 
pkg install fail2ban
Configure `fail2ban` by editing the `/usr/local/etc/fail2ban/jail.conf` file (it is recommended to create a copy `jail.local` to make changes): 
cp /usr/local/etc/fail2ban/jail.conf /usr/local/etc/fail2ban/jail.local
vi /usr/local/etc/fail2ban/jail.local
Configure rules to protect against attacks on SSH, the web server, and other services. Start `fail2ban`: 
service fail2ban start
Add `fail2ban_enable=»YES»` to the `/etc/rc.conf` file so that `fail2ban` starts automatically when the system boots.