Migrating a decade-old Ubuntu 16.04 blog to FreeBSD on Hetzner

Migrating a decade-old Ubuntu 16.04 blog to FreeBSD on Hetzner

submited 22 May 2026

After running a blog on an outdated Ubuntu 16.04 VPS for ten years, the author migrated it to a FreeBSD-based Hetzner server for improved security, cost efficiency, and performance. The new setup leverages FreeBSD Jails managed by Bastille for isolation, Caddy as a reverse proxy for automatic SSL handling, and ZFS for snapshots and data integrity. Benchmarking using hey and wrk from Vultr VPS instances across four continents showed the FreeBSD server handling up to 11x more requests per second with significantly lower latency compared to the old Ubuntu setup. The migration also reduced costs by over 50% while providing better hardware specs, including double the CPU and memory, though the author acknowledges that much of the performance gain likely stems from the new server's four CPU cores versus the old single-core setup.

DiscoverBSD - The BSD community linklog

Made a script? Written a blog post? Found a useful tutorial?<br>Share it with the BSD community here or just enjoy what everyone else has found!

Submit

25 May 2026

Valuable News – 2026/05/25

The Valuable News weekly roundup for May 25, 2026, curates notable updates across UNIX, BSD, and Linux ecosystems. Highlights include OpenBSD 7.9's release with support for up to 255 CPU cores and WiFi 6, FreeBSD 15.1-RC1's availability with AI-discovered security fixes, and a forked KDE Plasma login manager by SonicDE that supports X11 and systemd-free environments. Additional topics cover FreeBSD's mdo(1) privilege delegation, HAProxy optimizations for Fedimeteo, and a dual-node FreeBSD NAS cluster setup for $210.

22 May 2026

BSD Now 664: No one misses SPARC

This episode covers the historical 1993 announcement confirming NetBSD and FreeBSD would remain separate projects rather than merge, alongside an analysis of SPARC architecture’s decline and why it faded into obscurity. Additional topics include a call for community testing of GhostBSD 26.2, a guide for setting up redundant DHCP and DNS services using OpenBSD and FreeBSD, and reflections on universities developing in-house technology. The episode also features user feedback and a sponsored segment on Tarsnap’s secure backup solutions, rounding out discussions on BSD-related tools, utilities, and open-source developments.

Migrating a decade-old Ubuntu 16.04 blog to FreeBSD on Hetzner

After running a blog on an outdated Ubuntu 16.04 VPS for ten years, the author migrated it to a FreeBSD-based Hetzner server for improved security, cost efficiency, and performance. The new setup leverages FreeBSD Jails managed by Bastille for isolation, Caddy as a reverse proxy for automatic SSL handling, and ZFS for snapshots and data integrity. Benchmarking using hey and wrk from Vultr VPS instances across four continents showed the FreeBSD server handling up to 11x more requests per second with significantly lower latency compared to the old Ubuntu setup. The migration also reduced costs by over 50% while providing better hardware specs, including double the CPU and memory, though the author acknowledges that much of the performance gain likely stems from the new server's four CPU cores versus the old single-core setup.

Enjoying DiscoverBSD? There is more...

Subscribe to BSD Weekly, our free, once–weekly e-mail round-up of BSD news and articles.<br>It is currated from your content on DiscoverBSD and BSDSec (a deadsimple BSD Security Advisories and Announcements).

You can also support the work on Patreon.

21 May 2026

FreeBSD Security Advisory FreeBSD-SA-26:24.cap_net

FreeBSD-SA-26:24.capnet addresses a vulnerability in the libcapnet service, part of the Capsicum capability framework, where omitted keys in updated permission limits were incorrectly treated as "allow any" instead of being rejected. This flaw could allow sandboxed applications to expand their network permissions beyond originally defined restrictions, violating Capsicum's security model. The issue affects all supported FreeBSD versions and was discovered by Joshua Rogers of AISLE Research Team. Corrections were applied to branches stable/15, releng/15.0, stable/14, releng/14.4, and releng/14.3, with no known workarounds available. Updates can be applied via pkg, freebsd-update, or source patches, followed by a system reboot.

FreeBSD Security Advisory FreeBSD-SA-26:23.bsdinstall

A critical vulnerability in FreeBSD's bsdinstall and bsdconfig utilities allows remote code execution during Wi-Fi network scans. The flaw stems from improper shell handling of Wi-Fi network names, enabling attackers to execute arbitrary commands as root by broadcasting a maliciously crafted access point name within range. The issue affects all supported FreeBSD versions and requires no user interaction beyond initiating a Wi-Fi scan, though actual network selection is unnecessary for exploitation. Patches have been released...