Directadmin on FreeBSD

[factor]

I just wanted to say I switched a few of my servers to FreeBSD. Mostly at first because I wanted to learn it and give something new a try. I wanted to say I am still a bit in shock and doing more testing. The initial "with my eyes" results are shocking. Please understand this review isn't some heavy test with performance tools or jargon. It just "me" working with the system.

• It's noticeably faster than linux (Debian and CentOS). I don't mean some performance benchmark. I mean OTB faster.
• Memory management at the OS level seems better. Uses less over all memory. Much like Debian does.
• The firewall is native to the OS. Its included at the Kernel level. It's super efficient and is controlled by 1 file. I was able to integrate it with BFM. CSF is not supported or used. All the tools are non GUI and easy to use.
• File system: ZFS is native. This could be important to some. UFS works well too.
• Directadmin works well. Now installs well. No usability issues so far.
• The OS itself is very logically laid out unlike linux. At first I didn't really see this (I actually had forgotten) in short if it belongs to FreeBSD its in the root '/' hierarchy /bin /etc. If its 3rd party it all is made to conform to Unix standard /usr/local/bin /usr/local/etc. No wondering where things are...
• Rolling OS upgrades. I can move from version X to version Y without reinstall. Much like Debian and not like CentOS.
• No systemd.
• One thing to learn one place to get OS related items.
• Stable slow development. Faster than Debian but slower than other Linux.
• Both Binary packages and Source code building is native.
• Great documentation and community with FreeBSD

Some barriers possibly

• If you are used to linux it's a lot like linux but not totally so you have to learn some new things. It's easy.
• No CloudLinux, KernelCare. If you need CL you need Linux.
• No Docker.
• No Systemd (for those who like it)

I hope you all find this helpful. Give FreeBSD a try.

 

[wattie]

I want to confirm that everything you said is absolutely true. And I wish to emphasize that it's the only OS I ever used which can upgrade so easily from any major version up to the newest with no issues at all.

 

[factor]

I want to confirm that everything you said is absolutely true.

Thanks and who said Bulgarians and American couldn't agree an get along...Pff. We are all just regular people.

 

[wattie]

Thanks and who said Bulgarians and American couldn't agree an get along...Pff. We are all just regular people.

Haha, lately you had lets say "spicy" elections out there and the media is saying that "the nation is divided". Honestly they don't know what they are talking about Here if you have 8 apartments and you must take decision on something about the block, you'll get 9 different opinions

P.S. For the upcoming elections here one party, which is close to jump over 4%, is named "Stand up! Gangsters out!" and another, which is around 15% and it is about to be the third biggest, was called "There is no such country" but was later renamed to "There is such nation". LOL

P.S.2. /end_politics_talking /focus_on_bsd

 

[factor]

say "spicy" elections out there

It's the norm lately.

the media is saying that "the nation is divided"

We are all divided.

you'll get 9 different opinions

Same here. We all could run the country better.

Stand up! Gangsters out!

"There is no such country" but was later renamed to "There is such nation"

I love these names.

focus_on_bsd

For sure...

 

[DanielP]

Do you have zfs quota supported for user accounts ? I found here on forums some old warppers fot that (they are couple of years)

that stopped me to introduce ZFS service

I want to see how much faster is it ... I have clients that will like it

 

[factor]

zfs quota supported for user

This is how quotas work in ZFS https://docs.freebsd.org/en_US.ISO8859-1/books/handbook/zfs-zfs.html#zfs-zfs-quota
The do have user quotas yes.
they are not the same as quotas https://docs.freebsd.org/en_US.ISO8859-1/books/handbook/quotas.html

I want to see how much faster is it

If you mean FreeBSD it was pretty noticeable to me. Version 13 is supposed to be way faster than 12.

If you mean ZFS. It is "copy on write" which makes it so much more crash safe. It has native snapshots.

Here is the handbook excerpt

Chapter 22. The Z File System (ZFS)

ZFS is an advanced file system designed to solve major problems found in previous storage subsystem software

docs.freebsd.org

What Makes ZFS Different​

ZFS is significantly different from any previous file system because it is more than just a file system. Combining the traditionally separate roles of volume manager and file system provides ZFS with unique advantages. The file system is now aware of the underlying structure of the disks. Traditional file systems could only be created on a single disk at a time. If there were two disks then two separate file systems would have to be created. In a traditional hardware RAID configuration, this problem was avoided by presenting the operating system with a single logical disk made up of the space provided by a number of physical disks, on top of which the operating system placed a file system. Even in the case of software RAID solutions like those provided by GEOM, the UFS file system living on top of the RAID transform believed that it was dealing with a single device. ZFS's combination of the volume manager and the file system solves this and allows the creation of many file systems all sharing a pool of available storage. One of the biggest advantages to ZFS's awareness of the physical layout of the disks is that existing file systems can be grown automatically when additional disks are added to the pool. This new space is then made available to all of the file systems. ZFS also has a number of different properties that can be applied to each file system, giving many advantages to creating a number of different file systems and datasets rather than a single monolithic file system.

 

[wattie]

ZFS is not about speed, but it's about disks management. It's benefits are mainly for really large-scale servers with lots of HDDs.

 

[DanielP]

I actually use ZFS but on my Proxmox Hypervisors and almost 80% of nodes

I ask for quota in DirectAdmin - does it works 10GB plan to be limited on 10GB from the panel and to calculate it correctly... I did searches for that and found old threads that they used additional script

P.S. ZFS is actually very good for speed I switched my backup servers from 4 HDD RAID 10 to 2 RAID1 HDD + 2 SSD + mirror log+ cache + mirror special device and my incremental backup time drop significantly (Jetbackup + Rsync) from 8 hours to 1 (best result) but usual result is from 4 hours to 1

 

[BBM]

Interesting topic Brent, as I'm ready (seriously needing) to upgrade my currently outdated (CentOS6) VPS to a new one.
The only worry I have is what you mentioned by 'CSF is not needed/used'.
How are the things the CSF catches, handled in the IS itself?

 

[factor]

How are the things the CSF catches, handled in the IS itself?

FreeBSD has built in firewall in the OS. So it's not an add on. There are 2 to chose IPFW and PF.

PF is what I use as it is currently the standard IMHO.

I am working on a PF guide for everyone. The main issue might be there is no GUI in DA for this.
PF is for packet filter. It is the firewall part like in csf. I have mine integrated with BFM in DA and AbuseIPDB which I mentioned here . I have country blocking. All the standard blocking with bruteforce in DA all works. In csf you have ldf also which is a-lot like Fail2ban which is available in FreeBSD but really I dont need it since they never get to the server to begin with. PF is maintained in one config file and is super easy to use.

I dont want to deter you from trying FreeBSD but its not linux. You will need some time to adjust to all the Logic in the system.

Ask me anything.

 

[BBM]

I'm an Apple user at heart, so I've have some playtime with it's similar FreeBSD underlyings, but very scarcely.

But I just noticed my VPS-provider only offers DA with CentOS 7 at the moment as a package setup (The DA-license will be coupled to the IP of the VPS).
They do other VPS-installations with a number of OS'es of choice, but that would require a personal DA-license for me to install, which would mean an increase in DA-license costs for me ($5 p/month versus something 3 or 4-fold for a seperate DA-license. So I guess I will stick with CentOS for awhile still.

 

[wattie]

IPFW is also very simple to use.

 

[IT_Architect]

I am working on a PF guide for everyone. The main issue might be there is no GUI in DA for this.
I dont want to deter you from trying FreeBSD but its not linux. You will need some time to adjust to all the Logic in the system.

I've worked extensively with PF. I have standardized methods that I transplant from server to server and config files and scripts that manage things. For instance, you can turn on or off countries, it downloads lists every night of spam servers, latest IP's by country and block by type of service they can access, etc. The config documents the commands and each section and the scripts are well documented. I've worked with several different ?NIX firewalls and the only one that doesn't put you in a box is PF. Some beat it for ease of use, but PF has so many capabilities that rather than trying to work around limitations, it is down to your imagination. It also becomes quite an education as to how well developed the attackers are at avoiding detection by limiting their behavior to appear legit. When you hear the phrase, "There is no security in obscurity" that is false. When you catch someone playing around on a standard port you aren't using, it becomes actionable. You can coordinate Proftp parameters and PF and catch out-of-range scanners. Based on what happened, you can throw their traffic into a pot, block their IP forever, or for a specific amount of time, etc.

 

[factor]

@IT_Architect
Completely agree. I would love to have you share your pf stuff. PM if you will. I have county, abuseipdb, and spamdb blocking. I am sure your scripts are better than mine but would love to compare.

 

[IT_Architect]

Completely agree. I would love to have you share your pf stuff. PM if you will. I have county, abuseipdb, and spamdb blocking. I am sure your scripts are better than mine but would love to compare.

It's more likely that there will be things you can use or learn from.

I've used these methods starting in 2009 and adjusting along the way for new capabilities in PF and links that moved/changed. I have them in their own structure in /etc/pf so I copy the structure from server to server and copy and paste the entry out of cron and rc.conf, so it's easy to zip. and PM you. I seldom have to work on it, so I have to re-educate myself every time I make a change, which is why the conf and scripts are so profusely documented. The only thing to keep in mind is the model conf cannot be simply modified for use because it contains so much documentation that it''s too big for PF to run. The model conf includes comments for every process, how it works, its intent, and which great theories didn't work and why. You will see from the running conf the big area I chopped out which enables it to run, but retains all of the comments required for maintenance and normal operation.

I don't share it here because there would soon be 100 forks, everyone an expert, and nothing of lasting significance with me answering lots of questions I don't have time for. I'm well aware of the effort it takes to do what you are doing. It looks so easy but the last 10% eats up 90% of the time and effort. The code comes with very few strings attached:
1. You clean out any private information, but I can't think of how there would be any.
2. "You da man". I don't have time to answer questions, incorporate suggestions, and make it a plugin or product.
3. I'm not liable or entitled to anything that results from it.
This is a donation from me to you to use how you wish.

I'm in the middle of setting up orphanages, delegating business processes, etc. The reason I'm here is to untangle myself as much as possible by getting things up to date and easily maintainable. I've been getting a partner up to speed over the past 4 years, things are grown exponentially, and he has the energy and knowledge now to handle other than the server aspects of the business. He can have everything and wants to help me but even if he decides not to, this is more valuable to me than that.

The only question is how do I get it to you?