A sideways look at FreeBSD

freebsdApart from a stint with Slackware, I’ve been squarely in the Red Hat ecosystem since around the year 2000 when I first got into Red Hat Linux 6.0. Today my production servers run CentOS 7 and it does a great job. Nevertheless I am currently evaluating FreeBSD as a server operating system to run what is now my standard stack: Nginx, PHP-FPM and MariaDB.

I got involved with FreeBSD largely by chance in a TAFE class I was teaching recently. Diploma level IT students had built and configured a VMware vCenter cluster using local storage on two ESXi 6.0 hosts, and we wanted to try adding some SAN storage. So we ran up a FreeNAS box and I was impressed with how well it “just worked” to provide iSCSI storage to our cluster with web-based management. This got me looking a little deeper and (re)discovering other gems such as PFSense, the highly regarded FreeBSD-based firewall system.

There is no shortage of claims around that FreeBSD is more stable, more secure, and more performant than Linux, but it is difficult to find meaningful supporting evidence. In practice, there are so many variables involved that such claims must be taken with more than a grain of salt. FreeBSD and RHEL/CentOS Linux are both solid, stable systems and the reality is that, for web hosting applications, other issues such as database tuning and code quality are far more important for performance and security outcomes than the underlying operating system.

Nevertheless, FreeBSD has several points of interest that warrant consideration. In no particular order these include:

On RHEL/CentOS, web stack components are often very out of date. Projects such as the EPEL and IUS repos help but even these are not always fully up to date. On the other hand, on FreeBSD 10.3 the latest versions of every web stack component are readily available and installed by default. For example: Nginx 1.8.1, PHP 7.0.7 and MariaDB 10.1.13. While I haven’t yet tried to do so, it also seems easier to downgrade to the specific version of a software package. FreeBSD’s packaging system is at least as easy to use as yum/dnf, and probably easier. I’m fully aware of the need to be cautious about bleeding edge software on production servers and of course would never push production websites onto servers I had doubts about.

FreeBSD has Jails and ZFS. I haven’t really used either yet but Jails looks like a solid and secure container virtualisation platform potentially useful for secure web application hosting. I’m no file system expert but ZFS is just cool.

FreeBSD has a similar feel to Slackware Linux, in that configuration and tools are simpler and system administration feels closer to the metal. While RHEL/CentOS is an excellent operating system it is getting increasing complex as it is used in ever more complex and varied roles. FreeBSD travels a bit lighter and is perhaps better suited to the narrower, more specific role of web/database server.

FreeBSD is arguably more internally coherent than Linux because one project covers both the kernel and the base userland system, so everything gets upgraded in sync. Linux distributions on the other hand tend to integrate bits from anywhere and everywhere. In practice, this is rarely an issue for a distro such as CentOS but one recent example I can think of involved the network simulator software GNS3, which is only properly supported on Ubuntu Linux. Getting it to run on CentOS wasn’t straightforward and it was easier to simply install an Ubuntu VM and run it there. Admittedly this is not a typical web server workload but the point stands.

Linux certainly has wider driver and hardware support and more kernel features than FreeBSD. But web servers today almost always run on bog-standard virtualised hardware anyway, so nothing too fancy is required in that regard.

So, testing of FreeBSD as cloud-based server infrastructure is currently ongoing. The office development laptops will definitely be remaining on CentOS for the foreseeable future. Let’s just say that laptop and GUI support is not FreeBSD’s greatest strength and I am not nostalgic for the early days of the X Windows system.