November 6, 2025
FreeBSD’s native support for ZFS snapshots and jails provides a powerful foundation for immutable deployments. By creating a new jail from a ZFS snapshot for every release, we get instant roll‑backs, zero‑downtime upgrades, and a clean, reproducible environment. This article walks through the (very opinionated) flow that we use. From jails setup through running Caddy as a health‑checked reverse proxy in front of the jails.
1. Prerequisites
FreeBSD 14+ (or the latest stable release) offers the necessary ZFS and jail primitives. Enabling ZFS with a zpool installed allows cheap, instant cloning. The Caddy v2 binary handles TLS, reverse-proxying, and health checks.
2. Architecture Overview
+--------------------+ +------------------------+ +-------------------+ | | | | | | | Caddy (reverse | <-> | Immutable Jails | <-> | Application | | proxy & health- | | (ZFS snapshot/clone) | | inside each jail | | check) | | | | | | | | | | | +--------------------+ +------------------------+ +-------------------+
Caddy routes to the currently healthy jail.
Each deployment clones a ZFS snapshot → new jail.
After passing health‑checks, Caddy reconfigures to the new jail.
3. Configure the Jails Host Server
... continue reading