How to Set Up FreeBSD on a VPS (Vultr, DigitalOcean, Hetzner)

How to Set Up FreeBSD on a VPS (Vultr, DigitalOcean, Hetzner)

Running FreeBSD on a VPS is one of the most practical ways to get started with the operating system. You get a production server in under five minutes, for around $5-6/month, with no hardware to manage. This guide walks you through deploying FreeBSD on the three best VPS providers that support it, then covers everything you need to do in your first 30 minutes on the server.

By the end, you will have a fully updated FreeBSD VPS with SSH key authentication, a non-root user, a working PF firewall, and a solid foundation for whatever you plan to run -- whether that is a web server, a VPN endpoint, or a development environment.

Choosing a VPS Provider for FreeBSD

Not every VPS provider offers FreeBSD images. The three below have the best combination of official FreeBSD support, global data center coverage, and straightforward pricing.

| Provider | FreeBSD Support | Smallest Plan | Data Centers | Notes |

|----------|----------------|---------------|-------------|-------|

| Vultr | Official images, ISOs | $6/mo (1 vCPU, 1GB RAM, 25GB SSD) | 32 locations | Best FreeBSD support overall. Offers custom ISO upload. |

| DigitalOcean | Official images | $6/mo (1 vCPU, 1GB RAM, 25GB SSD) | 15 locations | Good community docs. Droplet API works well with FreeBSD. |

| Hetzner | Official images | EUR 3.79/mo (1 vCPU, 2GB RAM, 20GB SSD) | 5 locations (EU, US) | Best price-to-performance ratio. European data centers excel. |

Which should you pick? If you are new to FreeBSD and want the smoothest experience, start with Vultr. Their FreeBSD images are consistently up to date and their console access works reliably. If budget is the priority and you are in Europe, Hetzner is hard to beat. DigitalOcean sits in the middle with excellent API tooling and documentation.

For a deeper comparison of hosting options, see our best VPS hosting for FreeBSD guide.

Deploying FreeBSD on Vultr (Step-by-Step)

Vultr has the most straightforward FreeBSD deployment process of the three providers.

Step 1: Create an Account and Add an SSH Key

1. Sign up at Vultr.
2. Go to Settings > SSH Keys and click Add SSH Key.
3. Paste your public key. If you do not have one yet, generate it on your local machine:

bash
ssh-keygen -t ed25519 -C "your_email@example.com"
cat ~/.ssh/id_ed25519.pub

Copy the output and paste it into the Vultr SSH key form.

Step 2: Deploy a New Server

1. Click Deploy New Server (the blue "+" button).
2. Choose Cloud Compute - Shared CPU for the cheapest option.
3. Select your preferred data center location.
4. Under Server Image, click the Operating System tab and select FreeBSD. Choose the latest stable release (14.x as of this writing).
5. Select the $6/month plan (1 vCPU, 1 GB RAM, 25 GB SSD). This is sufficient for most single-service workloads.
6. Under SSH Keys, check the key you added earlier.
7. Set a hostname (e.g., freebsd-01).
8. Click Deploy Now.

The server will be ready in about 60 seconds. Once the status shows "Running," note the IP address from the dashboard.

Step 3: Connect

bash
ssh root@YOUR_SERVER_IP

If your SSH key was added correctly, you will land directly at a root shell. No password prompt.

Deploying FreeBSD on DigitalOcean (Step-by-Step)

DigitalOcean calls their servers "Droplets." FreeBSD is available as an official image.

Step 1: Add Your SSH Key

1. Sign up at DigitalOcean.
2. Navigate to Settings > Security > SSH Keys and click Add SSH Key.
3. Paste your public key (same process as above).

Step 2: Create a Droplet

1. Click Create > Droplets.
2. Under Choose an image, click the Custom images tab. Note: DigitalOcean periodically moves FreeBSD between the main OS tab and Custom images. If you do not see it under the main OS tab, check Marketplace or upload the official FreeBSD cloud image from https://download.freebsd.org/.
3. Select the FreeBSD image (latest stable release).
4. Choose the $6/mo plan (Basic, Regular SSD, 1 vCPU, 1 GB RAM, 25 GB SSD).
5. Select a data center region.
6. Under Authentication, select SSH keys and check your key.
7. Set a hostname.
8. Click Create Droplet.

Provisioning takes about 55 seconds. The IP address appears on the Droplets dashboard.

Step 3: Connect

DigitalOcean FreeBSD droplets use the root user by default for SSH:

bash
ssh root@YOUR_DROPLET_IP

Important note: DigitalOcean FreeBSD droplets use pkg as the package manager, and the system should be ready to go out of the box. If you encounter issues with pkg, run pkg bootstrap to initialize it.

Deploying FreeBSD on Hetzner Cloud (Step-by-Step)

Hetzner offers the most competitive pricing, especially for European users.

Step 1: Add Your SSH Key

1. Create an account at Hetzner Cloud.
2. Create a new project (or use the default one).
3. Go to Security > SSH Keys and add your public key.

Step 2: Create a Server

1. Inside your project, click Add Server.
2. Select a location (Falkenstein, Nuremberg, and Helsinki are the European options; Ashburn and Hillsboro for the US).
3. Under Image, click the Operating System tab and select FreeBSD. Choose the latest release.
4. Select the CX22 plan (2 vCPU, 4 GB RAM, 40 GB SSD) at around EUR 5.39/mo, or the CX11 plan if still available in your region at EUR 3.79/mo.
5. Select your SSH key.
6. Set a name for the server.
7. Click Create & Buy Now.

The server is usually ready in under 30 seconds. Hetzner is fast.

Step 3: Connect

bash
ssh root@YOUR_HETZNER_IP

Hetzner FreeBSD images come with pkg pre-configured and the system in a clean state.

First Login and Initial Setup

Regardless of which provider you chose, the next steps are the same. You are logged in as root over SSH. Here is what to do first.

Update the System

Before anything else, bring FreeBSD and its packages up to date:

bash
# Fetch and install binary security patches
freebsd-update fetch install

# Bootstrap the package manager (if not already initialized)
pkg bootstrap

# Update the package repository catalog
pkg update

# Upgrade any pre-installed packages
pkg upgrade

The freebsd-update command patches the base operating system. The pkg commands handle third-party software. Run both.

Set the Hostname

bash
sysrc hostname="freebsd-01"
hostname freebsd-01

Replace freebsd-01 with whatever you want to call this machine.

Set the Timezone

bash
tzsetup

This launches an interactive menu. Select your continent, then your city. For a server, UTC is a reasonable default -- select UTC at the first prompt if you prefer that.

Alternatively, set it non-interactively:

bash
cp /usr/share/zoneinfo/UTC /etc/localtime

Or for a specific timezone:

bash
cp /usr/share/zoneinfo/Europe/Paris /etc/localtime

Create a Non-Root User

Running everything as root is a bad habit. Create a regular user and give it wheel group membership (which allows su to root) and sudo access.

bash
# Install sudo
pkg install -y sudo

# Create the user -- replace 'admin' with your preferred username
pw useradd -n admin -m -s /bin/sh -G wheel

# Set a password for the user
passwd admin

# Allow the wheel group to use sudo
echo '%wheel ALL=(ALL:ALL) ALL' >> /usr/local/etc/sudoers

Now copy your SSH key to the new user's account so you can log in directly:

bash
mkdir -p /home/admin/.ssh
cp /root/.ssh/authorized_keys /home/admin/.ssh/
chown -R admin:admin /home/admin/.ssh
chmod 700 /home/admin/.ssh
chmod 600 /home/admin/.ssh/authorized_keys

Test it by opening a new terminal and connecting as the new user:

bash
ssh admin@YOUR_SERVER_IP

Once confirmed working, you can lock down root SSH access (covered in the security section below).

Set Up PF Firewall

FreeBSD ships with PF (Packet Filter), one of the most capable firewalls available on any Unix system. Here is a minimal configuration to get started.

Create the PF configuration file:

bash
sudo ee /etc/pf.conf

Add the following rules:

shell
# /etc/pf.conf - Basic FreeBSD VPS firewall

# Define the external interface (check yours with ifconfig)
ext_if="vtnet0"

# Skip filtering on loopback
set skip on lo0

# Normalize packets
scrub in all

# Default deny incoming, allow outgoing
block in all
pass out all keep state

# Allow SSH (port 22)
pass in on $ext_if proto tcp to port 22

# Allow HTTP and HTTPS (uncomment when ready)
# pass in on $ext_if proto tcp to port { 80, 443 }

# Allow ICMP (ping)
pass in on $ext_if inet proto icmp icmp-type { echoreq, unreach }

Enable PF at boot and start it:

bash
sudo sysrc pf_enable="YES"
sudo sysrc pflog_enable="YES"
sudo service pf start
sudo service pflog start

To verify PF is running and check the loaded rules:

bash
sudo pfctl -sr

Important: If your VPS uses a different network interface name than vtnet0, check it with ifconfig and adjust ext_if accordingly. Getting this wrong will lock you out.

For a comprehensive firewall setup, see our FreeBSD security hardening guide.

Essential First Packages to Install

Here are the packages you will almost certainly need on any FreeBSD server:

bash
# Essential system tools
sudo pkg install -y \
    vim \
    tmux \
    git \
    curl \
    wget \
    htop \
    tree \
    bash \
    rsync \
    py311-certbot

What each does:

• vim -- Text editor. The default vi on FreeBSD is functional but limited.
• tmux -- Terminal multiplexer. Essential for long-running sessions over SSH.
• git -- Version control. You will need it for cloning configurations and projects.
• curl / wget -- HTTP clients for downloading files and testing endpoints.
• htop -- Interactive process viewer. Far better than the default top.
• tree -- Directory listing in tree format. Useful for understanding file layouts.
• bash -- Some scripts expect Bash. FreeBSD's default shell is sh/csh.
• rsync -- Efficient file synchronization for backups and deployments.
• py311-certbot -- Let's Encrypt client for free TLS certificates.

If you plan to run a web server, you will also want NGINX or Apache. See our NGINX on FreeBSD production setup guide for a complete walkthrough.

Quick Security Hardening

These changes take five minutes and meaningfully improve your server's security posture. For a full hardening walkthrough, read our dedicated FreeBSD server hardening guide.

Lock Down SSH

Edit the SSH daemon configuration:

bash
sudo ee /etc/ssh/sshd_config

Change or add these directives:

shell
# Disable root login via SSH
PermitRootLogin no

# Disable password authentication (SSH keys only)
PasswordAuthentication no
ChallengeResponseAuthentication no

# Only allow your admin user
AllowUsers admin

# Use only SSH protocol 2
Protocol 2

Restart SSH to apply:

bash
sudo service sshd restart

Before you close your current session, open a new terminal and verify you can still log in as your non-root user. If something went wrong, you can fix it from the still-open root session.

Harden sysctl Settings

Add these security-related kernel parameters:

bash
sudo ee /etc/sysctl.conf

Append the following:

shell
# Prevent users from seeing other users' processes
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0

# Randomize PID assignment
kern.randompid=1

# Disable ICMP redirects (prevent MITM attacks)
net.inet.icmp.drop_redirect=1
net.inet.ip.redirect=0

# Enable TCP blackhole (silently drop packets to closed ports)
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1

Apply immediately without rebooting:

bash
sudo sysctl security.bsd.see_other_uids=0
sudo sysctl security.bsd.see_other_gids=0
sudo sysctl kern.randompid=1
sudo sysctl net.inet.icmp.drop_redirect=1
sudo sysctl net.inet.ip.redirect=0
sudo sysctl net.inet.tcp.blackhole=2
sudo sysctl net.inet.udp.blackhole=1

Enable NTP for Accurate Time

Keeping your server's clock accurate is critical for TLS certificates, logging, and cron jobs:

bash
sudo sysrc ntpd_enable="YES"
sudo sysrc ntpd_sync_on_start="YES"
sudo service ntpd start

Set Up Basic Log Monitoring

Install and enable newsyslog rotation (already configured by default on FreeBSD, but verify):

bash
# Check that log rotation is configured
cat /etc/newsyslog.conf

For real-time monitoring of auth attempts:

bash
# Watch for failed SSH login attempts
sudo tail -f /var/log/auth.log

For a comprehensive monitoring setup, see our FreeBSD server monitoring guide.

Verifying Your Setup

Before moving on to deploying services, run through this quick checklist:

bash
# Confirm FreeBSD version
freebsd-version

# Check that PF is active
sudo pfctl -si | head -5

# Verify SSH is listening
sudo sockstat -4l | grep sshd

# Check disk usage
df -h

# Verify your user has sudo access
sudo whoami

# Confirm NTP is syncing
ntpq -p

# Check for any system messages
dmesg | tail -20

If everything checks out, your FreeBSD VPS is production-ready for the next step.

Where to Go Next

You now have a secure, updated FreeBSD VPS. Here is what to tackle next, depending on your use case:

• Web server: Follow our NGINX on FreeBSD production setup to get a high-performance web server running with TLS.
• File system: Learn ZFS, FreeBSD's most powerful feature, with our ZFS on FreeBSD guide. Most VPS providers support ZFS on their FreeBSD images.
• VPN: Set up WireGuard on FreeBSD for secure remote access to your server.
• Full hardening: Go deeper with our FreeBSD server hardening guide, covering jails, MAC frameworks, and audit logging.
• Monitoring: Set up proper observability with our FreeBSD server monitoring guide.
• Compare providers: Still evaluating? Read our full best VPS hosting for FreeBSD breakdown.

Frequently Asked Questions

Is FreeBSD good for a VPS?

Yes. FreeBSD is an excellent choice for VPS workloads. It has a smaller attack surface than most Linux distributions, ZFS provides enterprise-grade file system features, and the base system is cohesive and well-documented. Many large-scale services -- including Netflix and WhatsApp -- have run critical infrastructure on FreeBSD. For a single VPS running web services, email, or a VPN, FreeBSD is stable, performant, and resource-efficient.

Which VPS provider has the best FreeBSD support?

Vultr currently offers the best FreeBSD experience among major VPS providers. They maintain up-to-date official images, support custom ISO uploads (useful for testing FreeBSD development branches), and their web console works well with FreeBSD. Hetzner is a close second, especially if you value European data centers and aggressive pricing.

Can I run FreeBSD on AWS or Google Cloud?

AWS has community-maintained FreeBSD AMIs available in EC2, and the FreeBSD Foundation publishes official AMIs. Google Cloud does not offer FreeBSD as a standard image, but you can import a custom image. For simplicity and cost, dedicated VPS providers like Vultr, DigitalOcean, and Hetzner are a better starting point.

How much does a FreeBSD VPS cost?

Entry-level plans start at $5-6/month (or as low as EUR 3.79/month at Hetzner). This typically gets you 1 vCPU, 1-2 GB RAM, and 20-25 GB SSD storage. That is more than enough to run a web server, a small database, a VPN endpoint, or a development environment. Scale up only when you hit actual resource limits -- FreeBSD is efficient enough that the smallest plan goes a long way.

Should I use ZFS or UFS on my FreeBSD VPS?

If your VPS provider's FreeBSD image defaults to ZFS, keep it. ZFS gives you snapshots, compression, checksumming, and easy capacity management. If the image uses UFS, that works fine too -- UFS is lighter on memory, which matters on 1 GB VPS plans. For a deeper dive, read our ZFS on FreeBSD guide.

How do I keep my FreeBSD VPS updated?

Run freebsd-update fetch install for base system security patches and pkg update && pkg upgrade for third-party packages. Do this at least weekly. You can automate it with a cron job, but review the changes before applying them in production. Major FreeBSD version upgrades (e.g., 13.x to 14.x) use freebsd-update upgrade -r 14.0-RELEASE and require more care.

Is FreeBSD harder to learn than Linux?

The fundamentals are the same -- you are working with a Unix command line, editing configuration files, and managing services. The differences are in specifics: FreeBSD uses rc.conf instead of systemd, PF instead of iptables/nftables, pkg instead of apt/yum, and the directory structure follows a clear base-system-vs-third-party separation (/usr/local/ for installed packages). Most server administrators find the transition straightforward. FreeBSD's documentation, particularly the FreeBSD Handbook, is exceptionally thorough.

Wrapping Up

FreeBSD on a VPS is a combination that rewards you with stability, performance, and a clean system design. The initial setup takes under 30 minutes, and the operating system will largely stay out of your way once configured.

The steps covered here -- system updates, SSH hardening, firewall rules, and a non-root user -- form the baseline for any FreeBSD server. From here, you can deploy web applications with NGINX, set up secure networking with WireGuard, or explore advanced storage with ZFS.

Pick a provider, spin up a server, and start building.