A Private pkg Repo Behind Mutual TLS
Summary
This is a practical guide to securing a private FreeBSD package repository with mutual TLS. It covers setting up HTTPS with nginx, creating a private CA, issuing and revoking client certificates, and enabling mTLS. It also explains using Poudriere to build packages and configuring pkg(8) to fetch from an mTLS-protected repository, delivering zero-password, VPN-free access with end-to-end TLS for SMB deployments.