Why This Page Exists
Arcline's entire stack — every server we manage, every service we deliver, and the website you're reading right now — runs on open source software. None of that is secret. We think it's worth being explicit about it.
Open source isn't a buzzword here. It's the reason we can audit what's running on your infrastructure, explain why something behaves a certain way, and make opinionated choices about security without being locked into a vendor's roadmap. The projects listed below have years or decades of development behind them. We didn't build any of this. We just know how to run it well.
Where we've found bugs or gaps, we report them upstream. Where we've written tools, we release them. That's the deal.
Platforms & Operating Systems
Our primary server OS. Stable base system, excellent jails/bhyve virtualisation, tight integration with OpenZFS. Powers Netflix, PlayStation, and a significant portion of the internet's infrastructure.
freebsd.org ↗
Used for firewalls, VPN gateways, and anything where default-secure matters most. Two remote vulnerabilities in the default install over 25+ years. The home of pf, OpenSSH, and LibreSSL.
openbsd.org ↗
Illumos-based distribution maintained by the community. Chosen for ZFS-native storage appliances where the original Solaris engineers' work lives closest to the metal.
omnios.org ↗
Used when a client's workload needs Linux — containerised applications, specific GPU drivers, or a team that already knows Debian-family systems. We don't force BSD where it doesn't fit.
debian.org ↗
FreeBSD-based firewall and routing platform built on pf. Used for perimeter firewalls, VLAN segmentation, site-to-site VPN, and traffic shaping. Actively maintained with a clean audit trail.
opnsense.org ↗
Remote access to everything we manage. Born out of the OpenBSD project, now running on effectively every Unix system on the planet. We enforce key-based auth, disable root login, and audit access logs.
openssh.com ↗
Modern VPN with a codebase small enough to actually audit (~4,000 lines of kernel code). Used for site-to-site tunnels and remote access where IPsec complexity isn't warranted.
wireguard.com ↗
Free, automated TLS certificates via the ACME protocol. Every web-facing service we manage uses valid TLS. No self-signed certificates in production, no excuses.
letsencrypt.org ↗
Open source SIEM and XDR platform. Used for log analysis, file integrity monitoring, intrusion detection, and compliance. Self-hosted — your security events don't touch a third-party cloud.
wazuh.com ↗
Time-series metrics collection with a pull model and a powerful query language. Used for infrastructure health monitoring, alerting, and capacity planning. No telemetry leaves the environment.
prometheus.io ↗
Dashboards and visualisation on top of Prometheus. Self-hosted Grafana instances mean clients can view their own infrastructure metrics without us proxying access through a third-party SaaS.
grafana.com/oss ↗
MTA handling inbound and outbound delivery. Wietse Venema's design focuses on security through a modular, least-privilege architecture. The de-facto standard for self-hosted mail.
postfix.org ↗
IMAP and POP3 server. Fast, secure, well-maintained. Handles mailbox storage and client access. Pairs cleanly with Postfix for a complete inbound mail stack.
dovecot.org ↗
Spam filtering and DKIM/DMARC/SPF enforcement. Faster than SpamAssassin with a better default ruleset. Handles the signal processing that keeps your inbox clean without outsourcing decisions to a cloud provider.
rspamd.com ↗
The language this website's server is written in. Statically compiled, fast, and ships a single binary with no runtime dependencies. The standard library handles HTTP, TLS, compression, and structured logging without reaching for a framework.
go.dev ↗
Reverse proxy and web server with automatic HTTPS via ACME. Used for shared hosting and any service that needs a battle-tested TLS terminator in front of it. Zero manual certificate management.
caddyserver.com ↗
Version control for infrastructure configuration, scripts, and application code. Self-hosted Gitea instances available for clients who don't want source code on GitHub.
git-scm.com ↗
A Note on Licensing
Most of the software above uses BSD, MIT, Apache, or GPL licences. We track the licences of everything we deploy and don't use software in ways that conflict with its terms. If you're working with us and have questions about a specific licence's implications for your environment, ask — it's a reasonable question with a real answer.
Supporting These Projects
Open source projects run on donated time, corporate sponsorship, or both. If any of the above software is saving your business money — and it is — consider supporting the projects directly:
Want to understand what's running in your environment — and why? Get in touch. We'll explain the stack in plain terms and make sure every piece of software running on your systems is there for a reason.
Built on open source. Run with expertise.
We bring the configuration, hardening, and operational knowledge that turns good software into reliable infrastructure.
Book a Consultation