Skip to main content
boxd is built to be run anywhere. The same stack that powers boxd.sh ships as a single Rust binary you can run on your own hardware. No managed cloud services in the data path, no vendor lock-in baked into the design.

What “single binary” means here

boxd is one binary that takes a role flag (control, worker, proxy, dns) at startup. You install it on a handful of Linux machines, point them at each other, and the cluster forms on its own. Raft handles the consensus between control nodes, workers register themselves and start scheduling VMs, the proxy fronts public traffic on :443 and :22, and DNS serves the cluster zone. No Kubernetes. No Postgres. No managed message broker. State lives in the embedded Raft log on the control nodes.

What you need

  • A few Linux machines with KVM enabled (bare metal or nested-virt VMs).
  • A network the nodes can reach each other on (private L2 ideal, public works).
  • An IP block to allocate per-VM public IPs from (your existing range, an OVH Additional IP block, your hyperscaler’s BYOIP, anything routable).
  • A domain for the cluster zone (the equivalent of boxd.sh on the hosted service).
That’s the whole shopping list. The boxd installer and Ansible roles handle the rest: tap interfaces, bridges, VXLAN between workers, ACME for TLS, the lot.

Why teams self-host

  • Data sovereignty. Your customers’ VMs and disks never leave your infrastructure. The control plane has no phone-home.
  • Compliance. SOC 2, HIPAA, GDPR, FedRAMP. The platform is yours to attest under.
  • On-prem accelerators. Bring your own GPUs, FPGAs, or other PCI devices and pass them through to VMs.
  • Air-gapped or sovereign clouds. Run it in your own datacenter or in a regulated country’s cloud where the hyperscalers aren’t an option.
  • Cost. At scale, owning the hardware beats renting it.

Why this is hard for anyone else to copy

A persistence stack only works if every layer cooperates. boxd owns all six:
  1. VMM (KVM) — custom, in Rust. Boots in milliseconds. Forks live state.
  2. Host kernel — tuned for microVM density, not throughput-per-VM.
  3. Guest kernel — minimal. Agent-shaped. No general-purpose tax.
  4. Init system — sub-second startup. Boot path is fully ours.
  5. Scheduler — placement, packing, hibernation. The density lever.
  6. Consensus — Raft, single binary. Coordinates the fleet.
A competitor stitched together from Firecracker, Kubernetes, and Postgres would have to rewrite their core to fork live state, suspend in microseconds, and resume anywhere on the fleet. Persistence is a stack, not a feature.

Getting it

Self-hosting boxd today goes through us. The binary and Ansible roles aren’t yet on a public download. If you want to run boxd on your own hardware, email contact@boxd.sh with a few notes on your setup (machine count, target use case, sovereignty requirements) and we’ll get you onboarded. A public self-hosting release is on the roadmap.

Reference

https://mintcdn.com/azin/Ax1V0serIwQf0x_2/images/icons/server-square.svg?fit=max&auto=format&n=Ax1V0serIwQf0x_2&q=85&s=1bbbc4c3c59a2e4c73bca3d24a58fb2c

The VM model

What’s inside a boxd VM, how images work, and what each VM ships with.
https://mintcdn.com/azin/Ax1V0serIwQf0x_2/images/icons/share.svg?fit=max&auto=format&n=Ax1V0serIwQf0x_2&q=85&s=3728787098861b8f28c5076d71f02278

VM-to-VM networking

The bridge gateway, source-IP auth, and how VXLAN stitches workers together.