Mattermost 5.19 setup on FreeBSD 12.1 ( inside a jail )

Mattermost is a flexible, open-source messaging platform that enables secure team collaboration. There is a Freebsd port: www/mattermost-server that allows you to host your own instance. Here is a manual on how to make Mattermost server work inside a jail with https. It takes about 5 minutes to set up. I did not include parts like how to make an update NS records or setup database. Let’s start!

Pre-steps and installation

First I did connect a jail IP address with a domain called, made sure the firewall was opened on 443 and database port.

You should have already a database (MySQL or Postgress) installed somewhere where you need to create database and user(in my case MySQL) unless you want to install it on the same jail(yes you can):

create user 'mmuser'@'%' identified by 'mmuser-password';
create database mattermost;
grant all privileges on mattermost.* to 'mmuser'@'%';

Now let’s get into jail and start installing software:

pkg ins mattermost-server mattermost-webapp i18ntools


cp /usr/local/etc/mattermost/config.json.sample /usr/local/etc/mattermost/config.json
sysrc mattermostd_enable="YES"
chown -R mattermost:mattermost /usr/local/www/mattermost/client/

Open favourite editor and edit /usr/local/etc/mattermost/config.json:

  "DataSource": "mmuser:mmuser-password@tcp(,utf8\u0026readTimeout=30s\u0026writeTimeout=30s",

  "SiteURL": "",

SSL/TLS Certificate.

Most Unix systems have a limitation that user is not allowed to open ports below 1023. We want our server to be running on port 443 from a jail. On master host update setting if required:

#sysctl net.inet.ip.portrange.reservedhigh
#sysctl net.inet.ip.portrange.reservedhigh=442

There are many ways of getting SSL working with Mattermost. I found LetsCrypt option proposed by Mattermost inside a jail is not working well as it is not able to verify IP. I used certbot with Cloudflare to generate a cert.

pkg install py37-certbot-dns-cloudflare-1.1.0
mkdir -p ~/.secrets/certbot/

vi ~/.secrets/certbot/cloudflare.ini
# Cloudflare API credentials used by Certbot
dns_cloudflare_email = <[email protected]>
dns_cloudflare_api_key = <your_key>

certbot certonly  \
  --dns-cloudflare \
  --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini \
  --dns-cloudflare-propagation-seconds 10 \

cp /usr/local/etc/letsencrypt/archive/* /usr/local/etc/mattermost/
chown -R mattermost:mattermost /usr/local/etc/mattermost/

I found that the last step fixes a problem with permissions of SSL certificate. Unfortunately, Mattermost is not able to read letscrypt folders as it is started by deamon by user mattermost.

 "ServiceSettings": {
     "ListenAddress": ":443",
     "ConnectionSecurity": "TLS",
     "TLSCertFile": "/usr/local/etc/mattermost/cert1.pem",
     "TLSKeyFile": "/usr/local/etc/mattermost/privkey1.pem",
     "TLSMinVer": "1.2",
     "TLSStrictTransport": false,
     "UseLetsEncrypt": false,
     "Forward80To443": true,

Updated only settings that were required to get TLS working. Please check official TLS config for more information.

Start Mattermost and debug

To start service just type:

service mattermostd start

To see default log just tail a log file:

tail -f /usr/local/www/mattermost/mattermost.log