Using FusionAuth on Docker
Docker Compose
All of the FusionAuth Docker images may be found on Docker Hub.
If you’re looking for a complete configuration to get up and running quickly, use our Docker Compose example. The reference docker-compose.yml will install FusionAuth without the enhanced search capability that Elasticsearch provides. If you would like to install FusionAuth including Elasticsearch for improved search capability, include the reference docker-compose.override.yml in the install steps below.
The following are examples and may not be the most recent version. Refer to the following link in GitHub to find the latest version of our reference configuration.
FusionAuth
In this example, we will download the docker-compose.yml and the .env files and then start up the configured containers.
curl -o docker-compose.yml https://raw.githubusercontent.com/FusionAuth/fusionauth-containers/master/docker/fusionauth/docker-compose.yml
curl -o .env https://raw.githubusercontent.com/FusionAuth/fusionauth-containers/master/docker/fusionauth/.env
docker-compose upFusionAuth with Elasticsearch
In this example, we will download the docker-compose.yml, docker-compose.override.yml and the .env files and then start up the configured containers.
curl -o docker-compose.yml https://raw.githubusercontent.com/FusionAuth/fusionauth-containers/master/docker/fusionauth/docker-compose.yml
curl -o docker-compose.override.yml https://raw.githubusercontent.com/FusionAuth/fusionauth-containers/master/docker/fusionauth/docker-compose.override.yml
curl -o .env https://raw.githubusercontent.com/FusionAuth/fusionauth-containers/master/docker/fusionauth/.env
docker-compose up
The stock .env file will contain the following values, you will want to modify the DATABASE_PASSWORD and ensure the POSTGRES_USER and POSTGRES_PASSWORD values are correct. You may also override any of these values using environment variables.
POSTGRES_USER=postgres
POSTGRES_PASSWORD=postgres
DATABASE_USER=fusionauth
DATABASE_PASSWORD=hkaLBM3RVnyYeYeqE3WI1w2e4Avpy0Wd5O3s3
ES_JAVA_OPTS=-Xms512m -Xmx512m
FUSIONAUTH_MEMORY=512MDocker Compose Examples
FusionAuth
The following is an example docker-compose.yml file configuring FusionAuth without the Elasticsearch engine. For the most recent version of this example find this file on GitHub.
version: '3'
services:
db:
image: postgres:9.6
environment:
PGDATA: /var/lib/postgresql/data/pgdata
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
# Un-comment to access the db service directly
# ports:
# - 5432:5432
networks:
- db
restart: unless-stopped
volumes:
- db_data:/var/lib/postgresql/data
fusionauth:
image: fusionauth/fusionauth-app:latest
depends_on:
- db
environment:
DATABASE_URL: jdbc:postgresql://db:5432/fusionauth
DATABASE_ROOT_USER: ${POSTGRES_USER}
DATABASE_ROOT_PASSWORD: ${POSTGRES_PASSWORD}
DATABASE_USER: ${DATABASE_USER}
DATABASE_PASSWORD: ${DATABASE_PASSWORD}
FUSIONAUTH_MEMORY: ${FUSIONAUTH_MEMORY}
FUSIONAUTH_SEARCH_ENGINE_TYPE: database
FUSIONAUTH_URL: http://fusionauth:9011
networks:
- db
restart: unless-stopped
ports:
- 9011:9011
volumes:
- fa_config:/usr/local/fusionauth/config
networks:
db:
driver: bridge
volumes:
db_data:
fa_config:FusionAuth with Elasticsearch
The following is an example docker-compose-override.yml which may be included in your working directory next to the above docker-compose.yml to install and configure Elasticsearch. For the most recent version of this example find this file on GitHub.
version: '3'
services:
search:
image: docker.elastic.co/elasticsearch/elasticsearch:7.6.2
environment:
cluster.name: fusionauth
bootstrap.memory_lock: "true"
discovery.type: single-node
ES_JAVA_OPTS: ${ES_JAVA_OPTS}
# Un-comment to access the search service directly
# ports:
# - 9200:9200
# - 9300:9300
networks:
- search
restart: unless-stopped
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- es_data:/usr/share/elasticsearch/data
fusionauth:
depends_on:
- search
environment:
FUSIONAUTH_SEARCH_ENGINE_TYPE: elasticsearch
FUSIONAUTH_SEARCH_SERVERS: http://search:9200
networks:
- search
networks:
search:
driver: bridge
volumes:
es_data:Configuration
Review the Configuration - Environment Variables documentation to customize your deployment.
Docker Services
In the above example configurations you will find a database, search and FusionAuth service. Read below to better understand how each service is configured.
Database Service
At a minimum, you wil need to either set the POSTGRES_PASSWORD environment variable in the db service section, or more ideally set the value in the host environment and leave it out of the docker-compose.yml file. Ensure the other properties fit your requirements. Refer to the System Requirements for database version support.
Search Service
We currently support Elasticsearch versions 6.3.x - 7.6.x. Later versions may works as well, but may not have been tested for compatibility. Please let us know if you have a requirement for a different version of Elasticsearch. The remainder of the properties can be changed to whatever you need.
Production Deployment
Elasticsearch has a few runtime requirements that may not be met by default on your host platform. Please review the Elasticsearch Docker production mode guide for more information.
For example if startup is failing and you see the following in the logs, you will need to increase vm.max_map_count on your host VM.
2018-11-22T12:32:06.779828954Z Nov 22, 2018 12:32:06.779 PM ERROR c.inversoft.maintenance.search.ElasticsearchSilentConfigurationWorkflowTask
- Silent configuration was unable to complete search configuration. Entering maintenance mode. State [SERVER_DOWN]
2018-11-22T13:00:05.346558595Z ERROR: [2] bootstrap checks failed
2018-11-22T13:00:05.346600195Z [1]: memory locking requested for elasticsearch process but memory is not locked
2018-11-22T13:00:05.346606495Z [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]Docker Images
If you want to build your own image starting with our base image, the following Docker image is available.
FusionAuth App
docker pull fusionauth/fusionauth-app