FusionAuth App Installation

1. Overview

This guide will assist you with installing FusionAuth App on your own server running Linux, macOS, or Windows. The FusionAuth App bundle provides access to the API and the web based user interface.

2. Download the Packages

Navigate to the Downloads page and find FusionAuth App package for your target platform.

3. Red Hat

To install on a Red Hat based system, use the RPM bundle. Execute this command to install the FusionAuth App RPM (replace <version> with the correct version number):

sudo rpm -i fusionauth-app<version>.rpm

4. Debian

To install on a Debian based system, use the DEB bundle. Execute this command to install the FusionAuth App DEB (replace <version> with the correct version number):

sudo dpkg -i fusionauth-app<version>.deb

5. macOS

To install on macOS use the ZIP bundle. Extract the FusionAuth App ZIP file anywhere on the file system. Remember where you extract the file. This location will be referred to as FUSIONAUTH_HOME. We suggest extracting this file to a directory such as /usr/local/fusionauth.

Once the zip bundle has been extracted, the directory structure should look similar to this. If you installed somewhere other the default FUSIONAUTH_HOME, your directory structure will be different, this is only for shown as an example.

/usr/local/fusionauth/bin
/usr/local/fusionauth/config
/usr/local/fusionauth/config/keystore
/usr/local/fusionauth/config/fusionauth.properties
/usr/local/fusionauth/fusionauth-app

6. Windows

To install on Windows use the ZIP bundle. Extract the FusionAuth App ZIP file anywhere on the file system. Remember where you extract the file. This location will be referred to as FUSIONAUTH_HOME. We suggest extracting this file to a directory such as \fusionauth on Windows.

Once the zip bundle has been extracted, the directory structure should look similar to this. If you installed somewhere other the default FUSIONAUTH_HOME, your directory structure will be different, this is only for shown as an example.

\fusionauth\bin
\fusionauth\config
\fusionauth\config\keystore
\fusionauth\config\fusionauth.properties
\fusionauth\fusionauth-app\

Next, install the Windows service by changing to the directory designated as FUSIONAUTH_HOME and then running the install command.

cd \fusionauth\fusionauth-app\apache-tomcat\bin
FusionAuthApp.exe /install

7. Start FusionAuth App

Next, you need to start FusionAuth App so that you can enter Maintenance Mode and allow FusionAuth to create the database. Use the instructions below to start FusionAuth. FusionAuth App depends on the Search Engine, the Search Engine must be started first.

Maintenance Mode makes installation simple. If it is not possible for you to use maintenance mode, you can edit the FusionAuth configuration files and install the database schema via the command-line using the Advanced Installation instructions below.

If you do not plan to use Maintenance Mode to configure FusionAuth, do not start FusionAuth at this point. Instead, skip the to Advanced Installation section and then return to this section after you have configured FusionAuth and the database via the command-line.

Linux (RPM or DEB package)
sudo service fusionauth-app start
macOS (ZIP package)
<FUSIONAUTH_HOME>/fusionauth-app/apache-tomcat/bin/startup.sh
Windows (ZIP package)
\fusionauth\fusionauth-app\apache-tomcat\bin\startup.bat
Windows Service
net start FusionAuthApp

8. Maintenance Mode

You will access FusionAuth App’s Maintenance Mode setup via the browser. If you installed FusionAuth App on your local machine, you’ll access this interface by opening http://localhost:9011 in your browser. If FusionAuth is running on a remote server, change the server name in the URL to match your server’s name.

8.1. Database Configuration

The first step will be to configure the database connection to allow FusionAuth to configure the database.

To complete this step you will need to confirm the database type, host, port and name. The connection type defaults to MySQL with the default MySQL port of 3306. If you are connecting to a PostgreSQL database the default port is 5432, your configuration may be different.

In the Super User credentials section you will need to supply FusionAuth with a username and password to the database so that it may create a new database and configure the FusionAuth schema. The provided credentials must have adequate authority to complete successfully. These credentials are not persisted and only utilized to complete maintenance mode.

The final section labeled FusionAuth credentials will be used to define a new database user to own the FusionAuth schema and connect to the database when FusionAuth starts up. A default username and password have been generated for you, feel free to utilize these values or modify them to suit your InfoSec requirements. These credentials will be created and used by FusionAuth to connect to the database at runtime. These credentials will be saved to the fusionauth.properties configuration file.

Click the submit button once you have completed this form and if the provided credentials and database connection information was correct you will be taken to the next step of the maintenance process or FusionAuth will continue starting up if the configuration is complete.

Maintenance Mode Database Configuration

8.2. Search Configuration

If this is your first time starting up FusionAuth we will need to validate your connection to the search engine service and create a search index for use by FusionAuth.

No configuration is required, but you will need to complete this step by clicking on the Submit button to continue. Once this step is complete you will complete the initial configuration using the Setup Wizard.

Maintenance Mode Search Configuration

9. Advanced Installation

These instructions will assist you in editing the FusionAuth configuration file and installing the database schema via the command-line. If you used Maintenance Mode to configure FusionAuth App, you can skip this section.

9.1. Database Schema

Security

By default, unless you configure the database connection using Maintenance Mode, FusionAuth is configured to connect to the database named fusionauth on localhost with the user name fusionauth and the password fusionauth. For development and testing, you can use these defaults; however, we recommend a more secure password for production systems.

In the following examples, <root_user> is the name of the root user for your database. The <root_user> must be either the root user or a user that has privileges to create databases. For MySQL, this is generally a user named root, on PostgreSQL, this is generally a user named postgres, your configuration may vary. Run the following SQL commands to configure the database for use by FusionAuth. Additionally, <ordinary_user> and <ordinary_password> are non-superuser accounts that are used to connect to the FusionAuth database.

MySQL
# Create the fusionauth database, replace <root_user> a valid superuser.
mysql --default-character-set=utf8 -u<root_user> -e "CREATE DATABASE fusionauth CHARACTER SET = 'utf8mb4' COLLATE = 'utf8mb4_bin';"

# Create the non-superuser account in the database, replace <root_user> a valid superuser, <ordinary_user> a valid non-superuser and <ordinary_password> with a secure password.
mysql --default-character-set=utf8mb4 -u<root_user> -e "CREATE USER <ordinary_user> IDENTIFIED BY '<ordinary_password>'"

# Grant ordinary user all authority to fusionauth database, replace <root_user> a valid superuser and <ordinary_user> with your user from above.
mysql --default-character-set=utf8mb4 -u<root_user> -e "GRANT ALL ON fusionauth.* TO '<ordinary_user>'@'%'" fusionauth

# Create FusionAuth schema, run this command from the directory where you have extracted the FusionAuth Database Schema zip, replace <ordinary_user> and <ordinary_password> with the values from above.
mysql --default-character-set=utf8mb4 -u<ordinary_user> -p<ordinary_password> fusionauth < mysql.sql
PostgreSQL
# Create the fusionauth database, replace <root_user> a valid superuser.
psql -U<root_user> -c "CREATE DATABASE fusionauth ENCODING 'UTF-8' LC_CTYPE 'en_US.UTF-8' LC_COLLATE 'en_US.UTF-8' TEMPLATE template0"

# Note, if installing on Windows, the Encoding values are different, replace the previous command with this version.
psql -U<root_user> -c "CREATE DATABASE fusionauth ENCODING 'UTF-8' LC_CTYPE 'English_United States' LC_COLLATE 'English_United States' TEMPLATE template0;"

# Create the non-superuser account in the database, replace <root_user> a valid superuser, <ordinary_user> a valid non-superuser and <ordinary_password> with a secure password.
psql -U<root_user> -c "CREATE ROLE <ordinary_user> WITH LOGIN PASSWORD '<ordinary_password>';"

# Grant ordinary user all authority to fusionauth database, replace <root_user> a valid superuser and <ordinary_user> with your user from above.
psql -U<root_user> -c "GRANT ALL PRIVILEGES ON DATABASE fusionauth TO <ordinary_user>; ALTER DATABASE fusionauth OWNER TO <ordinary_user>;"

# Create FusionAuth schema, run this command from the directory where you have extracted the FusionAuth Database Schema zip, replace <ordinary_user> with
the value from above.
psql -U<ordinary_user> fusionauth < postgresql.sql

9.2. Configuration

Before starting FusionAuth for the first time, you’ll need to add your database connection in the the configuration. The name of this file is fusionauth.properties.

The configuration file may be found in the following directory, assuming you installed in the default locations. If you have installed in an alternate location, the path to this file will be different.

Windows

\fusionauth\config

macOS or Linux

/usr/local/fusionauth/config

For more information about the other configuration options found in this file, see the Configuration Reference section.

Find the default database JDBC url, username and password values, verify this information is correct. The default JDBC url is configured for MySQL, if you’re using PostgreSQL you’ll need to update the URL. See the database.url property documentation in Configuration Reference for more information.

If you are using MySQL, your database.url property must have a parameter at the end like this: ?serverTimezone=UTC. The ? character is the same as a standard URL parameter, so if you have additional parameters, you should only have a single ? and parameters should be separated by &.

Database Configuration
database.url=jdbc:mysql://localhost:3306/fusionauth?serverTimezone=UTC
database.username=fusionauth
database.password=fusionauth

FusionAuth should now be configured, the database should be created and everything should be ready to run. You can start FusionAuth using the instructions in the Start FusionAuth App section above.