FusionAuth developer image
FusionAuth developer logo
  • Back to site
  • Expert Advice
  • Blog
  • Developers
  • Downloads
  • Account
  • Contact sales
Navigate to...
  • Welcome
  • Getting Started
  • 5-Minute Setup Guide
  • Release Notes
  • Core Concepts
    • Overview
    • Users
    • Roles
    • Groups
    • Entity Management
    • Registrations
    • Applications
    • Tenants
    • Identity Providers
    • Key Master
    • SCIM
    • Search
    • Authentication and Authorization
    • Integration Points
    • Localization and Internationalization
    • Editions and Features
    • Roadmap
  • Installation Guide
    • Overview
    • System Requirements
    • Server Layout
    • Cloud
    • Cluster
    • Docker
    • Fast Path
    • Kubernetes
      • Overview
      • Deployment Guide
      • Minikube Setup
      • Amazon EKS Setup
      • Google GKE Setup
      • Microsoft AKS Setup
    • Kickstart™
    • Homebrew
    • Packages
    • Database
    • FusionAuth App
    • FusionAuth Search
    • Common Configuration
  • Admin Guide
    • Overview
    • Account Portal
    • Config Management
    • Licensing
    • Monitoring
    • Proxy Setup
    • Securing
    • Technical Support
    • Troubleshooting
    • Upgrading
  • Migration Guide
    • Overview
    • General
    • Auth0
    • Keycloak
    • Amazon Cognito
    • Firebase
    • Tutorial
  • APIs
    • Overview
    • Authentication
    • Errors
    • Actioning Users
    • API Keys
    • Applications
    • Audit Logs
    • Connectors
      • Overview
      • Generic
      • LDAP
    • Consents
    • Emails
    • Entity Management
      • Overview
      • Entities
      • Entity Types
      • Grants
    • Event Logs
    • Families
    • Forms
    • Form Fields
    • Groups
    • Identity Providers
      • Overview
      • Links
      • Apple
      • External JWT
      • Epic Games
      • Facebook
      • Google
      • HYPR
      • LinkedIn
      • Nintendo
      • OpenID Connect
      • SAML v2
      • SAML v2 IdP Initiated
      • Sony PlayStation Network
      • Steam
      • Twitch
      • Twitter
      • Xbox
    • Integrations
    • IP Access Control Lists
    • JWT
    • Keys
    • Lambdas
    • Login
    • Message Templates
    • Messengers
      • Overview
      • Generic
      • Kafka
      • Twilio
    • Multi-Factor/Two Factor
    • Passwordless
    • Reactor
    • Registrations
    • Reports
    • SCIM
      • Overview
      • SCIM EnterpriseUser
      • SCIM Group
      • SCIM Service Provider Config.
      • SCIM User
    • System
    • Tenants
    • Themes
    • Users
    • User Actions
    • User Action Reasons
    • User Comments
    • Webhooks
  • Client Libraries
    • Overview
    • Dart
    • Go
    • Java
    • JavaScript
    • .NET Core
    • Node
    • OpenAPI
    • PHP
    • Python
    • Ruby
    • Typescript
  • Themes
    • Overview
    • Examples
    • Helpers
    • Localization
    • Template Variables
  • Email & Templates
    • Overview
    • Configure Email
    • Email Templates
    • Email Variables
    • Message Templates
  • Events & Webhooks
    • Overview
    • Writing a Webhook
    • Securing Webhooks
    • Events
      • Overview
      • Audit Log Create
      • Event Log Create
      • JWT Public Key Update
      • JWT Refresh
      • JWT Refresh Token Revoke
      • Kickstart Success
      • User Action
      • User Bulk Create
      • User Create
      • User Create Complete
      • User Deactivate
      • User Delete
      • User Delete Complete
      • User Email Update
      • User Email Verified
      • User IdP Link
      • User IdP Unlink
      • User Login Failed
      • User Login Id Duplicate Create
      • User Login Id Duplicate Update
      • User Login New Device
      • User Login Success
      • User Login Suspicious
      • User Password Breach
      • User Password Reset Send
      • User Password Reset Start
      • User Password Reset Success
      • User Password Update
      • User Reactivate
      • User Registration Create
      • User Registration Create Complete
      • User Registration Delete
      • User Registration Delete Complete
      • User Registration Update
      • User Registration Update Complete
      • User Registration Verified
      • User Two Factor Method Add
      • User Two Factor Method Remove
      • User Update
      • User Update Complete
  • Example Apps
    • Overview
    • Dart
    • Go
    • Java
    • JavaScript
    • .NET Core
    • PHP
    • Python
    • Ruby
  • Lambdas
    • Overview
    • Apple Reconcile
    • Client Cred. JWT Populate
    • Epic Games Reconcile
    • External JWT Reconcile
    • Facebook Reconcile
    • Google Reconcile
    • HYPR Reconcile
    • JWT Populate
    • LDAP Connector Reconcile
    • LinkedIn Reconcile
    • Nintendo Reconcile
    • OpenID Connect Reconcile
    • SAML v2 Populate
    • SAML v2 Reconcile
    • SCIM Group Req. Converter
    • SCIM Group Resp. Converter
    • SCIM User Req. Converter
    • SCIM User Resp. Converter
    • Sony PSN Reconcile
    • Steam Reconcile
    • Twitch Reconcile
    • Twitter Reconcile
    • Xbox Reconcile
  • Identity Providers
    • Overview
    • Apple
    • Epic Games
    • External JWT
      • Overview
      • Example
    • Facebook
    • Google
    • HYPR
    • LinkedIn
    • Nintendo
    • OpenID Connect
      • Overview
      • Azure AD
      • Discord
      • Github
    • Sony PlayStation Network
    • Steam
    • Twitch
    • Twitter
    • SAML v2
      • Overview
      • ADFS
    • SAML v2 IdP Initiated
      • Overview
      • Okta
    • Xbox
  • Messengers
    • Overview
    • Generic Messenger
    • Kafka Messenger
    • Twilio Messenger
  • Connectors
    • Overview
    • Generic Connector
    • LDAP Connector
    • FusionAuth Connector
  • Self Service Account Mgmt
    • Overview
    • Updating User Data & Password
    • Add Two-Factor Authenticator
    • Add Two-Factor Email
    • Add Two-Factor SMS
    • Customizing
    • Troubleshooting
  • Advanced Threat Detection
    • Overview
  • Integrations
    • Overview
    • CleanSpeak
    • Kafka
    • Twilio
  • OpenID Connect & OAuth 2.0
    • Overview
    • Endpoints
    • Tokens
  • SAML v2 IdP
    • Overview
    • Google
    • Zendesk
  • Plugins
    • Plugins
    • Writing a Plugin
    • Custom Password Hashing
  • Guides
    • Overview
    • Advanced Registration Forms
    • Breached Password Detection
    • Multi-Factor Authentication
    • Multi-Tenant
    • Passwordless
    • Securing Your APIs
    • Silent Mode
    • Single Sign-on
  • Tutorials
    • Overview
    • User Control & Gating
      • Gate Unverified Users
      • Gate Unverified Registrations
      • User Account Lockout
    • Setup Wizard & First Login
    • Register/Login a User
    • Start and Stop FusionAuth
    • Authentication Tokens
    • Key Rotation
    • JSON Web Tokens
    • Prometheus Setup
    • Switch Search Engines
    • Two Factor (pre 1.26)
  • Reference
    • CORS
    • Configuration
    • Data Types
    • Known Limitations
    • Password Hashes

    FusionAuth Search Installation

    Overview

    This guide will assist you with installing FusionAuth Search on your own server running Linux, macOS, or Windows. The search engine is required by FusionAuth and provides full text search. This service may be horizontally scaled by using Elasticsearch clustering.

    Download the Packages

    Navigate to the Downloads page and find FusionAuth Search package for your target platform.

    Red Hat

    To install on a Red Hat based system, use the RPM bundle. Execute this command to install the FusionAuth Search RPM (replace <version> with the correct version number):

    sudo rpm -i fusionauth-search<version>.rpm

    Debian

    To install on a Debian based system, use the DEB bundle. Execute this command to install the FusionAuth Search DEB (replace <version> with the correct version number):

    sudo dpkg -i fusionauth-search<version>.deb

    macOS

    To install on macOS use the ZIP bundle. Extract the FusionAuth Search ZIP file anywhere on the file system. Remember where you extract the file. This location will be referred to as FUSIONAUTH_HOME. We suggest extracting this file to a directory such as /usr/local/fusionauth.

    Once the zip bundle has been extracted, the directory structure should look similar to this. If you installed somewhere other the default FUSIONAUTH_HOME, your directory structure will be different, this is only for shown as an example.

    /usr/local/fusionauth/bin
    /usr/local/fusionauth/config
    /usr/local/fusionauth/config/keystore
    /usr/local/fusionauth/config/fusionauth.properties
    /usr/local/fusionauth/fusionauth-search

    Windows

    To install on Windows use the ZIP bundle. Extract the FusionAuth Search ZIP file anywhere on the file system. Remember where you extract the file. This location will be referred to as FUSIONAUTH_HOME. We suggest extracting this file to a directory such as \fusionauth on Windows.

    Once the zip bundle has been extracted, the directory structure should look similar to this. If you installed somewhere other the default FUSIONAUTH_HOME, your directory structure will be different, this is only for shown as an example.

    \fusionauth\bin
    \fusionauth\config
    \fusionauth\config\keystore
    \fusionauth\config\fusionauth.properties
    \fusionauth\fusionauth-search\

    Next, install the Windows service by changing to the directory designated as FUSIONAUTH_HOME and then running the install command.

    cd \fusionauth\fusionauth-search\elasticsearch\bin
    \fusionauth\fusionauth-search\elasticsearch\bin> FusionAuthSearch.exe /install

    Configuration

    If you will be running more than one search engine service, or the search engine is installed on a separate server than the FusionAuth App service, you will need to modify the default configuration in the fusionauth.properties file.

    If you have installed the Search Engine service on the same server that is running FusionAuth App no further configuration is required.

    Each server running the FusionAuth Search service will need to be added to the configuration. To do this, you will need to edit the fusionauth.properties configuration file. More information about this configuration file is located in the Configuration Reference section.

    The following examples assume that FusionAuth App and FusionAuth Search can communicate either on localhost if running on the same system, or if running on separate systems that a site local connection exists between both servers. If you require communication between FusionAuth App and FusionAuth Search on a public IP address, you will also need to modify the fusionauth-search.hosts property on the server running FusionAuth Search. The default value will only bind to localhost and site local IP addresses. See the Configuration Reference for more information on configuring the fusionauth-search.hosts property.

    The following examples also assume the default port as specified by the fusionauth-search.transport-port property. If this value has been modified, adjust the examples accordingly.

    Example Configuration 1

    The following is an example where FusionAuth Search is running on the same server as FusionAuth. This is the default configuration, if this is how you have your system configured, no change to fusionauth.properties is required.

    fusionauth.properties
    fusionauth-search.servers=localhost:9020
    fusionauth-app.search-engine-type=elasticsearch
    fusionauth-app.search-servers=http://localhost:9021

    Example Configuration 2

    The following is an example where the FusionAuth Search is running on a separate system than the FusionAuth App and the FusionAuth Search Engine has an IP Address of 192.168.1.41.

    We’ll refer to the server running FusionAuth App as System 1, and the server running FusionAuth Search as System 2.

    fusionauth.properties on System 1
    fusionauth-search.servers=192.168.1.41:9020
    fusionauth-app.search-engine-type=elasticsearch
    fusionauth-app.search-servers=http://192.168.1.41:9021
    fusionauth.properties on System 2
    fusionauth-search.servers=localhost:9020
    fusionauth-app.search-engine-type=elasticsearch
    fusionauth-app.search-servers=http://localhost:9021

    Example Configuration 3

    When configuring multiple Elasticsearch nodes, you will need to modify the service discovery settings in the shipped elasticsearch.yml. See Elasticsearch’s Discovery and cluster formation settings documentation in configuring multiple nodes.

    The following is an example where FusionAuth Search is running on the same server as FusionAuth App, and another server also has both the FusionAuth App and the FusionAuth Search installed.

    We will refer to these systems as System 1 and System 2, where System 1 has an IP address of 192.168.1.41 and System 2 has an IP address of 192.168.1.42.

    fusionauth.properties on System 1
    fusionauth-search.servers=localhost:9020,192.168.1.42:9020
    fusionauth-app.search-engine-type=elasticsearch
    fusionauth-app.search-servers=http://localhost:9021,http://192.168.1.42:9021
    fusionauth.properties on System 2
    fusionauth-search.servers=localhost:9020,192.168.1.41:9020
    fusionauth-app.search-engine-type=elasticsearch
    fusionauth-app.search-servers=http://localhost:9021,http://192.168.1.41:9021

    Start FusionAuth Search

    FusionAuth Search Engine should now be ready to run. Use the instructions below to start FusionAuth Search. The search engine should be started first before the FusionAuth App service.

    Linux (RPM or DEB package)
    sudo systemctl start fusionauth-search
    macOS (ZIP package)
    <FUSIONAUTH_HOME>/fusionauth-search/elasticsearch/bin/elasticsearch -d
    Windows (ZIP package)
    \fusionauth\fusionauth-search\elasticsearch\bin\elasticsearch.bat
    Windows Service
    net start FusionAuthSearch

    Feedback

    How helpful was this page?

    See a problem?

    File an issue in our docs repo

    © 2021 FusionAuth
    Subscribe for developer updates