FusionAuth developer image
FusionAuth developer logo
  • Back to site
  • Expert Advice
  • Blog
  • Developers
  • Downloads
  • Account
  • Contact sales
Navigate to...
  • Welcome
  • Getting Started
    • Getting Started
    • 5-minute Setup Guide
      • Overview
      • Docker
      • Fast Path
      • Sandbox
    • Setup Wizard & First Login
    • Register a User and Login
    • Self-service Registration
    • Start and Stop FusionAuth
    • Core Concepts
      • Overview
      • Users
      • Roles
      • Groups
      • Registrations
      • Applications
      • Tenants
      • Identity Providers
      • Authentication/Authorization
      • Integration Points
    • Example Apps
      • Overview
      • Dart
      • Go
      • Java
      • JavaScript
      • .NET Core
      • PHP
      • Python
      • Ruby
    • Tutorials
      • Overview
      • Java Spring
      • Python Django
  • Installation Guide
    • Overview
    • System Requirements
    • Server Layout
    • Cloud
    • Cluster
    • Docker
    • Fast Path
    • Kubernetes
      • Overview
      • Deployment Guide
      • Minikube Setup
      • Amazon EKS Setup
      • Google GKE Setup
      • Microsoft AKS Setup
    • Kickstart™
    • Homebrew
    • Marketplaces
    • Packages
    • Database
    • FusionAuth App
    • FusionAuth Search
    • Common Configuration
  • Migration Guide
    • Overview
    • General
    • Auth0
    • Keycloak
    • Amazon Cognito
    • Firebase
    • Microsoft Azure AD B2C
    • Tutorial
  • Admin Guide
    • Overview
    • Account Portal
    • Config Management
    • Editions and Features
    • Key Rotation
    • Licensing
    • Monitoring
    • Prometheus Setup
    • Proxy Setup
    • Reference
      • Overview
      • Configuration
      • CORS
      • Data Types
      • Hosted Login Pages Cookies
      • Known Limitations
      • Password Hashes
    • Releases
    • Roadmap
    • Search And FusionAuth
    • Securing
    • Switch Search Engines
    • Technical Support
    • Troubleshooting
    • Upgrading
    • WebAuthn
  • Login Methods
    • Identity Providers
      • Overview
      • Apple
      • Epic Games
      • External JWT
        • Overview
        • Example
      • Facebook
      • Google
      • HYPR
      • LinkedIn
      • Nintendo
      • OpenID Connect
        • Overview
        • Amazon Cognito
        • Azure AD
        • Discord
        • Github
        • Okta
      • Sony PlayStation Network
      • Steam
      • Twitch
      • Twitter
      • SAML v2
        • Overview
        • ADFS
        • Azure AD
        • Okta
      • SAML v2 IdP Initiated
        • Overview
        • Okta
      • Xbox
    • OIDC & OAuth 2.0
      • Overview
      • Endpoints
      • Tokens
      • OAuth Modes
      • URL Validation
    • Passwordless
      • Overview
      • Magic Links
      • WebAuthn & Passkeys
    • SAML v2 IdP
      • Overview
      • Google
      • PagerDuty
      • Tableau Cloud
      • Zendesk
  • Developer Guide
    • Overview
    • API Gateways
      • Overview
      • Amazon API Gateway
      • Kong Gateway
      • ngrok Cloud Edge
    • Client Libraries & SDKs
      • Overview
      • Dart
      • Go
      • Java
      • JavaScript
      • .NET Core
      • Node
      • OpenAPI
      • PHP
      • Python
      • React
      • Ruby
      • Typescript
    • Events & Webhooks
      • Overview
      • Writing a Webhook
      • Securing Webhooks
      • Events
        • Overview
        • Audit Log Create
        • Event Log Create
        • JWT Public Key Update
        • JWT Refresh
        • JWT Refresh Token Revoke
        • Kickstart Success
        • Group Create
        • Group Create Complete
        • Group Delete
        • Group Delete Complete
        • Group Update
        • Group Update Complete
        • Group Member Add
        • Group Member Add Complete
        • Group Member Remove
        • Group Member Remove Complete
        • Group Member Update
        • Group Member Update Complete
        • User Action
        • User Bulk Create
        • User Create
        • User Create Complete
        • User Deactivate
        • User Delete
        • User Delete Complete
        • User Email Update
        • User Email Verified
        • User IdP Link
        • User IdP Unlink
        • User Login Failed
        • User Login Id Dup. Create
        • User Login Id Dup. Update
        • User Login New Device
        • User Login Success
        • User Login Suspicious
        • User Password Breach
        • User Password Reset Send
        • User Password Reset Start
        • User Password Reset Success
        • User Password Update
        • User Reactivate
        • User Reg. Create
        • User Reg. Create Complete
        • User Reg. Delete
        • User Reg. Delete Complete
        • User Registration Update
        • User Reg. Update Complete
        • User Reg. Verified
        • User 2FA Method Add
        • User 2FA Method Remove
        • User Update
        • User Update Complete
    • Guides
      • Overview
      • Application Specific Email Templates
      • Authentication Tokens
      • Exposing A Local Instance
      • JSON Web Tokens
      • Key Master
      • Localization and Internationalization
      • Multi-Factor Authentication
      • Multi-Tenant
      • Passwordless
      • Registration-based Email Verification
      • Searching With Elasticsearch
      • Securing Your APIs
      • Silent Mode
      • Single Sign-on
      • Two Factor (pre 1.26)
    • Integrations
      • Overview
      • CleanSpeak
      • Kafka
      • Twilio
    • Plugins
      • Overview
      • Writing a Plugin
      • Custom Password Hashing
    • User Control & Gating
      • Overview
      • Gate Unverified Users
      • Gate Unverified Registrations
      • User Account Lockout
  • Customization
    • Email & Templates
      • Overview
      • Configure Email
      • Email Templates
      • Email Variables
      • Message Templates
    • Lambdas
      • Overview
      • Apple Reconcile
      • Client Cred. JWT Populate
      • Epic Games Reconcile
      • External JWT Reconcile
      • Facebook Reconcile
      • Google Reconcile
      • HYPR Reconcile
      • JWT Populate
      • LDAP Connector Reconcile
      • LinkedIn Reconcile
      • Nintendo Reconcile
      • OpenID Connect Reconcile
      • SAML v2 Populate
      • SAML v2 Reconcile
      • SCIM Group Req. Converter
      • SCIM Group Resp. Convtr.
      • SCIM User Req. Converter
      • SCIM User Resp. Converter
      • Self-Service Registration
      • Sony PSN Reconcile
      • Steam Reconcile
      • Twitch Reconcile
      • Twitter Reconcile
      • Xbox Reconcile
    • Messengers
      • Overview
      • Generic Messenger
      • Twilio Messenger
    • Themes
      • Overview
      • Examples
      • Helpers
      • Localization
      • Template Variables
      • Kickstart Custom Theme
  • Premium Features
    • Overview
    • Advanced Registration Forms
    • Advanced Threat Detection
    • Application Specific Themes
    • Breached Password Detection
    • Connectors
      • Overview
      • Generic Connector
      • LDAP Connector
      • FusionAuth Connector
    • Entity Management
    • SCIM
      • Overview
      • Azure AD Client
      • Okta Client
      • SCIM-SDK
    • Self Service Account Mgmt
      • Overview
      • Updating User Data & Password
      • Add Two-Factor Authenticator
      • Add Two-Factor Email
      • Add Two-Factor SMS
      • Add WebAuthn Passkey
      • Customizing
      • Troubleshooting
    • WebAuthn
  • APIs
    • Overview
    • Authentication
    • Errors
    • API Explorer
    • Actioning Users
    • API Keys
    • Applications
    • Audit Logs
    • Connectors
      • Overview
      • Generic
      • LDAP
    • Consents
    • Emails
    • Entity Management
      • Overview
      • Entities
      • Entity Types
      • Grants
    • Event Logs
    • Families
    • Forms
    • Form Fields
    • Groups
    • Identity Providers
      • Overview
      • Links
      • Apple
      • External JWT
      • Epic Games
      • Facebook
      • Google
      • HYPR
      • LinkedIn
      • Nintendo
      • OpenID Connect
      • SAML v2
      • SAML v2 IdP Initiated
      • Sony PlayStation Network
      • Steam
      • Twitch
      • Twitter
      • Xbox
    • Integrations
    • IP Access Control Lists
    • JWT
    • Keys
    • Lambdas
    • Login
    • Message Templates
    • Messengers
      • Overview
      • Generic
      • Twilio
    • Multi-Factor/Two Factor
    • Passwordless
    • Reactor
    • Registrations
    • Reports
    • SCIM
      • Overview
      • SCIM User
      • SCIM Group
      • SCIM EnterpriseUser
      • SCIM Service Provider Config.
    • System
    • Tenants
    • Themes
    • Users
    • User Actions
    • User Action Reasons
    • User Comments
    • WebAuthn
    • Webhooks
  • Release Notes

    System Requirements

    System Requirements

    FusionAuth will install and run on nearly any system. We have done our best to document the supported configurations here. If you have any questions about platform support, please ask a question on the forum or open an issue on Github. If you have a licensed edition you may open a support request from your account.

    Please read through this documentation and ensure you have met all of the requirements before continuing with the installation of FusionAuth.

    • Operating System

    • Java

    • Compute RAM

    • Compute Disk Space

    • Compute CPU

    • Database

      • Database RAM

      • Database Disk Space

    • Elasticsearch

      • Elasticsearch RAM

      • Elasticsearch Disk Space

    • Network Access

      • Paid Editions

    Operating System

    FusionAuth will run on most platforms. The following list summarizes the supported platforms.

    • Linux - all distributions

    • macOS 10.15 (Catalina) or newer

    • Windows Server 2019

    • Windows 10

    Docker, k8s and other container platforms are supported because the host operating system is based upon Linux.

    Java

    FusionAuth ships with its own version of Java. The version that is contained in the bundle is the required and supported version.

    Currently, Java 17 is the supported major version. Java 14 is the supported major version for all FusionAuth releases before FusionAuth 1.32.

    To determine the Java version required for any given version of FusionAuth, download the appropriate FusionAuth package and examine the install script.

    Compute RAM

    The minimum memory required to run FusionAuth will vary depending upon the number of users you expect and the general intended system capacity.

    General guideline: 512M

    If you have memory lying around, feel free to throw more at it - but in a multi-node configuration 512M to 1GB assigned per node should be very adequate.

    This memory is required for the FusionAuth application. Other programs as well as the operating system take memory too. If you are going to run another application on the same server or a local database, increase your memory appropriately.

    If you intend to run Elasticsearch and FusionAuth on the same host you will need to ensure the host has adequate memory for both services and ensure you have adequate disk space for the Elasticsearch index to be stored.

    Considerations that may require a larger amount of memory:

    • Bulk importing users into FusionAuth. If you are importing in chunks of 250k to 500k it is possible FusionAuth will require additional memory to complete this request.

    • > 1k Lambdas. Lambdas need to be pre-compiled, cached and sandboxed in their own JavaScript engine for use a runtime. Creating thousands of Lambdas will increase your memory requirements due to what is needed to keep in memory at runtime.

    • > 1k Tenants. There are tasks that require a full traversal of all tenants, when you have 1000’s of tenants these tasks may affect performance and will increase your memory requirements.

    • > 1k Applications. There are tasks that require a full traversal of all applications, when you have 1000’s of applications these tasks may affect performance and will increase your memory requirements.

    • When using the Advanced Threat Detection feature, a minimum of 2GB of heap is required, and 3GB is recommended.

    When using Advanced Threat Detection, it is recommended to allow for adequate memory headspace on the deployment. If the FusionAuth application is taking 3GB of an in-memory heap, then its best to allocate at least 4GB (in total, possibly more) for the host system.

    Compute Disk Space

    The minimum disk space for a compute node (that is nodes that are running fusionauth-app) required to run FusionAuth can generally be minimal. We recommend providing compute nodes with between 10GB and 50GB of disk space. The fusionauth-app installation is only a few hundred megabytes and the operating system is usually on a gigabyte or two. Therefore, you only need to provide enough space for logging and operations performed on the server.

    This recommendation assumes that you aren’t running fusionauth-search on the node and leveraging Elasticsearch. If you intend to use Elasticsearch, please see the disk space recommendations below.

    Compute CPU

    The CPU required for compute nodes (that is nodes that are running fusionauth-app) depends mostly on the login and registration volume you expect and the password hashing algorithm you use. Here are some general guidelines based on AWS EC2 nodes and using PBKDF2 with a load factor of 24,000 for the password hashing algorithm:

    Node type Logins/registrations per second

    t3.medium

    10 - 20 logins per second

    m5.large

    30 - 50 logins per second

    Database

    FusionAuth Cloud runs on PostgreSQL.

    If you would like the option to migrate to FusionAuth Cloud in the future, you must use PostgreSQL. If you use MySQL, you will not have the option to ever migrate your data to FusionAuth Cloud.

    • MySQL 8.0 or newer

      • MysQL platforms that utilize MySQL Group Replication are not supported.

      • MariaDB and Percona may work, however these variants are not actively tested against by FusionAuth.

      • See MariaDB known issues on our GitHub issues.

    • PostgreSQL 10 or newer

    Database RAM

    The RAM required by the database depends on your login volume and object counts. If you expect to have a few logins per minute and only a few thousand objects, 1GB-2GB of RAM will be sufficient. If you have hundreds of millions of objects and 1,000 logins per second, you’ll might need 256GB of RAM. We recommend running load tests of FusionAuth to help determine the amount of RAM that is required for your needs.

    Database Disk Space

    The amount of disk space required by the database depends on your configuration, login volumes, and total object counts. We recommend that you estimate the disk space based on the amount of data and storage configuration (event logs, audit logs, and raw login). It is also a good idea to use a system that allows you to expand the disk space if needed (such as Amazon RDS).

    In most cases, if you have thousands of objects and low login volumes, 10GB of disk space will be sufficient. If you have millions of objects and high login volumes, you might need 1TB of disk or more.

    Elasticsearch

    Elasticsearch is optional, and may be leveraged for improving user search functionality. See the Core Concepts - User documentation for reference in configuration and usage.

    If you will be running Elasticsearch on the same host as FusionAuth, please ensure there is adequate RAM for both services to operate normally. Elasticsearch may also protect the index by moving it to read-only if the underlying host is running low on disk space, ensure you have plenty of free storage for the Elasticsearch index.

    You can use the fusionauth-search package or any other Elasticsearch service including a cloud hosted service or just downloading it and installing it yourself from elastic.co.

    Versions 6.3.x - 7.17.x are currently supported.

    Later versions may work as well but may not have been tested for compatibility.

    OpenSearch version 2.x should also function properly with FusionAuth version >= 1.42.0.

    Elasticsearch RAM

    The RAM required by Elasticsearch depends on your login volume and user/entity counts. If you expect to have a few logins per minute and only a few thousand users/entities, 1GB-2GB of RAM will be sufficient. If you have more users/entities as well as logins, please size up accordingly. We recommend running load tests of FusionAuth to help determine the amount of RAM that is required for your needs.

    Elasticsearch Disk Space

    The amount of disk space required by Elasticsearch depends on your total user and entity counts. We recommend that you estimate the disk space based on the amount of data you will have.

    In most cases, if you have thousands of users and entities, 10GB of disk space will be sufficient. If you have more users and entities please size up accordingly.

    Network Access

    FusionAuth downloads the MySQL JDBC driver at install time. Due to the drivers' licensing, it cannot be bundled into the application. Prior to 1.16.0, the drivers were downloaded no matter which database you used. After that version, they are only downloaded if you are using MySQL.

    If you are running FusionAuth in an environment with no network access and are using MySQL, you must download the MySQL driver jar file and place it in fusionauth-app/web/WEB-INF/lib.

    Paid Editions

    If you are using a paid edition of FusionAuth, the instance must have outbound network connectivity for license id verification and metrics reporting. You must also allow access to enable advanced features provided by FusionAuth Reactor cloud services.

    If you need specific hostnames to add to your network security or firewall safelist, please open a support ticket.

    Feedback

    How helpful was this page?

    See a problem?

    File an issue in our docs repo

    Have a question or comment to share?

    Visit the FusionAuth community forum.

    © 2023 FusionAuth
    How-to
    Subscribe for developer updates