how to setup FusionAuth server with nginx and ssl

Linux, Webservers / fusionauth, nginx, sso / By
3
(2)

1. Install FusionAuth

FusionAuth is simple to set up on your laptop, desktop or any server.

Linux

Please feel free to read these install scripts before running them. Always a good idea.

Install in your current working directory using ZIP packages

sh -c "curl -fsSL https://raw.githubusercontent.com/FusionAuth/fusionauth-install/master/install.sh | sh -s - -z"

Install in your current working directory using ZIP packages, include Elasticsearch

sh -c "curl -fsSL https://raw.githubusercontent.com/FusionAuth/fusionauth-install/master/install.sh | sh -s - -z -s"

Install for all users on the system using DEB or RPM packages, requires sudo access

sh -c "curl -fsSL https://raw.githubusercontent.com/FusionAuth/fusionauth-install/master/install.sh | sh"

Install for all users on the system using DEB or RPM packages, include Elasticsearch, requires sudo access

sh -c "curl -fsSL https://raw.githubusercontent.com/FusionAuth/fusionauth-install/master/install.sh | sh -s - -s"

2. Start FusionAuth

The next step is to start FusionAuth using the command that the Fast Path installer created. This script is called startup.sh and we can execute it from the installation directory like this:

fusionauth/bin/startup.sh

This will start both the fusionauth-app component as well as the fusionauth-search component if you downloaded the Elasticsearch option. (Here’s a document on how to choose whether to do so.)

3. Install PostgreSQL server

To install PostgreSQL, first refresh your server’s local package index:

sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get -y install postgresql
# Install the latest version of PostgreSQL.
# If you want a specific version, use 'postgresql-12' or similar instead of 'postgresql':

And setup password for user postgres

For most systems, the default Postgres user is postgres and a password is not required for authentication. Thus, to add a password, we must first login and connect as the postgres user.

$ sudo -u postgres psql

With a connection now established to Postgres at the psql prompt, issue the ALTER USER command to change the password for the postgres user:

postgres=# ALTER USER postgres PASSWORD 'myPassword';
ALTER ROLE

If successful, Postgres will output a confirmation of ALTER ROLE as seen above.

Finally, exit the psql client by using the \q command.

postgres=# \q

You’re all done. The default postgres user now has a password associated with the account for use in your other applications.

4. Install NGINX

$ sudo apt install nginx

5. Install CERTBOT (Let’sencrypt)

$ sudo apt-get install certbot

Launch certbot:

$ sudo certbot certonly

https://certbot.eff.org/

for docs.

Now create /etc/nginx/conf.d/yourdomain.conf with the followinf configuration:

#Setup upstream for backend server

upstream auth {
    server 127.0.0.1:9011;
    keepalive 8;
}

#The Nginx server instance

server {
    server_name auth.example.io;
    access_log /var/log/nginx/example.com.log;

    location / {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      # proxy_set_header X-NginX-Proxy true;
      proxy_set_header X-Forwarded-Port "443";
      proxy_set_header X-Forwarded-Proto "https";

      proxy_pass http://auth/;
      proxy_redirect off;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/auth.example.io/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/auth.example.io/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = auth.example.io) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 0.0.0.0:80;
    server_name auth.example.io;
    return 404; # managed by Certbot
}

Restart nginx.

# sudo systemctl restart nginx

Now type in browser auth.example.io, and continue setup FusionAuth

That’s all, folks.

Similar Posts:

1,406

How useful was this post?

Click on a star to rate it!

Average rating 3 / 5. Vote count: 2

No votes so far! Be the first to rate this post.

Scroll to Top