how to setup FusionAuth server with nginx and ssl


1. Install FusionAuth

FusionAuth is simple to set up on your laptop, desktop or any server.


Please feel free to read these install scripts before running them. Always a good idea.

Install in your current working directory using ZIP packages

sh -c "curl -fsSL | sh -s - -z"

Install in your current working directory using ZIP packages, include Elasticsearch

sh -c "curl -fsSL | sh -s - -z -s"

Install for all users on the system using DEB or RPM packages, requires sudo access

sh -c "curl -fsSL | sh"

Install for all users on the system using DEB or RPM packages, include Elasticsearch, requires sudo access

sh -c "curl -fsSL | sh -s - -s"

2. Start FusionAuth

The next step is to start FusionAuth using the command that the Fast Path installer created. This script is called and we can execute it from the installation directory like this:


This will start both the fusionauth-app component as well as the fusionauth-search component if you downloaded the Elasticsearch option. (Here’s a document on how to choose whether to do so.)

3. Install PostgreSQL server

To install PostgreSQL, first refresh your server’s local package index:

sudo sh -c 'echo "deb $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
wget --quiet -O - | sudo apt-key add -
sudo apt-get update
sudo apt-get -y install postgresql
# Install the latest version of PostgreSQL.
# If you want a specific version, use 'postgresql-12' or similar instead of 'postgresql':

And setup password for user postgres

For most systems, the default Postgres user is postgres and a password is not required for authentication. Thus, to add a password, we must first login and connect as the postgres user.

$ sudo -u postgres psql

With a connection now established to Postgres at the psql prompt, issue the ALTER USER command to change the password for the postgres user:

postgres=# ALTER USER postgres PASSWORD 'myPassword';

If successful, Postgres will output a confirmation of ALTER ROLE as seen above.

Finally, exit the psql client by using the \q command.

postgres=# \q

You’re all done. The default postgres user now has a password associated with the account for use in your other applications.

4. Install NGINX

$ sudo apt install nginx

5. Install CERTBOT (Let’sencrypt)

$ sudo apt-get install certbot

Launch certbot:

$ sudo certbot certonly

for docs.

Now create /etc/nginx/conf.d/yourdomain.conf with the followinf configuration:

#Setup upstream for backend server

upstream auth {
    keepalive 8;

#The Nginx server instance

server {
    access_log /var/log/nginx/;

    location / {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      # proxy_set_header X-NginX-Proxy true;
      proxy_set_header X-Forwarded-Port "443";
      proxy_set_header X-Forwarded-Proto "https";

      proxy_pass http://auth/;
      proxy_redirect off;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


server {
    if ($host = {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    return 404; # managed by Certbot

Restart nginx.

# sudo systemctl restart nginx

Now type in browser, and continue setup FusionAuth

That’s all, folks.

Similar Posts:


How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 1

No votes so far! Be the first to rate this post.

Scroll to Top